Networks

General settings relating to the broadcast WLAN networks (SSIDs) are configured under Wireless LAN > > WLAN networks > Network. Add a line to the table for each WLAN network. By default, the table is empty.





Network name
Choose a meaningful name for the WLAN network here. This internal identifier is used to reference the interface configuration from other parts of the configuration.
Important: This is not the name of the SSID and is not displayed by the clients. This is configured in the next step.
SSID name
Here you configure the name of the SSID to be broadcast. This name is displayed on the wireless clients when searching for WLAN networks.
Key (PSK)
Configure the pre-shared key (PSK) used for the WLAN network here. If you select Show, you can use Generate password to create a random password. Use the arrow next to it to set the strength, length and various other settings for the characters used for the generated pre-shared key.
Note: This entry only applies if an encryption profile using WPA(2)-PSK is selected. If 802.1X is used, the entry has no effect and the field can be left blank.
Radios
Configure here the WLAN frequencies that the SSID is to be broadcast on.
2.4 GHz + 5 GHz
The SSID is broadcast on the frequencies 2.4 GHz and 5 GHz.
2.4 GHz
The SSID is only broadcast on the 2.4-GHz frequency.
5 GHz
The SSID is only broadcast on the 5-GHz frequency.
none
The SSID will not be broadcast. This can be used as a general on/off switch for the SSID.
Encryption profile
Here you select an encryption profile that defines the authentication and encryption method used for the SSID. By default, the following encryption profiles are available for selection:
P-NONE
No encryption, the SSID is open.
P-PSK
The authentication method used is WPA2 with pre-shared key (PSK), also known as WPA2-Personal. A key must be configured for the WLAN network.
P-PSK-WPA2-3
The authentication method used is WPA2 and/or WPA3 with pre-shared key (PSK), also known as WPA-Personal. A key must be configured for the WLAN network.
P-PSK-WPA3
The authentication method used is WPA3 with pre-shared key (PSK), also known as WPA3-Personal. A key must be configured for the WLAN network.
Idle timeout
This is the time in seconds during which the access point cannot receive any further packets after a client is disconnected. The timeout is reset by any data traffic from the client.
TX bandwidth limit
Here you set a WLAN bandwidth limit that applies to the entire WLAN network. All of the logged in clients can only receive data with the transmission rate configured here. The value "0" means that no limitation is active. The transmission direction is considered relative to the access point, so "Tx" means the transmission rate from the access point to the client. This setting affects the download rate at the client.
RX bandwidth limit
Here you set a WLAN bandwidth limit that applies to the entire WLAN network. All of the logged in clients can only send data with the transmission rate configured here. The value "0" means that no limitation is active. The transmission direction is considered relative to the access point, so "Rx" means the transmission rate from the client to the access point. This setting affects the upload rate at the client.
VLAN-ID
This VLAN ID is used to tag the data packets arriving from the WLAN and heading for the LAN. Similarly, packets with this VLAN ID arriving from the LAN are directed to the WLAN and are de-tagged.
Note: This operating mode corresponds to what is normally known as the "Access" tagging mode, since it is assumed that wireless clients usually transmit data untagged. Tagging mode cannot be adjusted.
Direct traffic between stations
Depending on the application, it may be required that the WLAN clients connected to an access point can—or expressly cannot—communicate with other clients. Here you configure whether communication between the WLAN clients on the WLAN network should be allowed.
Suppress SSID broadcast
Here you configure whether this SSID is displayed to clients searching for a network. If the SSID broadcast is suppressed, the access point will not respond to probe requests with an empty SSID. In this case, establishing a connection requires the SSID to be explicitly entered into and configured on the client.
Maximum count of clients
This number determines the number of clients that can log on to the WLAN network simultaneously before further requesting clients are rejected. The value "0" means that there is no limit, so unlimited number of clients can be logged in at the same time (up to a possible hardware-related limit).
Minimal client signal strength
Here you configure the minimum signal strength in percent that a client must "show" at the access point in order for it to be able to connect to the WLAN. The value "0" means that there is no minimum signal strength requirement and clients are always allowed to connect.
Exclude from client management
This SSID may be exempted from the band steering.
Timeframe
Enter the name of a Timeframe here. This is used to schedule when this SSID is switched on or off.
Block Multicast
This can be used to block multicasts sent or received by WLAN clients. A distinction can be made between IPv4 and IPv6.
Note: ICMPv6 packets are not blocked in order for IPv6 address referencing to continue to work.
Important: The LW-500 does not support this feature.
Client Tx bandwidth limit
Here you limit the bandwidth used by WLAN clients in the send direction.
Client Rx bandwidth limit
Here you limit the bandwidth used by WLAN clients in the receive direction.
Multicast-to-Unicast
For each WLAN network, you individually configure whether and how multicasts are converted into unicasts.
No
No conversion
Convert to unicast
Multicasts are converted to unicasts (layer-2 unicast on the WLAN layer with a unicast MAC address as destination). This corresponds to the behavior in the LCOS.
Encapsulate in Unicast Aggregate
Multicasts are encapsulated in unicast aggregates (A-MSDU with unicast MAC address as destination and containing a single layer-2 multicast). This variant should be used where target applications check the destination MAC address. However, note that aggregates are not supported by 802.11a/b/g clients.
Important: In order for this feature to work, it is necessary to enable IGMP snooping on the device and to configure it correctly. The device uses IGMP snooping to determine which client should receive which multicast stream. This ensures that the appropriate target clients or addresses are available for the multicast conversion.
ARP handling
Clients in the wireless network that are on standby do not reliably answer the ARP requests from other network stations. If "ARP handling" is activated, the access point takes over this task and answers the ARP requests on behalf of stations that are on standby. In large networks, this means more efficient use is made of the medium time because ARP queries and responses no longer have to be sent to the WLAN client, but are instead answered by the access point. The LCOS LX access point identifies the IP address / MAC address assignment from the DHCP messages that are exchanged between the WLAN client and the DHCP server. If the assignment is known, ARP requests are answered by the access point and no longer forwarded to the client.
Note: If the IP address/MAC address assignment could not be determined, ARP requests are still routed to the WLAN with the operating mode set to "On".
Important: If the IP address/MAC address assignment could not be determined, ARP requests are not routed to the WLAN with the operating mode set to "Strict". This means, for example, that no connection can be initiated from the LAN to WLAN clients with fixed IP addresses (no DHCP). In this case, this feature should not be employed.
Off
ARP handling disabled. ARP requests are always routed to the WLAN.
On
ARP handling enabled. ARP requests are only forwarded to the WLAN if the IP address/MAC address assignment could not be determined.
Strict
ARP handling enabled. ARP requests are not routed to the WLAN.

www.lancom-systems.com

LANCOM Systems GmbH | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E-Mail info@lancom.de

LANCOM Logo