Create AP Profile

Quick Tour > Configure Multi-channel Wireless Network > Create AP Profile

Next, create the AP profile.
An AP profile is a bundled set of configuration parameters that can be applied to a specific set of APs. You can save time by creating separate AP profiles according to the location and operation of APs and applying each profile to a group of APs.
Generally speaking, you should create an AP profile for each AP model that uses the same feature set. Note that you have to create an AP profile even if the profile only applies to a single AP.
This time, we will create and apply a single AP profile to the TQ6602s.

AP Profile for TQ6602

First, let's create an AP profile for TQ6602.

Select "Wireless Configuration" > "AP Profile" from the AWC Plug-in menu.
The AP Profile list screen will appear.
Click "Create" at the top right of the screen.
The "Select Country, AP Series and Profile Type" dialog box will appear.
Select a Country.
If the default country code for the currently logged in user is configured, it is selected by default.
Select "TQ Series" from "Series".
Select "Profile Type".
There are several options for this item, depending on the supported feature set of the AP model.
Select "Dual[11ax]", which is suitable for TQ6602.
Click "OK".
The AP Profile configuration screen will appear.
Configure general parameters in the "Profile Configuration" section.
- Enter "TQ6602" in "AP Profile Name".
- The "Profile Type", "Country" and "Series" fields show the options selected in the earlier "Select Country, AP Series and Profile Type" dialog box.
- Select the management groups that you want this AP Profile to belong to.
  An AP Profile can be used in multiple management groups by selecting those groups in this dialog box.
  Here we check "6F Group", which we created earlier.
  Note that you cannot uncheck the "Default Wireless Group".
You can specify the AP's system settings in the "Basic Configuration" section.
If the Profile Type is "Dual[11ax] GEN2", "Dual[11ax]", "Tri[11ac Wave2]", "Tri[11ac Wave2] with External Antenna", or "Dual[11ac Wave2]", by configuring the User Settings in AP Profile, you can set a username and password to the APs in a batch.
But even when the APs are under the AWC Plug-in's control, each AP's web interface is still accessible.
Be sure to change the user name and password of the wireless AP's administrative account before trial use, as the initial account allows a malicious wireless client to enter the wireless AP's web configuration screen and change the settings.

Note
You can also change the administrator account of an AP before adding it to the AWC Plug-in.

Note
If you configure the usernames and passwords in both the AP Profile and the AP-specific configuration on the same AP, the username and password in the AP-specific configuration will take effect.

Note
If you specify a username and password for the AP's guest-class on a parent AMF node, ensure that the AP's login username and password are the same as the ones configured for the guest-class.
If you want to manage an AP which was detected as a guest device under the AWC Plug-in, specify the same username and password that is configured for the AP's guest-class and AP's web interface.
If you want to use a different username and password for each AP, create a separate guest-class for each AP on the parent AMF devices.

This time, we will change the administrative account all together in the AP profile, and then later, we will set up different administrative accounts for each wireless AP through individual settings.
This will prevent casual hacking (slight unauthorized access using the initial account, etc.) at the stage of adding wireless APs, while further increasing the security of the web configuration screen of each wireless AP by using different passwords for each individual wireless AP. On the other hand, if a large number of wireless APs are used, password management can become cumbersome, so please consider a separate management method that is appropriate for the scale of use.
In the "Basic Configuration" section, set "User Settings" to "Enable".
Enter a new username and password (twice).
- Username
  Enter a name between 1 to 12 alphanumeric characters. The first character must be an alphabet.
- Password
  Should be 0 to 32 characters in length, with alphabets (case-sensitive), numbers and symbols (! # % ( ) + , - . / ; = ? @ [ \ ] ^ _ ` { | } ~ may be used).
If you check "Disable" on the "AP's User Settings" you can restrict username and password setting in the AP-specific configuration, but leave it unchecked to allow the per-AP account control this time.
In the "Timezone" section, select a timezone to apply to the APs.
Here, we set the time display to NZST (New Zealand Standard Time). Select "(UTC+1200) Pacific/Auckland" from the drop-down list.
You can also narrow down the choices displayed in the drop-down list by entering a part of the above timezone character string in the search field above the drop-down list, such as "1200" or "Auckland" in this case.
The "NTP Client" field is used to enable/disable the NTP client on the APs.
To use the AWC (Autonomous Wave Control) feature, which we will describe later, you have to enable the NTP client.
Here we enable the NTP client so we can enable AWC later.
When you enable the NTP client, an additional "NTP Server IP Address/Hostname" field will appear. Enter the IP address of the switch (192.168.1.1) that is configured as an NTP server.
The "Syslog Client" field lets you enable or disable the syslog client feature on the APs.
If you want the APs to send log messages to the syslog server, enable this item.
Here we set the syslog client to disabled.

You can enable or disable the SNMP agent on the APs in the "SNMP Agent" section.
If you want to monitor and configure the APs with SNMP manager, enable this item.
Here we enable the SNMP Agent because we are going to monitor the APs with the SNMP Plug-in.
When you enable the SNMP Agent, the following fields will appear. Here we enter the following data:

Table 1: TQ6602 SNMP Agent Configuration
Item Name	Value	Description
Version	v1/v2c	Select the SNMP version(s) to use.
Read Only Community Name	public	Enter the read-only SNMP community name, 0 to 32 alphabets, digits, and symbols (space ! # $ % ( ) * + , - . / : ; = ? @ [ ] ^ _ ` { \| } ~ may be used).
Port Number	161	Enter the UDP port that the SNMP agent listens on.
Restrict the source of SNMP requests	Disable	Enable this to accept SNMP requests only from specific source addresses.
Community name for traps	public	Enter the SNMP trap community name, 1 to 256 alphabets, digits, and symbols (space ! # $ % ( ) * + , - . / : ; = ? @ [ ] ^ _ ` { \| } ~ may be used).
Trap types	Cold Start Link Up/Down Authentication	Select the SNMP Trap types to generate.
Trap Host IP Address/Hostname	192.168.1.249	Specify IP addresses or hostnames (FQDNs) to which SNMP traps will be sent. A maximum of 3 trap hosts can be configured.

Clicking "+ Detail" will show "MAC Address List", "LED", and "Virtual IP Address for Captive Portal".
- "MAC Address List" lets you specify MAC address lists (blacklist or whitelist) used by MAC Access Control features with a MAC Address List on the APs.
  An AP can use only a single MAC address list but the MAC Address List feature can be enabled or disabled per VAP (SSID).
  Here we haven't created a MAC address list. Leave "MAC Address List" empty in order to accept all wireless clients that have a valid SSID and key.
- The "LED" field lets you select the operational mode of the AP's LEDs.
  Here we choose "Turn On" for "LED".
  As for TQ6602, the color of the PoE LED when receiving PoE power can be selected from Amber and Green in the "PoE LED".
  This time, we leave the "PoE LED" as its default, "Amber".
- "Virtual IP Address for Captive Portal" is a security feature that hides the management IP address from attackers by displaying a temporary IP address as the IP address of the web server that provides Captive Portal.
  Here, leave "Virtual IP Address for Captive Portal" disabled as we do not use Captive Portal.

You can specify configuration parameters for radio waves in the "Radio Configuration" section.
Depending on the selected "Profile Type", configure "Radio 1 (2.4GHz)" and "Radio 2 (5GHz W52/W53/W56)" appropriately. You can switch the radio by clicking the "Radio 1" and "Radio 2" buttons at the top of the screen.
Here we enter the following data:

Table 2: TQ6602 Wireless Configuration
Item Name	Value		Description
Item Name	Radio 1	Radio 2	Description
Radio Transmission	Enable	Enable	Specify whether to transmit and receive radio waves in the selected frequency band.
Mode	b/g/n/ax	a/n/ac/ax	Specify the wireless modes (protocols) to use.
Bandwidth	20MHz	20MHz	Specify the bandwidth to use. IEEE 802.11ax, IEEE 802.11ac and IEEE 802.11n can aggregate two or four adjacent channels to make a large 40MHz or 80MHz channel.
Use Conditions	Always	Always	Select "Always" to always use the wireless feature. Select "Only Emergency Mode" to use the radio band only in emergency mode. Refer to Enable Emergency Mode for more details.
Wireless Client Isolation	Disable	Disable	Specify whether to block communication between wireless clients connected to the same VAP.
Airtime Fairness	Disable	Disable	Specify whether to give each client an equal amount of airtime regardless of its speed.
Auto Channel Selection	All	All	Specify the channels to use. All channels are selected by default.
Maximum Wireless Clients	200	200	Specify the maximum number of clients that can connect to the APs.
Multicast Tx Rate	11 Mbps	6 Mbps	Specify a selection method for IEEE 802.3 multicast/broadcast rate.
Legacy Rate Sets	All	All	Specify valid rates to use when IEEE 802.11b/g or IEEE 802.11a is being used.
RTS Threshold	2347	2347	To transmit RTS packets in IEEE 802.11b/g/a mode, select Enable and specify the minimum size of Tx packets.
Band Steering	Disable	Disable	Specify whether to use the Band Steering feature, which encourages clients supporting both 2.4GHz and 5GHz to prefer 5GHz in order to reduce congestion in 2.4GHz. This item is only displayed for "Radio 1". To use this feature, make sure you configure a VAP with the same SSID and security for each radio (Radio 1 and 2).
Wi-Fi Multimedia (WMM)	Enable	Enable	Specify whether to use Wi-Fi Multimedia (WMM). When enabled, WMM information is included in the AP beacon. This shortens the frame transmission interval for video/audio streaming and VoIP traffic and therefore keeps communication quality high.
APSD	Enable	Enable	Specify whether to use APSD (Automatic Power Save Delivery). Enabling APSD can lower power consumption of mobile devices (VoIP) and therefore increase the battery life. The mobile device should also support APSD (U-APSD).
Neighbor AP Detection	Enable	Enable	Specify whether to detect rogue APs in the radio band. When enabled, APs detect the radio waves of wireless APs managed/unmanaged by the AWC Plug-in that use the same wireless band nearby, and reflects them in Wireless IDS/IPS and AWC calculations. If you disable this, these functions may not work properly.
MU-MIMO	Disable	Disable	Select whether to Enable or Disable MU-MIMO (Multi-user MIMO). MU-MIMO allows multiple wireless clients to communicate simultaneously (upwards and downwards), thus increasing the communication speed.
OFDMA	Disable	Disable	Select whether to Enable or Disable OFDMA (Orthogonal Frequency Division Multiple Access). OFDMA allows multiple wireless clients to communicate simultaneously by dividing the channel into multiple RUs (resource units). Note This item is displayed when a mode other than "a" or "b/g" is selected for the Radio Configuration.

◼ Radio 1

◼ Radio 2

Configure VAPs in the "VAP (Multiple SSID) Configuration" section.
Depending on the selected "Profile Type", configure VAPs for "Radio 1 (2.4GHz)" and "Radio 2 (5GHz W52/W53/W56)" appropriately.
Here we enter the following data:

Table 3: AT-TQ6602 VAP (Multiple SSID) Configuration
Item Name	Value		Description
Item Name	Radio 1 VAP 1	Radio 2 VAP 1	Description
VAP Status	Enable	Enable	Specify one of "Enable", "Disable" and "Emergency". The VAP Status of VAP1 is always "Enable" when "Use Condition" in the "Radio Configuration" section is set to "Always".
VLAN ID	100	100	Specify a VLAN ID used for communication between the VAP and associated clients. Note Specify a VLAN ID that is different from the AP's management VLAN. When the AP is detected as a guest device, a parent AMF device is configured to collect the guest device information automatically ("dynamic discovery"), and wireless clients get their IP addresses via DHCP.
SSID	Test_WLAN	Test_WLAN	Specify an SSID (network name) to use on the VAP.
Broadcast SSID	Enable	Enable	Specify whether to broadcast the SSID on the VAP.
Security	WPA Personal	WPA Personal	Specify a security method for the VAP.
Security Key (WPA-PSK)	CoNFiDeNTiaL	CoNFiDeNTiaL	Specify an encryption key for the VAP.
WPA versions	WPA2	WPA2	Specify a WPA version to use on the VAP.
Encryption Protocol	CCMP	CCMP	Specify an encryption protocol to use on the VAP.
Management Frame Protection	Enable	Enable	Specify whether to protect management frames from eavesdropping and forging.
Broadcast Key Refresh Rate	0	0	Specify an interval at which to refresh the broadcast key that is sent to clients on the VAP. Specifying "0" stops the key from refreshing.
Captive Portal	Disable	Disable	Specify whether to use the Captive Portal feature on the VAP.
MAC Access Control	Disable	Disable	Specify whether to use MAC Access Control on the VAP.
Fast Roaming	Disable	Disable	Specify whether to use Fast Roaming of wireless clients.
Inactivity Timer	300	300	Specify the delay before disconnecting a client that disappears without notifying the APs.
Association Advertisement	Disable	Disable	Specify whether to use Association Advertisement.
DTIM Period	1	1	Specify how frequently to insert a DTIM (Delivery Traffic Indication Map) in the AP's beacons (every 1 to 255 beacons).
Proxy ARP	Disable	Disable	Specify whether to use Proxy ARP.

Click "Add" at the top right of the screen.
Now you can see the newly created AP Profile "TQ6602".

C613-04162-00 Rev A

14 Dec 2023 10:09