Configure AP Profiles

• Search Wireless Management Group: Groups in the list can be filtered by entering a partial name in the search box.
  The Search field lets you enter a partial string to match. The screen displays entries with that string in their name.
  To remove the filter, delete the string from the search field and press enter.
  

  Note

  The search is case-sensitive.

Note

These options will be displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]" for Profile Type.
Other APs must be configured individually through AP-specific settings.

Note

These options will be displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]" for Profile Type.
Other APs must be configured individually through AP-specific settings.

Note

These options will be displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]" for Profile Type.
Other APs must be configured individually through AP-specific settings.

Note

These options will be displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]" for Profile Type.

Note

These options will be displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]" for Profile Type.

• Dual[11ax] GEN2, Dual[11ax], Tri[11ac Wave2], Tri[11ac Wave2] With External Antenna, Dual[11ac Wave2]
  Described as a region name and a city name (e.g. "(UTC+09:00) Asia/Tokyo"). The default is "Not Set".
  
• Dual[11ac], Dual[11n], 11ac With External Antenna, Single
  Described as a country name (e.g. "(UTC+09:00) Japan"). By default, it is set to "(UTC+09:00) Japan".
  

Note

Some timezones (e.g. "(UTC+09:00) Asia/Tokyo" and "(UTC+09:00) Japan") don't support Daylight Saving Time.

• When enabled, AP clocks are synchronized to the NTP server. By using NTP, you can keep multiple systems' time as accurate as possible.
  
• When disabled, AP clocks are synchronized to the system clock of the PC (server) running Vista Manager EX and the AWC Plug-in.
  

• NTP Server IP Address / Hostname:
  Enter an IP address or a hostname (FQDN) of the NTP server to synchronize.
  (Example) ntp.your.domain.com, 12.34.56.78
  

  Note

  FQDN consists of labels (strings) and periods (.).
  Alphanumeric characters and hyphens can be used for each label. Labels can begin with a number. Labels cannot begin or end with a hyphen. Each label should be 63 or fewer characters in length.
  If the Profile Type is "Dual[11ax] GEN2", "Dual[11ax]", "Dual [11ac Wave2]", "Tri [11ac Wave2]", or "Tri [11ac Wave2] with External Antenna", you cannot enter only the label. Use an FQDN which contains at least two labels and a period.

  
  
• NTP Synchronization Interval:
  Specify a time between synchronizing the clock to the NTP server. It must be in the range of 1 to 9999 (minutes). The default is 10 minutes.
  

  Note

  This item is displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Dual[11ac]", "Dual[11n]", "11ac With External Antenna" or "Single" for Profile Type.

  Note

  When you use the AWC function, do not use an interval larger than the default of 10 minutes.

• Syslog Server IP Address / Hostname:
  Enter the IP address or hostname (FQDN) of the Syslog server to send log messages to.
  (Example) syslog.your.domain.com, 12.34.56.78
  

  Note

  FQDN consists of labels (strings) and periods (.).
  Alphanumeric characters and hyphens can be used for each label. Labels can begin with a number. Labels cannot begin or end with a hyphen. Each label should be 63 or fewer characters in length.
  If the Profile Type is "Dual[11ax] GEN2", "Dual[11ax]", "Dual [11ac Wave2]", "Tri [11ac Wave2]", or "Tri [11ac Wave2] with External Antenna", you cannot enter only the label. Use an FQDN which contains at least two labels and a period.

  
  
• Port Number:
  Specify a listening port number on the Syslog Server. The default is 514.
  
  
• Severity:
  Select the lowest log severity that will be sent to the Syslog Server. The default is "7: Debug".
  Severity is a value in the range of 0 to 7; the lower the number, the greater the importance.
  
  • 0 : Emergency: System is unusable.
    
  • 1 : Alert: Immediate action is required.
    
  • 2 : Critical: System is in a critical condition.
    
  • 3 : Error: An error has occured.
    
  • 4 : Warning: Something has occurred that requires attention.
    
  • 5 : Notice: A normal but important message.
    
  • 6 : Informational: An informational message.
    
  • 7 : Debug: Detailed information for debugging.
    

Note

This item is displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow".

• Version:
  Select the SNMP version to be used from "v1/v2c" or "v3". The default is "v1/v2c".
  

  Note

  This item is displayed if you select "Dual[11ax]", "Tri[11ac Wave2]", or "Tri[11ac Wave2] with External Antenna" for the Profile Type.

• Read Only Community Name:
  Enter the read-only SNMP community name, using 1 to 256 ASCII characters including letters, digits, and symbols (except " ' \ & < >). The default is "public".
  

  Note

  This item is only displayed if you select "Dual[11ax]", "Tri[11ac Wave2]", or "Tri[11ac Wave2] with External Antenna" for the Profile Type, and specified "v1/v2c" as the SNMP Version.

  
  
• Port Number:
  Enter the UDP port that the SNMP agent listens on. The default is 161.
  
  
• Username:
  Enter the SNMPv3 username with 1 to 12 length alphanumeric character(s).
  

  Note

  This item is only displayed if you select "Dual[11ax]", "Tri[11ac Wave2]", or "Tri[11ac Wave2] with External Antenna" for the Profile Type, and specified "v3" as the SNMP Version.

  
  
• Password:
  Enter the SNMPv3 authentication password with 8 to 32 length alphanumeric characters and symbols (except " $ : < > ' & *).
  

  Note

  This item is only displayed if you select "Dual[11ax]", "Tri[11ac Wave2]", or "Tri[11ac Wave2] with External Antenna" for the Profile Type, and specified "v3" as the SNMP Version.

  
  
• Restrict the source of SNMP requests:
  Enable this to accept SNMP requests only from specific source addresses.
  

  Note

  This item is only displayed if you select "Dual[11ax]", "Tri[11ac Wave2]", or "Tri[11ac Wave2] with External Antenna" for the Profile Type, and specified "v1/v2c" as the SNMP Version.

  
  
• Only allow from the designated hosts or subnets:
  Enter the IP address or hostname (FQDN) of the SNMP manager.
  (Example) snmpmgr.your.domain.com, 12.34.56.78
  This is only displayed when "Restrict the source of SNMP requests" is enabled.
  

  Note

  FQDN consists of labels (strings) and periods (.).
  Alphanumeric characters and hyphens can be used for each label. Labels can begin with a number. Labels cannot begin or end with a hyphen. Each label should be 63 or fewer characters in length.
  If the Profile Type is "Dual [11ac Wave2]", "Tri [11ac Wave2]", or "Tri [11ac Wave2] with External Antenna", you cannot enter only the label. Use an FQDN which contains at least two labels and a period.

  Note

  This item is only displayed if you select "Dual[11ax]", "Tri[11ac Wave2]", or "Tri[11ac Wave2] with External Antenna" for the Profile Type, and specified "v1/v2c" as the SNMP Version.

  
  
• Community name for traps:
  Specify the trap SNMP community name, using 1 to 256 ASCII characters including letters, digits and symbols (except " ' \ & < >). The default is "public".
  

  Note

  This item is only displayed if you select "Dual[11ax]", "Tri[11ac Wave2]", or "Tri[11ac Wave2] with External Antenna" for the Profile Type, and specified "v1/v2c" as the SNMP Version.

  
  
• Trap types:
  Select the SNMP Trap types to generate.
  Available messages vary depending on the selected Profile Type.
  
  • Dual[11ax], Tri[11ac Wave2], Tri[11ac Wave2] With External Antenna, Dual[11ac Wave2]
    
    • Cold Start: sent when the SNMP Agent starts.
      
    • Link Up/Down: sent when a wireless interface link up or down.
      
    • Authentication: sent when an SNMP authentication fails.
      
  • Dual[11ac], Dual[11n], 11ac With External Antenna, Single
    
    • Cold Start: sent when the SNMP Agent starts.
      
    • Link Up/Down: sent when a wireless interface link up or down.
      
    • DFS: sent when a radio wave that seems like a weather radar is detected in the currently used channel (not available for "Single").
      
    • Authentication: sent when an SNMP authentication fails.
      
    • Association: sent when a wireless client associates or disassociates.
      
    • Filtered STA: sent when a wireless client is blocked by MAC Address List.
      
    • RADIUS Authentication(Success): sent when a RADIUS authentication succeeds.
      
    • RADIUS Authentication(Fail): sent when a RADIUS authentication fails.
      
  
  
• Trap Host IP Address/Hostname:
  Specify IP addresses or hostnames (FQDNs) to which SNMP traps will be sent.
  (Example) manager.your.domain.com, 12.34.56.78
  A maximum of 3 trap hosts can be configured.
  

  Note

  FQDN consists of labels (strings) and periods (.).
  Alphanumeric characters and hyphens can be used for each label. Labels can begin with a number. Labels cannot begin or end with a hyphen. Each label should be 63 or fewer characters in length.
  If the Profile Type is "Dual [11ac Wave2]", "Tri [11ac Wave2]", or "Tri [11ac Wave2] with External Antenna", you cannot enter only the label. Use an FQDN which contains at least two labels and a period.

Note

This item is displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and the options except "Dual[11ax] GEN2" for Profile Type.

Note

This item is displayed if you select "TQ Series" for Series, or "TQ Series - SDN/OpenFlow" for Series and "Tri[11ac Wave2]" or "Tri[11ac Wave2] with External Antenna" for Profile Type.

Note

This item is displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ac]", "Dual[11n]", "11ac With External Antenna" or "Single" for Profile Type.

Note

This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac]" or "Tri[11ac] With External Antenna" for Profile Type.
This item is displayed if you select "TQ Series" and "Dual[11ac Wave2]" for Series and Profile Type respectively. However, it is not supported.

• Static LAG:
  Enables link aggregation. A static LAG should also be configured on the switch ports to which the AP connects.
  
  
• Cascade:
  Enables cascading function, the LAN2 port will work as a cascade port.
  

  Note

  This item is displayed if you select "TQ Series" for Series.

  
  
• LACP:
  Enables LACP. If LACP is enabled on the switch which the AP connects to, a trunk group will be automatically configured.
  

  Note

  This setting is displayed when "Dual[11ax] GEN2" is selected as Profile Type.

  
  
• Disable:
  Neither link aggregation nor cascading function will be enabled. The LAN2 port is also disabled. The AP can only use the LAN1/PoE port.
  

Note

If you disable all radios on an AP Profile, it is possible to apply the profile to APs of other Profile Types, this profile will not be valid. Make sure you apply an appropriate AP Profile to APs.

• TQ series
  
  • Dual[11ax] GEN2 / Dual[11ax]
    
    • Radio 1: b/g, b/g/n/ax (default)
      
    • Radio 2: a, a/n/ac/ax (default)
      

    Note

    To use IEEE 802.11n IEEE 802.11ac or IEEE 802.11ax, "Wi-Fi Multimedia (WMM)" must be enabled.

  • Tri[11ac Wave2]
    
    • Radio 1: b/g, b/g/n (default)
      
    • Radio 2: a, a/n/ac (default)
      
    • Radio 3: a, a/n/ac (default)
      

    Note

    To use IEEE 802.11n or IEEE 802.11ac, "Wi-Fi Multimedia (WMM)" must be enabled.

  • Tri[11ac Wave2] with External Antenna
    
    • Radio 1: b/g, b/g/n (default)
      
    • Radio 2: none
      
    • Radio 3: a, a/n/ac (default)
      

    Note

    To use IEEE 802.11n or IEEE 802.11ac, "Wi-Fi Multimedia (WMM)" must be enabled.

  • Dual[11ac Wave2]
    
    • Radio 1: b/g, b/g/n (default)
      
    • Radio 2: a, a/n/ac (default)
      

    Note

    To use IEEE 802.11n or IEEE 802.11ac, "Wi-Fi Multimedia (WMM)" must be enabled.

  • Dual[11ac], 11ac with External Antenna
    
    • Radio 1: b/g, b/g/n (default), n(2.4GHz)
      
    • Radio 2: a, a/n/ac (default), n/ac(5GHz)
      
  • Dual[11n]
    
    • Radio 1: b/g, b/g/n (default), n(2.4GHz)
      
    • Radio 2: a, a/n (default), n(5GHz)
      
  • Single
    
    • Radio 1: 2.4GHz: b/g, b/g/n (default), n(2.4GHz)
      
    • Radio 1: 5GHz: a, a/n (default), n(5GHz)
      

    Note

    For "Single" Profile Type, available modes vary depending on the selected "Band", 2.4GHz or 5GHz.

  
  
• TQ series (SDN/OpenFlow-capable firmware)
  
  • Tri[11ac Wave2]
    
    • Radio 1: b/g, b/g/n (default)
      
    • Radio 2: a, a/n/ac (default)
      
    • Radio 3: a, a/n/ac (default)
      

    Note

    To use IEEE 802.11n or IEEE 802.11ac, "Wi-Fi Multimedia (WMM)" must be enabled.

  • Tri[11ac Wave2] with External Antenna
    
    • Radio 1: b/g, b/g/n (default)
      
    • Radio 2: none
      
    • Radio 3: a, a/n/ac (default)
      

    Note

    To use IEEE 802.11n or IEEE 802.11ac, "Wi-Fi Multimedia (WMM)" must be enabled.

  • Dual[11ac]
    
    • Radio 1: b/g, b/g/n (default), n(2.4GHz)
      
    • Radio 2: a, a/n/ac (default), n/ac(5GHz)
      

• Select either "20MHz" or "40MHz" for IEEE 802.11n.
  
• Select either "20MHz", "40MHz", or "80MHz" for IEEE 802.11ac.
  
• In IEEE 802.11ax, the available bandwidth varies depending on the wireless band.
  
  • Radio 1: "20MHz" and "40MHz"
    
  • Radio 2: "20MHz", "40MHz", "80MHz", and "80+80MHz" (TQ6602 only)
    

Note

Emergency Mode cannot be used with channel blanket. You cannot use a channel blanket as an emergency Wi-Fi network.
Do not set this item to "Emergency mode only" for the radio used for channel blanket.

Note

This item is displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and the options except "Dual[11ax] GEN2" and "Dual[11ax]" for Profile Type.

Note

This item is displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ac]" or "11ac With External Antenna" for Profile Type.

Note

If you select "TQ Series" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type, configure per VAP in the "VAP (Multiple SSID) Configuration" section.

• TQ series
  
  
  • Dual[11ax] GEN2
    Specify a number between 0 to 500. The default is 500.
    
  • Dual[11ax]
    Specify a number between 0 to 320. The default is 200.
    
  • Dual[11ac Wave2]
    Radio 1: Specify a number between 0 to 120. The default is 120.
    Radio 2: Specify a number between 0 to 200. The default is 200.
    
    
  • Other than above
    Specify a number between 0 to 200. The default is 200.
    
  
  
• TQ Series (SDN/OpenFlow-capable firmware)
  Specify a number between 0 to 200. The default is 200.
  

• "Auto" uses the lowest selected rate in "2.4G/5G Supported Rate" in "Legacy Rate Sets".
  
  
• "Fast" selects and uses the rate from selected rate in "2.4G/5G Supported Rate" in "Legacy Rate Sets", which is nearest to the lowest rate of the clients in the same VAP. The default is "Fast".
  
  
• "Fixed" uses the "Fixed Tx Rate".
  

Note

This item is displayed if you select "TQ Series" and "Dual[11ac]", "11ac With External Antenna", "Dual[11n]" or "Single" for Profile Type. If you select "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]", Multicast Tx Rate options are not displayed, and Fixed Tx Rate is automatically set.

• Radio 1:
  54 48 36 24 18 12 11 9 6 5.5 2 1 (Mbps)
  
  
• Radio 2 and Radio 3:
  54 48 36 24 18 12 9 6 (Mbps)
  

Note

This item is displayed if you select "TQ Series" for Series, or "TQ Series - SDN/OpenFlow" for Series and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]" or "Tri[11ac Wave2] with External Antenna" for Profile Type. It is not displayed if you select "TQ Series - SDN/OpenFlow" for Series and "Dual[11ac]" for Profile Type.

• Dual[11ax], Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna, Dual[11ac Wave2]
  Select required rates that must be supported on wireless stations (client or other APs) to be allowed to connect to the APs.
  When a station does not support one or more rates in this list, the station is not allowed to connect. Check the rates to select.
  All supported rates are selected by default.
  
  • 2.4GHz:
    54 48 36 24 18 12 11 9 6 5.5 2 1 (Mbps)
    
  • 5GHz:
    54 48 36 24 18 12 9 6 (Mbps)
    
  
  
• Dual[11ac], Dual[11n], 11ac with External Antenna, Single
  
  • 2.4G/5G Supported Rate
    Select the rates to be supported. Check the rates to select.
    All supported rates are selected by default.
    
    • 2.4GHz:
      54 48 36 24 18 12 11 9 6 5.5 2 1 (Mbps)
      
    • 5GHz:
      54 48 36 24 18 12 9 6 (Mbps)
      
    
    
  • 2.4G/5G Basic Rate
    Select required 2.4G/5G Supported Rates which must be supported on wireless stations (client or other APs) to be allowed to connect to the APs.
    When a station's 2.4G/5G Supported Rate lacks one or more rates in this 2.4G/5G Basic Rate list, the station is not allowed to connect. In general, if a station's 2.4G/5G Supported Rate contains higher rates than ones in 2.4G/5G Basic Rate, the station connects at higher rate.
    Select rates from the ones selected in "Supported Rate". Check the rates to select. Most of the time it is not necessary to change this setting. Each band has the following default:
    
    • 2.4GHz:
      11 5.5 2 1 (Mbps)
      
    • 5GHz:
      24 12 6 (Mbps)
      

Note

This item is displayed if you selected "TQ Series" for Series, or "TQ Series - SDN/OpenFlow" for Series and "Tri[11ac Wave2]" or "Tri[11ac Wave2] with External Antenna" for Profile Type. It is not displayed if you select "TQ Series - SDN/OpenFlow" for Series and "Dual[11ac]" for Profile Type.

• If you select "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type, specify RTS Threshold in the range of 0 to 2347. Specifying "2347" disables RTS transmission.
  The default is 2347 (do not transmit RTS).
  
  
• If you select "Dual[11ac]", "Dual[11n]", "11ac with External Antenna" or "Single" for Profile Type, specify Enable or Disable RTS Threshold.
  
  • If you want to enable RTS transmission, select "Enable" and enter a threshold between 0 and 2347 (Bytes).
    When a packet to send is larger than the specifed size, RTS is transmitted before the packet is sent. Specifying "2347" disables RTS transmission.
    
  • Select "Disable" if you want to disable RTS transmission.
    
  The default is "Disable". Default threshold value is 2347 just after setting it to "Enable".
  

Note

If you select "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type, and "IEEE 802.11a/n/ac" for Mode, RTS packets are not sent to wireless clients connected by IEEE 802.11a. This setting is ignored.

Note

This item is displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow".

Note

If you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]" or "Tri[11ac Wave2] with External Antenna" for Profile Type, configure per VAP in the "VAP (Multiple SSID) Configuration" section.

• When enabled, the AP encourages clients supporting both 2.4GHz and 5GHz to prefer a less congested frequency in order to reduce overall congestion.
  
  
• When disabled, the AP doesn't encourage clients to use other frequencies. In that case, a client keeps using the same band with which they connect, even if the client supports both 2.4GHz and 5GHz and the other band is less crowded.
  

Note

These options will be displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]" for Profile Type.
If you select "Dual[11ac]", "Dual[11n]" or "11ac with External Antenna", Band Steering can be configured per VAP in the "VAP (Multiple SSID) Configuration" section.

Note

Band Steering cannot be used with channel blanket. Disable Band Steering on the AP Profile for APs using channel blanket.

Note

These options will be displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]" for Profile Type.

Note

To use IEEE 802.11n IEEE 802.11ac or IEEE 802.11ax, this must be enabled.

• Dual[11ax]:
  Enable
  
  
• Dual[11ax] GEN2, Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna, Dual[11ac Wave2]:
  Disable
  

Note

These options will be displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]" for Profile Type.

Note

These options will be displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]" for Profile Type.

Note

If Neighbor AP Detection is supported on the management web interface of the AP system and set to "Enable" in the AWC Plug-in management, the Neighbor AP Detection setting will remain as "Enable".
This is supported on TQ5403, TQ5403e and TQm5403 with firmware version 5.3.1 or later, TQ1402 and TQm1402 with firmware version 6.0.0-0.2 or later, and TQ6602 with firmware version 7.0.0 or later. If Neighbor AP Detection is not supported on the management web interface of the AP system, this feature is disabled in the AWC Plug-in management.

Note

This setting is displayed when "Dual[11ax]" is selected as Profile Type.

Note

This item is displayed when "Dual[11ax]" is selected as the Profile Type and a mode other than "a" or "b/g" is selected for the Radio Configuration.

• TQ Series
  
  • Dual[11ax] GEN2, Dual[11ax]
    16 VAPs per band (Radio 1, Radio 2)
    
  • Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna, Dual[11ac Wave2]
    8 VAPs per band (Radio 1, Radio 2, Radio 3)
    
  • Dual[11ac], Dual[11n] or 11ac with External Antenna
    16 VAPs per band (Radio 1, Radio 2)
    
  
  
• TQ Series - SDN/OpenFlow
  
  • Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna
    8 VAPs per band (Radio 1, Radio 2, Radio 3)
    
  • Dual[11ac]
    16 VAPs per band (Radio 1, Radio 2)
    

Note

It is recommended to use 5 or less VAPs per radio band in total, including both multi-channel and blanket VAPs.

• When set to Enabled, the VAP is always used on the APs to which this AP Profile is applied.
  
• When set to Disabled, the VAP is not used.
  
• When set to Emergency, the VAP becomes active only when the Emergency Mode is enabled in the Management Group.
  

Note

Emergency Mode cannot be used with channel blanket. You cannot use a channel blanket as an emergency Wi-Fi network.
Do not set this item to "Emergency" for the VAP whose number is the same as the CB VAP (VAP for channel blanket).

Note

Specify a VLAN ID that is different from the AP's management VLAN. When the AP is detected as a guest device, a parent AMF device is configured to collect the guest device information automatically ("dynamic discovery"), and wireless clients get their IP addresses via DHCP.

• When enabled, the SSID is included in beacons. When you configure a wireless client, you may be able to see the SSID in a list of wireless networks to connect. This setting also allows wireless clients to connect using an "ANY" connection.
  
  
• When disabled, the SSID is not included in beacons. You may not be able to see the SSID in a wireless network list on a wireless client. In this case, you have to enter the same SSID as the AP on a wireless client. This setting also denies wireless clients from connecting using an "ANY" connection.
  

Note

An "ANY" connection is a connection where a wireless client tries to connect to an AP by specifying a wildcard or null as the SSID. Even when an "ANY" connection is allowed, clients cannot connect to APs without knowing the correct security key.

• When enabled, the AP encourages clients supporting both 2.4GHz and 5GHz to prefer 5GHz in order to reduce congestion in 2.4GHz.
  
  
• When disabled, the AP doesn't encourage clients to use 5GHz. In that case, a client keeps using the same band with which they connect, even if the client supports both 2.4GHz and 5GHz and the other band is less crowded.
  

Note

This item is displayed if you select "TQ Series" for Series, and "Dual[11ac]", "Dual[11n]" or "11ac With External Antenna" for Profile Type.
If you select "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]" or "Tri[11ac Wave2] with External Antenna", this option is set in the "Radio Configuration" section and affects overall VAPs.

Note

"Static WEP" is not displayed when the selected Mode contains "IEEE 802.11n". This can be configured only on VAP 1 of each radio.

Note

"OSEN" is displayed if you select "TQ Series", and "Tri[11ac]" or "Tri[11ac] With External Antenna" for Profile Type.

• None:
  No authentication or encryption is performed. Everyone can connect to the VAP.
  

  Note

  If you use "None" to build a network such as a guest hotspot, you should consider the consequences for the overall security of your entire network.

  
  
• Static WEP:
  Uses RC4 encryption with fixed keys. Per-client authentication is not performed. We recommend using "WPA Personal" for fixed key security because WEP is vulnerable.
  
  
• WPA Personal:
  Performs authentication and encryption between an AP and a wireless client. It uses per-client keys which are generated from a pre-shared key (PSK). It uses CCMP (AES) or TKIP for the encryption algorithm.
  
  
• WPA Enterprise:
  Performs authentication and encryption between an AP and a wireless client. It uses per-client keys which are generated on a RADIUS server. It uses CCMP (AES) or TKIP for the encryption algorithm.
  
  
• OSEN:
  Used by the VAP for online sign-up and to configure security settings when communicating with the OSU server.
  

• Key Length:
  Select the WEP key length. The default is 128bit.
  
  • 64bit:
    You can directly enter a WEP key with 10 hex digits. Or you can enter 5 ASCII characters to automatically generate a WEP key.
    
  • 128bit:
    You can directly enter a WEP key with 26 hex digits. Or you can enter 13 ASCII characters to automatically generate a WEP key.
    
  
  
• Key Type:
  Select a generation method for the WEP key. The default is "Hex".
  
  • ASCII:
    Lets you enter an arbitrary string to automatically generate a WEP key. The string is case-sensitive.
    
  • Hex:
    Lets you directly enter a WEP key with hexadecimal characters (0 to 9, A to F, a to f). Hex characters are not case-sensitive.
    
  
  
• Key Index:
  Specify a key to use. The default is 1.
  
  
• Security Key (WEP Key):
  Enter a WEP key (in hex) or a seed of a key (in ASCII) according to the selected "Key Length" and "Key Type".
  You have to enter the same WEP key as the one specified by "Key Index" on the wireless client.
  
  
• WEP Authentication Method:
  "Open System" is the recommended option here. The default is "Open System".
  It is recommended to use the default "Open System" for security.
  
  • Open System:
    All wireless clients are allowed to connect regardless of whether they have the correct WEP key. But as wireless clients are only allowed to connect, they cannot communicate without a valid WEP key.
    This option is not only for "WEP" but is also used for "None", "WPA Personal" and "WPA Enterprise".
    
  • Shared Key:
    Only wireless clients with the correct WEP key can connect. Wireless clients cannot connect without a valid key.
    
  • Open System and Shared Key:
    A client configured to use Shared Key can connect if it has a valid WEP key.
    A client configured to use Open System can connect regardless of whether it has a correct key.
    
  This is only available for TQ series.
  

• Security Key (WPA-PSK):
  Specify an encryption key for the VAP. The key should contain 8 to 63 alphanumeric and symbol characters. The key is case-sensitive.
  
  
• WPA Versions:
  Select the WPA version(s) to use.
  
  • TQ Series
    
    • Dual[11ax] GEN2, Dual[11ax]
      You can select "WPA3" only, both "WPA3" and "WPA2", "WPA2" only, or both "WPA" and "WPA2".
      However, you cannot select both "WPA3" and "WPA". Additionally, you cannot select "WPA" only.
      
    • Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna
      You can select "WPA3" only, both "WPA3" and "WPA2", "WPA2" only, or both "WPA" and "WPA2".
      However, you cannot select both "WPA3" and "WPA". Additionally, you cannot select "WPA" only.
      
    • Dual[11ac Wave2]
      You can select "WPA3" only, both "WPA3" and "WPA2", "WPA2" only, or both "WPA" and "WPA2".
      However, you cannot select both "WPA3" and "WPA". Additionally, you cannot select "WPA" only.
      
    • Dual[11ac]
      You can select "WPA2" only, or both "WPA2" and "WPA".
      
    • Dual[11n], 11ac with External Antenna, Single
      You can select either "WPA" or "WPA2", or both "WPA2" and "WPA".
      
  • TQ Series - SDN/OpenFlow
    
    • Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna
      You can select "WPA2" only, or both "WPA2" and "WPA".
      
    • Dual[11ac]
      Only "WPA2" can be selected.
      
  The default is "WPA2". Select both for a mixed environment. In that case, the security level of the wireless network is the same as WPA.
  

  Note

  WPA is based on a draft of IEEE 802.11i while WPA2 is based on the final version of IEEE 802.11i and therefore meets all mandatory items required by the standard.

  
  
• Encryption Protocol:
  
  • TQ Series
    
    • Dual[11ax] GEN2, Dual[11ax]
      You can select "CCMP" only, or both "TKIP" and "CCMP".
      
    • Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna, Dual[11ac Wave2]
      You can select "CCMP" only, or both "TKIP" and "CCMP".
      
    • Dual[11ac]
      You can select "CCMP" only, or both "TKIP" and "CCMP".
      
    • Dual[11n], 11ac with External Antenna, Single
      You can select either "TKIP" or "CCMP", or both.
      
  • TQ Series - SDN/OpenFlow
    
    • Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna
      You can select "CCMP" only, or both "TKIP" and "CCMP".
      
    • Dual[11ac]
      You can select "CCMP" only.
      
  The default is "CCMP".
  Although "TKIP" uses RC4 as WEP does, TKIP uses a separate encryption key for each client and changes the key after using it for some time.
  "CCMP" uses the standard encryption algorithm approved by the US Secretary of Commerce. This standard has a strong algorithm.
  

  Note

  According to the WPA standard, TKIP is mandatory while CCMP is optional. Our products implement both algorithms.

  Note

  If the WPA version includes "WPA3", only "CCMP" can be selected. "TKIP" is not displayed.

  Note

  If the Profile Type is set to other than "Dual[11ax] GEN2", and the WPA version is set to "WPA2", or both "WPA2" and "WPA", "TKIP" can be selected as necessary.
  If the Profile Type is set to "Dual[11ax] GEN2", and the WPA version is set to "WPA2" solely, please select only "CCMP". In this case, "TKIP" is not supported. If you set the WPA version to "WPA2" and "WPA", "TKIP" can be selected as necessary.

  
  
• Management Frame Protection (MFP):
  Specify whether to protect management frames.
  Available options vary depending on the selected Profile Type.
  
  • Dual[11ax], Dual[11ac Wave2]
    Select "Enable" to use MFP. Otherwise select "Disable". The default is "Enable".
    
  • Dual[11ax] GEN2, Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna
    Specify "Required" if you want the MFP mandatory for client association, "Capable" if you want it optionally, or "Disabled" if you don't want the management frames protected. The default is "Capable".
    

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.

  Note

  If you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ac]" or "11ac With External Antenna" for Profile Type, you specify this item for each band on "Wireless Configuration".

  Note

  If the WPA version includes "WPA3", "Disable" can not be selected. If the WPA version includes "WPA", only "Disable" can be selected.

  
  
• Broadcast Key Refresh Interval:
  Specify an interval at which to refresh the broadcast key that is sent to clients on the VAP. Specify an interval between 0 and 86400 (seconds). A value of 0 means that the key is never refreshed. The default is 0.
  

• RADIUS Server IP Address:
  Enter the IP address of the primary RADIUS server.
  You can configure primary and secondary RADIUS servers. The primary IP address is mandatory while the secondary is optional.
  
  
• RADIUS Server Secret:
  Enter a password to connect to the RADIUS server with 128 or less alphanumeric and symbol characters. The password can contain spaces.
  For TQ series, enter a password for each of the primary and secondary RADIUS server.
  
  
• Port Number:
  Enter a port number between 1 and 65535 on which the external RADIUS server or servers are listening. For TQ series, the port number applies to both primary and secondary. The default is 1812.
  
  
• Pre-authentication:
  When enabled and a client is about to roam, the source (current) AP forwards the client's pre-authentication information to the destination AP. The default is "Enable". This reduces the time required for authentication of roaming clients.
  

  Note

  This item is displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and the options except "Dual[11ax]" for Profile Type.

  Note

  If Profile Type is "Dual[11ax] GEN2", "Tri[11ac Wave2]" or "Dual [11ac Wave2]", this item can be configured only on VAP1 of each radio. When you select "Enable", this function is valid for all VAP.

  
  
• WPA Versions:
  Select the WPA version(s) to use.
  
  • TQ Series
    
    • Dual[11ax] GEN2, Dual[11ax]
      Radio 2: You can select "WPA3" only, "WPA2" only, or both "WPA" and "WPA2".
      You cannot select both "WPA3" and "WPA2", or both "WPA3" and "WPA". "WPA" can be selected only together with "WPA2".
      
    • Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna
      Radio 2: You can select "WPA3" only, "WPA2" only, or both "WPA" and "WPA2".
      You cannot select both "WPA3" and "WPA2", or both "WPA3" and "WPA". "WPA" can be selected only together with "WPA2".
      
    • Dual[11ac Wave2]
      Radio 1: You can select "WPA2" only, or both "WPA" and "WPA2".
      Radio 2: You can select "WPA3" only, "WPA2" only, or both "WPA" and "WPA2".
      
    • Dual[11ac]
      You can select "WPA2" only, or both "WPA2" and "WPA".
      
    • Dual[11n], 11ac with External Antenna, Single
      You can select either "WPA" or "WPA2", or both "WPA2" and "WPA".
      
  • TQ Series - SDN/OpenFlow
    
    • Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna
      You can select "WPA2" only, or both "WPA2" and "WPA".
      
    • Dual[11ac]
      Only "WPA2" can be selected.
      
  The default is "WPA2". Select both for a mixed environment. In that case, the security level of the wireless network is the same as WPA.
  

  Note

  WPA is based on a draft of IEEE 802.11i while WPA2 is based on the final version of IEEE 802.11i and therefore meets all mandatory items required by the standard.

  
  
• Encryption Protocol:
  
  • TQ Series
    
    • Dual[11ax] GEN2, Dual[11ax]
      You can select "CCMP" only, or both "TKIP" and "CCMP".
      
    • Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna, Dual[11ac Wave2]
      You can select "CCMP" only, or both "TKIP" and "CCMP".
      
    • Dual[11ac]
      You can select "CCMP" only, or both "TKIP" and "CCMP".
      
    • Dual[11n], 11ac with External Antenna, Single
      You can select either "TKIP" or "CCMP", or both.
      
  • TQ Series - SDN/OpenFlow
    
    • Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna
      You can select "CCMP" only, or both "TKIP" and "CCMP".
      
    • Dual[11ac]
      You can select "CCMP" only.
      
  The default is "CCMP".
  Although "TKIP" uses RC4 as WEP does, TKIP uses a separate encryption key for each client and changes the key after using it for some time.
  "CCMP" uses the standard encryption algorithm approved by the US Secretary of Commerce. This standard has a strong algorithm.
  

  Note

  According to the WPA standard, TKIP is mandatory while CCMP is optional. Our products implement both algorithms.

  Note

  If the WPA version includes "WPA3", only "CCMP" can be selected. "TKIP" is not displayed.

  Note

  If the Profile Type is set to other than "Dual[11ax] GEN2", and the WPA version is set to "WPA2", or both "WPA2" and "WPA", "TKIP" can be selected as necessary.
  If the Profile Type is set to "Dual[11ax] GEN2", and the WPA version is set to "WPA2" solely, please select only "CCMP". In this case, "TKIP" is not supported. If you set the WPA version to "WPA2" and "WPA", "TKIP" can be selected as necessary.

  
  
• Management Frame Protection (MFP):
  Specify whether to protect management frames.
  Available options vary depending on the selected Profile Type.
  
  • Dual[11ax], Dual[11ac Wave2]
    Select "Enable" to use MFP. Otherwise select "Disable". The default is "Enable".
    
  • Dual[11ax] GEN2, Tri[11ac Wave2], Tri[11ac Wave2] with External Antenna
    Specify "Required" if you want the MFP mandatory for client association, "Capable" if you want it optionally, or "Disabled" if you don't want the management frames protected. The default is "Capable".
    

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.

  Note

  If you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ac]" or "11ac With External Antenna" for Profile Type, you specify this item for each band on "Wireless Configuration".

  Note

  If the WPA version includes "WPA3", "Disable" can not be selected. If the WPA version includes "WPA", only "Disable" can be selected.

  Note

  If the Profile Type is set to "Dual[11ax] GEN2", and the WPA version is set to "WPA2" solely, please do not set to "Required".

  
  
• Broadcast Key Refresh Interval:
  Specify an interval at which to refresh the broadcast key that is sent to clients on the VAP. Specify an interval between 0 and 86400 (seconds). A value of 0 means that the key is never refreshed. The default is 0.
  
  
• Session Key Refresh Interval:
  Specify an interval at which to refresh the unicast session key that is sent to clients on the VAP. Specify an interval between 0 and 86400 (seconds). A value of 0 means that the key is never refreshed. The default is 0.
  Because keys are generated for every session, there is little need to refresh the key, given that a strong encryption algorithm such as CCMP is used in "WPA Enterprise". A shorter interval may decrease the AP's performance.
  

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", "Dual[11ac Wave2]", "Dual[11ac]", "Dual[11n]", "11ac with External Antenna" or "Single" for Profile Type, or if you selected "TQ Series - SDN/OpenFlow" for Series and "Dual[11ac]" for Profile Type.

  
  
• Session Key Refresh Action:
  Select the action to be taken when the session key is updated, from "Reauthentication" or "Disconnection".
  The default is "Reauthentication".
  

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.

  
  
• RADIUS Accounting:
  Specify whether to use RADIUS accounting server to record the resources (such as connection time) used by each user. Select "Enable" to perform accounting. Otherwise select "Disable". The default is "Disable".
  
  
• RADIUS Accounting Port Number:
  Specify a port number on which the RADIUS accounting server is listening. This is valid only when RADIUS Accounting is enabled. The default is 1813.
  
  
• Dynamic VLAN:
  When enabled, the VLAN included in a RADIUS response is assigned to the user.
  When disabled, the VLAN configured for the VAP is always applied to the user regardless of the VLAN information in a RADIUS response.
  The default is "Enable".
  

• RADIUS Server IP Address:
  Enter the IP address of the primary RADIUS server.
  You can configure primary and secondary RADIUS servers. The primary IP address is mandatory while the secondary is optional.
  
  
• RADIUS Server Secret:
  Enter a password to connect to the RADIUS server with 128 or less alphanumeric and symbol characters. The password can contain spaces.
  For TQ series, enter a password for each of the primary and secondary RADIUS server.
  
  
• Port Number:
  Enter a port number between 1 and 65535 on which the external RADIUS server or servers are listening. For TQ series, the port number applies to both primary and secondary. The default is 1812.
  
  
• Pre-authentication:
  When enabled and a client is about to roam, the source (current) AP forwards the client's pre-authentication information to the destination AP. The default is "Enable". This reduces the time required for authentication of roaming clients.
  This is only available for TQ series.
  

  Note

  This can be configured only on VAP1 of each radio. When you select "Enable", this function is valid for all VAP.

  
  
• WPA Versions:
  Select the WPA version(s) to use.
  Radio 2: You can select "WPA3" only, "WPA2" only, or both "WPA" and "WPA2".
  You cannot select both "WPA3" and "WPA2", or both "WPA3" and "WPA". "WPA" can be selected only together with "WPA2".
  The default is "WPA2". Select both for a mixed environment. In that case, the security level of the wireless network is the same as WPA.
  

  Note

  WPA is based on a draft of IEEE 802.11i while WPA2 is based on the final version of IEEE 802.11i and therefore meets all mandatory items required by the standard.

  
  
• Encryption Protocol:
  You can select "CCMP" only, or both "TKIP" and "CCMP".
  The default is "CCMP".
  Although "TKIP" uses RC4 as WEP does, TKIP uses a separate encryption key for each client and changes the key after using it for some time.
  "CCMP" uses the standard encryption algorithm approved by the US Secretary of Commerce. This standard has a strong algorithm.
  

  Note

  According to the WPA standard, TKIP is mandatory while CCMP is optional. Our products implement both algorithms.

  Note

  If the WPA version includes "WPA3", only "CCMP" can be selected. "TKIP" is not displayed.

  Note

  If the WPA version is set to "WPA2", or both "WPA2" and "WPA", "TKIP" can be selected as necessary.

  
  
• Management Frame Protection (MFP):
  Specify whether to protect management frames.
  Specify "Required" if you want the MFP mandatory for client association, "Capable" if you want it optionally, or "Disabled" if you don't want the management frames protected. The default is "Capable".
  

  Note

  If the WPA version includes "WPA3", only "CCMP" can be selected. If the WPA version includes "WPA", only "Disable" can be selected.

  Note

  If the Profile Type is set to "Dual[11ax] GEN2", and the WPA version is set to "WPA2" solely, please do not set to "Required".

  
  
• Broadcast Key Refresh Interval:
  Specify an interval at which to refresh the broadcast key that is sent to clients on the VAP. Specify an interval between 0 and 86400 (seconds). A value of 0 means that the key is never refreshed. The default is 0.
  
  
• Dynamic VLAN:
  When enabled, the VLAN included in a RADIUS response is assigned to the user.
  When disabled, the VLAN configured for the VAP is always applied to the user regardless of the VLAN information in a RADIUS response.
  The default is "Enable".
  

• If you select "External RADIUS", the APs will query the RADIUS server.
  
• If you select "Click-through", APs will display a Click-through page instead of performing RADIUS authentication. The Click-through page does not require authentication with a username/password pair, but can be configured to show an arbitrary "Terms of Use" that users have to accept before use, or to redirect to an external page.
  
• If you select "External page redirection", clients will be able to connect using third-party web credentials such as social networking sites.
  
• Select "Disable" to not use Captive Portal.
  

Note

This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", "Dual[11ac Wave2]", "Dual[11ac]", "Dual[11n]", "11ac with External Antenna" or "Single" for Profile Type, or if you selected "TQ Series - SDN/OpenFlow" for Series and "Dual[11ac]" for Profile Type.

Note

"Click-through" is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", "Dual[11ac Wave2]", "Dual[11ac]" or "11ac with External Antenna" for Profile Type.

Note

"External Page Redirect" will appear when you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]" or "Tri[11ac Wave2] with External Antenna" for Profile Type.
This item is displayed if you select "TQ Series" and "Dual[11ac Wave2]" for Series and Profile Type respectively. However, it is not supported.

Note

Do not enable Captive Portal on the radio used for the WDS connection.

• Authentication Page Proxy:
  Specify whether to use an external authentication page or not.
  
  • Enable:
    Shows an external portal page. Specify the page URL in "Base URL".
    
    • Base URL:
      Specify the base URL of the external web authentication page.
      Clients will access the page through the AP's proxy feature instead of direct connection.
      The HTML filename of the external authentication page must be "radius_login.html".
      The AP's proxy will get the page from "Base URL/radius_login.html" and send it back to clients.
      For example, when you specify "http://www.example.com/captive_portal" in "Base URL", the APs will present the content of the page at "http://www.example.com/captive_portal/radius_login.html" to connecting clients.
      For details of the format of radius_login.html, refer to Operation Reference > Authentication > Web Authentication with Captive Portal.
      
  • Disable:
    Shows an authentication page embedded in the APs.
    

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.

• RADIUS Server Primary IP Address:
  Enter the IP address of the primary RADIUS server. (mandatory)
  
  
• RADIUS Server Primary Secret:
  Enter the password to connect to the primary RADIUS server with 128 or less alphanumeric and symbol characters. (mandatory)
  
  
• RADIUS Server Secondary IP Address:
  Enter the IP address of the secondary RADIUS server. Leave it blank if you are not using a secondary RADIUS server.
  
  
• RADIUS Server Secondary Secret:
  Enter the password to connect to the secondary RADIUS server with 128 or less alphanumeric and symbol characters. Leave it blank if you are not using a secondary RADIUS server.
  
  
• RADIUS Server Port Number:
  Enter a port number between 1 and 65535 on which the primary and secondary RADIUS server is listening. The default is 1812.
  
  
• RADIUS Accounting:
  Specify whether to use the RADIUS Accounting.
  
  • Enable:
    Uses RADIUS Accounting. With an external RADIUS server that has authenticated the user, it is possible to record the resources (such as connection time) used by each user during the session. You can also use features such as those provided by external RADIUS. Specify the "RADIUS accounting port" in addition.
    
    • Enter the port number of the accounting port of the external RADIUS server in the range 0-65535. The default is 1813.
      
  • Disable: Does not use RADIUS Accounting.
    
  The default is "Disable".
  

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.
  This item is displayed if you select "TQ Series" and "Dual[11ac Wave2]" for Series and Profile Type respectively. However, it is not supported.

  
  
• Redirect type (after user is authenticated):
  Specify a page to be shown after the user passes web authentication.
  
  • Keep Session:
    Show the original URL that was entered in the client's browser before web authentication.
    
  • Fixed URL
    Always show a fixed URL that you specify.
    
  • Disable
    Do not redirect the browser after successful web authentication.
    

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", "Dual[11ac Wave2]", "Dual[11ac]" or "11ac with External Antenna" for Profile Type.
  If the Profile Type is "Dual[11ac]" or "11ac with External Antenna", you can only select "Fixed URL" or "Disable".

• Walled Garden:
  Shows the number of entries on the page that use the Walled Garden feature.
  The Walled Garden feature allows you to specify which pages can be viewed by users who have not yet completed the authentication or who have not yet been authenticated. If they try to view a page other than specified, the Captive Portal page will appear again.
  Clicking on this brings up the "Walled Garden List" dialog box.
  
  • Walled Garden List
    
    You can register addresses to use the Walled Garden feature.
    
    • Address:
      The address of the site that is accessible from inside the Walled Garden, in the form of an FQDN, an IP address or an IP address/mask. Max 50 entries can be registered.
      
    • "Add" button:
      Registers the address entered in the Address field to the list.
      
    • "Clear" button:
      Deletes the entry of the Address field.
      
    • "Import from CSV file" button:
      Imports the addresses from a CSV file.
      The CSV file can contain one address per line, described in one of the following formats: FQDN, IP address or IP address/mask.
      
    • X Address:
      Shows the number of address entries registered to the list.
      
    • Search Walled Garden Address: Searches for a specific address in the list.
      
    • Address:
      Shows an address entry.
      
    • Delete:
      Deletes the selected entry.
      
    • "Save" button:
      Saves changes to the Walled Garden List.
      
    • "Close" button:
      Discard the changes to the Walled Garden List and close the Walled Garden List dialog box.
      

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]" or "Tri[11ac Wave2] With External Antenna" for Profile Type.
  This item is displayed if you select "TQ Series" and "Dual[11ac Wave2]" for Series and Profile Type respectively. However, it is not supported.

• Virtual IP Address for Captive Portal:
  Shows the setting you made on the "Virtual IP Address for Captive Portal" in "Basic Configuration" section. By clicking on the link icon, you can jump to the section.
  

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]" or "Tri[11ac Wave2] With External Antenna" for Profile Type.
  This item is displayed if you select "TQ Series" and "Dual[11ac Wave2]" for Series and Profile Type respectively. However, it is not supported.

• Session Timeout:
  Specify the client's authentication session timeout; between 0 and 86400 (seconds).
  After the client is successfully authenticated, the session automatically terminates when the time set for timeout elapses.
  The default is 3600.
  

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.

• Session Timeout Action:
  Select the action to be taken when the session is timed out, from "Reauthentication" or "Disconnection".
  The default is "Reauthentication".
  

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.

• Authentication Page Proxy:
  Specify whether to use an external Click-through page or not.
  
  • Enable:
    Shows an external portal page. Specify the page URL in "Base URL".
    
    • Base URL:
      Specify the base URL of the external Click-through page.
      Clients will access the page through the AP's proxy feature instead of direct connection.
      The HTML filename of the external Click-through page must be "click_through_login.html".
      The AP's proxy will get the page from "Base URL/click_through_login.html" and send it back to clients.
      For example, when you specify "http://www.example.com/captive_portal" in "Base URL", APs will present the content of the page at "http://www.example.com/captive_portal/click_through_login.html" to connecting clients.
      For details of the format of click_through_login.html, refer to Operation Reference > Authentication > Web Authentication with Captive Portal.
      
  • Disable:
    Shows an authentication page embedded in the APs.
    

    Note

    "Terms of Use" to show on the Authentication Page can be configured on each AP's web interface.

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.

• Redirect type (after user is authenticated):
  Specify a page to be shown after the user passes web authentication.
  
  • Keep Session:
    Show the original URL that was entered in the client's browser before web authentication.
    
  • Fixed URL
    Always show a fixed URL that you specify.
    
  • Disable
    Do not redirect the browser after successful web authentication.
    

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", "Dual[11ac Wave2]", "Dual[11ac]" or "11ac with External Antenna" for Profile Type.
  If the Profile Type is "Dual[11ac]" or "11ac with External Antenna", you can only select "Fixed URL" or "Disable".

• Walled Garden:
  Shows the number of entries on the page that use the Walled Garden feature.
  The Walled Garden feature allows you to specify which pages can be viewed by users who have not yet completed the authentication or who have not yet been authenticated. If they try to view a page other than specified, the Captive Portal page will appear again.
  Clicking on this brings up the "Walled Garden List" dialog box.
  
  • Walled Garden List
    
    You can register addresses to use the Walled Garden feature.
    
    • Address:
      The address of the site that is accessible from inside the Walled Garden, in the form of an FQDN, an IP address or an IP address/mask. Max 50 entries can be registered.
      
    • "Add" button:
      Registers the address entered in the Address field to the list.
      
    • "Clear" button:
      Deletes the entry of the Address field.
      
    • "Import from CSV file" button:
      Imports the addresses from a CSV file.
      The CSV file can contain one address per line, described in one of the following formats: FQDN, IP address or IP address/mask.
      
    • X Address:
      Shows the number of address entries registered to the list.
      
    • Search Walled Garden Address: Searches for a specific address in the list.
      
    • Address:
      Shows an address entry.
      
    • Delete:
      Deletes the selected entry.
      
    • "Save" button:
      Saves changes to the Walled Garden List.
      
    • "Close" button:
      Discard the changes to the Walled Garden List and close the Walled Garden List dialog box.
      

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]" or "Tri[11ac Wave2] With External Antenna" for Profile Type.
  This item is displayed if you select "TQ Series" and "Dual[11ac Wave2]" for Series and Profile Type respectively. However, it is not supported.

• Virtual IP Address for Captive Portal:
  Shows the setting you made on the "Virtual IP Address for Captive Portal" in "Basic Configuration" section. By clicking on the link icon, you can jump to the section.
  

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]" or "Tri[11ac Wave2] With External Antenna" for Profile Type.
  This item is displayed if you select "TQ Series" and "Dual[11ac Wave2]" for Series and Profile Type respectively. However, it is not supported.

• Session Timeout:
  Specify the client's authentication session timeout; between 0 and 86400 (seconds).
  After the client is successfully authenticated, the session automatically terminates when the time set for timeout elapses.
  The default is 3600.
  

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.

• Session Timeout Action:
  Select the action to be taken when the session is timed out, from "Reauthentication" or "Disconnection".
  The default is "Reauthentication".
  

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.

• External Page URL:
  Enter the URL to which the APs redirect the users with 1 to 128 alphanumeric characters. The default is empty.
  
• RADIUS Server Primary IP Address:
  Enter the IP address of the primary RADIUS server. (mandatory)
  
  
• RADIUS Server Primary Secret:
  Enter the password to connect to the primary RADIUS server with 128 or less alphanumeric and symbol characters. (mandatory)
  
  
• RADIUS Server Secondary IP Address:
  Enter the IP address of the secondary RADIUS server. Leave it blank if you are not using a secondary RADIUS server.
  
  
• RADIUS Server Secondary Secret:
  Enter the password to connect to the secondary RADIUS server with 128 or less alphanumeric and symbol characters. Leave it blank if you are not using a secondary RADIUS server.
  
  
• RADIUS Server Port Number:
  Enter a port number between 1 and 65535 on which the primary and secondary RADIUS server is listening. The default is 1812.
  
  
• RADIUS Accounting:
  Specify whether to use the RADIUS Accounting.
  
  • Enable:
    Uses RADIUS Accounting. With an external RADIUS server that has authenticated the user, it is possible to record the resources (such as connection time) used by each user during the session. You can also use features such as those provided by external RADIUS. Specify the "RADIUS accounting port" in addition.
    
    • Enter the port number of the accounting port of the external RADIUS server in the range 0-65535. The default is 1813.
      
  • Disable: Does not use RADIUS Accounting.
    
  The default is "Disable".
  

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.

  
  
• Redirect type (after user is authenticated):
  Specify a page to be shown after the user passes web authentication.
  
  • Keep Session:
    Show the original URL that was entered in the client's browser before web authentication.
    
  • Fixed URL
    Always show a fixed URL that you specify.
    
  • Disable
    Do not redirect the browser after successful web authentication.
    

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", "Dual[11ac Wave2]", "Dual[11ac]" or "11ac with External Antenna" for Profile Type.
  If the Profile Type is "Dual[11ac]" or "11ac with External Antenna", you can only select "Fixed URL" or "Disable".

• Walled Garden:
  Shows the number of entries on the page that use the Walled Garden feature.
  The Walled Garden feature allows you to specify which pages can be viewed by users who have not yet completed the authentication or who have not yet been authenticated. If they try to view a page other than specified, the Captive Portal page will appear again.
  Clicking on this brings up the "Walled Garden List" dialog box.
  
  • Walled Garden List
    
    You can register addresses to use the Walled Garden feature.
    
    • Address:
      The address of the site that is accessible from inside the Walled Garden, in the form of an FQDN, an IP address or an IP address/mask. Max 50 entries can be registered.
      
    • "Add" button:
      Registers the address entered in the Address field to the list.
      
    • "Clear" button:
      Deletes the entry of the Address field.
      
    • "Import from CSV file" button:
      Imports the addresses from a CSV file.
      The CSV file can contain one address per line, described in one of the following formats: FQDN, IP address or IP address/mask.
      
    • X Address:
      Shows the number of address entries registered to the list.
      
    • Search Walled Garden Address: Searches for a specific address in the list.
      
    • Address:
      Shows an address entry.
      
    • Delete:
      Deletes the selected entry.
      
    • "Save" button:
      Saves changes to the Walled Garden List.
      
    • "Close" button:
      Discard the changes to the Walled Garden List and close the Walled Garden List dialog box.
      

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]" or "Tri[11ac Wave2] With External Antenna" for Profile Type.
  This item is displayed if you select "TQ Series" and "Dual[11ac Wave2]" for Series and Profile Type respectively. However, it is not supported.

• Virtual IP Address for Captive Portal:
  Shows the setting you made on the "Virtual IP Address for Captive Portal" in "Basic Configuration" section. By clicking on the link icon, you can jump to the section.
  

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]" or "Tri[11ac Wave2] With External Antenna" for Profile Type.
  This item is displayed if you select "TQ Series" and "Dual[11ac Wave2]" for Series and Profile Type respectively. However, it is not supported.

• Session Timeout:
  Specify the client's authentication session timeout; between 0 and 86400 (seconds).
  After the client is successfully authenticated, the session automatically terminates when the time set for timeout elapses.
  The default is 3600.
  

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.

• Session Timeout Action:
  Select the action to be taken when the session is timed out, from "Reauthentication" or "Disconnection".
  The default is "Reauthentication".
  

  Note

  This item is displayed if you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.

• Selecting "MAC Address List" will allow or deny connections only to the MAC addresses recorded in the list, according to the MAC address list selected in the MAC Address List field at the top of the screen.
  
• If you select "External RADIUS", the APs will query the RADIUS server.
  
• Selecting "MAC Address List + External RADIUS" allows or denies connections only to the MAC addresses recorded in the list. This list refers to both the MAC address list selected in the MAC address list field at the top of the screen and the external RADIUS server.
  Firstly, it will try to authenticate using the MAC Address List. If a connection cannot be established, it will try to authenticate the connection using an External RADIUS server. If the preceding MAC address list allows a user to connect, the user can still connect even if the external RADIUS server does not grant the access.
  
• Selecting "AMF Application Proxy" allows you to query the whitelist and blacklist of our AMF-Security Controller AT-SecureEnterpriseSDN Controller (AT-SESC) or AMF Security mini. You can then take actions such as allowing, denying or quarantining client devices that attempt to connect to the wireless AP, disconnecting connected devices or changing VLANs.
  
• If you select "Disable", no MAC access control is performed.
  

Note

This item is displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow".

Note

"MAC Address List" and "MAC Address List + External RADIUS" are only available when "TQ Series" is selected for Series, and any of MAC Address List is selected in the "Basic Configuration" section.

Note

"MAC Address List + External RADIUS" will appear when you select "TQ Series" for Series, and "Dual[11ax] GEN2", "Tri[11ac Wave2]" or "Tri[11ac Wave2] with External Antenna" for Profile Type.
This item is displayed if you select "TQ Series" and "Dual[11ac Wave2]" for Series and Profile Type respectively. However, it is not supported.

Note

"AMF Application Proxy" will appear when you select "TQ Series" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", or "Tri[11ac Wave2] with External Antenna" for Profile Type.

Note

You cannot use a different MAC Address List for each radio or VAP. A single list is used for all radios (Radio 1/Radio 2/Radio 3) and VAPs in an AP Profile.

• RADIUS Server Primary IP Address:
  Enter the IP address of the primary RADIUS server. (mandatory)
  
  
• RADIUS Server Primary Secret:
  Enter the password to connect to the primary RADIUS server with 128 or less alphanumeric and symbol characters.
  
  
• RADIUS Server Secondary IP Address:
  Enter the IP address of the secondary RADIUS server. Leave it blank if you are not using a secondary RADIUS server.
  
  
• RADIUS Server Secondary Secret:
  Enter the password to connect to the secondary RADIUS server with 128 or less alphanumeric and symbol characters. Leave it blank if you are not using a secondary RADIUS server.
  
  
• Port Number:
  Enter a port number between 1 and 65535 on which the primary and secondary RADIUS server is listening. The default is 1812.
  
  
• User-Name Format Delimiter:
  A client's MAC address is sent to the RADIUS server as a User-Name attribute.
  Specify an octet delimiter to use in a User-Name attribute from "Hyphen", "Colon" and "None". The default is "Hyphen".
  
  
• User-Name Format Case:
  Specify which case to use in a User-Name attribute from "Upper" and "Lower". The default is "Lower".
  
  
• User-Password Format Type:
  Specify what is used for a User-Password attribute when a client MAC address is sent to the RADIUS server for authentication. The default is "User Name".
  
  • If you select "Fixed Password", a string specified in "User-Password Format Password" is always used as the value of the User-Password attribute.
    
  • If you select "User Name", the same string as the User-Name attribute (MAC Address) is sent to the RADIUS server as the value of the User-Password attribute.
    
  
  
• User-Password Format Password:
  Specify a fixed password string which is used when "User-Password Format Type" is set to "Fixed Password".
  

• User-Name ab-cd-ef-12-34-56
  
• User-Password ab-cd-ef-12-34-56
  

• AMF Application Proxy Server Primary IP Address:
  Enter the IP address of the primary AMF Application Proxy server (mandatory)
  
  
• AMF Application Proxy Primary Secret:
  Enter the pre-shared key to communicate with the primary AMF Application Proxy server.
  
  
• AMF Application Proxy Server Secondary IP Address:
  Enter the IP address of the secondary AMF Application Proxy server. Leave it blank if you are not using a secondary AMF Application Proxy server.
  

  Note

  In this version, the secondary AMF Application Server is not available.

  
  
• AMF Application Proxy Secondary Secret:
  Enter the pre-shared key to communicate with the secondary AMF Application Proxy server. Leave it blank if you are not using a secondary AMF Application Proxy server.
  

  Note

  In this version, the secondary AMF Application Server is not available.

  
  
• AMF Application Proxy Server Port Number:
  Enter a port number between 1 and 65535 on which the primary and secondary AMF Application Proxy server is listening. The default is 1812.
  
  
• Critical Mode:
  Specify whether to enable or disable Critical Mode. The default is "Disable".
  
  • With "Enable" selected, in the event the connection between the AWC Plug-in and AMF Application Proxy server is lost, all new client connection requests will be allowed.
    

    Note

    When using the VAP security method together with AMF Application Proxy, only wireless clients that have successfully authenticated using the security method can communicate.

  • When you select "Disable", all new client connection requests will be rejected.
    The clients that are already connected before the connection between the AWC Plug-in and AMF Application Proxy server got lost, can now continue the communication.
    

Note

When using the dynamic VLAN feature of WPA Enterprise together, if a VLAN is assigned by the RADIUS server, the wireless device will be assigned to the VLAN ID of the dynamic VLAN.
If a VLAN is not assigned by the RADIUS server, the wireless device will be assigned to the VLAN ID specified by the AMF Application Server. If a VLAN is neither assigned by the RADIUS server nor assigned by the security policy on the AMF Application Proxy server, the wireless device will be assigned to the VLAN ID of VAP.
If the action on the AMF application proxy server side is quarantine, the VLAN ID of quarantine network will be applied regardless whether the dynamic VLAN has a VLAN ID or not.

Note

When using the Dynamic VLAN feature of WPA Enterprise together, the VLAN IDs of wireless clients already connected to the network will not be changed even if the VLAN ID of the network specified in the security policy of the AMF application proxy server is changed.

Note

When using the Dynamic VLAN feature of WPA Enterprise together, the VLAN IDs of wireless clients already connected to the network will not be changed even if the VLAN ID of the network specified in the security policy of the AMF application proxy server is changed.
However, if a high-priority action results in an assignment from one quarantine VLAN to another quarantine VLAN, the VLAN ID to which the wireless client belongs will not change.

Note

MAC Access Control with AMF Application Proxy cannot be used with channel blanket. If you want to use the AP as a part of a channel blanket, do not assign the AP profile which the MAC Access Control with AMF Application Proxy is enabled.

Note

This item is displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type, and "WPA Personal" or "WPA Enterprise" for Security of VAP.

• Fast Transition:
  Specify whether to use IEEE 802.11r (Fast Basic Service Set Transition).
  When enabled, wireless clients can do IEEE 802.11r fast transition when roaming from one AP to another.
  The default is "Disable".
  

  Note

  Only "Disable" is available when you select "Dual[11ax] GEN2" or "Dual[11ax]" for Profile Type, and "WPA2/WPA3" or "WPA3" for WPA versions.

  
  An AP profile that contains VAPs using both WPA Enterprise and Fast Transition behaves as follows:
  
  
  • When the number of APs using this AP profile changes, the configuration status of the APs that use this AP profile becomes "Modified".
    
    
  • If you make a change that affects the number of APs that use this AP profile on the Wireless Configuration > AP Settings page, a dialog box will ask you whether to apply the configuration to all APs that use this AP profile.
    If you click "OK", the configuration will be applied to all APs that use this AP profile.
    
  
  
• Distributed System:
  Specify whether to request authentication via distributed system (DS).
  When enabled, wireless clients send an authentication request to the destination AP via the current (source) AP. (Over The DS.)
  When disabled, wireless clients send an authentication request to the destination AP directly over the radio. (Over The Air)
  The default is "Disable".
  
  
• Mobility Domain:
  Specify a mobility domain with 4 hexadecimal digits (0 to 9, A to F, a to f). This is not case-sensitive.
  A wireless client can perform IEEE 802.11r fast transition between the APs in the same mobility domain.
  The default is "a1b2".
  
  
• PMK-R0 Lifetime
  Specify a PMK-R0 lifetime, between 1 and 65535 minutes.
  Once the lifetime expires, IEEE 802.11r fast transition is not performed.
  The default is 10000.
  
  
• AES Key
  Specify an AES key that is used to exchange PMK-R1 between APs with 32 hexadecimal digits (0 to 9, A to F, a to f). This is not case-sensitive. The default is empty.
  

  Note

  This is mandatory for every function in the "Fast Roaming" section. Configure this item even if you only use IEEE 802.11k or IEEE 802.11v and you are not going to use IEEE 802.11r fast transition.

  
  
• IEEE 802.11k RRM
  Specify whether to use IEEE 802.11k RRM (Radio Resource Management).
  The default is "Disable".
  

  Note

  If you select "Dual[11ax] GEN2" or "Dual[11ax]" for Profile Type, the selection of "IEEE 802.11k RRM" on VAP 1 will also affect VAP 2 to VAP 16.
  When you want to use "IEEE 802.11k RRM" enabled on any of VAP 2 to 16, enable it on VAP 1.

  Note

  Only "Disable" is available when you select "Dual[11ax] GEN2" or "Dual[11ax]" for Profile Type, and "WPA2/WPA3" or "WPA3" for WPA versions.

  
  
• IEEE 802.11v WNM
  Specify whether to use IEEE 802.11v WNM (Wireless Network Management).
  The default is "Disable".
  

  Note

  Only "Disable" is available when you select "Dual[11ax] GEN2" or "Dual[11ax]" for Profile Type, and "WPA2/WPA3" or "WPA3" for WPA versions.

Note

These options will be displayed if you selected "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]" for Profile Type.

Note

This feature cannot be used with the OpenFlow feature. Use the default setting.

Note

If you select "TQ Series" for Series and "Dual[11ax]" for Profile Type, the setting of this item in any VAP will take effect on the VAPs in the same radio band.

Note

If you select "TQ Series" for Series and "Dual[11ac]" for Profile Type, this setting is not supported for Radio 1. Use the default setting.

Note

This item is displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna" or "Dual[11ac Wave2]" for Profile Type.

Note

This feature cannot be used with the OpenFlow feature. Use the default setting.

Note

When "Management Frame Protection" is set to "Enable", "Disconnect" is used regardless of this item's setting.

Note

These options will be displayed if you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]" for Profile Type.

Note

This feature cannot be used with the OpenFlow feature. Use the default setting.

Note

To make this function take effect, APs on the same subnet must have "Roaming Notification" set to "Enable" for each other.

Note

If you select "TQ Series" or "TQ Series - SDN/OpenFlow" for Series, and "Dual[11ac]", "Dual[11n]", "11ac With External Antenna" or "Single" for Profile Type, you specify this item for each band on "Wireless Configuration".

• If enabled, when a managed wireless AP receives an ARP request for a connected client, the wireless AP that has a connection to the client will send an ARP response on behalf of the client. The wireless AP that does not have a connection to this client will discard the ARP request, thereby reducing unnecessary traffic.
  
• If you select "Disable", Proxy ARP will not be activated. That means ARP requests are broadcasted from all wireless APs to their subordinate clients. The corresponding clients send ARP responses themselves.
  The default is "Disable".
  

Note

This item is displayed if you select "TQ Series" for Series, and "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]" or "Tri[11ac Wave2] with External Antenna" for Profile Type.

Note

To enable Passpoint, WPA Enterprise must be used as security mode. When enabling this item, confirmation dialog will appear asking if you allow to change the security mode to WPA Enterprise to continue Passpoint setting.

Note

"MAC Address List + External RADIUS" will appear when you select "TQ Series" for Series, and "Tri[11ac Wave2]" or "Tri[11ac Wave2] with External Antenna" for Profile Type.

• Access Network Type:
  Specify a network type.
  
  • Private network:
    A network which unauthorized users cannot access.
    
  • Private network with guest access:
    A private network that offers guest access to unauthorized users.
    
  • Chargeable public network:
    A network that can be accessed by anyone at anytime for a charge. The billing system and other information can be obtained in other ways (IEEE 802.21, http/https redirect or DNS redirection)
    
  • Free public network:
    A network that can be accessed by anyone at anytime for free.
    
  • Personal device network:
    A network for personal devices such as a camera and printer.
    
  • Emergency service-only network:
    A network for limited use for the emergency services (police or fire/disaster management).
    
  • Test or experimental:
    A network for testing or experiments.
    
  • Wildcard:
    A wildcard access network.
    
  
  
• Homogeneous ESS Identifier (HESSID):
  Specify the same ESSID as the other APs in the Passpoint network. MAC address is in the format xxxx.xxxx.xxxx (where x is a hexadecimal number). The default is empty.
  
  
• Roaming Consortium List:
  Specify a list of Organization Indicators (OIs).
  A single OI can be specified in hexadecimal numbers from 3 to 15 octets, and not more than 100 octets in a whole list.
  The number of OIs that can be registered is limited to 15, separated by commas (,) (e.g. 021122,2233445566).
  Please specify the OI as an even number of digits. When specifying an odd-numbered OI, enter it as an even-numbered digit by adding a leading "0(zero)". For example, "1234567" becomes "01234567". When specifying a value of less than 3 octets, pad leading zeros so that the value is at least 6 digits long. For example, "123" becomes "000123".
  The default is empty.
  
  
• Domain Name:
  Specify the domain name used for the certificate. To specify more than one domain, separate them with a comma (,). The default is empty.
  
  
• 3GPP Cellular Network Information:
  Specify the 3GPP Cellular Network Information. The default is empty.
  
  
• NAI Realm Information 1 - 5
  NAI Realm:
  Specify the NAI Realm in FQDN format. To specify more than one, separate them with a semicolon (;).
  
  
• NAI Realm Information 1 - 5
  EAP Method:
  Select the EAP Method to use for the NAI Realm with the same number from following list (multiple choices area allowed).
  
  • EAP-TLS
    
  • EAP-TTLS/MSCHAPv2
    
  • EAP-SIM
    
  
  
• Operator-Friendly Name:
  The name of the operator providing the service, as a display language/string pair. You can register pairs in several languages.
  
  
• Disable Downstream Group-Addressed Forwarding (DGAF):
  Specify whether to disable sending multicast and broadcast frames.
  By selecting "Enable", these frames will not be sent.
  The default is "Disable".
  
  
• L2 Traffic Inspection and Filtering:
  Specify whether to discard L2 traffic (ARP, ICMP, TDKS) between VAPs.
  By selecting "Enable", these traffic will be discarded.
  The default is "Disable".
  

• When enabled, the communication with the OpenFlow controller is encrypted using SSL.
  
  
• When disabled, the communication with the OpenFlow controller is not encrypted (i.e. plain TCP connection is used).
  

Note

To use encrypted control plane, the OpenFlow controller must also be configured appropriately.

• When disabled, the Critical Mode is not used and the normal OpenFlow behavior is retained. When the connection to the controller is lost, no more new connections from a client are possible because new flow entries cannot be generated.
  Clients which are already connected to APs can continue to communicate, but once the flow entries for the client time out and are deleted, they can no longer communicate.
  
  
• If you select "Enable (Accept All)", all traffic is allowed when the "Fallback Time" expires after the connection to the controller is lost. In this case, the tagged VLAN configured for the VAP is used for all traffic.
  
  
• If you select "Enable (Drop All)", all traffic is discarded after the "Fallback Time" expires.
  

Note

Actual transition time varies depending on the timing of the health check interval for the OpenFlow controller.

Note

This item is not supported.