User Guide: AWC plug-in version 3.10.0 for VST-VRT

Create AP Profile

Quick Tour > Configure Channel Blanket (AWC-CB) > Create AP Profile

AP Profile for TQ6702 GEN2
Let's create an AP profile for the cellular wireless network.
When you configure a channel blanket, the AP profile defines the overall configuration of the APs while the CB profile configures a specific channel blanket. To manage APs for channel blanket, you always have to apply an AP profile to the APs.
If there is conflicting configuration between AP and CB Profiles, the items defined in the CB Profile take precedence over the AP Profile. When a configuration item is included only in the AP Profile, the configurations are applied as is.
We are going to use a single AP profile for all APs because a multi-channel network will cover both 1F and 2F as you can see in the following table (see cells filled with red).
Table 1: Planned Wireless Networks
  Radio TQ6702G2-xF-1 TQ6702G2-xF-2 TQ6702G2-xF-3 Overview
2F Radio 2 ForStaff-PC ForStaff-PC ForStaff-PC Multi-channel VAP for employees' PCs
Radio 1 ForStaff-Mobile AWC-CB VAP for employees' mobile devices
1F Radio 2 ForStaff-PC ForStaff-PC ForStaff-PC Multi-channel VAP for employees' PCs
Radio 1 ForStaff-Mobile AWC-CB VAP for employees' mobile devices
ForGuest AWC-CB VAP for guests

AP Profile for TQ6702 GEN2

Let's create an AP Profile for all TQ6702 GEN2 APs.
  1. Select "Wireless Configuration" > "AP Profile" from the AWC Plug-in menu.
    The AP Profile list screen will appear.

  2. Click "Create" at the top right of the screen.
    The "Select Country, AP Series and Profile Type" dialog box will appear.

  3. Select a Country.
    If the default country code for the currently logged in user is configured, it is selected by default.
  4. Select "TQ Series" from "Series".
  5. Select "Profile Type".
    There are several options for this item, depending on the supported feature set of the AP model.
    Select "Dual[11ax] GEN2", which is suitable for TQ6702 GEN2.

  6. Click "OK".
    The AP profile configuration screen will appear.

  7. Configure general parameters in the "Profile Configuration" section.
    • Enter "TQ6702 GEN2" in "AP Profile Name".
    • The "Profile Type", "Country" and "Series" fields show the options selected in the earlier "Select Country, AP Series and Profile Type" dialog box.
    • Select the Management Groups that you want this AP Profile to belong to.
      An AP Profile can be used in multiple Management Groups by selecting those groups in this dialog box.
      Here we check the "1-2F Group" which we created earlier.
      Note that you cannot uncheck the "Default Wireless Group".

  8. You can specify the AP's system settings in the "Basic Configuration" section.
    If the Profile Type is "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]", by configuring the User Settings in the AP Profile, you can set a username and password to the APs in a batch.
    But even when the APs are under the AWC Plug-in's control, each AP's web interface is still accessible.
    Now we are going to change the administrator account (username and password) of the AP's web interface in order to prevent someone from accessing the APs.
    Note
    You can also change the administrator account of an AP before adding it to the AWC Plug-in.
    Note
    If you configure the usernames and passwords in both the AP Profile and the AP-specific configuration on the same AP, the username and password in the AP-specific configuration will take effect.
    Note
    If you specify a username and password for the AP's guest-class on a parent AMF device, ensure that the AP's login username and password are the same as the ones configured for the guest-class.
    If you want to manage an AP which was detected as a guest device under the AWC Plug-in, specify the same username and password that is configured for the AP's guest-class and AP's web interface.
    If you want to use a different username and password for each AP, create a separate guest-class for each AP on the parent AMF devices.
    In the "Basic Configuration" section, set "User Settings" to "Enable". Enter a new username and password (twice).
    The allowed characters vary depending on the AP model.
    • Username
      1 to 12 characters in length, with letters and digits. Must begin with a letter.
    • Password
      Should be 0 to 32 characters in length, with alphabets (case-sensitive), numbers and symbols (! # % ( ) + , - . / ; = ? @ [ \ ] ^ _ ` { | } ~ may be used).
    If you check "Disable" on the "AP's User Settings" you can restrict username and password setting in the AP-specific configuration, but leave it unchecked to allow the per-AP account control this time.
  9. In the "Timezone" section, select a timezone to apply to the APs.
    Here, we set the time display to JST (Japan Standard Time). Select "(UTC+09:00) Asia/Tokyo" from the drop-down list.
    You can also narrow down the choices displayed in the drop-down list by entering a part of the above timezone character string in the search field above the drop-down list, such as "tokyo" in this case.
  10. The "NTP Client" field is used to enable/disable the NTP client on the APs.
    To use the AWC (Autonomous Wave Control) feature, which we will describe later, you have to enable the NTP client.
    Here we enable the NTP client.
    When you enable the NTP client, an additional "NTP Server IP Address/Hostname" field will appear. Enter the IP address of the switch (192.168.1.1) that is configured as an NTP server.
  11. The "Syslog Client" field lets you enable or disable the syslog client feature on the APs.
    If you want the APs to send log messages to the syslog server, enable this item.
    Here we set the syslog client to disabled.
  12. You can enable or disable the SNMP agent on the APs in the "SNMP Agent" section.
    If you want to monitor and configure the APs with SNMP manager, enable this item.
    Here we enable the SNMP Agent because we are going to monitor the APs with the SNMP Plug-in.
    When you enable the SNMP Agent, the following fields will appear. Here we enter the following data:
    Table 2: TQ6702 GEN2 SNMP Agent Configuration
    Item Name Value Description
    Version v1/v2c Select the SNMP version(s) to use.
    Read Only Community Name public Enter the read-only SNMP community name, 0 to 32 alphabets, digits, and symbols (space ! # $ % ( ) * + , - . / : ; = ? @ [ ] ^ _ ` { | } ~ may be used).
    Port Number 161 Enter the UDP port that the SNMP agent listens on.
    Restrict the source of SNMP requests Disable Enable this to accept SNMP requests only from specific source addresses.
    Only allow from the designated hosts or subnets - Enter the IP address or hostname (FQDN) of the SNMP manager.
    This is only displayed when "Restrict the source of SNMP requests" is enabled.
    Community name for traps public Enter the SNMP trap community name, 1 to 256 alphabets, digits, and symbols (space ! # $ % ( ) * + , - . / : ; = ? @ [ ] ^ _ ` { | } ~ may be used).
    Trap types Cold Start
    Link Up/Down
    Authentication     		Select the SNMP Trap types to generate.
    Trap Host IP Address/Hostname 192.168.1.249 Specify IP addresses or hostnames (FQDNs) to which SNMP traps will be sent.
    A maximum of 3 trap hosts can be configured.

  13. Clicking "+ Detail" will show "NTP Synchronization Interval" below "NTP Client", and "MAC Address List", "LED", and "Virtual IP Address for Captive Portal" at the bottom.
    • Leave "NTP Synchronization Interval" at the default value of 10 (unit: minutes).
    • "MAC Address List" lets you specify MAC address lists (blacklist or whitelist) used by MAC Access Control features with a MAC Address List on the APs.
      An AP can use only a single MAC address list but the MAC Address List feature can be enabled or disabled per VAP (SSID).
      Here we haven't created a MAC address list. Leave "MAC Address List" empty in order to accept all wireless clients that have a valid SSID and key.
    • The "LED" field lets you select the operational mode of the AP's LEDs.
      Here we choose "Turn On" for "LED".
    • "Virtual IP Address for Captive Portal" is a security feature that hides the management IP address from attackers by displaying a temporary IP address as the IP address of the web server that provides Captive Portal.
      Here, leave "Virtual IP Address for Captive Portal" disabled as we do not use Captive Portal.

  14. "LAN Configuration" lets you configure ethernet links on the AP.
    The TQ6702 GEN2 has two LAN ports and can use a wider uplink with link aggregation (LAG), provided that both ends of the LAG (a parent switch and the AP) are correctly configured.
    Table 3: TQ6702 GEN2 LAN Configuration
    Item Name Value Description
    LAN 2 Port Disable Specifies TQ6702 GEN2 and TQm6702 GEN2's LAN1/PoE and LAN2 ports behavior, such as link aggregation or cascading.

    • Static LAG:
      Enables link aggregation. A static LAG should also be configured on the switch ports to which the AP connects.

    • Cascade:
      Enables cascading function, the LAN2 port will work as a cascade port.

    • Disable:
      Neither link aggregation nor cascading function will be enabled. The LAN2 port is also disabled. The AP can only use the LAN1/PoE port.
    In this example, we will not be using link aggregation or cascading features. Please make sure that Disable is selected.

  15. You can specify configuration parameters for radio waves in the "Radio Configuration" section.
    Depending on the selected "Profile Type", configure "Radio 1 (2.4GHz)" and "Radio 2 (5GHz W52/W53/W56)" appropriately. You can switch the radio by clicking the "Radio 1" and "Radio 2" buttons at the top of the screen.
    This section is used for CB VAPs too.
    Here we configure it as follows because we are going to operate CB VAPs for guests' and employees' mobile devices on Radio 1 and a multi-channel VAP for employees' PCs on Radio 2.
    • Disable "Emergency Mode" on Radio 1 because it cannot be used with channel blanket.
      Radio 2 can use emergency mode because it is used for multi-channel VAP. You can create emergency VAP on Radio 2 if needed.
    • We are going to use Radio 1 for two blanket wireless networks, one for guests' and the other for employees' mobile devices.
    • Disable "Airtime Fairness" because it cannot be used with channel blanket.
    • Leave the "RTS Threshold" default value of 2347 because changing the value is not supported with channel blanket.
    • Disable "Band Steering" because it cannot be used with channel blanket.
    When "Wireless Client Isolation" in "Wireless Configuration" is set "Enabled", it will take effect all over VAPs on the same radio.
    While it may be more convenient for employees' computers to be able to find each other, share files with each other, etc., care should be taken to ensure that visitors' computers are not visible to each other.
    Since the "Wireless Client Isolation" can be enabled in the individual VAP of the CB profile, the "Wireless Client Isolation" for the entire radio defined here is set to "disabled.
    Note
    When using AT-TQ6602 GEN2/6702 GEN2, "Wireless Client Isolation" can be set enabled for each VAP. "Wireless Client Isolation" for each VAP is not supported in other models. If you use other models and set up a configuration where employee and visitor VAPs coexist, please consider and appropriately set up the wireless clients of other visitors and employees so that the visitor's wireless client cannot see the other visitors' or employees' wireless clients.
    Note
    When applying the same CB profile to wireless APs configured with different AP profiles, the following radio settings for each AP profile must be the same settings for the radio band where the channel blanket is to be created.
    • Mode
    • Bandwidth
    • Maximum Wireless Clients
    • Fixed Tx Rate
    • Neighbor AP Detection
    Table 4: TQ6702 GEN2 Radio Configuration
    Item Name Value Description
    Radio 1 Radio 2
    Radio Transmission Enable Enable Specify whether to transmit and receive radio waves in the selected frequency band.
    Mode b/g/n/ax a/n/ac/ax Specify the wireless modes (protocols) to use.
    Bandwidth 20MHz 20MHz Specify the bandwidth to use. IEEE 802.11ax, IEEE 802.11ac and IEEE 802.11n can aggregate two or four adjacent channels to make a large 40MHz or 80MHz channel.
    Use Conditions Always Always Select "Always" to always use the wireless feature. Select "Only Emergency Mode" to use the radio band only in emergency mode.
    Refer to Enable Emergency Mode for more details.
    Wireless Client Isolation Disable Disable Specify whether to block communications between wireless clients connected to the same radio.
    Select "Disable" in Radio Configuration section to configure different settings for individual VAPs.
    Airtime Fairness Disable Disable Specify whether to give each client an equal amount of airtime regardless of its speed.
    Auto Channel Selection All All Specify the channels to use. All channels are selected by default.
    Maximum Wireless Clients 200 200 Specify the maximum number of clients that can connect to the APs.
    Multicast Tx Rate 11Mbps 6Mbps Specify a selection method for IEEE 802.3 multicast/broadcast rate.
    Legacy Rate Sets All rates except 1/2Mbps All rates except 1/2Mbps Specify valid rates to use when IEEE 802.11b/g or IEEE 802.11a is being used.
    RTS Threshold 2347 (Disable) 2347 (Disable) To transmit RTS packets in IEEE 802.11b/g/a mode, select Enable and specify the minimum size of Tx packets. Specifying "2347" disables RTS transmission.
    Band Steering Disable Disable Specify whether to use the Band Steering feature, which encourages clients supporting both 2.4GHz and 5GHz to prefer 5GHz in order to reduce congestion in 2.4GHz.
    Note
    Band Steering cannot be used with channel blanket.
    Wi-Fi Multimedia
    (WMM)     		Enable Enable Specify whether to use Wi-Fi Multimedia (WMM).
    When enabled, WMM information is included in the AP beacon. This shortens the frame transmission interval for video/audio streaming and VoIP traffic and therefore keeps communication quality high.
    APSD Disable Disable Specify whether to use APSD (Automatic Power Save Delivery).
    Enabling APSD can lower power consumption of mobile devices (VoIP) and therefore increase the battery life. The mobile device should also support APSD (U-APSD).
    Neighbor AP Detection Disable Disable Specify whether to detect rogue APs in the radio band.
    When enabled, APs detect the radio waves of wireless APs managed/unmanaged by the AWC Plug-in that use the same wireless band nearby, and reflects them in AWC calculations.
    If you disable this, these functions may not work properly.
    MU-MIMO Disable Disable Select whether to Enable or Disable MU-MIMO (Multi-user MIMO).
    MU-MIMO allows multiple wireless clients to communicate simultaneously (upwards and downwards), thus increasing the communication speed.
    OFDMA Disable Disable Select whether to Enable or Disable OFDMA (Orthogonal Frequency Division Multiple Access).
    OFDMA allows multiple wireless clients to communicate simultaneously by dividing the channel into multiple RUs (resource units).
    Note
    This item is displayed when a mode other than "a" or "b/g" is selected for the Radio Configuration.

    ◼ Radio 1


    ◼ Radio 2

  16. Configure VAPs in the "VAP (Multiple SSID) Configuration" section.
    In this example, we use multi-channel network on Radio 2 only. Therefore, we are not going to use regular VAPs on Radio 1.
    As for employees' computers, it may be more convenient to be able to find each other, share files with each other, etc., that, leave "Wireless Client Isolation" as "Disable".
    Although WPA Enterprise is not used in this example, please note that pre-authentication and dynamic VLAN cannot be used with channel blanket.
    Table 5: TQ6702 GEN2 VAP (Multiple SSID) Configuration
    Item Name Radio 2 VAP 1 Description
    VAP Status Enable Specify one of "Enable", "Disable" and "Emergency". The VAP Status of VAP1 is always "Enable" when "Use Condition" in the "Radio Configuration" section is set to "Always".
    VLAN ID 100 Specify a VLAN ID used for communication between the VAP and associated clients.
    Note
    Specify a VLAN ID that is different from the AP's management VLAN. When the AP is detected as a guest device, a parent AMF device is configured to collect the guest device information automatically ("dynamic discovery"), and wireless clients get their IP addresses via DHCP.
    SSID ForStaff-PC Specify an SSID (network name) to use on the VAP.
    Broadcast SSID Enable Specify whether to broadcast the SSID on the VAP.
    Security WPA Personal Specify a security method for the VAP.
    Security Key (WPA-PSK) 5+@f/=0N1y Specify an encryption key for the VAP.
    WPA Versions WPA2 Specify a WPA version to use on the VAP.
    Encryption Protocol CCMP Specify an encryption protocol to use on the VAP.
    Management Frame Protection Disable Specify whether to protect management frames.
    Broadcast Key Refresh Rate 0 Specify an interval at which to refresh the broadcast key that is sent to clients on the VAP. Specifying "0" stops the key from refreshing.
    Captive Portal Disable Specify whether to use the Captive Portal feature on the VAP.
    MAC Access Control Disable Specify whether to use MAC Access Control on the VAP.
    Fast Roaming Disable Specify whether to use Fast Roaming of wireless clients.
    Wireless Client Isolation Disable Specify whether to block communication between wireless clients connected to the same VAP.
    Inactivity Timer 300 Specify the delay before disconnecting a client that disappears without notifying the APs.
    Duplicate AUTH received Ignore Select how to process connection requests from clients that have maintained a connection.
    Association Advertisement Enable Specify whether to use Association Advertisement.
    DTIM Period 1 Specify how frequently to insert a DTIM (Delivery Traffic Indication Map) in the AP's beacons (every 1 to 255 beacons).
    Proxy ARP Disable Specify whether to use Proxy ARP.

    Because VAP1 cannot be disabled on an AP profile, if you apply this AP profile to APs as usual, the default SSID "Default-1" will be activated without any security.
    When applying the AP Profile and CB Profile, if there are conflicting configuration items between the Profiles, the configuration of the CB Profile takes precedence over the AP Profile. If only the AP Profile contains configuration items, the configuration is applied as is.
    Therefore, VAP1's configuration will be overriden by a CB Profile that we are going to create next.
    Note
    In this quick tour, we will apply the AP Profile to APs after creating channel blankets. This is because applying the AP Profile before the CB Profile can enable multi-channel (conventional) VAPs on the AP Profile, which are not intended for use. If you want to apply the AP Profile before CB Profile, we recommend that you configure dummy VAPs for radios intended only for channel blanket networks.
  17. Click "Add" at the top right of the screen.
    Now you can see the newly created AP Profile "TQ6702 GEN2".

(C) 2023 Allied Telesis, Inc. All rights reserved.

CC613-04143-00 Rev A

04 Jul 2023 13:01