User Guide: Vista Manager AWC Plug-in version 3.15.0

Create AP Profile

Quick Tour > Configure Channel Blanket (AWC-CB) > Create AP Profile

Let's create an AP profile for the cellular wireless network.
When you configure a channel blanket, the AP Profile defines the overall configuration of the APs while the CB Profile configures a specific channel blanket. To manage APs for channel blanket, you always have to apply an AP Profile to the APs.
When applying the AP Profile and CB Profile, if there is conflicting configuration between the profiles, the configuration item defined in the CB Profile takes precedence over the AP Profile, and is written to the AP. When a configuration item is included only in the AP Profile, the configurations will be applied as is.
We are going to use a single AP Profile for all APs because a multi-channel network will cover both 1F and 2F as you can see in the following table (see cells filled with red).
Table 1: Planned Wireless Networks
  Radio TQ6702G2-xF-1 TQ6702G2-xF-2 TQ6702G2-xF-3 Overview
2F Radio 2 ForStaff-PC ForStaff-PC ForStaff-PC Multi-channel VAP for employees' PCs
Radio 1 ForStaff-Mobile AWC-CB VAP for employees' mobile devices
1F Radio 2 ForStaff-PC ForStaff-PC ForStaff-PC Multi-channel VAP for employees' PCs
Radio 1 ForStaff-Mobile AWC-CB VAP for employees' mobile devices
ForGuest AWC-CB VAP for guests

AP Profile for TQ6702 GEN2

Let's create an AP Profile for all TQ6702 GEN2 APs.
  1. Select "Wireless Configuration" > "AP Profile" from the AWC Plug-in menu.
    The AP Profile list screen will appear.

  2. Click "Create" at the top right of the screen.
    The "Select Country, AP Series and Model" dialog box will appear.

  3. Select a Country.
    If the default country code for the currently logged in user is configured, it is selected by default.
  4. Select "TQ Series" from "Series".
  5. Select a Model.
    There are several options for this item, depending on the supported feature set of the AP model.
    Select "AT-TQ6702 GEN2 / AT-TQm6702 AT-TQ6602 GEN2 / AT-TQm6602 GEN2" in this case.

  6. Click "OK".
    The AP Profile Configuration screen will appear.

  7. Configure general parameters in the "Profile Configuration" section.
    • Enter "TQ6702 GEN2" in "AP Profile Name".
    • The "Model", "Country" and "Series" fields show the options selected in the earlier "Select Country, AP Series and Model" dialog box.
    • Select the management groups that you want this AP Profile to belong to.
      An AP Profile can be used in multiple management groups by selecting those groups in this dialog box.
      Here we check the "1-2F Group" which we created earlier.
      Note that you cannot uncheck the "Default Wireless Group".

  8. You can specify the AP's system settings in the "Basic Configuration" section.
    If the Model is "AT-TQ7403", "AT-TQ6702 GEN2 / AT-TQm6702 AT-TQ6602 GEN2 / AT-TQm6602 GEN2", "AT-TQ6602", "AT-TQ5403 / AT-TQm5403", "AT-TQ5403e", or "AT-TQ1402 / AT-TQm1402", by configuring the User Settings in AP Profile, you can set a username and password to the APs in a batch.
    Even when the APs are under the AWC Plug-in's control, you can still access the AP's web configuration page.
    Now we are going to change the administrator account (username and password) of the AP's web interface in order to prevent someone from accessing the APs.
    Note
    You can change the administrator account of an AP before adding it to the AWC Plug-in.
    Note
    If you set the username and password in both the AP Profile and the AP-specific configuration on the same AP, the username and password in the AP-specific configuration will take effect.
    Note
    If you specify a username and password for the AP's guest-class on a parent AMF node, ensure that the AP's login username and password are the same as the ones configured for the guest-class.
    If you want to manage an AP which was detected as a guest device under the AWC Plug-in, specify the same username and password that is configured for the AP's guest-class and AP's web interface.
    If you want to use a different username and password for each AP, create a separate guest-class for each AP on the parent AMF devices.
    In the "Basic Configuration" section, set "User Settings" to "Enable". Enter a new username and password (twice).
    The allowed characters vary depending on the AP model.
    • Username
      1 to 12 characters in length, with letters and digits. Must begin with a letter.
    • Password
      Should be 0 to 32 characters in length, with alphabets (case-sensitive), numbers and symbols (! # % ( ) + , - . / ; = ? @ [ \ ] ^ _ ` { | } ~ may be used).
    If you check "Disable" on the "AP's User Settings" you can restrict username and password setting in the AP-specific configuration, but leave it unchecked to allow the per-AP account control this time.
  9. In the "Timezone" section, select a timezone to apply to the APs.
    Here, we set the time display to JST (Japan Standard Time). Select "(UTC+09:00) Asia/Tokyo" from the drop-down list.
    You can also narrow down the choices displayed in the drop-down list by entering a part of the above timezone character string in the search field above the drop-down list, such as "tokyo" in this case.
    Once you select one of the time zones, an additional item for "Daylight Saving Time" will appear. Here we leave "Disable" as default.
  10. The "NTP Client" field is used to enable/disable the NTP client on the APs.
    To use the AWC (Autonomous Wave Control) feature, which we will describe later, you have to enable the NTP client.
    Here we enable the NTP client.
    When you enable the NTP client, an additional "NTP Server IP Address/Hostname" field will appear. Enter the IP address of the switch (192.168.1.1) that is configured as an NTP server.
    Here we leave "NTP Synchronization Interval" at the default value of 10 (minutes).
  11. The "Syslog Client" field lets you enable or disable the syslog client feature on the APs.
    Enable this if you want the APs to send log messages to the syslog server.
    Here we set the syslog client to disabled.
  12. You can enable or disable the SNMP agent on the APs in the "SNMP Agent" section.
    If you want to monitor and configure the APs with SNMP manager, enable this item.
    Here we enable the SNMP Agent because we are going to monitor the APs with the SNMP Plug-in.
    When you enable the SNMP Agent, the following fields will appear. Here we enter the following data:
    Table 2: TQ6702 GEN2 SNMP Agent Configuration
    Item Name Value Description
    Version v1/v2c Select the SNMP version(s) to use.
    Read Only Community Name public Enter the read-only SNMP community name, 0 to 32 alphabets, digits, and symbols (space ! # $ % ( ) * + , - . / : ; = ? @ [ ] ^ _ ` { | } ~ may be used).
    Port Number 161 Enter the UDP port that the SNMP agent listens on.
    Restrict the source of SNMP requests Disable Enable this to accept SNMP requests only from specific source addresses.
    Only allow from the designated hosts or subnets - Enter the IP address or hostname (FQDN) of the SNMP manager.
    This is displayed when "Restrict the source of SNMP requests" is enabled.
    Community name for traps public Enter the SNMP trap community name, 1 to 256 alphabets, digits, and symbols (space ! # $ % ( ) * + , - . / : ; = ? @ [ ] ^ _ ` { | } ~ may be used).
    Trap types Cold Start
    Link Up/Down
    Authentication     		Select the SNMP Trap types to generate.
    Trap Host IP Address/Hostname 192.168.1.249 Specify IP addresses or hostnames (FQDNs) to which SNMP traps will be sent.
    A maximum of 3 trap hosts can be configured.

  13. Clicking "+ Detail" will show "NTP Synchronization Interval" below "NTP Client", and "MAC Address List", "LED", and "Virtual IP Address for Captive Portal" at the bottom.
    • "MAC Address List" lets you specify MAC address lists (blacklist or whitelist) used by MAC Access Control features with a MAC Address List on the APs.
      An AP can use only a single MAC address list but the MAC Address List feature can be enabled or disabled per VAP (SSID).
      Here we haven't created a MAC address list. Leave "MAC Address List" empty in order to accept all wireless clients that have a valid SSID and key.
    • The "LED" field lets you select the operational mode of the AP's LEDs.
      Here we choose "Turn On" for "LED", and "Amber" for "PoE LED".
    • "Virtual IP Address for Captive Portal" is a security feature that hides the management IP address from attackers by displaying a temporary IP address as the IP address of the web server that provides Captive Portal.
      Here, leave "Virtual IP Address for Captive Portal" disabled as we do not use Captive Portal.
    • "Client packet Analysis" is a function that analyzes wireless client communications, records the wireless client's connection status in a detailed log, obtains the wireless client's host name and operating system, and displays this information as wireless client information.
      Leave "Client Packet Analysis" as "Disabled" since Client Packet Analysis will not be used this time.
      Note
      When Client Packet Analysis is enabled, there are limitations to the management functions available in the Vista Manager EX basic functions. For more information, please see Overview > What is the AWC Plug-in > Client Connection History Management and Client Packet Analysis.
      Note
      When this feature is enabled, logs about the network connection will be displayed when the wireless client is connected. For more information on logging, see Screen Reference > Wireless Monitor > Log Management.

  14. "LAN Configuration" lets you configure ethernet links on the AP.
    The TQ6702 GEN2 has two LAN ports and can use a wider uplink with link aggregation (LAG), provided that both ends of the LAG (a parent switch and the AP) are correctly configured.
    Table 3: TQ6702 GEN2 LAN Configuration
    Item Name Value Description
    LAN 2 Port Disable Specifies TQ6702 GEN2 and TQm6702 GEN2's LAN1/PoE and LAN2 ports behavior, such as link aggregation or cascading.

    • Static LAG:
      Enables link aggregation. A static LAG should also be configured on the switch ports to which the AP connects.

    • Cascade:
      Enables cascading function, the LAN2 port will work as a cascade port.

    • Disable:
      Neither link aggregation nor cascading function will be enabled. The LAN2 port is also disabled. The AP can only use the LAN1/PoE port.
    In this example, we will not be using link aggregation or cascading features. Please make sure that Disable is selected.

  15. You can specify configuration parameters for radio waves in the "Radio Configuration" section.
    Depending on the selected model, configure "Radio 1 (2.4GHz)" and "Radio 2 (5GHz W52/W53/W56)" appropriately. You can switch the radio by clicking the "Radio 1" and "Radio 2" buttons at the top of the screen.
    This section is used for CB VAPs too.
    Here we configure it as follows because we are going to operate CB VAPs for guests' and employees' mobile devices on Radio 1 and a multi-channel VAP for employees' PCs on Radio 2.
    • Disable "Emergency Mode" on Radio 1 because it cannot be used with channel blanket.
      Radio 2 can use emergency mode because it is used for multi-channel VAP. You can create emergency VAP on Radio 2 if needed.
    • We are going to use Radio 1 for two blanket wireless networks, one for guests' and the other for employees' mobile devices.
    • Disable "Airtime Fairness" because it cannot be used with channel blanket.
    • Leave the "RTS Threshold" default value of 2347 because changing the value is not supported with channel blanket.
    • Disable "Band Steering" because it cannot be used with channel blanket.
    • When using TQ6702 GEN2, using channel blanket together with the Wireless Client Isolation per VAP setting in the AP Profile is not supported. Instead, use Wireless Client Isolation for CB VAPs in the CB Profile settings.
      In order to allow employees to communicate with each other, set "Wireless Client Isolation" to "Disabled" for each radio band in the "Radio Configuration" section. Then set "Wireless Client Isolation" to "Enable" only for the CB VAP for visitors.
    Note
    Even when Wireless Client Isolation is enabled, communication between clients connected to different VAPs, and between clients connected to different wireless APs is not blocked. Consider security measures such as assigning different VLANs to VAPs to which visitors and employees connect.
    Note
    In TQ5403/5403e/6602 GEN2/6702 GEN2/6702e GEN2/7403, Wireless Client Isolation per VAP in the AP Profile settings is not supported when using channel blanket. In the "VAP (Multiple SSID) Settings" of the AP Profile, please leave the "Wireless Client Isolation" as the default setting.
    For CB Profile, in the "VAP (multiple SSID)" settings, "Wireless Client Isolation" can then work as specified.
    Note
    When applying the same CB profile to wireless APs configured with different AP profiles, the following radio settings for each AP profile must be the same settings for the radio band where the channel blanket is to be created.
    • Mode
    • Bandwidth
    • Maximum Wireless Clients
    • Fixed Tx Rate
    • Neighbor AP Detection
    Table 4: TQ6702 GEN2 Radio Configuration
    Item Name Value Description
    Radio 1 Radio 2
    Radio Transmission Enable Enable Specify whether to transmit and receive radio waves in the selected frequency band.
    Mode b/g/n/ax a/n/ac/ax Specify the wireless modes (protocols) to use.
    Bandwidth 20MHz 20MHz Specify the bandwidth to use. IEEE 802.11ax, IEEE 802.11ac and IEEE 802.11n can aggregate two or four adjacent channels to make a large 40MHz or 80MHz channel.
    Use Conditions Always Always Select "Always" to always use the wireless feature. Select "Only Emergency Mode" to use the radio band only in emergency mode.
    Refer to Enable Emergency Mode for more details.
    Wireless Client Isolation Disable Disable Specify whether to allow communication between wireless clients connected to the same VAP in all multi-channel VAPs in the relevant radio band.
    Airtime Fairness Disable Disable Specify whether to give each client an equal amount of airtime regardless of its speed.
    Auto Channel Selection All All Specify the channels to use. All channels are selected by default.
    Maximum Wireless Clients 200 200 Specify the maximum number of clients that can connect to the APs.
    Legacy Rate Sets All rates except 1/2Mbps All rates except 1/2Mbps Specify valid rates to use when IEEE 802.11b/g or IEEE 802.11a is being used.
    Multicast Tx Rate 11Mbps 6Mbps Specify a selection method for IEEE 802.3 multicast/broadcast rate.
    RTS Threshold 2347 (Disable) 2347 (Disable) To transmit RTS packets in IEEE 802.11b/g/a mode, select Enable and specify the minimum size of Tx packets. Specifying "2347" disables RTS transmission.
    Band Steering Disable Disable Specify whether to use the Band Steering feature, which encourages clients supporting both 2.4GHz and 5GHz to prefer 5GHz in order to reduce congestion in 2.4GHz.
    Note
    Band Steering cannot be used with channel blanket.
    Wi-Fi Multimedia
    (WMM)     		Enable Enable Specify whether to use Wi-Fi Multimedia (WMM).
    When enabled, WMM information is included in the AP beacon. This shortens the frame transmission interval for video/audio streaming and VoIP traffic and therefore keeps communication quality high.
    APSD Disable Disable Specify whether to use APSD (Automatic Power Save Delivery).
    Enabling APSD can lower power consumption of mobile devices (VoIP) and therefore increase the battery life. The mobile device should also support APSD (U-APSD).
    Neighbor AP Detection Disable Disable Specify whether to detect rogue APs in the radio band.
    When enabled, APs detect the radio waves of wireless APs managed/unmanaged by the AWC Plug-in that use the same wireless band nearby, and reflects them in Wireless IDS/IPS and AWC calculations.
    If you disable this, these functions may not work properly.
    MU-MIMO Disable Disable Select whether to Enable or Disable MU-MIMO (Multi-user MIMO).
    MU-MIMO allows multiple wireless clients to communicate simultaneously (upwards and downwards), thus increasing the communication speed.
    Note
    This item is displayed when a mode containing "ac" or "ax" is selected for the Radio Configuration.
    OFDMA Disable Disable Select whether to Enable or Disable OFDMA (Orthogonal Frequency Division Multiple Access).
    OFDMA allows multiple wireless clients to communicate simultaneously by dividing the channel into multiple RUs (resource units).
    Note
    This item is displayed when a mode containing "ax" is selected for the Radio Configuration.
    Zero wait DFS - Disable Select whether to use Zero wait DFS.
    When Zero Wait DFS is set to "Enabled", the system constantly monitors candidate channels to change to when it detects a waveform from a weather radar, and immediately switches to the candidate channel once radar is detected, in order to avoid interference.
    Note
    This setting is displayed when selected "AT-TQ6702 GEN2 / AT-TQ6602 GEN2 / AT-TQ6702e GEN2" or "AT-TQ6702e GEN2" as AP Model, and Radio Band as "Radio 2".
    Spatial Streams - 8 Streams Select the number of spatial streams to use, either 4 or 8. The default is "8 Streams".
    Note
    This setting appears only when AP Model is selected as "AT-TQ6702 GEN2 / AT-TQm6702 GEN2 AT-TQ6602 GEN2 / AT-TQm6602 GEN2" and Radio Band as "Radio 2". Other Models will not show this setting.

    ◼ Radio 1


    ◼ Radio 2

  16. Configure VAPs in the "VAP (Multiple SSID) Configuration" section.
    In this example, we use multi-channel network on Radio 2 only. Therefore, we are not going to use regular VAPs on Radio 1.
    Although WPA Enterprise is not used in this example, please note that pre-authentication and dynamic VLAN cannot be used with channel blanket.
    Table 5: TQ6702 GEN2 VAP (Multiple SSID) Configuration
    Item Name Radio 2 VAP 1 Description
    VAP Status Enable Specify one out of "Enable", "Disable" and "Emergency". The VAP Status of VAP1 is always "Enable" when "Use Condition" in the "Radio Configuration" section is set to "Always".
    VLAN ID 100 Specify a VLAN ID used for communication between the VAP and associated clients.
    Note
    Specify a VLAN ID that is different from the AP's management VLAN. When the AP is detected as a guest device, a parent AMF device is configured to collect the guest device information automatically ("dynamic discovery"), and wireless clients get their IP addresses via DHCP.
    SSID ForStaff-PC Specify an SSID (network name) to use on the VAP.
    Broadcast SSID Enable Specify whether to broadcast the SSID on the VAP.
    Security WPA Personal Specify a security method for the VAP.
    Security Key (WPA-PSK) 5+@f/=0N1y Specify an encryption key for the VAP.
    WPA Versions WPA2 Specify a WPA version to use on the VAP.
    Encryption Protocol CCMP Specify an encryption protocol to use on the VAP.
    Management Frame Protection Disable Specify whether to protect management frames from eavesdropping and forging.
    Broadcast Key Refresh Rate 0 Specify an interval at which to refresh the broadcast key that is sent to clients on the VAP. Specifying "0" stops the key from refreshing.
    Captive Portal Disable Specify whether to use the Captive Portal feature on the VAP.
    MAC Access Control Disable Specify whether to use MAC Access Control on the VAP.
    Fast Roaming Disable Specify whether to use Fast Roaming of wireless clients.
    Wireless Client Isolation Disable Specify whether to block communication between wireless clients connected to the same VAP.
    Note
    Since the combined use of the channel blanket function and the Wireless Client Isolation setting per VAP is not supported, please leave the default setting of "Wiireless Client Isolation" per VAP in the AP Profile for TQ5403, TQ5403e, TQ6602 GEN2, and TQ6702 GEN2.
    Inactivity Timer 300 Specify the delay before disconnecting a client that disappears without notifying the APs.
    Duplicate AUTH received Ignore Select how to process connection requests from clients that have maintained a connection.
    Association Advertisement Enable Specify whether to use Association Advertisement.
    DTIM Period 1 Specify how frequently to insert a DTIM (Delivery Traffic Indication Map) in the AP's beacons (every 1 to 255 beacons).
    Proxy ARP Disable Specify whether to use Proxy ARP.
    Multicast to Unicast Conversion Disable Specify whether to convert multicast packets to unicast packets.
    Passpoint Disable Specify whether to use Passpoint (Hotspot 2.0).

    ◼ Radio 2


    Because VAP1 cannot be disabled on an AP profile, if you apply this AP profile to APs as usual, the default SSID "Default-1" will be activated without any security.
    When applying the AP Profile and CB Profile, if there are conflicting configuration items between the Profiles, the configuration of the CB Profile takes precedence over the AP Profile. If only the AP Profile contains configuration items, the configuration is applied as is.
    Therefore, VAP1's configuration will be overriden by a CB Profile that we are going to create next.
    Note
    In this quick tour, we will apply the AP Profile to APs after creating channel blankets. This is because applying the AP Profile before the CB Profile can enable multi-channel (conventional) VAPs on the AP Profile, which are not intended for use. If you want to apply the AP Profile before CB Profile, we recommend that you configure dummy VAPs for radios intended only for channel blanket networks.
  17. Click "Add" at the top right of the screen.
    Now you can see the newly created AP Profile "TQ6702 GEN2".

(C) 2025 Allied Telesis, Inc. All rights reserved.

C613-04208-00 Rev A

10 Nov 2025 11:46