From wiliGear wiki

Contents 1 Introduction 2 WILI AP Access 3 General Skin Operation 3.1 Refresh 3.2 Apply 3.3 Save & Reboot 4 WILI AP Skin Structure 4.1 Status 4.1.1 System Information 4.1.2 Interfaces 4.1.3 Wireless Statistics 4.1.4 Routes 4.1.5 ARP Table 4.2 Configuration 4.2.1 Network Settings 4.2.2 Radio Settings 4.2.3 VAP (Virtual AP) Settings 4.2.4 Wireless ACL 4.2.5 Services 4.2.5.1 SSH 4.2.5.2 Syslog 4.2.5.3 HTTP Settings 4.2.6 Expert Settings 4.3 System 4.3.1 Administrative Account 4.3.2 License 4.3.3 Skins 4.3.4 Management 4.3.4.1 RCMS Settings 4.3.4.2 Friendly Name 4.3.4.3 SNMP Settings 4.3.4.4 Clock/NTP 4.3.5 Maintenance 4.4 Tools 4.4.1 Site Survey 4.4.2 Traffic Generator 4.4.3 Traffic Monitor 4.5 Logout 5 WILI AP Configuration Sample 5.1 Step 1. Login to the WILI AP 5.2 Step 2. Change administrator’s login credentials 5.3 Step 3. Setup IP Settings 5.4 Step 4. Country Code Selection 5.5 Step 5. Setup ath0 5 GHz Radio (IEEE mode A) 5.6 Step 6. Setup ath1 2.4 GHz Radio (IEEE mode G) 5.7 Step 7. Create VAP0 on the ath0 5 GHz Radio 5.8 Step 8. Create VAP1 on the 5 GHz Radio 5.9 Step 9. Create VAP0 on the 2.4 GHz Radio 5.10 Step 10. Create VAP1 on the 2.4 GHz Radio 5.11 Step 11. Check the VAP Table 5.12 Step 12. Reboot the Device 5.13 Step 13. Verify Connection

Introduction

WILI SKIN concept is a unique GUI (graphical user interface) approach for WILI-S wireless networking software platform based devices. WILI-SKIN mechanism allows WILI-S platform users have visually and functionally different web user interfaces for a better and easier control of the device. Main function of the new WILI AP skin is to allow configuration of multiple SSIDs with different security settings and mapping them to different VLANs. Extended feature list could be found later in this document and is targeted at enterprise level access point users, was professionally designed for building secure, manageable and reliable wireless local area networks (WLANs).

The example shows the most likely use for the access point, as it shares an Internet connection with two wireless client. Wireless clients are connected to the WILI AP, using the different authentication methods (WPA with pre-shared key using AES encryption, and WPA with RADIUS authentication using AES encryption).

The second figure shows an indoor wireless VLAN deployment scenario. Four wireless VLANs are provisioned across the campus to provide wireless LAN access to the wireless clients (segmented into RND1, RND2, Office and Guest). The RND1 and RND2 VLAN segments are configured to use WPA security with RADIUS authentication, Office segment is configured to use WPA2 with pre-shared key security, while Guest segment has an open connection without any of security and authentication.

WILI AP Access

The WILI AP requests an IP address via DHCP by default. If no response is received from the DHCP server then the access point uses the default address 192.168.2.66. If your network has a DHCP server, the IP address will be automatically assigned to the AP from DHCP server IP address range. Use WILIBOX Java utility WILI Discovery (integrated in the WILI Scout utility) to locate the access point on the network and view its IP address. After the IP address of the WILI AP was determinated enter that IP address into a web browser on a computer on the same subnet to login into the WILI AP web management.

Default administrator logon settings are: User Name: admin Password: admin01

After successful administrator login you will see the main page of the WILI AP device Web management interface. The WILI AP device now is ready for configuration. For instructions on changing the administrator’s password refer to the corresponding section Administrative Account.

General Skin Operation

There are three general actions to manage configuration file using the skin: Refresh status, Apply configuration changes, Save&Reboot to save new device configuration and reboot the device.

Refresh

Pages that displays statistical information or other pages that may change frequently and do not have any configurable items may have a Refresh button. Use this button when need to refresh page information.

For example the information on Wireless Statistics page changes frequently, so refreshing the page often may be beneficial.

Apply

Configuration pages contain a page-wide Apply button at the top of the screen that applies all changes made on a single page to a temporary configuration cache. In previous skin versions, it may have been necessary to click a Change button in multiple sections on the page. This is no longer necessary.

The Apply button does not save the configuration permanently, only temporary. Once the Apply button is clicked, the SAVE&REBOOT should be used to save the configuration to the device.

Multiple consecutive pages can be edited by using the Apply button before clicking the SAVE&REBOOT button.

Save & Reboot

After the Apply button is used on any page, the new button SAVE&REBOOT appears near the LOGOUT button on the main menu area. The SAVE&REBOOT button saves all temporary changes made by clicking Apply button to the actual device configuration file and reboots the device.

WILI AP Skin Structure

The main Web management menu is displayed after successfully login into the system (see the figure below). From this menu all essential configuration pages are accessed.

By default the Status | System Information menu is activated and the main WILI AP system information is displayed. The active menu is displayed in a different color.

The WILI AP web management menu has the following structure:

Status

System Information – displays general information of the WILI device.

Interfaces – displays main network statistics of the WILI device.

Wireless – displays statistics of the wireless interfaces of the WILI device.

Routes – displays routes table of the WILI device.

ARP Table – displays ARP table of the WILI device.

Configuration

Network – basic AP network settings.

Wireless Basic – ESSID, regulatory domain, IEEE mode, channels, data rate selection, transmit power, ACK timeout, fragmentation threshold, RTS threshold of each physical AP radio.

Virtual AP – additional 16 VAP on each physical radio with wireless settings such as management VLAN, WPA/WPA2/802.1x/UAM authentication methods, broadcast SSID, throughput enhancements, Quality of service (WMM), user isolation.

Wireless ACL – access control default policy, static ACL, access control by MAC address

Services – SSH, Syslog, HTTPS services management.

Expert – direct editing and management of the configuration file.

System

Account – change administrator’s password.

License – license file upload on the WILI device.

Skins – activate and upload new skins on the WILI device.

Management – WILI AP management settings: SNMP, RCMS client, Clock/NTP.

Maintenance – upgrade with a new firmware, reboot or reset WILI device to factory defaults, download the troubleshooting file of the AP.

Tools

Site Survey – perform a site evaluation to show overview information for other wireless networks in the local geography.

Traffic Generator – measure the WILI AP throughput.

Traffic Monitor – display the connection tracking data.

In the following sections short references to all menu items are provided.

Status

Use the Status menu to check the WILI AP device current status (this is the default page when accessing the device web management interface). There are five sections of the status information:

• System Information
• Interfaces
• Wireless
• Routes
• ARP Table

System Information

System Information menu displays general devices status (device name, firmware version, hardware revision, uptime, system memory, average load), license status and short information about current skin.

Uptime – displays the time, expressed in days, hours and minutes since the system was last rebooted.

Hardware version – displays the device hardware version.

Device name – displays the device type.

Friendly name – displays the device name used by RCMS and SNMP.

Firmware version – displays current version of the firmware [<PRODUCT>.<HW>.<VERSION>.<CPU>.<RADIO>.<SKIN>.<BUILD-NO>.<BUILD-TIME>]

Average system load – displays the average load of the device processor in the period of the last 1minute, 5 minutes and 15 minutes (a larger value means a larger average load on the processor).

• <1.0 – System is idle
• =1.0 – Normal load
• >1.0 – Processor is busy.

System memory – displays total and free system memory [kB].

License status – displays a status of the current license.

Active skin – displays the name and the version of current skin

Interfaces

The Network Statistics page displays the main network configuration and receive/transmit statistics of all interfaces.

Network statistics – displays detailed receive and transmit statistics of each interface.

Network configuration – displays the main parameters of the interfaces (MAC address, IP address, Netmask and Broadcast address).

Wireless Statistics

The Wireless Statistics page displays the main statistics of wireless interfaces.

Wireless Statistics – displays detailed statistics of each wireless interface.

Wireless Configuration – displays the main information of the each WILI AP device radio interfaces state.

Stations/Access-Points – displays detailed information about the associated stations (in master mode) or information about the device associated with a particular WILI AP device (in managed mode).

Additional Station Information – displays information of the associated wireless stations to the particular wireless interface of the WILI AP device.

Routes

The Routes page displays the routing table for each interface.

ARP Table

The ARP Table page displays the table of ARP (Address Resolution Protocol) entries.

Configuration

The Configuration menu allows you to manage general parameters of the WILI AP. Configuration page contains following sub menus:

• Network - to set management mode and main network configuration for WILI AP.
• Radio Settings - to setup general wireless radio settings.
• Virtual AP - to create additional VAPs on each radio.
• Wireless ACL - to create access control rules.
• Services - to setup SSH, Syslog, HTTPS services.
• Expert - direct editing and management of the configuration file.

Network Settings

The IP configuration as described below is required for WILI AP management purposes. Use the Configuration | Network menu to setup network settings of the WILI AP device:

IP address – specify the WILI AP IP address [digit and dots]. When shipped from the factory or reset to factory settings, the AP defaults to a static IP address of 192.168.2.66.

Subnet mask – specify the access point’s subnet mask that identifies the host address bits used for routing to specific subnets [digit and dots]. When shipped from the factory or reset to factory settings, the AP defaults to a subnet mask of 255.255.255.0.

Default gateway – specify the IP address of the access point’s gateway [digit and dots]. When shipped from the factory or reset to factory settings, the AP defaults to a gateway IP address of 192.168.2.1.

DNS server 1 – specify the IP address of the primary DNS server. The DNS (Domain Name Service) maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses.

DNS server 2 – specify the IP address of the secondary DNS server.

Radio Settings

The skin automatically detects the number of radios in the device and their types, while booting.

Before changing radio settings manually verify that your settings will comply with local government regulations. At all times, it is the responsibility of the end-user to ensure that the installation complies with local radio regulations. Refer to the Regulatory Domain/Channels for information about regulatory domains.

Use the Configuration | Wireless menu to configure country code and wireless settings for each radio such as IEEE network mode, channel, data rates, transmit power, ACK timeout and etc:

Country code – choose from drop-down list the country in which you will use the WILI AP device. According to the country chosen the regulatory domain settings change. You are not allowed to select radio channels and RF output power values other the permitted values for your country and regulatory domain.

The next section of the Wireless page includes settings of each radio interface of the WILI AP device:

Enable radio – specify the status pf the particular radio interface of the WILI AP device.

IEEE mode – specify the wireless network mode. The list of IEEE modes will conform to the wireless network modes supported by the WILI AP radio.

The IEEE mode list varies depending on the selected country code in accordance with the regulatory domain.

Dynamic Turbo – choose to maximize throughput using multiple channels. Dynamic Turbo is only available on A and G IEEE modes.

Current channel – displays the channel at which the device is operating currently.

Channel – select the channel, or function ‘auto’ from the drop-down list. Multiple frequency channels are available to avoid interference between nearby access points. If you wish to operate more than one access point in overlapping coverage areas, we recommend a distance of at least four channels between the chosen channels. For example, for three Access Points in close proximity choose channels 1, 6 and 11. The auto channel function is used to find the best channel for wireless device communication (either an unused channel or if all are in use that with the lowest measured signal strength).

The available channel’s list varies depending on the selected country code and IEEE mode of the WILI AP device.

The default channel bandwidth for 802.11 radio is 20MHz in 11a mode and 22MHz in 11g mode (for the turbo modes these are the double ones). It is possible to narrow down the bandwidth twice or four times by choosing Half/Quarter rates. Although this will drop down the data transfer rates, the power density will be increased and it may help to achieve greater operation distances (see figure below).

The Half/Quarter rates are only available on A and G IEEE mode, the Dynamic Turbo option should be disabled.

Automatic data rate mode – specify the automatic data rate mode status. If this option is specified the WILI AP will use all data rates lower or equal to the value of Data rate (described below).

Data rate, Mbps – select the device data transmission rates in Mbps from the drop-down list.

Transmit power – specify the radio transmit power at which the WILI AP transmits data in dBm using slider or enter the value manually. The transmit power level that is actually used is limited to the maximum value allowed by your country's regulatory agency.

ACK timeout – specify the ACK timeout using slider or enter the value manually [integer, 20-520]. This is the amount of time the WILI AP will wait to hear a response from the wireless device. The too low value of the ACK timeout will give very low throughput. A high value may slowdown the link. A low value is far worse then a value slightly too high. ACK Timeout value should be tuned to the optimal value for the maximum system throughput.

Fragmentation – specify the Fragmentation threshold value [256-2346 bytes, or word ‘off’]. This is the maximum size for a packet before data is fragmented into multiple packets. This value should remain at its default setting of 2346. Setting the Fragmentation threshold too low may result in poor network performance. Only minor modifications of this value are recommended.

RTS – specify the RTS threshold value [0-2347bytes, or word ‘off’]. The RTS threshold determines the packet size of a transmission and, through the use of an access point, helps control traffic flow. The default value is 2347 (2347 means that RTS is disabled).

The remaining wireless settings for each physical radio can be configured under Virtual AP menu.

VAP (Virtual AP) Settings

Use the Configuration | Virtual AP page to configure advanced wireless settings for the main device radios and to create up to 7 additional Virtual AP interfaces.

The Virtual AP defines a logical wireless network, and the WILI-S can be configured to provide additional 7 wireless networks on each device radio. Each VAP can be configured with different SSID, SSID broadcasting, security settings, layer 2 isolation, VLAN, throughput enhancement, client isolation, quality of service, while other settings are inherited from the main radio on which the VAP was created. All the VAPs may be active at the same time meaning that client devices can associate to the access point using any of the VAP SSID.

The Virtual AP table displays a summary of all wireless interfaces (physical and virtual) running on the device. Physical interfaces are shown in bold, with virtual interfaces shown as sub-items under the physical interfaces:

Edit – click to edit Virtual AP or radio settings.

Delete – click to delete appropriate Virtual AP. Only the virtual wireless interfaces (VAP) be deleted.

Add VAP – click to create Virtual AP on the chosen physical radio.

To create a new Virtual AP, choose the radio interface on which the VAP will be created and click the Add VAP button:

VAP interface – displays the interface name of the created VAP.' SSID – specify the unique name for the wireless network [string].

Broadcast SSID – when selected the WILI AP SSID is visible during network scans on a wireless station. When unselected, the WILI AP SSID is not visible and not broadcasted to wireless stations.

WDS mode – select to enable WDS (Wireless Distribution System) for connected clients.

Enable VLAN – enable VLAN tagging on the virtual AP or physical radio. This setting requires VLAN ID, and optional VLAN IP address and VLAN subnet mask values.

VLAN ID – assign ID for your VLAN network [2-4095]. The access points configured with the same ID will be logically grouped into this VLAN.

VLAN IP address – specify IP address of the VLAN bridge [IP address]. Each separate VLAN ID creates a different bridge. The VLANs with the same ID will be bridged together. If the IP address of the bridge will be not specified, it will be saved as 0.0.0.0.

VLAN subnet mask – specify the subnet mask of the VLAN bridge [subnet mask].

Throughput enhancements – enable the Atheros super features [Fast Frame, Packet Bursting]. Atheros Super AG® enhanced technologies offers the highest actual throughput - 1.5 to 2 times faster than standard 802.11g or 802.11a/g products in the wireless LAN.

• Fast Frames – packet aggregation and timing modifications. The fast frames is only available on A, G and auto IEEE modes.
• Packet Bursting – more data frames per given time period. The packet bursting is only available on A, G and auto IEEE modes.

Quality of service (WMM) – enable to support quality of service for prioritizing traffic from the Ethernet to the access point.

User isolation – enable the user Layer 2 isolation. The Layer 2 isolation blocks the wireless clients from communicating with each other.

Inter AP client isolation – enable the inter AP client isolation that restricts client traffic to access only gateway. In such case the client will not be able to access resources of the clients connected to other APs.

The difference between User isolation and Inter AP client isolation is displayed in the figure below: Layer 2 and Inter AP:

Each VAP and physical radio are configured by default as an “open system”, which broadcasts a beacon signal including the configured SSID. For more secure network choose one of the security mechanisms for each VAP interface.

Authentication method – choose the wireless security and the key selection method from the drop-down list.

• Open system – do not choose any of wireless security on the particular WILI AP radio interface.
• WPA-PSK-auto – choose the WPA security with pre-shared key, encrypted in both TKIP and AES methods.
• WPA-PSK-TKIP – choose the WPA security with pre-shared key, encrypted by the TKIP (Temporal Key Integrity Protocol) algorithm.
• WPA-PSK-AES – choose the WPA security with pre-shared key, encrypted by the AES algorithm.
• WPA2-PSK-TKIP – choose the WPA2 security with pre-shared key, encrypted by the TKIP (Temporal Key Integrity Protocol) algorithm.
• WPA2-PSK-AES – choose the WPA2 security with pre-shared key, encrypted by the AES in Counter mode with CBC-MAC algorithm.
• WPA2-PSK-auto – choose the WPA2 security with pre-shared key, encrypted in both TKIP and AES methods.
• WPA-802.1x-auto – choose the WPA security encrypted in both TKIP and AES methods with 802.1x authentication (RADIUS infrastructure required).
• WPA-802.1x-TKIP – choose the WPA security encrypted in TKIP mode with 802.1x authentication (RADIUS infrastructure required).
• WPA-802.1x-AES – choose the WPA security encrypted in AES mode with 802.1x authentication (RADIUS infrastructure required).
• WPA2-802.1x-auto – choose the WPA2 security encrypted in both TKIP and AES methods with 802.1x authentication (requires configured RADIUS server).
• WPA2-802.1x-TKIP – choose the WPA2 security encrypted in TKIP mode with 802.1x authentication (requires configured RADIUS server).
• WPA2-802.1x-AES – choose the WPA2 security encrypted in AES mode with 802.1x authentication (requires configured RADIUS server).
• UAM – choose the UAM (Universal Authentication Method) authentication (requires configured RADIUS server and Portal URL).

Wireless clients must be able to process the WPA or WPA2 information element and respond with a specific security configuration.

The correspondent settings (passphrase entry field or RADIUS servers’ settings) appears according the selected authentication method.

Configuration of the wireless security with pre-shared key:

Passphrase – specify the WPA or WPA2 passphrase [8-63 characters]. The passphrase will be converted to pre-shared key format, selected above.

Configuration of the wireless security with the RADIUS authentication:

IP address – specify the IP address of the authentication/accounting RADIUS server.

Port – specify the network port used to communicate with the RADIUS authentication/accounting server [1-65535]. Default: 1812 for authentication, 1813 for accounting servers.

Timeout – specify the authentication/accounting request timeout in seconds [1-999]. Default: 2. If RADIUS response is not received during timeout period, request is retransmitted.

Retries – specify the number of times authentication/accounting request is retransmitted [0-99]. Default: 2.

Secret – specify the shared secret of the authentication/accounting server [string]. The shared secret is used to encrypt data packets transmitted between RADIUS server and client.

Shared secrets must be the same on the RADIUS servers and the RADIUS client.

Strip WISP – select this option if you want to remove the WISP domain prefix from the username before sending it to the RADIUS server. Default action is to send the username as is.

Some RADIUS servers can be configured to require the full-unmodified user name to be sent..

UAM (Universal Authentication Method)is a simple Web browser based user authentication method. Using this method any attempt to access the Internet using HTTP(S) is intercepted by device and client’s Web browser is redirected to the defined Portal URL on the WAS. After direct communication is established between the client and the WAS and the user has entered his/her credentials, the WAS instructs the device to authenticate the user. At this stage, the Device secret is used to establish the secure connection between the WAS and the device. The device sends a RADIUS access request to the appropriate server, receives the response and informs the WAS about authentication status. The WAS then informs the client of the authentication result and if authenticated, the client is granted access to the Internet.

Device Secret – specify secret phrase that can be set one per device.

Portal URL – specify UAM portal URL.

Wireless ACL

Use the Wireless ACL service to control default access to the WILI-AP wireless network interfaces or to define special access rules for mobile clients. By default the ACL service is disabled on the wireless interface:

To configure the access rules for mobile clients on the chosen interface specify the following settings:

Interface – choose the interface name on which the access rule is creating.

Default access policy – select the default ACL policy on the interface [allow/deny]. Select allow to permit all wireless clients to access this AP through the chosen interface or deny to prevent all wireless clients from associating to your access point.

Except for – specify the MAC addresses that will be exceptions for the default access policy. There are two ways to add MAC addresses to Access Control Lists:

• Enter MAC addresses individually
• Upload text file containing MAC addresses

When entering a MAC address individually, the following options are available:

MAC address – specify a single MAC address to add to current list [Hex format, eg. 00:11:22:33:44:55].

Optional friendly name – specify a friendly name to MAC address. This can help to distinguish MAC addresses if the Access Control List becomes large.

When uploading a text file with multiple MAC addresses, the following options are available:

Upload File – specify and upload a file (comma-separated or newline separated) that will be added to the existing list of ACL MAC addresses.

Services

Use Services menu for SSH, Syslog and HTTPS services management.

SSH

Use the Configuration | Services menu to setup the SSH service. By default the SSH server is enabled on the 22 port:

Enable SSH – specify the SSH service status.

Port – specify the port for incoming SSH connections [0-65535]. Default: 22.

With this service disabled, you would not be able to connect to the WILI AP using the SSH service (e.g. to access the CLI interface).

Syslog

Use the Configuration | Services menu to configure device to save log messages to the local or remote file using standard syslog facility:

Message level – specify the message level you need to trace. The level determines the importance of the message and the volume of messages generated by the WILI AP. The levels are in order of increasing importance [emergency, alert, critical, error, warning, notice, information, debug]. Default: info.

The WILI AP can be configured to send system log messages to a remote server:

Forward enabled – choose to disable/enable remote log.

Host IP address – specify the remote host IP address where syslog messages will be sent [IP address].

Host port – specify the port to which syslog messages will be forwarded [0-65535]. Default: 514.

Forward message level – specify the message level that will be send to the remote syslog server. The level determines the importance of the message and the volume of messages generated by the WILI AP. The levels are in order of increasing importance [emergency/alert/critical/error/warning/notice/information/debug]. Default: info.

Forward backup enabled – choose to disable/enable remote log backup.

Forward host IP address – specify the backup host IP address where syslog messages will be send to [IP address].

Forward host port – specify the port to which syslog messages will be forwarded [0-65535]. Default: 514.

HTTP Settings

Using the Configuration | Services menu the management of the WILI AP using the HTTP service can be forbidden:

Enable management through HTTP – specify the status of the WILI AP management through HTTP.

Expert Settings

The Expert Settings are for the advanced users only as after the modification of the configuration file the WILI device may get inaccessible or stop operating.

The modification of the configuration file should be used only in one of the configuration modes either in Skin or in Expert. By default the Skin configuration is enabled:

Configuration editing mode – choose the configuration file editing mode:

Skin mode – the configuration changes are made using Skin GUI. The possibility to modify configuration file manually and upload custom or backup configuration file is disabled.

Expert mode – the configuration file changes are made manually or custom/backup file can be uploaded. The possibility to modify configuration file using the Skin GUI is disabled.

The configuration file modification in Expert mode has no relation with the Skin configuration. In this case, if you want to configure device using the Skin, after the configuration file was modified in Expert mode, the Skin will not recognize the configuration file and will rewrite some sections that Skin has influence on. Therefore after the configuration in Expert mode, when administrator logs in web management, the Skin rewrites configuration file with Skin configuration sections and offers to Apply changes which overwrite configuration file modified in Expert mode.

Use Configuration | Expert menu for configuration file download/upload and for edit the device configuration file manually. Editing the configuration file directly can be useful if you need configuration options that are too advanced to be included into the web configuration, or for fine tuning after the web configuration has been used to apply general settings.

Upload new configuration file – use Browse… to specify the system configuration file you want to upload and click the Upload button. The system configuration will be uploaded on the system, but do not take affect until the device is rebooted.

Download running configuration file – click to download current device configuration file to your local PC. When needed, that device configuration file could be uploaded to device to have identical configuration that had on configuration download date.

The Edit Configuration section is for editing the configuration file manually. The configuration file entry field is active and ready for editing.

Refer to the respective document WILI-S Configuration Reference Manual for detailed information about the syntax of the configuration file.

Save – click to save a modified configuration file to the device flash memory. Modified WILI device system configuration will become active after device reboot. The system information massage appears with direction to reboot the device. Use the Save&Reboot button to apply device configuration changes and reboot the device.

Incorrect configuration file modifications (keys and values) may cause the WILI AP to stop working. In this case try to upload a known good configuration file or perform a reset to factory defaults (please refer to the respective section Maintenance).

Reset – use this button to cancel recent changes of the configuration file text. This button is functional before using Save button.

Read active – load the last saved configuration file from device flash memory.

Read backup – load the next-to-last saved configuration file from device flash memory.

Adjust edit area height – select a desired height of the edit area.

System

• Account – change administrator’s password.
• License – license file upload on the WILI device.
• Skins – activate and upload new skins on the WILI device.
• Management – WILI AP management settings: SNMP, RCMS client, Clock/NTP.
• Maintenance – upgrade with a new firmware, reboot or reset WILI device to factory defaults, download the troubleshooting file of the AP.

Administrative Account

We recommend to change the default administrator password as soon as possible.

The Administrative Account menu is for changing the existing administrators’ password.

Username – displays the username of the current connected administrator. This parameter is not changeable.

Old password – enter the old administrator password.

New password – enter the new administrator password for user authentication.

Verify password – re-enter the new password to verify its accuracy.

The only way to gain access to the web management if you forget the administrator password is to reset the WILI-AP to factory default settings.

Default administrator login settings are: User Name: admin Password: admin01

License

When the device is installed and ready for use, the valid license file should be uploaded on the device to activate a full set of the device features. The license status is displayed on the device System Information page:

License status – displays the license validity status:

• valid – this license status means that devise has full functionality of the purchased WILI-S firmware release. With a valid license, you can get all service releases of the purchased FW version for free.
• not valid – this license status provides only a very limited functionality.

The license will be still valid after resetting the device to defaults.

If the device has an invalid license uploaded, only very limited set of the device functionality is enabled:

• It runs only with a default configuration. Only a single BSSID is allowed; DHCP client runs on WAN interface, DHCP servers run on LAN and Wireless interfaces.

• It is impossible to change the configuration. All features are locked down until a valid license is presented. Any changes made in configuration will be stored in the flash memory of the device. Thus only a default setting will be used after the reboot.

To manage the license file, use the System | License menu:

License status – displays the validity status of current license.

Download current license file – click to download current device license file to your local PC.

License File Upload – click for the license file upload on the device.

To upload a new valid license file on the device use the Upload button under the Upload New License section:

Browse… – click to specify the license file you want to upload on the device.

Upload – click to upload the chosen license file on the device.

Be sure for certain you are uploading a valid license file.

After the new license file is uploaded, the device must be rebooted for changes to take effect. For instructions how to reboot the device, refer to the section Reboot on the Maintenance page.

In case the fault license file has been uploaded, the device becomes inactive after reboot and the default configuration will be uploaded with the dynamic IP address given by the local DHCP server.

Skins

The are two types of skins: build-in and custom. The build-in skins comes with a WILI device firmware and are undeletable so even after the device reset to factory defaults the build-in skins will remain. The custom skins are fully manageable - they can be uploaded and deleted from the system by the administrator.

Use the System | Skin page for skin upload, download or activation.

Skin name – displays the name of the particular skin.

Active – marks which skin is activated on the system.

Type – specifies the type of particular skin:

• build-in – skins that are built in device firmware and cannot be removed. The built-in skins will remain even after device reset to factory defaults.

• custom – skins developed under customers' needs and uploaded to the device manually.

Activate – load and activate selected skin on the system. After the selected skin will be activated, the new web interface appearance will be displayed.

Take a note that after activation of a new skin, the configuration file and parameter values will be reverted to the default values of the activated skin (including the IP address of the device and administrator's credentials).

It is recommended to refresh your browser (Ctrl+F5) after the successful activation of a skin.

Delete – remove the selected skins from the system. The build-in skins are not removable, only custom skins can be deleted.

Download – download the selected skin to your local PC.

Use the Upload New Skin section to upload custom skins on the WILI device system:

Browse… – click the button to select the new skin archive from a folder on the PC.

Upload – upload the new skin on the system. Successfully uploaded skin archive will appear on the Skin table under Device Skins section.

Management

Use Management menu for SNMP, RCMS client and Clock/NTP setup

RCMS Settings

Remote Configuration Management System (RCMS) is a centralized monitoring and management system for wireless network equipment based on the WILI operating system. The communication between managed devices and the RCMS server is always initiated by an RCMS client service running on every WILI AP device.

Use the System | Management | RCMS menu to configure the RCMS client on the WILI AP device:

Enable RCMS – select to enable RCMS agent settings.

RCMS server URL – specify the URL of the RCMS server that heartbeat notifications will be sent to.

Heartbeat interval – specify the interval, in seconds, between subsequent heartbeat notifications [number]. Default: 30.

Heartbeat timeout – specify the maximum number of seconds to wait for a response from the RCMS server before considering the connection as having timed out [number]. Default: 60.

Statistics update interval – specify the number of seconds in which the statistics will be send to the RCMS server [number]. Default: 300.

Statistics items – used for statistics configuration that will be sent to RCMS server:

Name – specify the name of the statistic.

SNMP OID – specify the local SNMP OID to gather the information from [SNMP OID]. This is used to setup the device to gather a certain statistics of the WILI AP device and send it to the RCMS server.

Add – click to add a new item of the device statistics.

Delete – click to delete selected statistic items.

Friendly Name

Use the Friendly Name section on System | Management menu to give a name used to identify the WILI AP device. This friendly name is used by SNMP and RCMS. If there is no device name specified, the device will use the SNMP name instead. If no SNMP name is specified, “no-name” will be displayed as friendly name.

Name – specify the friendly name for the WILI AP device [string ]

SNMP Settings

SNMP is the standard protocol that is widely used for network management over the Internet. With the SNMP service enabled, the WILI AP can act as SNMP agent. To communicate with SNMP manager you must configure SNMP communities and identifiers on both ends (manager and agent).

Use the System | Management | SNMP menu to enable/disable the SNMP service or change the current SNMP configuration on the WILI AP.

Enable SNMP – specify the SNMP service status on the WILI AP.

Name – displays an assigned friendly name for the WILI device [string]. This parameter is configurable under Friendly Name section.

System location – specify the physical location of the WILI AP [string].

System contact – specify the textual identification of the contact person for the WILI AP together with information on how to contact this person [string].

Read only community (v1/v2) – specify the read-only community name for SNMP version 1 and version 2c [string]. The read-only community allows a manager to read values, but denies any attempt to change values.

Read only user (v3) – specify the user name for read-only SNMP version 3 access [string]. The read-only community allows a manager to read values, but denies any attempt to change values.

Read only user password (v3) – specify the password for read-only SNMPv3 access [string].

Change – click to save the changes. After the changes are saved the WILI AP device must be rebooted for a new device configuration to take effect.

Clock/NTP

Use this section to manage the system time and date on the WILI AP automatically, using the Network Time Protocol (NTP), or manually, by setting the time and date on the access point.

The NTP (Network Time Protocol) client synchronizes the clock of the WILI AP device with a selected time server. Choose the configuration mode as NTP and specify the following settings:

Configuration – choose the system clock configuration mode [NTP/Manual].

Timezone – select the timezone. Time zone should be specified as a difference between local time and GMT time.

WILI-S uses timezone conversions according the ISO committee's decision to create time expressions using offsets from UTC rather than to UTC (i.e., having opposite sign). For example, if GMT time is 10:11, but correct local time is 12:11, then timezone has to be set to -2.00 hour.

Save last known time – select to recall the timestamp that was saved on last reboot. When the NTP is enable, this option will set system clock to last reboot time if no NTP servers are available.

Add – click to add NTP server

Delete – click to remove selected NTP servers from the device system.

Server IP – specify the trusted NTP server IP or hostname for synchronizing time with [IP address]

To adjust the clock settings manually, choose the configuration mode as Manual and specify the following settings:

Configuration – choose the system clock configuration mode [NTP/Manual].

Timezone – select the timezone. Time zone should be specified as a difference between local time and GMT time.

WILI-S uses timezone conversions according the ISO committee's decision to create time expressions using offsets from UTC rather than to UTC (i.e., having opposite sign). For example, if GMT time is 10:11, but correct local time is 12:11, then timezone has to be set to -2.00 hour.

Save last known time – select to recall the timestamp that was saved on last reboot.

Date – specify the new date value in format YYYY.MM.DD.

Time – specify the time in format hh:mm.

If device hardware has no internal clock, the configured manual time will be reset to the specified date and time after each device reboot.

Maintenance

Use the Maintenance menu to upgrade system firmware, reboot the device, download troubleshooting file or set the device to factory default values.

To update your device firmware use the Firmware upgrade section under the Maintenance menu, select the firmware file and click the Upload button:

Current Firmware Version – displays version of the current firmware.

Browse… – click the button to select the new image from a folder on the PC.

Upload – upload the new firmware.

When updating FW image from 3.5x to 5.xx, a new license key should be uploaded on WILI AP first. Otherwise the device will be inactive after reboot and the default configuration will be uploaded with the dynamic IP address given by the local DHCP server. For information on how to upload a license file please refer to the appropriate section License.

The WILI AP device system firmware upgrade is compatible with all configuration settings. When the device is upgraded with a newer version or the same version builds, all the system’s configuration will be preserved after the upgrade.

The new firmware image is uploaded to the controller’s temporary memory. It is necessary to save the firmware into the WILI AP permanent memory. Click the Upgrade button:

Upgrade – upgrade device with the uploaded image and reboot the system.

Do not switch off and do not disconnect the device from the power supply during the firmware update process as the device could be damaged.

Use the Reboot section to reboot the device:

Reboot – reboot device with the last saved configuration.

After clicking the Reboot button, the confirmation message appears:

Reboot – click to finish the device reboot process.

Cancel – do not reboot the device.

Use the Factory Defaults menu to reset device parameters into factory defaults:

Reset – click to reset the device to factory default values.

After clicking the Reset button, the confirmation message appears:

Reset – click to reset the device to factory default values.

Cancel – click to cancel reset process.

Resetting the device is an irreversible process. Current configuration and the administrator password will be set back to the factory default. Nevertheless the device license will be still valid after resetting the device to defaults.

WILI skin has an ability to generate a troubleshooting file that contains a valuable information about device configuration, routes, log files, command outputs and etc. Using the troubleshooting file the device itself gathers information instead of you. This is helpful for submitting problems to WILIBOX support team.

Download – click to download the troubleshooting file to your local PC.

Tools

Use the Tools menu to use the following WILI device applications:

• Site Survey – to view the list of wireless networks in local graphical area.
• Traffic Generator – to measure the WILI AP throughput.
• Traffic Monitor - to view the connection tracking data.

Site Survey

The Site Survey test shows overview information for wireless networks in a local geographic area.

Using this test, an administrator can scan for working access points, check their operating channels, WEP encryption and see signal/noise levels. An administrator can use this feature to identify a clear channel to set the WILI-S based device to that will not receive interference from adjacent APs.

Note that Site Survey function can take several minutes to perform.

A Site Survey test is performed every time on the startup of the device, therefore the results of the last performed Site Survey test and its time can be found on the page. Thus, to obtain the results, the initiation of the scan is not necessary.

To perform the Site Survey test currently, click the Scan

Choose wireless interface – choose the interface on which the Site Survey test will be performed form the drop-down list.

The Site Survey function is impossible if the selected wireless interface is disabled.

Scan – click to perform the Site Survey test.

Traffic Generator

This test generates TCP/UDP traffic and measures throughput from client to server with current established point-to-point link conditions.

The throughput test requires two endpoints: server on remote point-to-point link host and the client.

Operating mode – specify the operating mode of particular throughput test [server/client].

Throughput test Client endpoint supports the following settings:

Protocol – specify the network protocol of the throughput test [TCP/UDP].

Host – specify the IP address of the device which acts as throughput test server [IP address]. T

Duplex traffic – specify to perform throughput test with simultaneous data transmission in both directions.

Start – click to start the throughput test.

Stop – click to stop the throughput test.

Show Results – click to view the results of the throughput test.

Results – displays table of the throughput results.

Do not forget to stop Server’s side after the throughput test is finished, as the test may influence on the WILI AP device performance.

Traffic Monitor

Use this tool for connection tracking, based on the IPtables 'conntrack' module. The traffic monitor table displays only those IP Conntrack table entries that are in [ASSURED] state.

To view traffic monitor data, the IP Conntrack module must be loaded using shell command:

   # modprobe ip_conntrack

Once loaded the IP Conntrack module will remain until device reboot. Do not forget to disable IP Conntrack module, as it may influence on the WILI-O device performance. To disable this module use command on shell:

  # rmmod ip_conntrack

To enable IP Conntrack module once for all, setup WILI device configuration file using the Configuration menu with the following System Modules configuration keys:

  modules.status=enabled
  modules.1.status=enabled
  modules.1.name=ip_conntrack
  modules.1.arguments=hashsize=8192

Refer to the respective document WILI-S Configuration Reference Manual for detailed information about the syntax of the configuration file.

Use the Refresh button to view the connection tracker’s file data:

The filter options will allow you to specify any of protocol, source IP or port ,and destination IP or port. There is an ability to filter data using multiple keywords by entering them separated by space, e.g. “tcp 200”. Enter these keywords, use Search button and table will be refreshed according the filter results:

Do not forget to disable IP Conntrack module, as it may influence on the WILI device performance.

Logout

Click LOGOUT link on the top right corner of the main menu to leave the Web management interface:

Logout – click to leave the WILI-AP Web management.

When the LOGOUT button is clicked, the administrator is redirected to the login page.

WILI AP Configuration Sample

This chapter provides an example how to setup dual radio WILI AP to provide access to 2.4GHz and 5GHz wireless clients. The configuration procedure includes IP configuration, VAP configuration mapped to different VLANs and basic authentication for wireless clients. Figure illustrates how four different (2.4 GHz and 5 GHz) wireless clients can access a internet through different VLANs with different authentication.

When 2.4 GHz and 5 GHz wireless clients tries to associate through WILI AP Office resources (VAP SSID = Office), they are linked to the VLAN 270 and successfully authenticated by the RADIUS server.

The following settings should be configured on the WILI AP to setup such configuration:

1. Login to the WILI AP
2. Change the administrator’s password
3. Setup WILI AP network settings
4. Select Countrycode
5. Setup ath0 (5GHz) Radio
6. Setup ath1 (2.4 GHz) Radio
7. Create VAP0 on the 5GHz Radio
8. Create VAP1 on the 5GHz Radio
9. Create VAP0 on the 2.4GHz Radio
10. Create VAP1 on the 2.4GHz Radio
11. Check the VAP table
12. Reboot WILI AP
13. Verify connection

Step 1. Login to the WILI AP

First you need to access the WILI AP web management interface. The WILI AP can be managed by any computer using a web browser (e.g. Internet Explorer 7.0 or above). If your network has a DHCP server, an IP address is automatically assigned to the WILI AP. It takes between one and two minutes for the AP to determine if there is a DHCP server on the network. Use WILIBOX Java utility WILI Discovery to locate the access point on the network and view its IP address. If your network does not have a DHCP server, the Access Point uses a factory assigned IP address(192.168.2.66). You can use that IP address to configure the Access Point, or you can assign a new IP address to the Access Point. After the IP address of the WILI AP was determinated enter that IP address into a web browser on a computer on the same subnet to login into the WILI AP web management using the login credentials admin/admin01:

Step 2. Change administrator’s login credentials

The administrator’s login credentials should be changed as soon as possible for the security reasons. Use the System | Account menu to change login credentials:

Step 3. Setup IP Settings

Use Configuration | Network menu to specify new IP settings of the WILI AP, proper to your network:

Step 4. Country Code Selection

Use the Configuration | Wireless menu to set the Country Code in which the WILI AP will be exploitable. The full channel range of the 2.4 GHz and 5GHz ISM band is not allowed to be used in all countries. Depending on your selection of Country Code, the available channels list will vary.

Before changing radio settings manually verify that your settings will comply with local government regulations. At all times, it is the responsibility of the end-user to ensure that the installation complies with local radio regulations. Refer to the Regulatory Domain/Channels for information about regulatory domains.

Step 5. Setup ath0 5 GHz Radio (IEEE mode A)

Use the Configuration | Wireless menu to setup 5GHz device radio to provide wireless access for clients equipped with 5GHz wireless radio. On this page available to change only essential radio settings, the rest settings for each virtual AP will be modified on the VAP page.

Be sure that Enable radio check-box is selected before trying to setup radio settings. Check the essential parameters: IEEE mode, channel, data rate.

Step 6. Setup ath1 2.4 GHz Radio (IEEE mode G)

Use the same page Configuration | Wireless to setup 2.4 GHz device radio to provide wireless access for clients equipped with 2.4GHz wireless radio. On this page available to change only essential radio settings, the rest settings for each virtual AP will be modified on the VAP page.

Be sure that Enable radio check-box is selected before trying to setup radio settings. Check the essential parameters: IEEE mode, channel, data rate.

Step 7. Create VAP0 on the ath0 5 GHz Radio

Create the VAP on the ath0 radio for the Office resource users, mapped into the VLAN 270 with the 802.1x authentication method:

Check the essential parameters: SSID, broadcast SSID, VLAN settings, check any desired throughput enhancements, user isolation and select the authentication method with the appropriate parameters (RADIUS server).

Step 8. Create VAP1 on the 5 GHz Radio

Create the second VAP on the ath0 radio for the Guests, mapped into the VLAN 10 without security:

Check the essential parameters: SSID, broadcast SSID, VLAN settings, check any desired throughput enhancements, user isolation, the authentication leave as open system.

Step 9. Create VAP0 on the 2.4 GHz Radio

Create the VAP on the ath1 radio for the Office resource users, mapped into the VLAN 270 with the 802.1x authentication method:

Check the essential parameters: SSID, broadcast SSID, VLAN settings (as there is VLAN with the ID 270 already created, the system chooses automatically the rest VLAN settings which correspond to the already created ones), check any desired throughput enhancements, user isolation and select the authentication method with the appropriate parameters (RADIUS server).

Step 10. Create VAP1 on the 2.4 GHz Radio

Create the second VAP on the ath1 radio for the Guests, mapped into the VLAN 10 without security:

Check the essential parameters: SSID, broadcast SSID, VLAN settings (as there is VLAN with the ID 10 already created, the system chooses automatically the rest VLAN settings which correspond to the already created ones), check any desired throughput enhancements, user isolation, the authentication leave as open system.

Step 11. Check the VAP Table

Navigate to the Configuration | Virtual AP page and check the created VAP table:

Step 12. Reboot the Device

When all settings are configured, use Save&Reboot button to finalize configuration:

Step 13. Verify Connection

Configure your client computer to connect to the SSID Guest which is mapped to VLAN 10.

Use your administrator’s computer to navigate to Statistics | Wireless menu to check the Stations/Access-Points and Additional Station Information, you should see data about your client computer’s connection:

For testing connection from your client computer you'll need to have a preconfigured gateway on VLAN 10. If VLAN 10 has a DHCP server running, check that your client gets a DHCP address, and try to ping default gateway IP address. For windows users go to Start -> Run, enter cmd command, and type: ping <your_gateway's_ip_address>, for example, if your gateway IP address is 192.168.2.1, you should see replies from the gateway: