The following settings are made in LANconfig in .
- WLAN network enabled
- This switch enables or disables the corresponding logical WLAN.
- Network name (SSID)
- Specify a unique SSID (the network name) for each of the required logical wireless LANs. Only clients configured with the same SSID can associate with this wireless network.
- Suppress SSID broadcast
- You can operate your wireless LAN either in public or private mode. A wireless LAN in public mode can be contacted by any
mobile station in the area. Your wireless LAN is put into private mode by activating the Tightened
option. In this operation mode, mobile stations that do not know the network name (SSID) are excluded from taking part in the
wireless LAN.
With the "Tightened" mode enabled, WLAN clients that use an empty SSID or the SSID "ANY" are prevented from
associating with your network.
The option Suppress SSID broadcast provides the following settings:
- No
- The AP publishes the SSID of the cell. When a client sends a probe request with an empty or incorrect SSID, the AP responds with the SSID of the radio cell (public WLAN).
- Yes
- The AP does not publish the SSID of the cell. When a client sends a probe request with an empty SSID, the AP similarly responds with an empty SSID.
- Tightened
- The AP does not publish the SSID of the cell. When a client sends a probe request with a blank or incorrect SSID, the AP does not respond.
Important: Simply suppressing the SSID broadcast does not provide adequate protection: When legitimate WLAN clients associate with the AP, this transmits the SSID in cleartext so that it is briefly visible to all clients in the WLAN network. - MAC filter enabled
-
The MAC addresses of the clients that are allowed to associate with an AP are stored in the MAC filter list (). The MAC filter enabled switch allows you to switch off the use of the MAC filter list
for individual logical networks.
Important: Use of the MAC filter list is required for logical networks in which the clients register via LEPS-MAC with an individual passphrase. The passphrase used by LEPS-MAC is also entered into the MAC filter list. The AP always consults the MAC filter list for registrations with an individual passphrase, even if this option is deactivated here.
- Maximum count of clients
- Here you set the maximum number of clients that may associate with this AP. Additional clients wanting to associate will be rejected by the AP.
- Minimum client signal strength
- This value sets the threshold value in percent for the minimum signal strength for clients when logging on. If the client's signal strength is below this value, the AP stops sending probe responses and discards the client's requests. A client with poor signal strength will not detect the AP and cannot associate with it. This ensures that the client has an optimized list of available APs, as those offering only a weak connection at the client's current position are not listed.
- Client disassociation signal strength
-
If values drop below this threshold, the client is disassociated. This prevents the client from sticking with a WLAN connection
that is actually unusable because of the poor signal rather than switching to a better cell phone connection—behavior that is
all too common for mobile phones and can be very annoying for the user.
Important: This threshold only works if the value Minimum client signal strength is also set and the Client disassociation signal strength is less than this value.
- Client bridge support
- Enable this option for an AP if you have enabled the client-bridge support for a client station in WLAN client mode.
Note: The client-bridge mode only operates between two LANCOM devices.
- TX bandwidth limit
- With this setting, you define the overall bandwidth that is available for transmission within this SSID (limit in kbps). A value of 0 disables the limit.
- RX bandwidth limit
- With this setting, you define the overall bandwidth that is available in the reception direction within this SSID (limit in kbps). A value of 0 disables the limit.
- Client TX bandwidth limit
- Here, you set the transmit-direction bandwidth limit (in kbps) available to each wireless client on this SSID. A value of 0 disables the limit.
- Client RX bandwidth limit
- Here, you set the receive-direction bandwidth limit (in kbps) available to each wireless client on this SSID. A value of 0 disables the limit.
- Timeframe
- Select one of the time frames defined in Timeframe. This can be used to restrict the broadcast of this SSID to the times defined there. This can be used, for example to activate a WLAN in a school only during class times.
- RADIUS accounting activated
- Enable this option to switch on RADIUS accounting for this SSID.
- RADIUS accounting server
- If you operate RADIUS for the central administration of accounts and access credentials in your wireless network, then the access point forwards requests for the authorization and accounting to the RADIUS server by default. If you are using a WLAN controller for access point management, then the controller can forward RADIUS requests from all of these access points to the RADIUS server. In some cases, the operator of access points or WLAN controllers may wish to use a different RADIUS server for each logical wireless network (SSID). This may be the case, for example, when multiple customers share the same technical WLAN infrastructure but use their own authentication systems (e.g. with Wireless as a Service – WaaS). In these cases, you have the option to choose a separate RADIUS profile for each logical WLAN (i.e. each SSID). The RADIUS profile contains all of the necessary information to use the appropriate RADIUS server, including the optional backup solution. Here you specify a RADIUS accounting server for the respective SSID. The servers that can be selected here are specified in the table under .
- Accounting-Start-Condition
-
Normally, the WLAN stack sends a RADIUS "accounting start" message as soon as the WLAN client is connected. Often the
WLAN client has no IP address at this time, most likely because one has not yet been issued by the DHCP server. Consequently the
Framed-IP-Address attribute in the RADIUS accounting message may lack meaningful content.
- Connected
- Accounting starts when the WLAN client takes on the status "Connected". This is the default setting.
- Valid IP address
- Accounting starts when the WLAN client receives a valid IP address (IPv4 or IPv6).
- Valid IPv4 address
- Accounting starts when the WLAN client receives a valid IPv4 address.
- Valid IPv6 address
- Accounting starts when the WLAN client receives a valid IPv6 address.
Important: APIPA addresses (169.254.1.0 – 169.254.254.255 and fe80:) are not recognized as valid IP addresses. - RADIUS CoA activated
- RADIUS CoA (Change of Authorization) provides the capability to modify current WLAN sessions. A modification is initiated when the CoA client sends a CoA message to the NAS. This message contains the identifying characteristics for the session to be modified, the attributes to be modified, and their new values. Another option is to disconnect the current session. This is done with a disconnect message (DM) sent to the NAS, whereupon the NAS terminates the connection. For more information about the configuration of RADIUS CoA see the section Configuring dynamic authorization with LANconfig.
- Enable LBS tracking
- This option specifies whether the LBS server is permitted to track the client information.
Note: This option configures the tracking of all clients in an SSID. In the Public Spot module you determine whether the LBS server is allowed to track the users who are logged on to the Public Spot.
- LBS tracking list
- With this entry, you set the list name for the LBS tracking. When a client successfully associates with this SSID, the AP transfers the specified list name, the MAC address of the client, and its own MAC address to the LBS server.
- Direct traffic between stations
- Check this option if all stations logged on to this SSID may communicate with one another.
- (U)APSD / WMM power save activated
- Enable this option to signal stations that the power saving function (U)APSD ([Unscheduled] Automatic Power Save Delivery) is supported. (U)APSD is established in the 802.11e standard, and helps VoWLAN devices to increase their battery life. The related devices switch to power saving mode after login on a (U)APSD-capable AP. If the AP receives data packets for the related devices thereafter, it temporarily stores the data and waits until the VoWLAN device is available again. It then forwards the data. Afterwards, (U)APSD increases the latency time of the radio module, whereby it ultimately consumes less power. The individual rest periods may be so short that a VoWLAN device can still use the power saving function in the call state itself. However, the relevant devices must also support (U)APSD. WWM (Wi-Fi Multimedia) Power Save is a power saving function of the Wi-Fi Alliance and is based on U-APSD. Certain LANCOM APs are WMM® Power Save CERTIFIED by the Wi-Fi Alliance.
- Only transmit unicasts, suppress broadcast and multicasts
- Multicast and broadcast transmissions within a WLAN cell cause a load on the bandwidth of the cell, especially since the WLAN clients often do not know how to handle these transmissions. The AP already intercepts a large part of the multicast and broadcast transmissions in the cell with ARP spoofing. With the restriction to unicast transmissions it filters out unnecessary IPv4 broadcasts from the requests, such as Bonjour or NetBIOS. The suppression of multicast and broadcast transmissions is also a requirement from the HotSpot 2.0 specification.
