General settings relating to the broadcast WLAN networks (SSIDs) are configured under . Add a line to the table for each WLAN network. By default, the table is empty.
- Network-Name
-
Choose a meaningful name for the WLAN network here. This internal identifier is used to reference the interface configuration from other parts of the configuration.
Important: This is not the name of the SSID and is not displayed by the clients. This is configured in the next step.
- SSID-Name
- Here you configure the name of the SSID to be broadcast. This name is displayed on the wireless clients when searching for WLAN networks.
- Key (PSK)
-
Configure the pre-shared key (PSK) used for the WLAN network here. If you select Show, you can use Generate password to create a random password. Use the arrow next to it to set the strength, length and various other settings for the characters used for the generated pre-shared key.
Note: This entry only applies if an encryption profile using WPA(2)-PSK or WEP is selected (please note, that WEP is insecure and is only supported to ensure downward compatibility. However, LANCOM Systems GmbH explicitly recommends using WPA2 or WPA3). If 802.1X is used, the entry has no effect and the field can be left blank.Note: The following restrictions must be considered when using the encryption method WEP:
- WEP-40-Bits / WEP-40-Bits-802.1X – Any 5 characters from the allowed set of characters OR 10 HEX characters
- WEP-104-Bits / WEP-104-Bits-802.1X – Any 13 characters from the allowed set of characters OR 26 HEX characters
- WEP-128-Bits / WEP-128-Bits-802.1X – Any 16 characters from the allowed set of characters OR 32 HEX characters
- Radios
-
Configure here the WLAN frequencies that the SSID is to be broadcast on.
- 2.4 GHz
- The SSID is only broadcast on the 2.4 GHz frequency.
- 5 GHz
- The SSID is only broadcast on the 5 GHz frequency.
- 6 GHz
- The SSID is only broadcast on the 6 GHz frequency.
- "Combinations"
- The SSID is only broadcast on the specified frequency.
- none
- The SSID will not be broadcast. This can be used as a general on/off switch for the SSID.
- Encryption-Profile
-
Here you select an encryption profile that defines the authentication and encryption method used for the SSID.
By default, the following encryption profiles are available for selection:
- P-NONE
- No encryption, the SSID is open.
- P-PSK-WPA2
- The authentication method used is WPA2 with pre-shared key (PSK), also known as WPA2-Personal. A key must be configured for the WLAN network.
- P-PSK-WPA2-3
- The authentication method used is WPA2 and/or WPA3 with pre-shared key (PSK), also known as WPA-Personal. A key must be configured for the WLAN network.
- P-PSK-WPA3
- The authentication method used is WPA3 with pre-shared key (PSK), also known as WPA3-Personal. A key must be configured for the WLAN network.
- Idle-Timeout
- This is the time in seconds during which the access point cannot receive any further packets after a client is disconnected. The timeout is reset by any data traffic from the client.
- TX bandwidth limit
- Here you set a WLAN bandwidth limit that applies to the entire WLAN network. All of the logged in clients can only receive data with the transmission rate configured here. The value "0" means that no limitation is active. The transmission direction is considered relative to the access point, so "Tx" means the transmission rate from the access point to the client. This setting affects the download rate at the client.
- RX bandwidth limit
- Here you set a WLAN bandwidth limit that applies to the entire WLAN network. All of the logged in clients can only send data with the transmission rate configured here. The value "0" means that no limitation is active. The transmission direction is considered relative to the access point, so "Rx" means the transmission rate from the client to the access point. This setting affects the upload rate at the client.
- VLAN-ID
-
This VLAN ID is used to tag the data packets arriving from the WLAN and heading for the LAN. Similarly, packets with this VLAN ID arriving from the LAN are directed to the WLAN and are de-tagged.
Note: This operating mode corresponds to what is normally known as the "Access" tagging mode, since it is assumed that wireless clients usually transmit data untagged. Tagging mode cannot be adjusted.
- Inter-Station-Traffic
- Depending on the application, it may be required that the WLAN clients connected to an access point can—or expressly cannot—communicate with other clients. Here you configure whether communication between the WLAN clients on the WLAN network should be allowed.
- Client Isolation
- Client isolation can be switched on here for each SSID. See also Client Isolation.
- Suppress SSID broadcast
- Here you configure whether this SSID is displayed to clients searching for a network. If the SSID broadcast is suppressed, the access point will not respond to probe requests with an empty SSID. In this case, establishing a connection requires the SSID to be explicitly entered into and configured on the client.
- Maximum client count
- This number determines the number of clients that can log on to the WLAN network simultaneously before further requesting clients are rejected. The value "0" means that there is no limit, so unlimited number of clients can be logged in at the same time (up to a possible hardware-related limit).
- Minimal client signal strength
- Here you configure the minimum signal strength in percent that a client must "show" at the access point in order for it to be able to connect to the WLAN. The value "0" means that there is no minimum signal strength requirement and clients are always allowed to connect.
- Exclude From Client Management
- This SSID may be exempted from the band steering.
- Timeframe
- Enter the name of a Timeframe here. This is used to schedule when this SSID is switched on or off.
- Block-Multicast
-
This can be used to block multicasts sent or received by WLAN clients. A distinction can be made between IPv4 and IPv6.
Note: ICMPv6 packets are not blocked in order for IPv6 address referencing to continue to work.Important: The LW-500 does not support this feature.
- Client Tx bandwidth limit
- Here you limit the bandwidth used by WLAN clients in the send direction.
- Client Rx bandwidth limit
- Here you limit the bandwidth used by WLAN clients in the receive direction.
- Multicast-to-Unicast
- For each WLAN network, you individually configure whether and how multicasts are converted into unicasts.
- No
- No conversion
- Convert to unicast
- Multicasts are converted to unicasts (layer-2 unicast on the WLAN layer with a unicast MAC address as destination). This corresponds to the behavior in the LCOS.
- Encapsulate in Unicast Aggregate
- Multicasts are encapsulated in unicast aggregates (A-MSDU with unicast MAC address as destination and containing a single layer-2 multicast). This variant should be used where target applications check the destination MAC address. However, note that aggregates are not supported by 802.11a/b/g clients.
Important: In order for this feature to work, it is necessary to enable IGMP snooping on the device and to configure it correctly. The device uses IGMP snooping to determine which client should receive which multicast stream. This ensures that the appropriate target clients or addresses are available for the multicast conversion. - Bridge
- Used internally in WLC mode or when operating Layer-3 Ethernet tunnel with L2TPv3, the L2TP interface must be entered here.
- WLC-Continuation-Time
- This value is written by a WLAN controller, if operating.
- ARP-Handling
- Clients in the wireless network that are on standby do not reliably answer the ARP requests from other network stations. If "ARP handling" is activated, the access point takes over this task and answers the ARP requests on behalf of stations that are on standby. In large networks, this means more efficient use is made of the medium time because ARP queries and responses no longer have to be sent to the WLAN client, but are instead answered by the access point.
The LCOS LX access point
determines the assignment between IP address and MAC address from the DHCP
messages that are either exchanged between WLAN client and DHCP server or
ARP requests of the connected WLAN clients are evaluated or ARP requests
from the connected WLAN clients, so-called gratuitous ARP requests or ARP
replies are evaluated. If the assignment is known, ARP requests are answered
by the access point and no longer forwarded to the client.
Note: If the IP address/MAC address assignment could not be determined, ARP requests are still routed to the WLAN with the operating mode set to "On".Important: If the IP address/MAC address assignment could not be determined, ARP requests are not routed to the WLAN with the operating mode set to "Strict". This means, for example, that no connection can be initiated from the LAN to WLAN clients with fixed IP addresses (no DHCP). In this case, this feature should not be employed.
- Off
- ARP handling disabled. ARP requests are always routed to the WLAN.
- On
- ARP handling enabled. If the access point could not determine a mapping between IP address and MAC address, ARP requests are forwarded to the WLAN.
- Strict
- ARP handling enabled. If the access point could not determine a mapping between IP address and MAC address, ARP requests are not forwarded to the WLAN.
- WDS-Link
- Here you choose to broadcast specific SSIDs over WDS links. Also see Links.
Note: If you wish to implement the repeater mode, this configuration must also be duplicated on the remote access point that is connected via WDS.
- U-APSD
-
Automatic Power Save Delivery (APSD) is an extension of the IEEE 802.11e standard. APSD is offered in two
variants:
- Unscheduled APSD (U-APSD)
- Scheduled APSD (S-APSD)
- RRM
- The IEEE 802.11k standard describes a way to inform WLAN clients about potential roaming destinations, i.e., other access points of the same SSID within range (Radio Resource Measurement). This information to the client is provided by the "Neighbor Report" defined in the standard. Activate this option here.
