Create AP Profile

Quick Tour > Configure Smart Connect (AWC-SC) > Create AP Profile

Let's create an AP profile for the cellular wireless network.

In Smart Connect settings, the general settings of the APs are configured in the AP Profile, and only the settings related to the SC management SSIDs are configured in the SC Profile. To manage APs for channel blanket, you always have to apply an AP profile to the APs.
When both an AP profile and a SC profile are applied to an AP, the SC profile has precedence over the AP profile and overwrites the AP configuration with its content. When a configuration item is included only in the AP Profile, the configurations are applied as is.
You cannot create a VAP for client service in the wireless band which AWC-SC uses.
In this network, since the VAPs (SSID for SC management and SSID for standby factory default APs), are operated in Radio 2, and the cell-type VAPs for general client services are operated in Radio 1, the AP Profile defines the basic settings for APs, as well as the wireless settings for Radio 1 and the settings for cell-type VAPs.
Also, for Radio 2, each item of wireless settings that is not defined in the SC Profile (especially inactivation of band steering, neighbor AP detection, etc., which cannot be used together with AWC-SC) should be defined in the AP Profile.

Let's create an AP Profile for all TQ5403.

1. Select "Wireless Configuration" > "AP Profile" from the AWC Plug-in menu.
   The AP Profile list screen will appear.
   

   

   
   
2. Click "Create" at the top right of the screen.
   The "Select Country, AP Series and Profile Type" dialog box will appear.
   

   

   
   
3. Select a Country.
   If the default country code for the currently logged in user is configured, it is selected by default.
   
   
4. Select "TQ Series" from "Series".
   
   
5. Select "Profile Type".
   There are several options for this item, depending on the supported feature set of the AP model.
   Select "Tri[11ac Wave2]" suitable for TQ5403.
   

   

   If you are configuring a Smart Connect network using the TQ6602, select "Dual[11ax]". Refer to Operation Reference > Wireless Configuration > Configure AP Profiles for the setting items when "Dual[11ax]" is selected.
   
   
6. Click "OK".
   The AP profile configuration screen will appear.
   

   

   
   
7. Configure general parameters in the "Profile Configuration" section.
   
   • Enter "TQ5403AP" in "AP Profile Name".
     
   • The "Profile Type", "Country" and "Series" fields show the options selected in the earlier "Select Country, AP Series and Profile Type" dialog box.
     
   • Select the Management Groups that you want this AP Profile to belong to.
     An AP Profile can be used in multiple Management Groups by selecting those groups in this dialog box.
     Here we check "3F Group" which we created earlier.
     Note that you cannot uncheck the "Default Wireless Group".
     

   

   
   
8. You can specify the AP's system settings in the "Basic Configuration" section.
   If the Profile Type is "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]", by configuring the User Settings in the AP Profile, you can set a username and password to the APs in a batch.
   But even when the APs are under the AWC Plug-in's control, each AP's web interface is still accessible.
   Now we are going to change the administrator account (username and password) of the AP's web interface in order to prevent someone from accessing the APs.
   

   Note

   You can also change the administrator account of an AP before adding it to the AWC Plug-in.

   Note

   If you configure the usernames and passwords in both the AP Profile and the AP-specific configuration on the same AP, the username and password in the AP-specific configuration will take effect.

   
   In the "Basic Configuration" section, set "User Settings" to "Enable". Enter a new username and password (twice).
   The allowed characters vary depending on the AP model.
   
   
   • Username
     1 to 12 characters in length, with letters and digits. Must begin with a letter.
     
     
   • Password
     0 to 32 characters in length, with letters, digits and symbols (except SPACE " $ : < > ' & *).
     
   
   If you check "Disable" on the "AP's User Settings" you can restrict username and password setting in the AP-specific configuration, but leave it unchecked to allow the per-AP account control this time.
   
   
9. In the "Timezone" section, select a timezone to apply to the APs.
   Here, we set the time display to JST (Japan Standard Time). Select "(UTC+09:00) Asia/Tokyo" from the drop-down list.
   You can also narrow down the choices displayed in the drop-down list by entering a part of the above timezone character string in the search field above the drop-down list, such as "tokyo" in this case.
   
   
10. The "NTP Client" field is used to enable/disable the NTP client on the APs.
    To use the AWC (Autonomous Wave Control) feature, which we will describe later, you have to enable the NTP client.
    Here we enable the NTP client.
    When you enable the NTP client, an additional "NTP Server IP Address/Hostname" field will appear. Enter the IP address of the switch (192.168.1.1) that is configured as an NTP server.
    
    
11. The "Syslog Client" field lets you enable or disable the syslog client feature on the APs.
    If you want the APs to send log messages to the syslog server, enable this item.
    Here we set the syslog client to disabled.
    
    
12. You can enable or disable the SNMP agent on the APs in the "SNMP Agent" section.
    If you want to monitor and configure the APs with SNMP manager, enable this item.
    Here we set the syslog client to disabled.
    

    

    
    
13. Clicking "+ Detail" will show "MAC Address List", "LED", and "Virtual IP Address for Captive Portal".
    
    • "MAC Address List" lets you specify MAC address lists (blacklist or whitelist) used by MAC Access Control features with a MAC Address List on the APs.
      Here, leave "MAC Address List" blank.
      
    • The "LED" field lets you select the operational mode of the AP's LEDs.
      Here we choose "Turn On" for "LED".
      
    • "Virtual IP Address for Captive Portal" is a security feature that hides the management IP address from attackers by displaying a temporary IP address as the IP address of the web server that provides Captive Portal.
      Here, leave "Virtual IP Address for Captive Portal" disabled as we do not use Captive Portal.
      

    

    
    
14. "LAN Configuration" lets you configure ethernet links on the AP.
    The TQ5403 has two LAN ports and can use a wider uplink with link aggregation (LAG), provided that both ends of the LAG (a parent switch and the AP) are correctly configured.
    
    

    Table 1: AT-TQ5403 Wired Network

    Item Name	Value	Description
    LAN 2 Port	Disable	Specifies TQ5403 and TQm5403's LAN1/PoE and LAN2 ports behavior, such as link aggregation or cascading. Static LAG: Enables link aggregation. A static LAG should also be configured on the switch ports to which the AP connects. Cascade: Enables cascading function, the LAN2 port will work as a cascade port. Disable: Neither link aggregation nor cascading function will be enabled. The LAN2 port is also disabled. The AP can only use the LAN1/PoE port. Note AWC-SC does not support the use with link aggregation.

    In this example, we will not be using link aggregation or cascading features. Please make sure that Disable is selected.
    

    

    
    
15. You can specify configuration parameters for radio waves in the "Radio Configuration" section.
    Depending on the selected "Profile Type", configure "Radio 1 (2.4GHz)", "Radio 2 (5GHz W52/W53)" and "Radio 3 (5GHz W56)" appropriately. You can switch the radio by clicking the "Radio 1", "Radio 2" and "Radio 3" buttons at the top of the screen.
    Here we are going to operate a multi-channel VAP for employees on Radio 1, and the Smart Connect network on Radio 2, so configure Wireless Configuration as follows.
    
    • Disable "Radio Transmission" for Radio 3 because we are not going to use Radio 3.
      
    • "Emergency Mode" is not used because Smart Connect cannot be used together.
      You can also enable Radio 3 to operate emergency only network on the radio. However, the wireless band 5GHz W56 used as Radio 3 is required notto interfere withthe operation of weather and military rader by law, and is not suitable for emergency use.
      
    • We are going to use Radio 1 to serve multi-channel network for employees. Enable "Wi-Fi Multimedia (WMM)" and "APSD" to achieve stable communication on mobile IP phones and lower power consumptions.
      
    • Radio 2 is used as a wireless band dedicated to Smart Connect.
      Since the Bandwidth is already set to 40 MHz in the SC Profile, it is not specified in the AP Profile. This time, we set to "40MHz" explicitly.
      
    • Here, since a network for employees is assumed, "Wireless Client Isolation" is not required. Leave "Disable" as default.
      
    • Here, we do not use "Airtime Fairness", so set "Disable".
      
    • Leave the "RTS Threshold" default value of 2347 because there is no need to change it for this scenario.
      
    • Band Steering will not be used because we use only the 2.4GHz band this time. Specify "Disable".
      
    
    

    Table 2: TQ5403 Wireless Configuration

    Item Name	Value			Description
    	Radio 1	Radio 2	Radio 3
    Radio Transmission	Enable	Enable	Disable	Specify whether to transmit and receive radio waves in the selected frequency band.
    Mode	b/g/n	a/n/ac		Specify the wireless modes (protocols) to use.
    Bandwidth	40MHz	40MHz		Specify the bandwidth to use. IEEE 802.11ac and IEEE 802.11n can aggregate two or four adjacent channels to make a large 40MHz or 80MHz channel. Since the Bandwidth of Radio 2 is overwritten with the value specified in the SC Profile, the default "20MHz" may be used.
    Use Conditions	Always	Always		Select "Always" to always use the wireless feature. Select "Only Emergency Mode" to use the radio band only in emergency mode. Refer to Enable Emergency Mode for more details.
    Wireless Client Isolation	Disable	Disable		Specify whether to block communication between wireless clients connected to the same VAP.
    Airtime Fairness	Disable	Disable		Specify whether to give each client an equal amount of airtime regardless of its speed.
    Auto Channel Selection	All	All		Specify the channels to use. All channels are selected by default.
    Maximum Wireless Clients	200	200		Specify the maximum number of clients that can connect to the APs.
    Fixed Tx Rate	11 Mbps	6 Mbps		Specify the fixed Transmission Rate for IEEE 802.3 Multicast/Broadcast.
    Legacy Rate Sets	All	All		Specify valid rates to use when IEEE 802.11b/g or IEEE 802.11a is being used.
    RTS Threshold	2347	2347		If the packet to be transmitted is larger than this size in IEEE 802.11b/g/a, an RTS packet is transmitted before transmitting the packet. Specifying "2347" disables RTS transmission.
    Band Steering	Disable	Disable		Specify whether to use the Band Steering feature, which encourages clients supporting both 2.4GHz and 5GHz to prefer 5GHz in order to reduce congestion in 2.4GHz. Note Band Steering cannot be used with Channel Blanket or Smart Connect.
    Wi-Fi Multimedia (WMM)	Enable	Enable		Specify whether to use Wi-Fi Multimedia (WMM). When enabled, WMM information is included in the AP beacon. This shortens the frame transmission interval for video/audio streaming and VoIP traffic and therefore keeps communication quality high.
    APSD	Disable	Disable		Specify whether to use APSD (Automatic Power Save Delivery). Enabling APSD can lower power consumption of mobile devices (VoIP) and therefore increase the battery life. The mobile device should also support APSD (U-APSD).
    Neighbor AP Detection	Disable	Disable		Specify whether to detect rogue APs in the radio band. When enabled, APs detect the radio waves of wireless APs managed/unmanaged by the AWC Plug-in that use the same wireless band nearby, and reflects them in AWC calculations. If you disable this, these functions may not work properly. Also, configure not to detect rogue APs in the radio band used by AWC-SC.

    
    ◼ Radio 1
    

    

    
    ◼ Radio 2
    

    

    
    ◼ Radio 3
    

    

    
    
16. Configure VAPs in the "VAP (Multiple SSID) Configuration" section.
    
    When applying the AP Profile and SC Profile, if there are specific configuration items for either AP or SC Profiles, those items will be applied to the AP as they are. If there are conflicting configuration items between the Profiles, the settings of the SC Profile take precedence over the AP Profile.
    In this example, we will configure a multi-channel network VAP "ForStaff" in VAP1 on Radio 1.
    

    Note

    Because VAP1 cannot be disabled on an AP profile, if you apply this AP profile to APs as usual, the default SSID "Default-1" will be activated without any security.
    If you are going to build a multi-channel VAP and apply a common AP Profile with the AP that does not use Smart connect, it is recommended that a dummy VAP with security applied be created for VAPs that are overwritten by SC Profile.

    Note

    In the radio band used by AWC-SC, the other VAPs will be disabled automatically.

    
    
    

    Table 3: AT-TQ5403 VAP (Multiple SSID) Configuration

    Item Name	Value	Description
    	Radio 1 VAP 1
    VAP Status	Enable	Enables or disables the VAP.
    VLAN ID	100	Specify a VLAN ID (between 1 and 4094) to use on the VAP (mandatory)
    SSID	ForStaff	Specify an SSID (network name) to use on the VAP.
    Broadcast SSID	Enable	Specify whether to broadcast the SSID on the VAP.
    Security	WPA Personal	Specify a security method for the VAP.
    Security Key (WPA-PSK)	5+@f/=0N1y	Specify an encryption key for the VAP.
    WPA Versions	WPA2	Specify a WPA version to use on the VAP.
    Encryption Protocol	CCMP	Specify an encryption protocol to use on the VAP.
    Management Frame Protection	Disable	Specify whether to protect management frames.
    Broadcast Key Refresh Rate	0	Specify an interval at which to refresh the broadcast key that is sent to clients on the VAP. Specifying "0" stops the key from refreshing.
    Captive Portal	Disable	Specify whether to use the Captive Portal feature on the VAP.
    MAC Access Control	Disable	Specify whether to use MAC Access Control on the VAP.
    Fast Roaming	Disable	Specify whether to use Fast Roaming of wireless clients.
    Inactivity Timer	300	Specify the delay before disconnecting a client that disappears without notifying the APs.
    Duplicate AUTH received	Ignore	Select how to process connection requests from clients that have maintained a connection.
    Association Advertisement	Enable	Specify whether to use Association Advertisement.
    DTIM Period	1	Specify how frequently to insert a DTIM (Delivery Traffic Indication Map) in the AP's beacons.
    Proxy ARP	Enable	Specify whether to use Proxy ARP.
    Passpoint	Disable	Specify whether to use Passpoint (Hotspot 2.0).

    
    ◼ Radio 1
    

    

    
    
17. Click "Add" at the top right of the screen.
    Now you can see the newly created AP Profile "TQ5403AP".
    

(C) 2022 Allied Telesis, Inc. All rights reserved.

C613-04136-00 Rev A

21 Oct 2022 11:59