Altai Access Controller Configuration Manual - v2.0

ALTAI ACCESS CONTROLLER
CONFIGURATION MANUAL
Version 2.0
Date: April, 2014
Access Controller Configuration Manual

TPS14-04_rev2.0
About this document

Summary
Chapter
Description
Chapter1 Preface
Introduce the document briefely
Chapter2 Product Introduction

Chapter3 System Features
Chapter4 Peparation before
Installation
Chapter5 Initial Configuration
Chapter6 WEB Configurations
Chapter7 FAQ
Introduce the product

Introduce system features
Introduce preparation befored devices installation
Introduce devices booting and basic configurations
Introduce WEB configurations
Introduce FAQ
Altai Technologies Ltd. All rights reserved

TPS14-04_rev2.0
Contents
1
PREFACE ............................................................................................................................. I
1.1
CONVENTIONS ........................................................................................................ I
1.2
SYMBOLS .................................................................................................................. I
PRODUCT INTRODUCTION ............................................................................................... 3

2.1
OVERVIEW ............................................................................................................... 3
SYSTEM FEATURES ............................................................................................................. 3

3.1
PROTOCOL SUPPORT ............................................................................................. 3
3.2
USER MANAGEMENT AND BUSINESS SUPPORT .................................................... 4
3.3
NETWORK SECURITY ............................................................................................... 4
3.4
NETWORK MANAGEMENT ..................................................................................... 5
PREPARATION BEFORE INSTALLATION............................................................................. 6

4.1
PRECAUTIONS BEFORE OPERATION...................................................................... 6
4.2
ENVIRONMENT REQUIREMENTS ............................................................................. 6
4.3
INSTALLATION SAFETY REQUIREMENTS.................................................................. 6
4.4
TOOLS NEEDED ....................................................................................................... 7
INITIAL CONFIGURATION ................................................................................................. 8

5.1
CLI OVERVIEW ........................................................................................................ 8

5.1.1 USER MODE ................................................................................................... 8
5.1.2 PRIVILEGED MODE ....................................................................................... 9
5.1.3 ROM MONITOR MODE ................................................................................. 9
5.1.4 GLOBAL CONFIGURATION MODE .............................................................. 9
5.1.5 SYSTEM DESCRIPTION ................................................................................... 9
5.1.6 SYSTEM IP ADDRESS CONFIGURATIONS ..................................................... 9
5.1.7 VERSION BOOTING ..................................................................................... 10
5.2
LOGIN ACCESS PLATFORM ................................................................................. 14

5.2.1 LOGIN BY CONSOLE INTERFACE ............................................................... 14
5.2.2 LOGIN BY TELNET ........................................................................................ 14

TPS14-04_rev2.0
5.3
LOGIN MANAGEMENT PLATFORM ..................................................................... 15

5.3.1 LOGIN BY CONSOLE INTERFACE ............................................................... 15
5.3.2 LOGIN BY TELNET ........................................................................................ 15
5.3.3 LOGIN BY WEB ............................................................................................ 15
5.4
SYSTEM UPDATE .................................................................................................... 16

5.4.1 UPDATE UNDER ROM MONITOR MODE ................................................... 17
5.4.2 UPDATE BY FTP ............................................................................................ 18
5.4.3 UPDATE BY WEB .......................................................................................... 21
5.5
UPLOAD/DOWNLOAD CONFIGURATION FILES................................................. 24

5.5.1 UPLOAD CONFIGURATION FILES ............................................................... 24
5.5.2 DOWNLOAD CONFIGURATION FILES ....................................................... 25
5.6
GLOBAL CONFIGURATIONS ................................................................................ 25

5.6.1 LOGIN SETTINGS .......................................................................................... 25
5.6.2 SET SYSTEM NAME ....................................................................................... 25
5.7
INTERFACE CONFIGURATIONS ............................................................................ 26

5.7.1 CREATE A SUBINTERFACE ........................................................................... 26
5.7.2 SET VLAN ...................................................................................................... 26
5.7.3 CONFIGURE IP ADDRESS............................................................................ 27
5.7.4 ENABLE OR DISABLE SUBINTERFACE ......................................................... 27
5.7.5 CONFIGURE THE WORK MODE FOR INTERFACE ..................................... 27
5.7.6 CONFIGURE WORK RATE FOR INTERFACE ............................................... 27
5.7.7 CONFIGURE INTERFACES DESCRIPTION................................................ 28
5.7.8 CHECK INTERFACE...................................................................................... 28
5.7.9 APPLICATION EXAMPLE ............................................................................. 28
5.8
IP CONFIGURATIONS............................................................................................ 28
5.8.1 CONFIGURE STATIC IP ADDRESS ............................................................... 28
5.8.2 CONFIGURE IP FORWADING FEATURE ..................................................... 28
5.9
RADIUS CONFIGURATIONS .................................................................................. 29

5.9.1 OVERVIEW ................................................................................................... 29
5.9.2 CONFIGURE AC AS RADIUS CLIENT .......................................................... 29
5.10 DOMAIN CONFIGURATIONS ............................................................................... 31

5.10.1 OVERVIEW.................................................................................................. 31
5.10.2 DEFINE DOMAINS NAME ....................................................................... 31
5.10.3 CONFIGURE RADIUS SERVER .................................................................... 32

TPS14-04_rev2.0
5.10.4 CONFIGURE DNS SERVER ......................................................................... 32
5.10.5 CONFIGURE DOMAIN WITHOUT AUTHENTICATION AND ACCOUNTING33
5.10.6 CONFIGURE SERVICE STRATEGY FOR DOMAIN ..................................... 33
5.10.7 CONFIGURE REAL-TIME ACCOUNTING................................................... 33
5.10.8 CHECK DOMAIN CONFIGURATIONS ...................................................... 34
5.11 SERVICE STRATEGY CONFIGURATIONS .............................................................. 34
5.11.1 OVERVIEW.................................................................................................. 34
5.11.2 BROADBAND STRATEGY CONFIGURATIONS .......................................... 34
5.11.3 FILTERING STRATEGY CONFIGURATIONS................................................. 35
5.11.4 SERVICE STRATEGY CONFIGURATIONS ................................................... 38
5.12 INTERNAL PORTAL CONFIGURATIONS ................................................................ 38
5.12.1 CONFIGURE PORTAL SERVER ................................................................... 38
5.12.2 CONFIGURE AC-NAME............................................................................. 39
5.12.3 CONFIGURE NAS-ID HOT-CODE .............................................................. 39
5.13 IP POOL CONFIGURATIONS ................................................................................ 39
5.13.1 CONFIGURE LAYER2 IP POOL .................................................................. 39
5.13.2 CONFIGURE LAYER3 IP POOL .................................................................. 41
5.14 BUSINESS APPLICATION CONFIGURATIONS ....................................................... 42
5.14.1 ADDRESS MANAGEMENT FOR FIT AP ...................................................... 42
5.14.2 BUSINESS CONFIGURATION FOR DHCP+WEB ACCESS ......................... 43
5.15 NAT CONFIGURATIONS........................................................................................ 46
5.15.1 STATIC NAT ................................................................................................. 46
5.15.2 DYNAMIC NAT ........................................................................................... 47
5.15.3 PAT .............................................................................................................. 47
5.17 HOT STANDBY CONFIGURATIONS....................................................................... 48
5.17.1 OVERVIEW.................................................................................................. 48
5.17.2 COMMAND ............................................................................................... 48
6
WEB CONFIGURATIONS ................................................................................................. 50

6.1
LOGIN BY WEB ...................................................................................................... 50
6.2
BASIC SETTINGS ..................................................................................................... 52

6.2.1 AC CONFIGURATION ................................................................................. 53
6.2.2 AC HOTSTANDBY ........................................................................................ 55
6.2.3 RADIUS SERVER ........................................................................................... 56
6.2.4 AS SERVER ................................................................................................... 58

TPS14-04_rev2.0
6.2.5 NTP SERVER.................................................................................................. 58
6.2.6 SYSLOG CONFIGURATION ......................................................................... 59
6.2.7 AP VERSION................................................................................................. 60
6.2.8 VERSION SERVER ......................................................................................... 61
6.2.9 ROUTING...................................................................................................... 62
6.2.10 ETHERNET INTERFACE INFORMATION ...................................................... 63
6.2.11 WAPI CERTIFICATE ..................................................................................... 63
6.2.12 AC ADVANCED ......................................................................................... 64
6.2.13 TUNNEL CONFIGURATION ........................................................................ 65
6.2.14 MULTIPLE ACCESS BOARDS CONFIGURATION ....................................... 66
6.2.15 AC UPGRADE ............................................................................................ 67
6.2.16 SYSTEM INFORMATION .............................................................................. 68
6.2.17 AC LICENSE ................................................................................................ 68
6.3
WIRELESS SETTINGS ............................................................................................... 69

6.3.1 WIRELESS BASIC........................................................................................... 70
6.3.2 WIRELESS ADVANCED ................................................................................ 72
6.3.3 WIRELESS CHANNEL .................................................................................... 73
6.3.4 PAYLOADBALANCE.................................................................................... 74
6.3.5 AP BACKGROUND SCAN .......................................................................... 75
6.3.6 CAPWAP TIMER........................................................................................... 76
6.4
WIRELESS SECURITY ............................................................................................... 77

6.4.1 MAC FILTER .................................................................................................. 77
6.4.2 WLAN SECURITY .......................................................................................... 78
6.4.3 INTRUSION DETECTION SETTINGS ............................................................... 80
6.4.4 DYNAMIC BLACKLIST .................................................................................. 81
6.5
WLAN ..................................................................................................................... 81
6.5.1 AP CONFIGURATION .................................................................................. 82
6.5.2 WLAN GROUPS ........................................................................................... 84
6.5.3 TIME POLICY GROUPS ................................................................................ 87
6.5.4 AP POLICY APPLY ....................................................................................... 88
6.5.5 WLAN-VLAN ASSOCIATION ....................................................................... 88
6.6
STATISTICS .............................................................................................................. 88
6.6.1 AP INFORMATION ....................................................................................... 89
6.6.2 AP SOFTWARE UPGRADE ........................................................................... 91

TPS14-04_rev2.0
6.6.3 WIRELESS RADIO STATISTICS ....................................................................... 92
6.6.4 WIRELESS USER LIST...................................................................................... 92
6.6.5 INTRUSION DETECTION STATISTICS............................................................. 93
6.6.6 CYCLE OF REPORTING AP STATISTICS ....................................................... 93
6.7
ROGUE AP ............................................................................................................. 94
6.7.1 ROGUE AP ................................................................................................... 95
6.7.2 PERMITTED BSSID LIST .................................................................................. 95
6.7.3 PERMITTED SSID LIST .................................................................................... 96
6.8
LOG........................................................................................................................ 96
6.8.1 OPERATION LOG ........................................................................................ 96
6.8.2 OPERATION LOG HOLD TIME .................................................................... 98
6.8.3 ALARM LOG ................................................................................................ 98
6.8.4 AP LOG ........................................................................................................ 98
6.8.5 INTRUSION DETECTION LOG ...................................................................... 99

TPS14-04_rev2.0
Content of Figures
Figure 5-1
Topology .................................................................................................................... 10
Figure 5-2
System Booting .......................................................................................................... 11
Figure 5-3
Auto-boot proceduremanagement platform............................................... 11
Figure 5-4 Configure the DialogAccess Platform ............................................................ 13

Figure 5-5 Configuration File BootingAccess Platform .................................................... 13
Figure 5-6 Login access platform by console interface ........................................................ 14
Figure 5-7 Login Management Platform .................................................................................. 15
Figure 5-8 Login Management Platform by WEB .................................................................... 16
Figure 5-9
Topology under ROM MONITOR Update ............................................................... 17
Figure 5-10 the Topology for Update by FTP ........................................................................... 19

Figure 5-11 the Topology for Update by WEB ......................................................................... 22
Figure 5-12 Security Alarm ......................................................................................................... 22
Figure 5-13 Access Controller Login Screen ............................................................................ 23
Figure 5-14 AC Upgrade ............................................................................................................... 23
Figure 6-1
Access Controller Login Screen .............................................................................. 51
Figure 6-2
Access Controller Main Menu ................................................................................. 51
Figure 6-3 Basic Settings ............................................................................................................. 53

Figure 6-4
AC Configuration ...................................................................................................... 54
Figure 6-5
AC Hotstandby.......................................................................................................... 56
Figure 6-6
Radius List ................................................................................................................... 57
Figure 6-7
Radius Servers Edit..................................................................................................... 57
Figure 6-8
AS Server Configuration ........................................................................................... 58
Figure 6-9
AC NTP Configuration .............................................................................................. 59
Figure 6-10 SYSLOG Configuration............................................................................................ 59

Figure 6-11 AP Version Information Edit ................................................................................... 60
Figure 6-12 Version Server List .................................................................................................... 61
Figure 6-13 Version Server Edit ................................................................................................... 61
Figure 6-14 Route Information of Management Platform ........................................................ 62
Figure 6-15 Management Platform Route Edit .......................................................................... 62
Figure 6-16 Ethernet Interface Information ................................................................................ 63

TPS14-04_rev2.0
Figure 6-17 WAPI Certificate ........................................................................................................ 63
Figure 6-18 WAPI Certificate Edit ................................................................................................. 63
Figure 6-19 AC Advanced ........................................................................................................... 64
Figure 6-20 Tunnel Configuration ................................................................................................. 65
Figure 6-21 Multiple Access Boards Configuration.................................................................... 66
Figure 6-22 Multiple Access Boards Configuration.................................................................... 66
Figure 6-24 AC Upgrade Success ................................................................................................ 67
Figure 6-25 System Information .................................................................................................... 68
Figure 6-26 AC License ................................................................................................................. 68
Figure 6-27 Wireless Basic Settings ............................................................................................... 70
Figure 6-28 Wireless Advanced Settings ..................................................................................... 72
Figure 6-29 Wireless Channel Configuration .............................................................................. 73
Figure 6-30 Payloadbalance Configuration .............................................................................. 74
Figure 6-31 Payloadbalance Configuration by Flow Control .................................................. 75
Figure 6-32 AP Background Scanning ........................................................................................ 76
Figure 6-33 CAPWAPTimer Configuration ................................................................................... 77
Figure 6-34 MAC Filter ................................................................................................................... 77
Figure 6-35 WLAN Security Policy List........................................................................................... 78
Figure 6-36 Intrusion Detection Settings ...................................................................................... 80
Figure 6-37 Dynamic Blacklist ....................................................................................................... 81
Figure 6-38 AP Configuration ....................................................................................................... 82
Figure 6-39 WLAN Group Configuration ..................................................................................... 84
Figure 6-40 Time Policy Group...................................................................................................... 87
Figure 6-41 Time Policy Group...................................................................................................... 87
Figure 6-42AP AP Policy Apply ..................................................................................................... 88
Figure 6-43 WLAN-VLAN Association ........................................................................................... 88
Figure 6-44 AP List .......................................................................................................................... 89
Figure 6-45 AP Security Mode ...................................................................................................... 89
Figure 6-46 Parameters of AP Online Scanning ......................................................................... 90
Figure 6-47 AP Software Upgrade ............................................................................................... 91
Figure 6-48 Configuration of AP upgrading ............................................................................... 91
Figure 6-49 Wireless Radio Statistics ............................................................................................. 92
Figure 6-50 Wireless User List ......................................................................................................... 92

TPS14-04_rev2.0
Figure 6-51 Cycle of Reporting AP Statistics ............................................................................... 93
Figure 6-52 Rogue AP List .............................................................................................................. 95
Figure 6-53 Permitted BSSID List .................................................................................................... 95
Figure 6-54 Permitted SSID List ...................................................................................................... 96
Figure 6-55 Operation Log Search .............................................................................................. 96
Figure 6-56 Operation Log Query Results ................................................................................... 97
Figure 6-57 Log Saving Remote FTP Server ................................................................................. 97
Figure 6-58 Alarm Log ................................................................................................................... 98
Figure 6-59 AP Log ......................................................................................................................... 98
Figure 6-60 Intrusion Detection Log .......................................................................................... 99
Content of Tables
Table 6-1
Description of Access Controller Main Menu......................................................... 52
Table 6-2
AC Configuration ....................................................................................................... 54
Table 6-3 Configuration Parameters of AC Hotstandby ........................................................ 56

Table 6-4
Radius Server Configuration ..................................................................................... 57
Table 6-5
AS Server Configuration ............................................................................................ 58
Table 6-6
AC NTP Configuration ............................................................................................... 59
Table 6-7 SYSLOG Configuration............................................................................................... 60

Table 6-8
AP Version Information Edit ...................................................................................... 60
Table 6-9
Version Server Edit ...................................................................................................... 62
Table 6-10 Management Platform Route Edit ........................................................................... 63

Table 6-11 WAPI Certificate Edit .................................................................................................. 64
Table 6-12 AC Advanced ............................................................................................................ 65
Table 6-13 Tunnel Configuration .................................................................................................. 65
Table 6-14 Multiple Access Boards Configuration..................................................................... 66
Table 6-15 AC Upgrade ................................................................................................................ 67
Table 6-16 AC License Parameter Settings ................................................................................ 69
Table 6-17 Wireless Basic Settings ................................................................................................ 70
Table 6-18 Wireless Advanced Settings ...................................................................................... 72
Table 6-19 Wireless Channel Configuration ............................................................................... 74
Table 6-20 Payloadbalance Configuration ............................................................................... 74
Table 6-21 AP Background Scanning ......................................................................................... 76

TPS14-04_rev2.0
Table 6-22 CAPWAP timer configuration.................................................................................... 77
Table 6-23 MAC Filter .................................................................................................................... 78
Table 6-24 WLAN Security Policy.................................................................................................. 79
Table 6-25 Intrusion Detection Settings ....................................................................................... 80
Table 6-26 AP Configuration ........................................................................................................ 83
Table 6-27 WLAN Configuration .................................................................................................. 85
Table 6-28 Time Policy Group....................................................................................................... 87
Table 6-29 AP List ........................................................................................................................... 89
Table 6-30 Parameters of AP Online Scanning .......................................................................... 90
Table 6-31 Configuration of AP upgrading ................................................................................ 91
Table 6-32 Wireless User List .......................................................................................................... 92
Table 6-33 Rogue AP Configuration ........................................................................................... 95

TPS14-04_rev2.0
Preface
1.1
Conventions
Altai wireless access controller (hereinafter called AC) provides a
managemental platform for broadband wireless access service, which is
oriented to broadband wireless access ISP and enterprises with wireless
access. It fully supports the over-all operation and management solution for
broadband wireless access.
The manual introduces the system function, structure, specification, and
basic settings of Altai AC, as a convenience for engineerss maintenance.
1.2
Symbols
1.
Labels
Format
[
/
2.
Meaning
represents window name, menu, and data sheet, such aspromt New
Built Users
Multi-menus is separated by/. For example , ClickBasic Settings/AC
Upgrade means the screen prompt is to configure AC upgrade.
Safety Symbols
The document adopts the following symbols to inform readers of safety

requirements. Please read them before use the device.
Safety Symbols
Meanings
Safety symbols:
Danger stands for a big potential harm
to human body if not avoided.
Warning stands for a big potential
damage to device or business if not
avoided.
Attention stands for a moderate
damage to device or business if not
avoided.

TPS14-04_rev2.0
Danger Electricity!
electricity shock.
Be
aware
of
Danger Laser! Be aware of laser

danger.
Danger Microwave!
microwave dager.
Be
aware
of
Danger Hot! Be aware of hot danger.

TPS14-04_rev2.0
Product Introduction
2.1
Overview
Altai AC provides a managemental platform for broadband wireless
access service, which is oriented to broadband wireless access ISP and
enterprises with wireless access. It fully supports the over-all operation and
management solution for broadband wireless access.
Altai AC adopts advance technology of network processing and data
exchange bus. It provides a high forwarding compacity and protocol
processing ability, strengthening the processing of user management,
network security, accounting and netrwork management.
Altai AC provides various network access methods to support user
management with abundant network ptotocols and flexible accountings. It
provides different interface configurations and strict network security to avoid
attack from outside. Meanwhile it is easy to manage for a rich network
management methods.
System Features
3.1
Protocol Support
Support Ethernet Protocols like IEEE 802.3u, 802.3z, 802.3 , 802.1q, 802.1p,
802.3x
Support IP Protocols like IP, TCP, UDP, ICMP
Support static route protocols
Support protocols like TELNET, HTTP, FTP, RADIUS
Support DHCP Relay and DHCP Server
Support ARP, and PROXY ARP
Support NAT
Support IGMP Proxy

TPS14-04_rev2.0
3.2
3.3
User Management and Business Support
Support MAC, port, VLAN, and IP address binding
Support users mult-access like fixed port, VLAN, MAC/IP address, PPPOE
and DHCP
Support users to get VLAN information automatically and support one

user only user one IP address
Support user business management
Support rate restriction, bandwidth restriction for users, and different

upstream or downstream bandwidth for various users
Support route strategy
Support various QoS strategies
Support RADIUS as proxy server to realize the function of authentication,

accounting and authorization
Support IP strategy for various users
Support back-up Radius Server and account checking server
Support different service authorizations for various users, like time strategy,
flow stragety, bandwidth strategy and route strategy
Supply informations pointed to users like syslog and staristics
Support VLAN authentication, local authentication, and local account
Support account block
Support PPPOE quick-dial
Support VLANs user number restriction
Support one or more ISP, at most 256
Network Security
Support PAP and CHAP
Support RADIUS authenticaiton
Support users binding of MAC address, VLAN, Port, IP Address, and

sesstions
Support anti-attack for users DHCP IP address
Support secure network management
Support WEB authentication

TPS14-04_rev2.0
3.4
Support 802.1x authenticaiton
Network Management
Specified network interface like 10M/100M/1000M Ethernet interface and

Console interface
Support specified port as network port
Support Telnet management
Support graded SNMP
Support dynamic online update

TPS14-04_rev2.0
Preparation before Installation
4.1
Precautions before Operation

To avoid personal injury and device harms, please follow the precautions
listed here.
4.2
1.
Before clean the device, please unplug the power plug. Dont wipe
device with a damp cloth, and no liquid cleaning at the same time.
2.
Dont lay the device near water or places too moisted.
3.
Dont lay device on unsteady chest or table.
4.
Keep room with good ventilation and keep device ventilation holes
clear.
5.
Make sure device is working under right voltage.
6.
Dont open the shell while device is running, and for safety consideration
try your best not to open the shell at will.
7.
Wear an ESD wrist while replacing interface modules.
Environment Requirements
The device must work in room. No matter where the device is laid down,
please make sure device runs under the following environment conditions.
1.
Make sure there is enough room for ventilation holes.
2.
Make sure the rack or platform where device laid with a good ventilation
system.
3.
Make sure the rack and platform is solid enough to bear the device and
other mounting accessories.
4.
Make sure the rack and platform with a good ground connection.
5.
The room should keep its temperature between 0 and 40, relative
humidity 5%~95%, dust(whose diameter5m) density 3 104 pieces
/m3.
4.3
Installation Safety Requirements

1.
Eclectrical Precautions

TPS14-04_rev2.0
To example devices internal structure, please unplug all the power plug
and cables. Be care of voltage.
The chasiss needs no maintainence. Please do not open the shell.

2.
To operate the chasiss, please follow the rules listed here.

1 Before install or uninstall the chasiss, please cut off all the power.
2 Do no changes to system, avoiding potential harms to devices or
engingeers.
3 After maintainence, please tighten all the screws on board or
power.
3.
ESD Harms Avoidance

Since the components are sensitive to Electro Static Discharge, please
follow the rules listed here.
1 Wear an ESD wrist while operating any system board.
2
While carry the borad please lay your hand on the holders. The
board not used should be stored with electrostatic shield
protection.
4.4
Tools Needed
Before installing the device please prepare the following tools.
1.
1 srewdriver
2.
#1224 screw or #1032 screw
3.
Corresponding socket wrench for power screw

TPS14-04_rev2.0
Initial Configuration
5.1
CLI Overview
The user interface is CLIComand-line Interface, which provides a
textual interface for terminal users. All the CLI commands consist of key words
and parameters.
CLI consist of several modes, under which the related commands will be
fully operated. Some commands can only run in related modes and some
others can sun in all modes. CLI will stop at user mode after booting, which
allows users to check system running state. However user mode could not
allow users to change system state, which could be modified in privileged
mode. With enable command, users can go to privileged mode.
In privileged mode input config terminal, users can go to global
configuration mode. By inputing disable, users will go back to user mode and
by <ctrl+z>, end, or exit will go back to privileged mode.
Input? could inquiry all available commands under the mode. While
input question mark, there would prompt a list of keywords.
Under any mode, using tab will fill in the whole command automatically.
While inputing some command, push tab will prompt a list of possible
commands. All the commands support uncomplete form like just a few words
to stand for the whole command. Of course the form should not be
ambiguous. For example conf can stand for configure, but co could not
stand for it because co could not make a distinction between configure and
copy.
Most command support keyword of no. With no command, the related
command will be deleted.
The following part will describe each mode.
5.1.1
User Mode
Login by telnet or console, you have to input user name and password. In
user mode, users can only inquire configurations except for system
configuration file.

TPS14-04_rev2.0
In user mode, system prompt ishostname>.
5.1.2
Privileged Mode
After login user mode, input enable and the password of privileged mode,
you can login in privileged mode. In this mode, you can write and have some
complex operation. The system prompt ishostname.
5.1.3
ROM Monitor Mode

ROM Monitor Mode is a running mode under abnormal instance. While
the device is abnormally booting or the device could not find sytem image,
then AC will go into ROM Monitor mode, which allow you to boot the system
manually.
Of course you can go to ROM Monitor mode by input CTRL+C while
system is booting in 5 seconds with console interface connected.
5.1.4
Global Configuration Mode

Global configuration mode will allow you to configure AC. The command
will change the running mode and take effect immediately. In global
configuration mode, the command in user mode and privileged mode will be
useless. After login into privileged mode, you do not need to input any
password just input configure terminal, you will go to global configuration
mode. The system promt ishostnameconfig.
5.1.5
System Description
There are three operation systems on AC for management platform,
access platform and fast forwarding platform.
5.1.6
System IP Address Configurations

For IPV4, all the IP address for management platform must be configured
in virtual port. For example, ifconfig eth7 12.12.12.1 netmask 255.255.255.0. At
the same time, the IP12.12.12.1must be configured in access platform
according to business. For the IP on access platform, to configure a default IP

TPS14-04_rev2.0
on management platform is enough. There is no need to copy all the IP of
acess platform.
5.1.7
Version Booting
Connect AC and version server as follows.
Figure 5-1
Topology
AC
The following figure shows the procedures of system booting.

TPS14-04_rev2.0
Figure 5-2
System Booting
Power on
Boot System
Locate Operation System

If not found
Locate Configuration
File
Load Operate System
Configure Mode
If found
Load Configuration File
Initialize COnfiguration
Power on AC and system will run POST( Power-On Self-Test POST )

procedure to boot system.
The program will print information to control table and then boot
hardware component. After that the program will copy OS image to main
store. Before this, the program will print Booting in 5 units. Press Ctrl + C to
abort... and wait for 5 seconds. If users press CTRL-C during this time, system
will go ROM-monitor mode.If users not, system will boot automatically.
Figure 5-3
Auto-boot proceduremanagement platform

TPS14-04_rev2.0
Connect console cable to access platform. After the power transferred

to OS image, the software booting initializes like kernel booting, application
program booting, and network processor booting. After the booting, system
will look for the configuration file created and saved before from flash. If there
is no such file ,system will operate the Setup Dialog. Once finish the dialog, the
next booting will be loaded with default values.

TPS14-04_rev2.0
Figure 5-4
Configure the DialogAccess Platform
If system find the file, there will promt information of Press 'CTRL-C' to stop
running startup-config... and wait for 3 seconds. If users pressCTRL-C during
this time ,the configuration file will not be executed.
Figure 5-5
Configuration File BootingAccess Platform
Right now the system boot successfully.

TPS14-04_rev2.0
5.2
5.2.1
Login Access Platform

Login by Console Interface
There are two console interfaces on front panel. Console0 is to manage
the Management Platform and Console1 the Access Platform. The Fast
Forwarding Platform is managed through the Access Plarform.
Connect to Console1 with baud rate 115200.
Figure 5-6 Login access platform by console interface
User Name: bnas

Password: bnas
Privileged Mode Password: super
5.2.2
Login by Telnet
Input the IP address and the port number of 23.
User Name: bnas

TPS14-04_rev2.0
Password: bnas
Privileged Mode Password: super
5.3
5.3.1
Login Management Platform

Login by Console Interface
Connect Console 0 Interface with baud rate 115200.
Figure 5-7 Login Management Platform
User Name: root

Password: fitap^_^
5.3.2
Login by Telnet
Input the IP address of Management Platform, which should be the same
with that of the Access Platform. Port 87 is suggested.
User Name: root

Password: fitap^_^
5.3.3
Login by WEB
Open IE web brower and input https://x.x.x.x (the IP address of
Mangement Platform).
User Name: icac
Password: icaclogin

TPS14-04_rev2.0
Figure 5-8 Login Management Platform by WEB
5.4
System Update
Before introduce the three update mehod, there are three points should be
aware.
Firstly, there are two platforms of management platform and access
platform. To visit management platform, the device must be connected with
an Ethernet interface. The IP and mask of the interface should be
configured both on management and access platform.
Secondly, IP address must be configured on the right interface. For
access platform, the interface should be the one physically connected. For
example, if interface0 is connected to version server then the IP must be
configured on interface0. However for management platform, the IP can
only be configured on interface7, which is a virtual interface and can
communicate with any interface on the access platform.
Thirdly, bootloader is a driver for system update. If there is a need to
update a new version, we will supply one.

TPS14-04_rev2.0
5.4.1
Update under ROM MONITOR Mode

If there is need to change or update ACs software, please follow the
following steps.
1.
Topology
Please make sure AC can communicate with version server and connect
ACs console interface.
Figure 5-9
Topology under ROM
MONITOR Update
AC
2.
Make sure there is a new version on version server. Suppose the version is
saved at d:\ Altai-AC with a file name as MIPS_1018L1.8V8.10_R29_T15
3.
Enable tftp server on version server and make its working directory as d:\
Altai-AC
4.
Enable hyper terminal on version server and set the frequency as

115200B/S
5.
Power on Altai AC
6.
While seeing Booting in 5 units, Press Ctrl + C to abort... please press

Ctrl-C in 5 seconds.
7.
Input ccto configure version update parameters

TPS14-04_rev2.0
boot device
: gmac0
<-//ACs uplink port with version
server
ip address
: 10.9.0.22
subnet mask
<-//IP of ethernet interface
: 255.255.255.0
gateway
: 10.9.0.21
tftp host ip address : 10.9.0.21

ac file name
<-//subnet mask
<-//IP of gateway
<-//IP of version server or tftp server
: MIPS_1018L1.8V8.10_R29_T15
<-//version to be update
8.
input @@ and then press enter to trigger loading system. If it does not
work, input@@and press enter again.
9.
After the system is successfully udated, system will go to management

platform. Show version information withcat /proc/rmi/mips-version:
# cat /proc/rmi/mips-version
the running version:
MCR_rmios_1.0.8.10C31
MCR_vxWorks_1.0.8.10C42
cwc_1.0.1.8C48M_MIPS
MIPS_1018L1.8V8.10_R29_T15
dev-boot-version:C16
next-boot-active-version:version0
5.4.2
Update by FTP
Update by FTP needs to save the version to be update on AC. Each time
when AC reboots, system will read version information. There can be saved
two versions at most, version0andversion1.
1.
Topology

TPS14-04_rev2.0
Figure 5-10
the Topology for Update
by FTP
AC
2.
Save a new version on version server and suppose it is saved at

d:\Altai-AC with a file name of MIPS_1018L1.8V8.10_R29_T15 Version
name must start withMIPS
3.
Enable ftp server and make its working directory as d:\Altai-AC
4.
Configure IP for management platform and access platform, and make

sure AC can visit version server. (suppose the IP is 221.162.62.137.
Configure IP for management platform
# ifconfig
//optional command, by this you can show all the management pla
tform interface information

# ifconfig eth7 221.162.62.137 netmask 255.255.255.0
//requied command, to co
nfigure IP for management platform. No matter which interface is used on access pl

atform, the IP for management platform can only be configured on eth7.
# ifconfig eth7 //show IP of eth7 interface
eth7
Link encap:Ethernet
HWaddr 00:08:D2:00:00:08
inet addr:221.162.62.137
Bcast:221.162.62.255
Mask:255.255.255.0
For a notice, if eth7 is not configured rightly, you can input ifconfig eth7
upand then configure it again.
5.
Configure IP for access platform

Suppose Altai AC is connected to version server by interface0.

TPS14-04_rev2.0
Altai-AC (config)# interface GigabitEthernet 1/0.0
//enter interface0 configuration
mode
Altai-AC (config-interface)# ip address 221.162.62.137 255.255.255.0
//configure IPan
d subnetmask for interface0. It is must be the same with that of eth7 interface.
After
configuration
running-config.
6.
to
check
the
information
withshow
Configure version servers IP as 221.162.62.12the IP must be in the same

network segment. Input ping 221.162.62.12 on management and
access platform to make sure the two platforms can communicate with
version server. For a notice, you must pressCTRL-C to stop the Ping
program on management platform.
Show version information on Altai AC.optinal command
MIPS_1018L1.8V8.10_R29_T13 //the running version is MIPS_1018R29T13
//if reboot version0 will be active( MIPS_1018L1.8
V8.10_R29_T13)
7.
Upload new version on AC by FTP. Enable CMD and follow the steps
listed here.
D:\>cd /Altai-AC
//enter into the save directory of MIPS_1018L1.8V8.10_R29_T15
D:\ Altai-AC>ftp 221.162.62.137
//login to ACs management platform by FTP. With
command ofby, you can quit the ftp mode.

Connected to 221.162.62.137

User (221.162.62.137:(none)): root //input user name of management platform and pre
ss enter.
331 User root OK. Password required
Password:
//input password and press enter
230 OK. Current directory is /root

ftp> put MIPS_1018L1.8V8.10_R29_T15 //upload MIPS_1018L1.8V8.10_R29_T15 to manage
ment platform

ftp: 45223563 16.86Seconds 2682.46Kbytes/sec. //upload successfully
show the version updated on management platform
# ls
MIPS_1018L1.8V8.10_R29_T15 //the version has been uploaded to management platfo
rm

TPS14-04_rev2.0
If you need to update versions, input the following command. (Suppose version0 sta
nds for
MIPS_1018L1.8V8.10_R29_T13 and the version to be update is MIPS_1018L1.8V
8.10_R29_T15:
# version upgrade0
//update version0. If there is a need to update version1, then
change the command as version upgrade1

0:EXT2-fs warning: maximal mount count reached, running e2fsck is recommended
To activate version please input the following command, which will take effect on t
he next booting.
# version active0
//activate version0 0:Done.
Show version information.

the running version:
MIPS_1018L1.8V8.10_R29_T13 //the running version is MIPS_1018R29T13
# reboot
//for the next boot system will load version0
//reboot system
After reboot, input cat /proc/rmi/mips-version on management

platform to show version information.
version0is just a mark, standing for the new version updated.
version1is also follow this principle.
There is no priority between version0 and version1. If you inputversion
active0then version0 will be loaded at next reboot. Version 1 is the same
case. Svae two versions is just for backup use.
5.4.3
Update by WEB
The user can replace or upgrade Altai ACsystem software according to the
following steps.
1.
Topology

TPS14-04_rev2.0
Figure 5-11
the Topology for Update
by WEB
AC
Configure IP address for management platform and access platform to make
sure that AC can visit version server. Please refer to Update by FTP for the
specific configuration methods.Assuming 221.162.62.137 is the interface
address
Open the web browser on the version server, and input the following
address in the address bar https://221.162.62.137.
Notice:
The beginning of Website is https. Click Yes while the following screen
prompt.
Figure 5-12
Security Alarm

TPS14-04_rev2.0
Input the user name of icac and the password oficaclogin.
For a notice, the user name and password is case sensitive.
Figure 5-13
Access Controller Login Screen
ClickBasic Settings
, AC Upgrade,and AC upgrade screen will prompt
on the right. If you want to set version0 as the current version, please select
version0 and click Set as current version .
Figure 5-14 AC Upgrade
After updating the current version the following screen will prompt, and
dont reboot right away. If you want to modify the real version which Current

TPS14-04_rev2.0
Version refers to,please clickBrowse,and select the version need to
upgrade. Click Upload to wait for versions upload.
Finally, clickreboot. After reboot, the version update will take effect.
5.5
5.5.1
Upload/Download Configuration Files

Upload Configuration Files
Users can upload configuration files to remote fit server to backup, in
case of accidental damage. You can upload the active configuration files or
other files specified.
For a notice, there are only two configuration files on system. One is the
running system in use and the other is the backup file on local.

TPS14-04_rev2.0
The following command can be used to upload configuration files.
ftp put filetype /tffs/nmconf [ localfile {/tffs/nmconf | /tffs/nmconf1} ]
remotefile filename
5.5.2
filetype type of the configuration files uploaded
localfilename of the configuration file uploaded
remotefile the name of configuration file needs to be uploaded
Download Configuration Files

Users can download configuration files remotely to recover system.
ftp get filetype /tffs/nmconf remotefile filename
5.6
5.6.1
filetype type of the file
remotefile name of the file
Global Configurations
Login Settings
hostname(config)#local-user
username
service-type all level priv-level
user
password
passsword
hostname(config)#enable secret super

For a notice, three could be multiply user names and password but only one
privilieged name.
Default settings are listed here.
User Name: bnas
Password: bnas
Privilieged Mode Password: super
5.6.2
Set System Name

BNAS(config)# hostname Altai-AC
Altai-AC (config)#

TPS14-04_rev2.0
5.7
Interface Configurations
Fast Ethernet Interface and Gigabit Ethrenet Interface shoule be set in tht
form of subinterface. Please follow the steps listed here to configure.
5.7.1
Create a SubinterfaceRequired
Create VlanOptinal
Set IP AddressRequired
Enable or Disable SubinterfaceOptinal
Configure the working mode of the interfaceOptinal
Configure the working rate of the interfaceOptinal
Create a Subinterface
Altai-AC(config)# interface GigabitEthernet interface-specifier
interface-specifier defines the interface in form of slot/port.subif. Slot stands
for the interface module, port the port number, and subtif the subintreface
number. For example,
Altai-AC(config)# interface GigabitEthernet 1/0.1
The command means subinterface1 is created on module1 and port 0.
For a notice, the fast Ethernet module number is 1 and the port number is from
0 to 5. The subinterface number could not be omitted and should lie in the
range of 0~255.
The command to configure Ethernet interface is the same with that of SFP
interface. For a physical interface, it could only be a SFP interface or an
Ethernet interface.
5.7.2
Set Vlan
If there is an existing VLAN, please configure the VLAN before you set IP
address for the created subinterface.
Altai-AC(config-interface)# vlan id vlan-id

TPS14-04_rev2.0
5.7.3
Configure IP Address
IP Address can be a secondary assress except the primary address, but all the
IP Address in the system should not be crossovered.
Altai-AC(config-interface)# ip address ip_address ipMask [ secondary ]
5.7.4
Enable or Disable Subinterface

Altai-AC(config-interface)# shutdown
Altai-AC(config-interface)# no shutdown
5.7.5
Configure the Work Mode for Interface

Configure the work mode for interface as auto, full-duplex, or half-duplex.
Altai-AC(config-interface)# duplex duplex-mode
For a notice, the work mode will take effect for the whole interface. If there
are plenty of subinterfaces are configured under a work mode, the last
configuration will take effect.
While constructing networks, please keep all the decives are working in the
same work mode.
5.7.6
Configure Work Rate for Interface

Configure interfaces work rate as auto, 1000m, 100m, 10m, fiber and copper.
Altai-AC(config-interface)# speed speed-mode
For a notice, the work rate will take effect on the whole interface. If there are
plenty of subinterfaces are configured under a work rate, the last
configuration will take effect.
While configure SFP interface as an electrical module, the work mode must
be speed mode, but while as a Ethernet interface, the mork mode could not
be configured as speed auto.
You can not configure the same interface both as SFP indteface and
Ethernet interface at the same time.
While constructing networks, please keep all the decives are working in the
same work rate.

TPS14-04_rev2.0
5.7.7
Configure Interfaces Description

Altai-AC(config-interface)#description String
5.7.8
Check Interface
Altai-AC# show interface gigabitEthernet 1/ port
The command above will display all the details on the interface, like interface
state,message statistics, and flow rate.
5.7.9
Application Example
The following example configures a Gigabit Ethernet Interface.
Altai-AC(config)# interface GigabitEthernet 1/0.0
Altai-AC(config-interface)# ip address 10.10.5.1 255.255.255.0
Altai-AC(config-interface)# duplex full
Altai-AC(config-interface)# end
Altai-AC#show interface gigabitEthernet 1/0
5.8
5.8.1
IP Configurations
Configure Static IP Address
Altai-AC(config)# ip route ipAddress ipMask ipNextHop
For example,
Altai-AC(config)# ip route 10.0.0.0 255.255.255.0 192.168.26.33
Altai-AC(config)# ip route 0.0.0.0 0.0.0.0 192.168.25.1
Notice:
The ipNextHop must be the IP Address of direct connected network. It could
not be any interfaces IP Address. If ipAddress and ipMask is configures as 0, it
stands for a default toute.
5.8.2
Configure IP Forwading Feature

There are two IP forwarding features. One is for user to visit AC and the other is
for users to visit each other. The two configurations should be set at the same
time.
Altai-AC(config)# ip forward bnas-access enable/disable user-access
enable/disable

TPS14-04_rev2.0
bnas-access is used to configure whetehr users can visit AC or not.
user-access is used to configure whetehr users can visit each other or not.
Notice:
This command is a global configuration, which will take effect on all users.
The following example means users can visit AC but can not visit each other.
Altai-AC(config)# ip forward bnas-access enable user-access disable
5.9
5.9.1
RADIUS Configurations
Overview
Remote Authentication Dial In User Service (RADIUS) is a
networking protocol that provides centralized Authentication, Authorization,
and Accounting (AAA) management for computers to connect and use a
network service. RADIUS is a client/server protocol that runs in the application
layer, using UDP as transport.
5.9.2
Configure AC as Radius Client

Before make any settings, please make sure there is a subinterface could
reach Radius Server.
5.9.2.1
1.
Access to Radius Cilent Configuration ModeRequired
2.
Configure IP AddressRequired
3.
Configure a Port to AuthenticateOptional
4.
Configure a Port to AccountOptional
5.
Check whether the configuration is taking effect or not.
Access Radius Client Configuration Mode

All the configuration should be set in radius client configuration mode.
Altai-AC(config)#radius-client
Altai-AC(radius-client)#

TPS14-04_rev2.0
5.9.2.2
Configure IP Address
The IP address for Radius Client should be a subinterfaces IP address, and the
subinterface should be able to reach Radius Server.
Altai-AC(radius-client)#ipaddress A.B.C.D
5.9.2.3
Configure an Authentication UDP Port

The port number is 1645 by default. If there is a need to chage, please use the
following command.
Altai-AC(radius-client)# auth-port port
The port number should be the same with that of Radius Server.
The following command can change port number to default value.
Altai-AC(radius-client)# no auth-port
5.9.2.4
Configure an Account UDP Port

The port number is 1646 by default. If there is a need to chage, please use the
following command.
Altai-AC(radius-client)# account-port port

The port number should be the same with that of Radius Server.
The following command can change port number to default value.
Altai-AC(radius-client)# no account port
5.9.2.5
To Confirm the Configuration with Show Command

Altai-AC# show running-config
Altai-AC# show radius client
5.9.2.6
Application Example
Suppose there is subinterface with IP address 192.168.25.234, and Radius
Client can use this IP address to communicate with Radius Server. The
authentication poar numner is 1812 and the Account port number 1813.
Altai-AC(config)#radius-client
Altai-AC(radius-client)#ipaddress 192.168.25.234
Altai-AC(radius-client)# auth-port 1812
Altai-AC(radius-client)# exit all

TPS14-04_rev2.0
With show command as follows, you can see the configuration has been
updated.
Altai-AC#show running-config
... ...
interface FastEthernet 1/0.3
vlan id 4095
ip address 192.168.25.234 255.255.255.0
radius-client
ipaddress 192.168.25.234
auth-port 1812
account-port 1813
... ...
Altai-AC#show radius client
5.10
5.10.1
Domain Configurations
Overview
Domain in this paper could stand for certain ISP, or kinds of service like
viewing webpage or VOD. It also could be the combinantion of ISP and
service.
5.10.2
Define Domains Name

Define domains name and access to a sub-configuration mode.
Altai-AC(config)# domain domainname
Users can input usrname@domainname to select a domain in web brower or
SIM Dialer.
Users can use default domain to access by configuring a domain named
default.
Altai-AC(config)# domain default
If the domain name is not configured on AC or users do not input any domain
name, AC will put these users to a default domain to authenticate and
account.

TPS14-04_rev2.0
5.10.3
Configure Radius Server

There is a radius server for each domain and the radius server should be
configured in chapter 5.9. Therefore AC can choose different authentication
and accounting servers according to various domains.
Altai-AC(domain)# radius server A.B.C.D authentication
Altai-AC(domain)# radius server E.F.G.H accounting
Once users choose a domain, they actually slect an authentication server
and accounting server.
Meanwhile AC supports backup authentication server, accounting server,
and accounting checking server.
5.10.3.1
Backup Server
The configuration of backup server is the same with master server.
Altai-AC(domain)# radius server I.J.K.L authentication
Altai-AC(domain)# radius server M.N.O.P accounting
That is to say the server configured first is master server and the other backup
server.
The following command is used to cancel configurations either on master or
backup server.
Altai-AC(domain)#no radius server x.x.x.x {authentication | accounting}
If the configuration on master server is canceld, the backup server will
become master server.
5.10.3.2
Account Checking Server

Configure account checking server.
Altai-AC(domain)# radius server A.B.C.D dup-accounting
Cancel the configurations.
Altai-AC(domain)#no radius server A.B.C.D dup-accounting
5.10.4
Configure DNS Server

The radius server doesnt issue DNS, users can use the DNS server configured
for domains. Othervise, users can use the DNS issued by radius server.
Altai-AC(domain)# dns A.B.C.D E.F.G.H

TPS14-04_rev2.0
A.B.C.D is the primary DNS IP address and E.F.G.H is that of secondary DNS.
For a notice, the DNS server configured in domain only takes effect on users
who assess by PPPOE but not DHCP and Fixed IP.
5.10.5
Configure Domain without Authentication and Accounting

If a domain is defined not to authenticate, then the users accessed by this
domain will be authenticate directly by AC. And AC will not send request
package to radius server to ask for authentication.
IF a domain is defined not to account, for the users accessed by this domain
will not be accounted. And AC will not send start and stop package to radius
server.
Altai-AC(domain)# aaa authentication none
Altai-AC(domain)# aaa accounting none
The following command will recover the domain as an accounting or
authentication domain.
Altai-AC(domain)# aaa authentication radius
Altai-AC(domain)# aaa accounting radius
Altai-AC(domain)# no aaa authentication
Altai-AC(domain)# no aaa accounting
5.10.6
Configure Service Strategy for Domain

Altai-AC(domain)# service-policy spname spname is the service strategy
defined in AC.
5.10.7
Configure Real-time Accounting

Altai-AC(domain)# interim-time timenum timenum is the interval for
real-time accounting.
Notice:
AC supports configuring real-time accounting interval and the interval
returned from radius server. If the two intervals exist at the same time, the
interval returned from radius server has a higher priority.

TPS14-04_rev2.0
5.10.8
Check Domain Configurations

Altai-AC # show domain-name domain-name
Altai-AC # show all domain-name
5.11
5.11.1
Service Strategy Configurations

Overview
Service strategy includes broadband and filtering strategy.
Broadband strategy can control data flow, which could meet ISPs service for
different users. Filtering strategy will allow different users to asscess different
wensite.
Before specify service strategy to users, you must configure broadband, route
and filtering stragety. Please follow the following steps to configure.
Configure broadband and filtering strategy
Specify broadband and filtering strategy in service strategy list
According to different users choose different service strategy
Notice:
All the service strategy only takes effect on the users who access after the
service is configured. If a strategy is modified, the users who access before
the modification will not be influenced.
5.11.2
5.11.2.1
Broadband Strategy Configurations

Configure a Name for Broadband Strategy
Altai-AC(config)# rate-policy bandname
Altai-AC (rate-policy)#
5.11.2.2
Configure Bandwidth
Configure upstream and downstream bandwidth.
Altai-AC (rate-policy)# downstream number1 number2
Altai-AC (rate-policy)# upstream number3 number4
The unit for downstream and upstream broadband is bytes per second. The
meanding for each number is listed here.

TPS14-04_rev2.0
number1the average bytes for each second in downstream
number2the outbreak bytes for each second in downstream
number3the average bytes for each second in upstream
number4the outbreak bytes for each second in upstream
Notes:
The average flow control stands for the maximum data allowed in one
second. The outbreak flow control stands for the maximum data allowed in
0.25s.
The following command will delete the specified broadband strategy.
Altai-AC(config)# no rate-policy policyname
5.11.2.3
Show Broadband Strategy

Altai-AC # show rate-policy bandname
Altai-AC # show all rate-policy
5.11.3
5.11.3.1
Filtering Strategy Configurations

Overview
One filtering strategy consists of several filtering rules, at most 16.
To configure filtering strategy, you have to create filtering rules at first and
then assign them to filtering strategy.
5.11.3.2
Configure Filtering Rules

The following command is used to configure filtering rules.
rule rule-name {permit | deny} {ip | tcp | udp} src-ip src-mask [src-port]
dest-ip dest-mask [dest-port]
rule-name the name of filtering rules, at most 15 characters
permit allow package to pass through
deny refuse package to pass through
ip operate on IP package
tcp operate on tcp package
udp operate on udp package

TPS14-04_rev2.0
src-ip the source IP of this filtering rule
src-mask the mack of source IP
src-port the port of source tcp/udp, which is optional
dest-ip the destination IP of this rule
dest-mask the mask of destination IP
dest-port the port of destination tcp/udp, which is optional
Notice:
1. While configuring filtering rules, you have to specify the operation of permit
or deny, the protocol of ip, tcp, or udp. If it is tcp or udp, you have to assign
tcp or udp port at the same time.
2. If the rule is configured for all IP address, the IP and mask should be set as
0.0.0.0.
3. If the rule is configured for one specified IP, the mask should be set as
255.255.255.255.
4. If the tcp or udp port is set as 0, the filtering rule will take effect on all tcp or
udp port.
Example 1:
Suppose portals IP is 202.104.108.115, the following fitering rule will allow users
tovisit Portal Server.
Altai-AC(config)# rule
255.255.255.255
portal
permit
ip 0.0.0.0
0.0.0.0
202.104.108.115
Example 2:
The following filtering rule allow any DNS package to pass through.
Altai-AC(config)# rule dns permit udp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0
53
Example 3
Suppose user is located at 10.10.0.0 network, and the following rule allow
users to visit this network segment.
Altai-AC(config)# rule
255.255.0.0
5.11.3.3
wan permit ip 10.10.0.0
Delete Filtering Rules

The command here will delete filtering rules.
255.255.0.0
10.10.0.0

TPS14-04_rev2.0
no rule rule-name
For example,
Altai-AC(config)# no rule wan
5.11.3.4
Configure Filtering Strategy

Configure a name for filtering strategy.
Altai-AC(config)# filter-policy filter-name
Altai-AC(filter-policy)#
Assign filtering rules for filtering strategy, at most 16.
Altai-AC(filter-policy)# filter-rule filter-name
For example,
Altai-AC(config)# filter-policy wan-policy
Altai-AC(filter-policy)# filter-rule portal
Altai-AC(filter-policy)# filter-rule dns
Altai-AC(filter-policy)# filter-rule wan
Altai-AC(filter-policy)# end
5.11.3.5
Delete Filtering Strategy

Use no command to delete a defined filtering strategy.
Altai-AC(filter-policy)# no filter-rule filter-name
For example,
Altai-AC(filter-policy)# no filter-rule wan
5.11.3.6
Show Filtering Strategy

Altai-AC# show filter-policy filter-name
For example,
Altai-AC# show filter-policy wan

TPS14-04_rev2.0
5.11.4
Service Strategy Configurations

Service strategy is the conllection of broadband strategy, route strategy and
filtering strategy. One service stragtegy could not only consisit of broadband
and filtering strategy, but also of certain combination of the two strategies.
For a notice, if there is a filtering strategy configured in service strategy and
another independent filtering strategy configured, the independent filtering
strategy will take effect.
5.11.4.1
Configure a Name for Service Strategy

Altai-AC(config)# service-policy servicename
5.11.4.2
Configure Service Strategy

For one service strategy, there should be one broadband and filtering
strategy at most.
Altai-AC(service-policy)# rate-policy bandname
Altai-AC(service-policy)# filter -policy filterpolicyname
Altai-AC(service-policy)#exit
5.11.4.3
Delete Service Strategy

Use no command to delete seveice strategy defined. The command will not
delete the broadband, filtering or route strategy quoted.
Altai-AC(config)# no service-policy servicename
5.11.4.4
Show Service Strategy

show service-policy servicename
show all service-policy
5.12
5.12.1
Internal Portal Configurations

Configure Portal Server
Altai-AC(config)# portalserver
x.x.x.x internal
The command here will configure IP address for portal server.

TPS14-04_rev2.0
5.12.2
Configure AC-name
Altai-AC(config)# ex-portal ac-name ACN.CTY.PRO.OPE
AC-Names format is wlanacname=ACN.CTY.PRO.OP. The attribute name
must be lowercase letter and the value number should follow the rules as
regulated.
Altai-AC(config)# ex-portal ac-name 0004.0543.531.00
5.12.3
Configure NAS-id Hot-code

Altai-AC(config)# vlan-nas-identifier vlan-id nas-id
NAS-ID is used to charge the data service of roaming, whose format is
HST.CTY.PRO.OPE.NAT The . here is just a mark to identify. For real
configuration, only 16 numbers are enough.. For example,
Altai-AC(config)# vlan-nas-identifier
5.13
101
0101053553100460
IP POOL Configurations
There are two types of ip-pool, layer2 ip-pool and layer3 ip-pool. Layer2
ip-pool is used for users who access by layer2 device and layer3 ip-pool for
users who access by layer3 device.
5.13.1
Configure Layer2 IP POOL

In network if the device connected to AC is layer2 access device, the
device should be configured a layer2 ip-pool. For AC as the gateway, it
should also be configured an IP in this ip-pool.
5.13.1.1
Configure a Name for IP Pool

Altai-AC(config)# ip-pool pool-name
Altai-AC(ip-pool)#
5.13.1.2
Configure a Range for IP Pool

Configure a range for ip pool and assign an IP for AC.
Altai-AC(ip-pool)#ipaddress DevBnasIp networkMask
Altai-AC(ip-pool)#ipaddress 10.0.1.1 255.255.255.0

TPS14-04_rev2.0
In the above esample, ACs ip is 10.0.1.1 and the mask is 255.255.255.0.
Therefore,the range for this ip pool is 10.0.1.0~10.0.1.255. Except for the zero
address, the broadcast address and the address for AC, there are 253
addresses left.
5.13.1.3
Configure Allocation Mode for IP Pool

Thre are several allocation mode for IP pool like PPPOE, DHCP, RADIUS, FIXIP,
and LOCALDHCP.
Altai-AC(ip-pool)# alloc-mode mode [pppoe|dhcp|radius|fixip|localdhcp]
5.13.1.4
Assign Service Stratefy

Assign service strategy for ip pool.
Altai-AC(ip-pool)# service-policy service-name
Use no command to delete the service strategy for IP pool.
Altai-AC(ip-pool)# no service-policy [service-name]
For example, configure a service strategy named service-wan for ip pool.
Altai-AC(ip-pool)# service-policy service-wan
Notice:
For DHCP and FIXIP users, the service strategy used before autenticaion is
defined in ip pool and after authentication the service strategy will transfer to
that of radius server. For the prevelige of radius server is higher than that of
domain. If there is no service strategy defined neither in radius server nor
domain, then users will have no service limitation.
For PPPOE users, the service strategy defined in ip pool is useless before
authentication. Therefore if the allocation mode is PPPOE, threre is no need to
configure service strategy in ip pool. After authentication the service strategy
will be that of radius server. For the prevelige of radius server is higher than
that of domain. If there is no service strategy defined neither in radius server
nor domain, then users will have no service limitation.
For a suggestion, it is better not to quote filtering service in ip pool but to
quote service strategy which includes filtering strategy.
5.13.1.5
Configure proxyarp
Altai-AC(ip-pool)#proxyarp [enable|disable ]

TPS14-04_rev2.0
5.13.2
5.13.2.1
Configure Layer3 IP POOL

Configure a Name for IP Pool
Altai-AC(config)# ip-pool pool-name l3
Altai-AC(ip-pool)#
5.13.2.2
Configure a Range for IP Pool

For layer3 ip pool, there is no need to configure an IP for AC but an IP for
next-hop route address.
Altai-AC(ip-pool)# ipnetwork ipnet ipmask nexthop
Altai-AC(ip-pool)# ipnetwork 10.10.0.0 255.255.0.0 10.9.0.1
5.13.2.3
Configure Allocation Mode for IP Pool

There is only three allocation mode support layer3 ip-pool, which is dhcp,
localdhcp, fixip.
Altai-AC(ip-pool)# alloc-mode [ dhcp ipadress | fixip ]
5.13.2.4
Configure Reserved IP
The reserved IP will not be allocated to users, which is used to manage users.
Altai-AC(ip-pool)#reservedip A.B.C.D
5.13.2.5
Assign Service Strategy

Assign service strategy for ip pool.
Altai-AC(ip-pool)# service-policy service-name
Use no command to delete service strategy.
Altai-AC(ip-pool)# no service-policy [service-name]
For example, configure a service strategy named wan for ip pool.
Altai-AC(ip-pool)# service-policy wan
For DHCP and FIXIP users, the service strategy used before autenticaion is
defined in ip pool and after authentication the service strategy will transfer to
that of radius server. For the prevelige of radius server is higher than that of
domain. If there is no service strategy defined neither in radius server nor
domain, then users will have no service limitation.

TPS14-04_rev2.0
For a suggestion, it is better not to quote filtering service in ip pool but to
quote service strategy which includes filtering strategy.
5.13.2.6
Configure proxyarp
Altai-AC(ip-pool)#proxyarp [enable|disable ]
5.14
5.14.1
Business Application Configurations

Address Management for Fit AP
Usually the Fit AP in the network will be assigned a management IP through
the ip-pool with a certain dhcp option. The IP in this ip-pool will not be
allocated to users.
5.14.1.1
Configure ip-pool for DHCP

Configure the range, default gateway and least time.
Altai-AC(ip-pool)#ipaddress DevBnasIp networkMask
Altai-AC(ip-pool)# alloc-mode localdhcp
Altai-AC(ip-pool)# default-router gw
Altai-AC(ip-pool)# max-lease time
For example,
ip-pool AP
ipaddress 10.172.220.1 255.255.254.0
alloc-mode localdhcp
default-router 10.172.220.1
max-lease 3600
5.14.1.2
Bind Port and VLAN for IP-Pool
available-interface { port | port-port} vlan { vlan | vlan-vlan}

port port number
port-port port number range
vlan the port number of vlan
vlan-vlan the port number range of vlan
For example,
Altai-AC(ip-pool)# available-interface port 2 vlan 3333

TPS14-04_rev2.0
5.14.1.3
Configure option
Altai-AC(ip-pool)# option-60 enterprise-code 3902
5.14.1.4
Configure ACs Address

Altai-AC(ip-pool)# option-60 ac-manage-ip A.B.C.D
5.14.2
5.14.2.1
Business Configuration for DHCP+WEB Access

Overview
There is no need to install client software for DHCP+WEB access. Users can be
authenticated through brower.
The following point should be aware.
Basic Authority is for DHCP and FIXIP users, which is authenticated from IP-pool.
Right now, the authority can be configured in ip-pool is service strategy and
authentication and accounting strategy.
Authority after authentication is also for DHCP and FIXIP users, but it is
authenticated by radius server.
The service strategy in ip-pool do not include filtering strategy, that is to say,
users can visit any website without limitation. Therefore for web authentication
business, the service strategy should include filtering syrategy which defines
the following filtering rules like only to visit portal server, only to visit dns port
(unp 53), and only to visit certain IP.
5.14.2.2
Configuration Steps
1.
Configure Subinterfacerequired
There are to purpose to configure a subinterface.
First, by subinterface, radius client can communicate with radius server.
Second, the subinterface could be ACs uplink port.
2.
Configure RADIUS clientrequired
3.
Configure Radius Serverrequired
4.
Configure domain for users (required)
5.
Configure Portal Server relatedrequired

TPS14-04_rev2.0
6.
Configure broadband strategy, filtering strategy, and service strategy

required
7.
Configure service strategy in domainoptional
8.
Assign IP for DHCP Serverrequired
9.
Configure ip-pool for usersrequired
10. Configure service strategy in ip-poolrequired

11. Configure gateway, DNS, lease time for DHCP Servers ip-pool
required
12. bind port and vlan for ip-poolrequired
5.14.2.3
Configure IP for DHCP Server

If the allocation mode for ip-pool is localdhcp, you should enable ACs
dhcp server, which can be configured in global mode. The IP for dhcp server
can be any interfaces IP.
Altai-AC(config)ip dhcp server A.B.C.D
5.14.2.4
Configure Filtering Strategy for Authentication

The fitering strategy for authentication should include the following
filtering rules like only to visit portal server, only to visit dns port (unp 53), and
only to visit certain IP.
1define filtering rules
rule portal permit ip 0.0.0.0 0.0.0.0 portal_ip 255.255.255.255
rule dns permit udp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0 53
2encapsulate filtering strategy
filter-policy unauth
filter-rule portal
filter-rule dns
5.14.2.5
Configure ip-pool for DHCP

To configure ip-pool for DHCP Server, you have to configure default router,
max-lease time and DNS.
Altai-AC(config)# ip-pool dhcpsvrpool

TPS14-04_rev2.0
Altai-AC(ip-pool)# ipaddress 192.168.26.1 255.255.255.0

Altai-AC(ip-pool)# alloc-mode localdhcp
Altai-AC(ip-pool)# default-router 192.168.26.1
Altai-AC(ip-pool)# dns-server 220.120.64.194
Altai-AC(ip-pool)# max-lease 7200
Altai-AC(ip-pool)# filter-policy unauth
5.14.2.6
Bind Port and VLAN for ip-pool

The operation of binding port and VLAN for ip-pool is to make sure users
accessed by DHCP can get ip and basic authority from ip-pool.
available-interface { port | port-port} vlan
{ vlan | vlan-vlan}
For example, suppose the DHCP users accessed by port0 and VLAN10 will get
IP from ip-pool1.
Altai-AC(config)# ip pool ippool1 available-interface 0 vlan 10
For example, suppose the DHCP users accessed by port1-4 and any VALN will
get IP from ip-pool2.
Altai-AC(config)# ip pool ippool2 available-interface 1-4
5.14.2.7
Configure Detection Time for Idle Users

Users accessed by DHCP+WEB will be charged once they pass the
authentication. To save spending, AC supports the function of idle-detection.
If user data flow is lower than flow threshold in detection time, then the users
will be regarded as an idle user and the accounting will stop. The detection
time is 900s, which could be changed by the following command.
Altai-AC(config)# ip dhcp idle-interval interval threshold threshold
Altai-AC(config)# ip dhcp idle-interval 600 threshold 30000
In the above example, the detection time is adjusted to 600s and the flow
threshold is 30000 bytes.
Notice:
If the detection time is 0, then AC will not detect users.
Altai-AC(config)# ip dhcp idle-interval 0
5.14.2.8
Check and Debug

1.
Show on-line users

TPS14-04_rev2.0
Altai-AC# show auth-user

String
2.
- NULL, or pool name, or domain name following with '@'

port
- port-id
vlan
- vlan-id
Show IP address assigned
Altai-AC# show dhcpuser
3.
Show users information
Altai-AC#
show user
String
4.
- user name, ip or mac
Force users off-line manually
Altai-AC# kick
List Elements
- kick mode(ip,user-name,mac,index)
String
5.
- ip user-name mac index
show dhcp ip assigned by manual release
Altai-AC# release
A.B.C.D
6.
5.15
- user's ip address
debug radius
NAT Configurations
NAT includes three types of static NAT, dynamic NAT, and PAT (Port
Address Translation). Static NAT is to map an internal private IP to external
legal IP permanently. Dynamic NAT is to map legal external IP to internal
network. PAT is to map internal IP to external IPs different port. Usually we use
PAT.
5.15.1
Static NAT
1.
Enable NAT function

Altai-AC(config)# ip nat router
2.
Define subinterface
Altai-AC(config-interface)#ip nat outside
For a notice, to configure a subinterface, you have to configure an IP for
the interface and then configure ip nat outside. If you want to delete
and modify the subinterfaces IP, you have to delete ip nat outside first,
delete the IP of interface, and then configure interfaces IP and ip nat
outside.

TPS14-04_rev2.0
3.
Configure static NAT

Altai-AC(config)#
255.255.255.255
ip
nat
static
inside
in_ipaddr
out_ipaddr
For example, map internal IP 172.16.1.100 to external IP 221.8.9.10.
Altai-AC(config)# ip nat static inside 172.16.1.100 221.8.9.10 255.255.255.255
5.15.2
Dynamic NAT
1.
Enbale NAT function

2.
Define subinterface
outside.
3.
Define NATinternal ip-pool

Altai-AC(config)# ip nat pool pool_name ip_address ipMask
Altai-AC(config)# ip nat pool In-pool 10.223.160.1 255.255.254.0
4.
Define NAT external ip-pool

Altai-AC(config)# ip nat pool Out-pool 221.1.2.3 255.255.255.128
5.
Bind internal ip-pool and external ip-pool

Altai-AC(config)# ip nat inside In_pool Out_pool overload
For a notice, to delete a nat pool, you have to depart internal ip-pool
and external ip-pool with no command and then delete ip-pool.
5.15.3
PAT
1.
Enable NAT function

2.
Define subinterface

TPS14-04_rev2.0
outside.
3.
Configure internal ip-pool

Altai-AC(config)# ip nat pool In-pool 10.223.160.1 255.255.254.0
4.
Configure external ip-pool

Altai-AC(config)# ip nat pool Out-pool 221.1.2.3 255.255.255.128
5.
Bind internal ip-pool and external ip-pool

Altai-AC(config)# ip nat inside In_pool Out_pool overload
5.16
5.16.1
Hot Standby Configurations

Overview
In upstream, the master AC and backup AC will occupy three IP in the
same network segment and two MAC address with VRRP protocol.
In operation and maintainence, the master AC and backup AC will use
different IP address and MAC address.
In business, the master AC and backup AC will use the other IP and the
same MAC.
The uplink port is open and the three IP address could be telnet.
In access side, the same port of master AC and backup AC share the same
MAC, but only the port on master AC will be open.
5.16.2
Command
1.
[no] vrgroup groupid

Modeconfig
Parametersgroupid virtual group ID, range from 1 to 16

TPS14-04_rev2.0
Descriptionconfigure virtual group
2.
[no] prioroty num

Modevrgroup
Parametersnumthe priority of virtual group, range from 1 to 255
Descriptionconfigure the priority of virtual group
3.
[no] adver-interval interval

Modevrgroup
Parametersinterval the heartbeat interval
Descriptionconfigure the heartbeat interval
4.
[no] track-port GigabitEthernet String priority num

Modevrgroup
ParametersStringlistener port
num the priority of binding port while the port is down ,the prioriry will
get low
5.
[no]preempt
Modevrgroup
Parametersenable preempt mode
6.
[no]threshold-priority num
Modevrgroup
Parameters: numthe priority of virtual group, range from 1 to 255
Descriptionconfigure the threshold for hot back group
7.
[no]attend A.B.C.D group groupid [vrip]

Modeconfigure subinterface
ParametersA.B.C.D subinterfaces IP
Groupid virtual group ID
Vrip optional parameter, with it, the IP will attend the group as a
virtual IP, otherwise the IP will be regarded as a real IP.
DescriptionConfigure IP for hot backup group, including virtual IP and
real IP. Add some IP to the group.
8.
[no] vrip A.B.C.D group groupid

TPS14-04_rev2.0
Modeconfigure subinterface
Parameters A.B.C.D-must be the same port in the same network
segment
Groupidmust be the group existed
Descriptionconfigure IP for hot backup group and add some IP to a
group
9.
Show hotstandby group-info Al l |current | groupid

ModePrivileged Mode
ParametersAl lshow all groups important information
Current show details of the running hot backup group
Groupidshow details of specified group
Descriptionshow groups information
WEB Configurations
6.1
Login by WEB
The URL is:https://10.1.1.310.1.1.3 is the IP of management platform
configured on Eth7.
The default user name is icac, and the password is icaclogin.
The login screen is displayed as follows.

TPS14-04_rev2.0
Figure 6-1
Access Controller Login Screen
The device supports three languages mode,Simplified Chinese

, Traditional
Chinese ,and English .You can select the language environment
needed.Please input the user name and password,and clickLogin.
The following screen will prompt.
The main menu includes:Basic Settings
Wireless
,
Settings
Wireless
,
Security,
WLAN,Online AP,Statistics,Rogue AP,LOG.icac Logged,
Change Password,andExitare in the right above.
Figure 6-2
Access Controller Main Menu
The following table will introduce the main menu.

TPS14-04_rev2.0
Table 6-1
Description of Access Controller Main Menu
Menu
Description
Basic Settings
The configuration of system essential information,

providing basic configuration of Altai AC like APs version
information management, loading version service
management and so on.
Wireless Settings
The configuration of wireless setting and capwap timer.
Wireless Security
The configuration of wireless security.
WLAN
The configuration of WLAN management.
Online AP
The configuration of online AP,including AP informations

view,and the configuration of AP issued.
Statistics
It provides statistics information of AP and user.
Rogue AP
It provides rogue AP scan switch,and displays rogue AP

list.
LOG
It provides operation log and security log.
Change Password
Change the password.
Save
Configuration
Click save button to save configurations.
Exit
Log out management platform, and return to login

screen.
The following chapters will introduce various function of WEB.
6.2
Basic Settings
ClickBasic Settings,and the following screen will prompt.
On this screen the following functions will be configured,including AC
Configuration
, AC Hotstandby
, Radius Server
, AS Server
, NTP Server,
SYSLOG Server
AP
,
Version
Version
,
Server
Routing
,
Ethernet
,
Interface
Information,WAPI Certificate,AC Advanced,Tunnel Configuration,
Multiple Access Boards Configuration , AC Upgrade , System
Information,andAC License.

TPS14-04_rev2.0
Figure 6-3
6.2.1
Basic Settings
AC Configuration
ClickBasic Settings/AC Configuration,and AC configuration screen will
prompt.

TPS14-04_rev2.0
Figure 6-4
AC Configuration
The configuration of AC in detail is displayed as follows.
Table 6-2
AC Configuration
Items
Description
AC Name
The name of AC.
AC IP Address
The IP address of AC.
Number
Connected APs
of
Number
Connected STAs
of
The number of AP connected.

The number of wireless user connected.
SNMP Community R
SNMP read-only command, and the default value is

public.
SNMP
R&W
SNMP read-write command, and the default is private.
AC Trap IP
Community
The IP address where the alarm message is sent.

TPS14-04_rev2.0
Items
6.2.2
Description
AC Trap IP2
The IP address where the alarm message is sent.You can

set two tra IP at the same time.
Trap Community
Trap command, and the default value is private.
SNMP Port R&W
SNMP read-write port,and the default value is 161.
Trap port
Trap port,and the default value is 162.
Loadbalance
On: Enable load balance function.

Off: disable the function, and it is the default option
User Isolation
On: Enable user isolation function.

Off: Disable the function, and it is the default option.
Last polling time
The last polling time.
Domain
The nation domain where the device located.
AC Authentication
AC supports eight authentications.

no-auth: No authentication.
eap-sim: Eap-sim authentication.
web: Web authentication.
eap-md5: Eap-md5 authentication.
simAndweb: SimAndweb authentication.
simAndmd5: SimAndmd5 authentication.
webAndmd5: WebAndmd5 authentication.
simAndwebAndmd5:
SimAndwebAndmd5
authentication.
Use MAC as Index
On: While network administrator collecting information,

use MAC as index.
Off:
While
network
administrator
collecting
information,use AP ID as index. This function is disabled by
default.
SNMP instantly collect
On: Enable SNMP instantly collecting switch.

Off: Disable the function and it is the default option.
Longitude
Please fill in the longitude as the sample format

displayed.
Latitude
Please fill in the latitude as the sample format displayed.
More
Click More, and the advanced setting screen will

prompt.
AC Hotstandby
Click Basic Configuration / AC Hotstandby , and AC hotstandby
configuration screen will prompt.

TPS14-04_rev2.0
Figure 6-5
AC Hotstandby
The following table will introduce the configuration parameters of AC

Hotstandby.
Table 6-3
Configuration Parameters of AC Hotstandby
Items
6.2.3
Description
AC Hotstandby
EnabledEnable hotstandby function

DisabledDisable hotstandby function
AP Cold Standby
EnabledEnable cold standby function

DisabledDisable cold standby function
Data
Synchronization
EnabledEnable cold standby function

DisabledDisable cold standby function
Preempt Mode
EnabledEnable preempt mode. Under

this mode, AC with high priority will
become master AC. If the priority is the
same, then the AC with bigger IP will
become master AC.
DisabledDisable preempt mode.
Local IP
The
heartbeats
address
which
communicated with the client.
Peer IP
The heartbeats address which

machine is linked to the client.
is
this
Radius Server
ClickBasic Settings/Radius Server,and radius servers configuration screen
will prompt.

TPS14-04_rev2.0
Figure 6-6 Radius List
Select one radius server configuration,clickModify,and the radius servers

edit screen will prompt.
Figure 6-7 Radius Servers Edit
The following table will introduce the configuration items.
Table 6-4
Radius Server Configuration
Items
Description
Type
Authentication: the radius server to realize

authentication function.
Account: the radius server to realize account
function.
Checking: the radius server to realize checking
function.
Priority
Priority choice: the primary radius server.

Reserve: the radius server reserved will be used
if priority server cant work.
IP Address
The IP address of radius server.
Port
The port of radius server.
Password
The password of account or checking

TPS14-04_rev2.0
Items
Description
Re-enter
password
6.2.4
Re-enter the password of radius server.
AS Server
ClickBasic Configuration/AS Server,and AC server configuration screen
will prompt.
6.2.5
Figure 6-8
AS Server Configuration
Table 6-5
AS Server Configuration
Items
Description
AS server IP
The IP address of AS server.
AS server port
The port of AS server.
NTP Server
ClickBasic Settings/NTP Server,and NTP configuration screen will
prompt.

TPS14-04_rev2.0
Figure 6-9
AC NTP Configuration
Table 6-6
AC NTP Configuration
Items
6.2.6
Description
NTP Server
On: Set AC as NTP server, and AP or other client

will e synchronize with AC.
Off: AC is not set as NTP server.
NTP Client
On: Set AC as NTP client, and it will synchronize

with NTP server automatically.
Off: AC is not set as NTP client.
Server 1
The IP address of NTP server.
Server 2
Server 3
Sync Interval
AC will synchronize with NTP server as the time

setting passed.
SYSLOG Configuration
ClickBasic Settings/SYSLOG Configuration,and SYSLOG configuration
screen will prompt.
Figure 6-10

TPS14-04_rev2.0
Table 6-7
6.2.7
Items
Description
Syslog Level
Emergency: System logs like the system cant

work.
alert: Alarm logs like the system will shut down.
critical: important logs like users login and log out.
error: The error logs like some process goes wrong.
warning: Warning logs like users authentication is
failed.
notice: Notice logs like system needs to be
updated.
informational: informational logs like the records
of IP visited.
debug: Debug logs.
IP Address
The IP address of syslog server.
Port
The port of syslog,and the default port is 514.
Operation
ClickApply,and the SYSLOG configuration will

be used.
AP Version
ClickBasic Settings/AP Version, and AP version configuration screen will
prompt.
Figure 6-11
Table 6-8
AP Version Information Edit
AP Version Information Edit
Items
Description
Manufacturer
Manufacturer information.
Device Type
Device type information.

TPS14-04_rev2.0
Items
6.2.8
Description
Hardware
Version
Hardware version information.
Update Type
1: Firmware. If there is no need to update,

please choose this option.
2: Software. Update through software.
3: Configuration file. Update through
configuration file.
Update
Feature
The description of update feature.
Target
Update
Feature
The description of target update feature.
Upload Ways
It includes WEB upload and manual upload.
Path Type
Full path
Relative path
Target
Updated File
ClickBrowse,and select target update file.
Version Server
ClickBasic Settings/Version Server,and version server configuration screen
will prompt.
Figure 6-12
Version Server List
Select a list,clickModify,and version server edit screen will prompt.
Figure 6-13
Version Server Edit

TPS14-04_rev2.0
The following table will introduce the version server edit.
Table 6-9
Version Server Edit
Items
6.2.9
Description
Server IP
The IP address of version server.
Port
The port of verion server.
UserName
Please input the user name.
Password
Please input the password.
Confirm
Password
Please input the password again.
Transfer
Protocol
AC supports four transfer protocols.

ftp
tftp
http
https
Routing
ClickBasic Settings/Routing,and route information of management
platform screen will prompt.
Figure 6-14 Route Information of Management Platform
ClickAdd,and the management platform route edit screen will prompt.
Figure 6-15 Management Platform Route Edit
The following table will introduce the management platform route edit.

TPS14-04_rev2.0
Table 6-10 Management Platform Route Edit
Items
6.2.10
Description
Destination IP
The destination IP
Netmask
The subnet network netmask
Next hop
The next hop network address
Ethernet Interface Information

ClickBasic Settings/Ethernet Interface Information,and ethernet interface
information screen will prompt.
Figure 6-16 Ethernet Interface Information
Notice: The information on screen of read-only cant be added, modified

and deleted.
6.2.11
WAPI Certificate
ClickBasic Settings/WAPI Certificate,and WAPI certificate screen will
prompt.
Figure 6-17 WAPI Certificate
ClickAddto prompt the following screen.
Figure 6-18 WAPI Certificate Edit

TPS14-04_rev2.0
The following table will introduce WAPI certificate edit.
Table 6-11 WAPI Certificate Edit

Items
6.2.12
Description
Certificate Type
There are three certificate types

Server
AP
CA
Path Type
Relative path
Full path
Certificate
Uploading
ClickBrowse,and select the certificate

need to be uploaded.
AC Advanced
ClickBasic Settings/AC Advanced,and AC advanced screen will prompt.
Figure 6-19 AC Advanced
The following table will introduce AC advanced.

TPS14-04_rev2.0
Table 6-12 AC Advanced
Items
Description
AC
Configuration
Export
ClickDownload,and the AC configuration

will be exported.
AC
Configuration
Import
ClickBrowseto select the configuration file

to be imported,and clickImport.
Select
Configuration
to Reset
You can select the following configuration.

Business configuration: The configuration on
the screenexcept for AC name.
System configuration: The configuration of
management platform.
Factory Reset
ClickResetto reset default configurations.,
Reboot AC
ClickReboot,and it will reboot AC.
Warning:
To restore the factory default, and restart AC will affect the running business.
Please do not do such operation at will.
6.2.13
Tunnel Configuration
ClickBasic Settings/Tunnel Configuration,and tunnel configuration screen
will prompt.
Figure 6-20 Tunnel Configuration
The following table will introduce the tunnel configuration items.
Table 6-13 Tunnel Configuration

Items
Mode Switch
Description
On: Enable tunnel mode.

TPS14-04_rev2.0
Items
Description
Off: Disable tunnel mode.
6.2.14
Access
Platform IP
IP address of access platform which enables

tunnel mode
Port
The default port is 5248.
Forwarding
Type
It supports three tunnel modes.

1-MACBridge
2-Reserve
3-802.11 frame tunnel mode
Switch of Data
Synchronization
On: Enable data synchronization function.

Off: Disable data synchronization function.
Multiple Access Boards Configuration

ClickBasic Settings/Multiple Access Boards Configuration,and the
following screen will prompt.
Figure 6-21 Multiple Access Boards Configuration
ClickNew Access Boardto prompt the following screen.
Figure 6-22 Multiple Access Boards Configuration
The following table will introduce multiple access boards configuration.
Table 6-14 Multiple Access Boards Configuration

Items
Slot No.
Description
The slot number of access board.

TPS14-04_rev2.0
Items
Access
IP
6.2.15
Description
Board
The IP address of access board.
Port
The port that access platform and

management platform to communicate.
Tunnel
address(IPv4)
The Tunnel IP address in the form of IPv4
Tunnel
address(IPv6)
Tunnel IP address in the form of IPv6.
Tunnel port
The tunnel port number.
Tunnel Switch
On: Enable tunnel.

OffDisable tunnel.
Password(R)
Read-only command,and the default value

is public.
Password(R&W)
Read-write command,and the default value

is private.
AC Upgrade
ClickBasic Settings/AC Upgrade,and AC Upgrade screen will prompt.
The following table will introduce AC upgrade items.
Table 6-15 AC Upgrade

Items
Description
AC Version
AC supports version 0 and version 1.

ClickSet as Current Version,and the version
selected will be set as current version.
AC Version
Upload
Click Browse to select files need to be

updated,and clickUpload.
Upgrade successfully screen will prompt.
Figure 6-24 AC Upgrade Success

TPS14-04_rev2.0
6.2.16
System Information
ClickBasic Settings/System Information,and system information screen
will prompt.It is the read-only screen.
Figure 6-25 System Information
ClickRefresh,and you can acquire the newest system information.
6.2.17
AC License
ClickBasic Settings/AC License,and AC license screen will prompt.
Figure 6-26 AC License

TPS14-04_rev2.0
The following table will introduce AC license parameter settings.
Table 6-16 AC License Parameter Settings

Items
Description
Device serial
Number
The serial number of device.ClickDownload

Device Fileto export device file.
Status
The status of License.Please click Refresh

Informationto update license information.
Max
Number
6.3
AP
The max number of AP supported.
AC Device
Model
The model of AC device.
Hotstandby
Support(y/n)
Whether to support hotstanfby function or not.
Device ID
Number of the device.
Upload
License File
ClickBrowseto select the file needed,and

clickUploadto upload the files.
Wireless Settings
Wireless settings includesWireless Basic,Wireless Advanced,Wireless
Channel,Payloadbalance,AP Background Scan,CAPWAP Timer.

TPS14-04_rev2.0
They are global configurations to AP. The following part will introduce them
independently.
6.3.1
Wireless Basic
ClickWireless Settings/Wireless Basic,and Wireless basic settings screen
will prompt.
Figure 6-27 Wireless Basic Settings
The following table will introduce wireless basic settings.
Table 6-17 Wireless Basic Settings

Items
Description
Radio ID
Select the radio id of AP.
RF Switch
On: Enable RF, and wireless user can search to

the SSID issued.
Off: Disable RF, and wireless user can not
search to the SSID issued.
Power
Configuration
There are three ways.

Adjust Power Automat: When nearby AP power
increases,
the
device
power
will
decrease.When nearby AP power weaken, the
device will increase, which is up to the change
of environment.

TPS14-04_rev2.0
Items
Description
Percentage: Work in the designated power.
Actual Power: Work in the actual power.
Auto Power
Adjustment
Interval
AP power will be adjusted as the time interval

passed, and the default unit is minute.
Wireless
Mode
There are eight wireless rate modes to be

selected.
802.11b Only(2.4G)
802.11g Only(2.4G)
802.11n Only(2.4G)
802.11b and 802.11g (2.4G)
802.11n
802.11b and 802.11g (2.4G)
802.11a Only(5G)
802.11n and 802.11a (5G)
Work Rate
There are thirteen work rate to be selected.

Select Automatically: AP work rate is related
with the environment like the direction and
distance of antenna.
1Mbps
2Mbps
5.5Mbps
6Mbps
9Mbps
11Mbps
12Mbps
18Mbps
24Mbps
36Mbps
48Mbps
54Mbps
11N
Rate
802.11n RF rate configures by MCS (Modulation

and Coding Scheme) index value to
realize.There are seventeen 11N work rate to
be selected.
AutoAP selects work rate independently.
MCS Index0
MCS Index1
MCS Index2
MCS Index3
MCS Index4
MCS Index5
MCS Index6
MCS Index7
MCS Index8
MCS Index9
MCS Index10
MCS Index11
MCS Index12
MCS Index13
MCS Index14
MCS Index15
Work
Space Flow
There are four space flows to be selected.

1*1
2*2

TPS14-04_rev2.0
Items
Description
3*3
4*4
Channel
Bandwidth
There are four channel bandwidths to be

selected.
20MHz
Auto 20/40 MHz20MHz40MHz self-adaption
40-MHz
40+MHz
Guard
Interval
There two settings to be selected.

Long800us
Short400us
A-MPDU
On: Enable A-MPDU function to increase the

wireless network throughput.
Off: Disable A-MPDU function.
A-MSDU
On: Enable A-MSDU function to increase MAC

transmission efficiency.
Off: Disable A-MSDU function.
11N
Mode
6.3.2
Work
There are two 11N work modes to be selected.

HT-Mixed
HT-Greenfield
Wireless Advanced
ClickWireless Settings/Wireless Advanced,and wireless advanced settings
screen will prompt.
Figure 6-28 Wireless Advanced Settings
The following table will introduce wireless advanced settings items.
Table 6-18 Wireless Advanced Settings

TPS14-04_rev2.0
Items
Layer2
port-isolate
Select layer 2 port-isolate mode.

Layer 2 Isolation Disabled
Isolate Unicast
Isolate Multicast
Isolate Broadcast
Isolate All
IGMP
SNOOPING
Enabled:
function.
Disabled:
function.
Pre-certification
Enabled: Enable pre-certification function.

Disabled: Disable pre-certification function.
Roaming
Enabled: Enable roaming function.

Disabled: Disable roaming function.
Detection Time
for Roaming
Input the detection time for roaming,and

the default unit is seconds.
Uplink Integrity
Disabled
Disconnect of AP Uplink
Disconnect of AP/AC CAPWA
Disconnect of link to a Certain
Action
Close AP RF
Reboot AP
NTP
Address
Server
NTP Synchronous
Interval
6.3.3
Description
Enable
IGMP
SNOOPING
Disable
IGMP
SNOOPING
NTP server IP address.

NTP synchronous interval.The default unit is
minutes, and the default range value is
1-1092.
Wireless Channel
Click Wireless Settings / Wireless Channel ,and wireless channel
Figure 6-29 Wireless Channel Configuration

TPS14-04_rev2.0
The following table will introduce wireless channel configuration items.
Table 6-19 Wireless Channel Configuration

Items
6.3.4
Description
Radio ID
1
2
Auto
channel
adjustment
Enabled: Enable auto channel adjustment

function,and
AP
will
select
channel
automatically.
Disabled: Disable auto channel adjustment
function.
Adjustment
Mode
Adjust when starts.

Periodic adjustment.
Adjustment
Interval
Input adjustive interval, and the default unit is

minutes.
Minimum
signa
standards
Input minimum signa standards.The default unit

is dbm,and the range is from -90 to 10.
Payloadbalance
Click Wireless Settings / Payloadbalance ,and payloadbalance
Figure 6-30 Payloadbalance Configuration
The following table will introduce payloadbalance configuration items.
Table 6-20 Payloadbalance Configuration

TPS14-04_rev2.0
Items
Description
Payloadbalance
Switch
Enabled:
Enable
payloadbalance
function.When the number of user reaches
to a certain amount, payloadbalance
among APswill be adjusted automatically.
Disabled:
Disable
payloadbalance
function.
Payloadbalance
Type
User: Payloadbalance among

decided by the number of user.
Flow: Payloadbalance among
decided by flow.
Started
Threshold
Access Users
of
Enable payloadbalance function when

the threshold set is exceeded.
User
Control
Deviation
of
Load Balance
When user control deviation of load

balance is exceeded, new access user will
be related to the AP with lower load.
User Threshold
When user threshold is exceeded,

payloadbalance function will take no
effect
APs
is
APs
is
For example, suppose theconfiguration is set as follows, it stands for tthat the
payloadbalance function will be enabled when the flow value is 0kbps
between the two usersat least 2.If the flow d-value is 500kbps among users,
and the newcomer will be connected to the lower flow AP. When the flow is
more than 1000000000 KBPS, payloadbalance will take no effect.
Figure 6-31 Payloadbalance Configuration by Flow Control
6.3.5
AP Background Scan
Click Wireless Settings / AP Background Scan ,and AP background
scanning screen will prompt.

TPS14-04_rev2.0
Figure 6-32 AP Background Scanning
The following table will introduce payloadbalance configuration parameters.
Table 6-21 AP Background Scanning

Items
6.3.6
Description
Radio ID
Input radio ID,and the range is 1~31.
Scanning
Channel
All-Channel
111b/g)
211b/g)
311b/g)
411b/g)
511b/g)
611b/g)
711b/g)
811b/g)
911b/g)
1011b/g)
1111b/g)
1211b/g)
1311b/g)
14911a)
15311a)
15711a)
16111a)
16511a)
Scanning
Enable
On: Enable backgrounf scanning function.

Off: Disable backgrounf scanning function.
Scanning
Cycle
Input scanning cycle.The default

second,and the range is 0~65535.
unit
is
CAPWAP Timer
ClickWireless Settings/CAPWAP Timer,and CAPWAP timer configuration
screen will prompt.

TPS14-04_rev2.0
Figure 6-33 CAPWAPTimer Configuration
The following table will introduce CAPWAP timer configuration items.
Table 6-22 CAPWAP timer configuration

Items
6.4
Description
Echo Timer
The interval time for AP to send keep alive

message.
Discovery
Timer
No definition.
Keep-alive
time for AC
The time for AC to detect AP.
Wireless Security
Wireless security mainly includesMAC Filter,WLAN Security,Intrusion
Detection Settings , Dynamic Blacklist .The function in detail will be
introduced as follows.
6.4.1
MAC Filter
ClickWireless Security/MAC Filter,and MAC filter screen will prompt.
Figure 6-34 MAC Filter

TPS14-04_rev2.0
The following table will introduce MAC filter configuration items.
Table 6-23 MAC Filter

Items
6.4.2
Description
MAC
Address 1
Input MAC address like AA-BB-CC-DD-EE-FF.
MAC
Address 2
MAC
Address 3
MAC
Address 4
WLAN Security
ClickWireless Security/WLAN Security,and WLAN security policy list screen
will prompt.
Figure 6-35 WLAN Security Policy List
ClickAddto prompt WLAN security policy configuration screen.

TPS14-04_rev2.0
The following table will introduce WLAN security policy configuration items.
Table 6-24 WLAN Security Policy

Items
Description
Security Policy
ID
The ID for security policy, which is generated

automatically.
Security Policy
Name
Input security policy name.
Security Mode
Please enter the security mode.

WEP
802.11i
WAPI
Authentication
Mode
If 802.11i is selected as security mode, and

two authentication modes will be displayed
as follows.
WPA/WPA2-PSK
WPA/WPA2(EAP)
if WAPI is selected as security mode, and two
authentication modes will be displayed as
follows.
WAPI-PSK
WAPI
Certificate(Primary
install
wap
certificate)
Key Length
64bit
128bit
152bit
Key Type
ASCII
Encryption
Method
SMS4
AES
TKIP
Key
Input the key.
Index
of
Default Key
Key 1: The default key is key 1.


TPS14-04_rev2.0
Items
Description
6.4.3
Key 1
Please input key 1.
Key 2
Please input key 2.
Key 3
Please input key 3.
Key 4
Please input key 4.
Intrusion Detection Settings

ClickWireless Security/Intrusion Detection Settings,and intrusion detection
settings screen will prompt.
Figure 6-36 Intrusion Detection Settings
The following table will introduce intrusion detection settings.
Table 6-25 Intrusion Detection Settings

Items
Description
Spoofing
Attack
Detection
Switch
Enabled: Enable spoofing attack detection

function.
Disabled: Disable spoofing attack detection
function.
Flood Attack
Detection
Switch
Enabled:
function.
Disabled:
function.
Flood Attack
Detection
Threshold
Set flood attack detection threshold,and the

range value is 1-6000.
Dynamic
Blacklist
Enabled:
Enable
dynamic
blacklist
function.When the number of flood attack
Enable
flood
attack
detection
Disable
flood
attack
detection

TPS14-04_rev2.0
Items
Switch
Dynamic
Blacklist alive
time
6.4.4
Description
detected is more than the threshold, the user will
be pulled into blacklist.
Disabled: Disable dynamic blacklist function.
Set dynamic blacklist alive time.The default unit
is second, and the range is 60-3600.
Dynamic Blacklist
ClickWireless Security/Dynamic Blacklist,and dynamic blacklist screen
will prompt.
Figure 6-37 Dynamic Blacklist
Select an invasion MAC,and clickAdd to static blacklist.The MAC will be

saved in the blacklist permanently.
Select Attack Type ,and MAC address under the attack type will be
displayed.The attack type which the device supports includes flood
attack(Unknown
Type),flood
attack(Authentication),flood
attack(Deauthentication),flood
attack(Assocation),flood
attack(Disassocation),flood
attack(Reassocation),flood
attack(Probe
Request),flood attack(null data),flood attack(action),spoof attack(Unknown
Type),spoof attack(Authentication),spoof attack(Deauthentication),spoof
attack(Assocation),spoof attack(Disassocation).
6.5
WLAN
WLAN mainly includesAP Configuration,WLAN Groups,Time Policy
Groups,AP Policy Apply,WLAN-VLAN Association.The function in detail
will be introduced as follows.

TPS14-04_rev2.0
6.5.1
AP Configuration
ClickWLAN/AP Configuration, and AP Configuration screen will prompt.
Figure 6-38 AP Configuration
The screen will display AP group information, supporting information displayed

after filtering and informations export. For example:
Step one,ClickImport CSV file,and the following screen will prompt.
Step two,ClickBrowse,and you can select CSV file needed.Please click

Upload,and the following screen will prompt.
Step three,ClickAdd Importto add new AP group informton.ClickAll

Replace,and the old AP group information will be replaced. Click add
import button,and the following screen will prompt.
ClickConfirm,and the following screen will prompt.

TPS14-04_rev2.0
Step four,ClickReturn,and upload the system file successfully.
Warning:
ClickDownload CSV Sampleto acquire instruction in detail of CSV file
layout.Youd better download this file in orde to avoid uploading abnormally.
ClickAdd AP+,and the following screen will prompt.
The following table will introduce AP configuration items.
Table 6-26 AP Configuration

Items
Description
AP
MAC
Address
The MAC address of AP. Please fill in the

form of 00-18-7D-09-16-49.
AP Group
Default Group: AP group is the default

group.
Test Group: AP group is the test group.
AP Number
AP number.
Location
APs geographic location
AP Name
APs name
Description
APs description

TPS14-04_rev2.0
6.5.2
WLAN Groups
ClickWLAN/WLAN Groups, and WLAN group configuration screen will
prompt.
Figure 6-39 WLAN Group Configuration
This screen displays the WLAN group.ClickEdit Group,and modify WLAN

group information.Input new WLAN group name ,and clickAddto add new
group.
Click the default groupsEdit Group,and the following screen will prompt.
ClickAdd,and WLAN configuration screen will prompt.

TPS14-04_rev2.0
The following table will introduce WLAN configuration.
Table 6-27 WLAN Configuration

Items
Description
WLAN ID
WLANs ID number, which is generated

automatically.
WLAN Group
WLAN group
automatically.
Security Mode
Open: Disable encryption mode.

WEP: Enable WEP encryption mode. To
enable WEP mode, you have to create a
WEP
strategy
in
WLAN
security
configuration.
802.11i: Enable 802.11i encryption mode.
To enable WEP mode, you have to create
which
is
generated

TPS14-04_rev2.0
Items
Description
a WEP strategy in WLAN security
configuration WAPI Enable WAPI
encryption mode.
Security Policy
Select the SSID

configured
in
configuration.
SSID
WLANs SSID.
SSID Mode
Broadcast: Broadcast WLANs SSID, and

the user can search to the WLAN.
Hide: The user cant search to the WLAN.
Vlan ID
VLANs ID.
QoS
Enabled: Enable QoS function to optimize

quality of the network service.
Disabled: Disable QoS function.
Max number of
users
The max number of users which is allowed

to access.
MAC
policy
OPENSet no filtering strategy.

Whitelist: The MAC address of whitelist can
access WLAN.
Blacklist: he MAC address of whitelist can
not access WLAN.
Filtering
of
security
WLAN
strategy
security
Flow control
AC supports three flow control modes.

Fixed flow
Guaranteed minimum flow
Based on the number of users
Downlink
SSID
Flow
Limit/Guarantee
Configure downlink flow control based on

SSID.
Downlink
User
Flow
Limit/Guarantee
Configure downlink flow control based on

users connected to the SSID.
Uplink SSID Flow

Limit/Guarantee
Configure uplink flow control based on

SSID.
Uplink User Flow

Limit/Guarantee
Configure uplink flow control based on

users connected to the SSID.
Tunnel Mode
Local Forwarding.
Concentrated
Forwarding:
To
use
concentrated forwarding fucntion, you
have to
enable the tunnel modefirst.
And the VLAN ID should not be
configured as 0.
EAP Auth Type
Select EAP authentication type.
Auth
MAC
The MAC
server.
Service
address
of
authentication

TPS14-04_rev2.0
6.5.3
Time Policy Groups

ClickWLAN/Time Policy Groups, and time policy group screen will
prompt.
Figure 6-40 Time Policy Group
Input the name of time policy group,and clickAddto add new entry.Select
a entry need to modify, clickEdit group,and the following screen will
prompt.
Figure 6-41 Time Policy Group
The following table will introduce time policy group items.
Table 6-28 Time Policy Group

Items
Description
Policy ID
Policy ID.
Policy Name
Name of the policy.
Policy Type
Day
Week
Month
Year
All day
not
Yes: Policy applys to every day.

No: Please set start time and end time.
or
Start Time
The time when policy takes effect.
End Time
The time when policy lose effectiveness.
Week
Select the week when the plocy take effect.
Month
Select the month when the policy take effect.
Day
Select the day when the policy take effect.
Operation
Save: Save the time policy.

TPS14-04_rev2.0
6.5.4
AP Policy Apply
ClickWLAN/AP Policy Apply, and AP policy apply screen will prompt.
Figure 6-42AP AP Policy Apply
On this screen WLAN group can be associated with different limit policies.
6.5.5
WLAN-VLAN Association
ClickWLAN/WLAN-VLAN Association, and WLAN-VLAN association
screen will prompt.
Figure 6-43 WLAN-VLAN Association
On this screen WLAN group can associate to relevant VLAN group.
6.6
Statistics
Statistics mainly includesAP Information,AP Upgrate,Wireless
Interface Statistics,Wireless Users Statistics,Intrusion Detection Statistics,
Statistica Report Cycle. The function in detail will be introduced as follows.

TPS14-04_rev2.0
6.6.1
AP Information
ClickStatistics/AP Information,and AP information screen will prompt.
Figure 6-44 AP List
The following table will introduce AP information configuration items.
Table 6-29 AP List

Items
Description
AP ID
APs ID
MAC
Address
APs MAC address
IP Address
APs IP address
AP Group
AP group
AP Name
APs name
FP NO.
The RF number of AP
Online Time
APs online time
Start Time
The time AP starts up
Last 3 Join
Time
The last three timeof APs joining
Join Reason
Reason of APs joining.
Status
ALL: Display APs status.

Configuration: Display APs in the configuration
status.
Run: Display APs in the run status.
Idle: Display APs in the Idle status.
Details
Click Details to show detail information ,

including AP basic information , wireless
configuration,
software
and
hardware
configuration, and user information list.
Select the AP need to be set,and clickLoad Balanceto configurate load

balance.
Select the AP need to be set,clickSecurity Mode,and the following screen
will prompt.
Figure 6-45 AP Security Mode

TPS14-04_rev2.0
There are three security modes to select, including 802.11i, WAPI, API&802.11i.
Select AP need to be set, clickParameters of AP Online Scanning,and the
following screen will prompt.
Figure 6-46 Parameters of AP Online Scanning
Table 6-30 Parameters of AP Online Scanning

Items
Description
Radio ID
Select the radio id need to be set.
Scanning
Channel
11a: Select a channel like Full Channel,

149,153,157,161,165 to realize scanning.
11b/g: Select a channel like Full Channel, 1-13
channels to realize scanning.
Scanning
Mode
Passive Scanning
Positive Scanning: The AP scans other APs
nearby positively.
Stop Scanning: Stop scanning operation.
Scanning
Cycle
Cycle of scanning.The unit is second, and the

range is from 0 to 65535.
ClickRecovery Factory Setto reset all the APs.

ClickSystem Reboot,and reboot the AP selected.

TPS14-04_rev2.0
6.6.2
AP Software Upgrade
ClickStatistics/AP Software Upgrade,and AP information screen will
prompt.
Figure 6-47 AP Software Upgrade
ClickSoftware Upgrade Setting,and the following screen will prompt.
Figure 6-48 Configuration of AP upgrading
The following table will introduce configuration of AP upgrading.
Table 6-31 Configuration of AP upgrading

Items
Description
Retries when
it fails
The number of retry after upgrading fails
Numbers of
Simultaenous
AP
The number of APthatupgradsat the same

time.
Time
of
upgrading
timeout
The time for AP to update. If AP does not

successfully upgrade during this time, then the
upgrade fails
Click the button on the left of screen, and the following functions can be
realized.
ClickUpgradingto upgrade AP by software.
ClickCancel upgrading software,and cancel upgrading command like
APs status is waiting for upgrade or is upgrading and so on.

TPS14-04_rev2.0
ClickUpgrade configured fileto update AP by configured file.
ClickUpgrade WAPI certificateto update AP by WAPI certificate.
ClickReboot APto restart AP.
6.6.3
Wireless Radio Statistics

ClickStatistics/Wireless Radio Statistics,and wireless radio statistics
screen will prompt.
Figure 6-49 Wireless Radio Statistics
ClickWireless Mode Configuration,Wireless Channel Configuration,

Wireless Power Configuration,and the AP selected can be configurated
for wireless mode,channel or power. Please refer to 5.3.1 wireless settings
basic configuration and 5.3.3 wireless channel configuration to get
parameters introduction in detail.
6.6.4
Wireless User List

ClickStatistics/Wireless User List,and wireless user list screen will prompt.
Figure 6-50 Wireless User List
The following table will introduce wireless user list items.
Table 6-32 Wireless User List

Items
Description
AP IP
APs IP address
AP MAC
APs MAC address
Access
IP address of the access platform.

TPS14-04_rev2.0
Items
Description
Platform IP
6.6.5
User
MAC
Address
MAC address of the user.
SSID
WLAN SSID which is used
Session Id
Session ID which is used
Tunnel Id
The tunnels ID
Upline Time
Online time
Intrusion Detection Statistics

ClickStatistics/Intrusion Detection Statistics,and intrusion detection
statistics screen will prompt.
6.6.6
Cycle of Reporting AP Statistics

ClickStatistics/Cycle of Reporting AP Statistics,and cycle of reporting
AP statistics screen will prompt.
Figure 6-51 Cycle of Reporting AP Statistics

TPS14-04_rev2.0
6.7
Rogue AP
Rogue AP mainly includesRogue AP,Permitted BSSID List,Permitted
SSID List. The function in detail will be introduced as follows.

TPS14-04_rev2.0
6.7.1
Rogue AP
ClickRogue AP/Rogue AP,and rogue AP list screen will prompt.
Figure 6-52 Rogue AP List
Enable rogue AP scanning function, and configure the 5.2.5 AP background

scanning fucntion at the same time will realize the function of rogue AP
scanning.
The following table will introduce rogue AP configuration items.
Table 6-33 Rogue AP Configuration

Items
6.7.2
Description
BSSID
Rogue APs BSSID
SSID
Rogue APs SSID
Radio ID
Rogue APs radio id
Channel
Rogue APs channel
Signal
Strenth(dBm)
Rogue APs signal strength
SNR
Rogue APs SNR
Data
Transfer Rate
Rogue APs transfer rate
MAC
Address
The MAC address of scanning AP.
AP Type
Display the scanned AP type. Generally the AP

displayed is rouge AP.
Permitted BSSID List

ClickRogue AP/Permitted BSSID List,and permitted BSSID list screen
will prompt.
Figure 6-53 Permitted BSSID List

TPS14-04_rev2.0
Choose a BSSID in the rogue AP list to add in permitted BSSID list, and the
corresponding rogue AP will be turned into the lawful AP.
6.7.3
Permitted SSID List

ClickRogue AP/Permitted SSID List,and permitted SSID list screen will
prompt.
Figure 6-54 Permitted SSID List
Choose a SSID of rogue AP to add in permitted SSID list, and the

corresponding rogue AP will be turned into the lawful AP.
6.8
LOG
Log mainly includesOperation Log
, Operation Log Hold Time
, Alarm
Log,AP Log,Intrusion Detection Log. The function in detail will be
introduced as follows.
6.8.1
Operation Log
ClickLOG/Operation Log,and operation log screen will prompt.
Figure 6-55 Operation Log Search

TPS14-04_rev2.0
This screen can query user operation log,including User Login,WLAN,User

Quit,Group Policy,Basic Settings,AP Group List,Rogue AP.Select the operation
need to search in the Operation Type option. For example,select
userlogin ,clickSearch,and the following screen will prompt.
Figure 6-56 Operation Log Query Results
ClickRemote Save +,and log will be uploaded to the FTP server specified.
Figure 6-57 Log Saving Remote FTP Server

TPS14-04_rev2.0
6.8.2
Operation Log Hold Time

ClickLOG/Operation Log Hold Time,and operation log hold time
screen will prompt.
Operation log hold time can be set on this screen,and the unit is day.
6.8.3
Alarm Log
ClickLOG/Alarm Log,and alarm log screen will prompt.
Figure 6-58 Alarm Log
ClickDownloadand log can be saved to the location.
6.8.4
AP Log
ClickLOG/AP Log,and AP log screen will prompt.
Figure 6-59 AP Log

TPS14-04_rev2.0
Enable SYSLOG switch,and SYSLOG server can be configured.
6.8.5
Intrusion Detection Log

ClickLOG/Intrusion Detection Log,and intrusion detection log screen will
prompt.
Figure 6-60 Intrusion Detection Log

Altai Access Controller Configuration Manual - v2.0

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Altai Access Controller Configuration Manual - v2.0

Caricato da

Copyright:

Formati disponibili

ALTAI ACCESS CONTROLLER

Access Controller Configuration Manual

About this document

Introduce the document briefely

Chapter2 Product Introduction

Introduce the product

Altai Technologies Ltd. All rights reserved

Access Controller Configuration Manual

PRODUCT INTRODUCTION ............................................................................................... 3

SYSTEM FEATURES ............................................................................................................. 3

PROTOCOL SUPPORT ............................................................................................. 3

USER MANAGEMENT AND BUSINESS SUPPORT .................................................... 4

NETWORK SECURITY ............................................................................................... 4

NETWORK MANAGEMENT ..................................................................................... 5

PREPARATION BEFORE INSTALLATION............................................................................. 6

PRECAUTIONS BEFORE OPERATION...................................................................... 6

ENVIRONMENT REQUIREMENTS ............................................................................. 6

INSTALLATION SAFETY REQUIREMENTS.................................................................. 6

TOOLS NEEDED ....................................................................................................... 7

INITIAL CONFIGURATION ................................................................................................. 8

CLI OVERVIEW ........................................................................................................ 8

LOGIN ACCESS PLATFORM ................................................................................. 14

Altai Technologies Ltd. All rights reserved

Access Controller Configuration Manual

LOGIN MANAGEMENT PLATFORM ..................................................................... 15

SYSTEM UPDATE .................................................................................................... 16

UPLOAD/DOWNLOAD CONFIGURATION FILES................................................. 24

GLOBAL CONFIGURATIONS ................................................................................ 25

INTERFACE CONFIGURATIONS ............................................................................ 26

RADIUS CONFIGURATIONS .................................................................................. 29

5.10 DOMAIN CONFIGURATIONS ............................................................................... 31

Altai Technologies Ltd. All rights reserved

Access Controller Configuration Manual

WEB CONFIGURATIONS ................................................................................................. 50

LOGIN BY WEB ...................................................................................................... 50

BASIC SETTINGS ..................................................................................................... 52

Altai Technologies Ltd. All rights reserved

Access Controller Configuration Manual

WIRELESS SETTINGS ............................................................................................... 69

WIRELESS SECURITY ............................................................................................... 77

Altai Technologies Ltd. All rights reserved

Access Controller Configuration Manual

Altai Technologies Ltd. All rights reserved

Access Controller Configuration Manual

System Booting .......................................................................................................... 11

Auto-boot proceduremanagement platform............................................... 11

Figure 5-4 Configure the DialogAccess Platform ............................................................ 13

Topology under ROM MONITOR Update ............................................................... 17

Figure 5-10 the Topology for Update by FTP ........................................................................... 19

Access Controller Login Screen .............................................................................. 51

Access Controller Main Menu ................................................................................. 51

Figure 6-3 Basic Settings ............................................................................................................. 53

Radius List ................................................................................................................... 57

Radius Servers Edit..................................................................................................... 57

AS Server Configuration ........................................................................................... 58

AC NTP Configuration .............................................................................................. 59

Figure 6-10 SYSLOG Configuration............................................................................................ 59

Altai Technologies Ltd. All rights reserved

Access Controller Configuration Manual

Altai Technologies Ltd. All rights reserved

Access Controller Configuration Manual

Description of Access Controller Main Menu......................................................... 52