altai access controller configuration manual _ v2.0
TRANSCRIPT
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 1/110
ALTAI ACCESS CONTROLLER
CONFIGURATION MANUAL
Version 2.0
Date: April, 2014
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 2/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
About this document
SummaryChapter Description
Chapter1 Preface Introduce the document briefely
Chapter2 Product Introduction Introduce the product
Chapter3 System Features Introduce system features
Chapter4 Peparation beforeInstallation
Introduce preparation befored deviceâs installation
Chapter5 Initial Configuration Introduce deviceâs booting and basic configurations
Chapter6 WEB Configurations Introduce WEB configurations
Chapter7 FAQ Introduce FAQ
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 3/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Contents
1
PREFACE ............................................................................................................................. I
1.1
CONVENTIONS ........................................................................................................ I
1.2
SYMBOLS .................................................................................................................. I
2
PRODUCT INTRODUCTION ............................................................................................... 3
2.1
OVERVIEW ............................................................................................................... 3
3
SYSTEM FEATURES ............................................................................................................. 3
3.1
PROTOCOL SUPPORT ............................................................................................. 3
3.2
USER MANAGEMENT AND BUSINESS SUPPORT .................................................... 4
3.3
NETWORK SECURITY ............................................................................................... 4
3.4
NETWORK MANAGEMENT ..................................................................................... 5
4
PREPARATION BEFORE INSTALLATION ............................................................................. 6
4.1
PRECAUTIONS BEFORE OPERATION...................................................................... 6
4.2
ENVIRONMENT REQUIREMENTS ............................................................................. 6
4.3
INSTALLATION SAFETY REQUIREMENTS .................................................................. 6
4.4
TOOLS NEEDED ....................................................................................................... 7
5
INITIAL CONFIGURATION ................................................................................................. 8
5.1
CLI OVERVIEW ........................................................................................................ 8
5.1.1
USER MODE ................................................................................................... 8
5.1.2
PRIVILEGED MODE ....................................................................................... 9
5.1.3
ROM MONITOR MODE ................................................................................. 9
5.1.4
GLOBAL CONFIGURATION MODE .............................................................. 9
5.1.5
SYSTEM DESCRIPTION ................................................................................... 9
5.1.6
SYSTEM IP ADDRESS CONFIGURATIONS ..................................................... 9
5.1.7
VERSION BOOTING ..................................................................................... 10
5.2
LOGIN ACCESS PLATFORM ................................................................................. 14
5.2.1
LOGIN BY CONSOLE INTERFACE ............................................................... 14
5.2.2
LOGIN BY TELNET ........................................................................................ 14
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 4/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.3
LOGIN MANAGEMENT PLATFORM ..................................................................... 15
5.3.1
LOGIN BY CONSOLE INTERFACE ............................................................... 15
5.3.2
LOGIN BY TELNET ........................................................................................ 15
5.3.3
LOGIN BY WEB ............................................................................................ 15
5.4
SYSTEM UPDATE .................................................................................................... 16
5.4.1
UPDATE UNDER ROM MONITOR MODE ................................................... 17
5.4.2
UPDATE BY FTP ............................................................................................ 18
5.4.3
UPDATE BY WEB .......................................................................................... 21
5.5
UPLOAD/DOWNLOAD CONFIGURATION FILES ................................................. 24
5.5.1
UPLOAD CONFIGURATION FILES ............................................................... 24
5.5.2
DOWNLOAD CONFIGURATION FILES ....................................................... 25
5.6
GLOBAL CONFIGURATIONS ................................................................................ 25
5.6.1
LOGIN SETTINGS .......................................................................................... 25
5.6.2
SET SYSTEM NAME ....................................................................................... 25
5.7
INTERFACE CONFIGURATIONS ............................................................................ 26
5.7.1
CREATE A SUBINTERFACE ........................................................................... 26
5.7.2
SET VLAN ...................................................................................................... 26
5.7.3
CONFIGURE IP ADDRESS ............................................................................ 27
5.7.4
ENABLE OR DISABLE SUBINTERFACE ......................................................... 27
5.7.5
CONFIGURE THE WORK MODE FOR INTERFACE ..................................... 27
5.7.6
CONFIGURE WORK RATE FOR INTERFACE ............................................... 27
5.7.7
CONFIGURE INTERFACEâS DESCRIPTION................................................ 28
5.7.8
CHECK INTERFACE...................................................................................... 28
5.7.9
APPLICATION EXAMPLE ............................................................................. 28
5.8
IP CONFIGURATIONS ............................................................................................ 28
5.8.1
CONFIGURE STATIC IP ADDRESS ............................................................... 28
5.8.2
CONFIGURE IP FORWADING FEATURE ..................................................... 28
5.9
RADIUS CONFIGURATIONS .................................................................................. 29
5.9.1
OVERVIEW ................................................................................................... 29
5.9.2
CONFIGURE AC AS RADIUS CLIENT .......................................................... 29
5.10
DOMAIN CONFIGURATIONS ............................................................................... 31
5.10.1
OVERVIEW .................................................................................................. 31
5.10.2
DEFINE DOMAINâS NAME ....................................................................... 31
5.10.3
CONFIGURE RADIUS SERVER .................................................................... 32
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 5/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.10.4
CONFIGURE DNS SERVER ......................................................................... 32
5.10.5
CONFIGURE DOMAIN WITHOUT AUTHENTICATION AND ACCOUNTING33
5.10.6
CONFIGURE SERVICE STRATEGY FOR DOMAIN ..................................... 33
5.10.7
CONFIGURE REAL-TIME ACCOUNTING ................................................... 33
5.10.8
CHECK DOMAIN CONFIGURATIONS ...................................................... 34
5.11
SERVICE STRATEGY CONFIGURATIONS .............................................................. 34
5.11.1
OVERVIEW .................................................................................................. 34
5.11.2
BROADBAND STRATEGY CONFIGURATIONS .......................................... 34
5.11.3
FILTERING STRATEGY CONFIGURATIONS ................................................. 35
5.11.4
SERVICE STRATEGY CONFIGURATIONS ................................................... 38
5.12
INTERNAL PORTAL CONFIGURATIONS ................................................................ 38
5.12.1
CONFIGURE PORTAL SERVER ................................................................... 38
5.12.2
CONFIGURE AC-NAME ............................................................................. 39
5.12.3
CONFIGURE NAS-ID HOT-CODE .............................................................. 39
5.13
IP POOL CONFIGURATIONS ................................................................................ 39
5.13.1
CONFIGURE LAYER2 IP POOL .................................................................. 39
5.13.2
CONFIGURE LAYER3 IP POOL .................................................................. 41
5.14
BUSINESS APPLICATION CONFIGURATIONS ....................................................... 42
5.14.1
ADDRESS MANAGEMENT FOR FIT AP ...................................................... 42
5.14.2
BUSINESS CONFIGURATION FOR DHCP+WEB ACCESS ......................... 43
5.15
NAT CONFIGURATIONS ........................................................................................ 46
5.15.1
STATIC NAT ................................................................................................. 46
5.15.2
DYNAMIC NAT ........................................................................................... 47
5.15.3
PAT .............................................................................................................. 47
5.17
HOT STANDBY CONFIGURATIONS ....................................................................... 48
5.17.1
OVERVIEW .................................................................................................. 48
5.17.2
COMMAND ............................................................................................... 48
6
WEB CONFIGURATIONS ................................................................................................. 50
6.1
LOGIN BY WEB ...................................................................................................... 50
6.2
BASIC SETTINGS ..................................................................................................... 52
6.2.1
AC CONFIGURATION ................................................................................. 53
6.2.2
AC HOTSTANDBY ........................................................................................ 55
6.2.3
RADIUS SERVER ........................................................................................... 56
6.2.4
AS SERVER ................................................................................................... 58
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 6/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.2.5
NTP SERVER .................................................................................................. 58
6.2.6
SYSLOG CONFIGURATION ......................................................................... 59
6.2.7
AP VERSION ................................................................................................. 60
6.2.8
VERSION SERVER ......................................................................................... 61
6.2.9
ROUTING ...................................................................................................... 62
6.2.10
ETHERNET INTERFACE INFORMATION ...................................................... 63
6.2.11
WAPI CERTIFICATE ..................................................................................... 63
6.2.12
AC ADVANCED ......................................................................................... 64
6.2.13
TUNNEL CONFIGURATION ........................................................................ 65
6.2.14
MULTIPLE ACCESS BOARDS CONFIGURATION ....................................... 66
6.2.15
AC UPGRADE ............................................................................................ 67
6.2.16
SYSTEM INFORMATION .............................................................................. 68
6.2.17
AC LICENSE ................................................................................................ 68
6.3
WIRELESS SETTINGS ............................................................................................... 69
6.3.1
WIRELESS BASIC........................................................................................... 70
6.3.2
WIRELESS ADVANCED ................................................................................ 72
6.3.3
WIRELESS CHANNEL .................................................................................... 73
6.3.4
PAYLOADBALANCE .................................................................................... 74
6.3.5
AP BACKGROUND SCAN .......................................................................... 75
6.3.6
CAPWAP TIMER ........................................................................................... 76
6.4
WIRELESS SECURITY ............................................................................................... 77
6.4.1
MAC FILTER .................................................................................................. 77
6.4.2
WLAN SECURITY .......................................................................................... 78
6.4.3
INTRUSION DETECTION SETTINGS ............................................................... 80
6.4.4
DYNAMIC BLACKLIST .................................................................................. 81
6.5
WLAN ..................................................................................................................... 81
6.5.1
AP CONFIGURATION .................................................................................. 82
6.5.2
WLAN GROUPS ........................................................................................... 84
6.5.3
TIME POLICY GROUPS ................................................................................ 87
6.5.4
AP POLICY APPLY ....................................................................................... 88
6.5.5
WLAN-VLAN ASSOCIATION ....................................................................... 88
6.6
STATISTICS .............................................................................................................. 88
6.6.1
AP INFORMATION ....................................................................................... 89
6.6.2
AP SOFTWARE UPGRADE ........................................................................... 91
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 7/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.6.3
WIRELESS RADIO STATISTICS ....................................................................... 92
6.6.4
WIRELESS USER LIST ...................................................................................... 92
6.6.5
INTRUSION DETECTION STATISTICS ............................................................. 93
6.6.6
CYCLE OF REPORTING AP STATISTICS ....................................................... 93
6.7
ROGUE AP ............................................................................................................. 94
6.7.1
ROGUE AP ................................................................................................... 95
6.7.2
PERMITTED BSSID LIST .................................................................................. 95
6.7.3
PERMITTED SSID LIST .................................................................................... 96
6.8
LOG........................................................................................................................ 96
6.8.1
OPERATION LOG ........................................................................................ 96
6.8.2
OPERATION LOG HOLD TIME .................................................................... 98
6.8.3
ALARM LOG ................................................................................................ 98
6.8.4
AP LOG ........................................................................................................ 98
6.8.5
INTRUSION DETECTION LOG ...................................................................... 99
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 8/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Content of Figures
Figure 5-1 Topology .................................................................................................................... 10
Figure 5-2 System Booting .......................................................................................................... 11
Figure 5-3 Auto-boot procedureïŒmanagement platformïŒ............................................... 11
Figure 5-4 Configure the DialogïŒAccess PlatformïŒ ............................................................ 13
Figure 5-5 Configuration File BootingïŒAccess PlatformïŒ .................................................... 13
Figure 5-6 Login access platform by console interface ........................................................ 14
Figure 5-7 Login Management Platform .................................................................................. 15
Figure 5-8 Login Management Platform by WEB .................................................................... 16
Figure 5-9 Topology under ROM MONITOR Update............................................................... 17
Figure 5-10 the Topology for Update by FTP ........................................................................... 19
Figure 5-11 the Topology for Update by WEB ......................................................................... 22
Figure 5-12 Security Alarm ......................................................................................................... 22
Figure 5-13 Access Controller Login Screen ............................................................................ 23
Figure 5-14 AC Upgrade ............................................................................................................... 23
Figure 5-15 AC Upgrade ............................................................................................................... 24
Figure 5-16 AC Upgrade ............................................................................................................... 24
Figure 6-1 Access Controller Login Screen .............................................................................. 51
Figure 6-2 Access Controller Main Menu ................................................................................. 51
Figure 6-3 Basic Settings ............................................................................................................. 53
Figure 6-4 AC Configuration ...................................................................................................... 54
Figure 6-5 AC Hotstandby.......................................................................................................... 56
Figure 6-6 Radius List ................................................................................................................... 57
Figure 6-7 Radius Servers Edit..................................................................................................... 57
Figure 6-8 AS Server Configuration ........................................................................................... 58
Figure 6-9 AC NTP Configuration .............................................................................................. 59
Figure 6-10 SYSLOG Configuration............................................................................................ 59
Figure 6-11 AP Version Information Edit ................................................................................... 60
Figure 6-12 Version Server List .................................................................................................... 61
Figure 6-13 Version Server Edit ................................................................................................... 61
Figure 6-14 Route Information of Management Platform ........................................................ 62
Figure 6-15 Management Platform Route Edit .......................................................................... 62
Figure 6-16 Ethernet Interface Information ................................................................................ 63
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 9/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-17 WAPI Certificate ........................................................................................................ 63
Figure 6-18 WAPI Certificate Edit ................................................................................................. 63
Figure 6-19 AC Advanced ........................................................................................................... 64
Figure 6-20 Tunnel Configuration ................................................................................................. 65
Figure 6-21 Multiple Access Boards Configuration .................................................................... 66
Figure 6-22 Multiple Access Boards Configuration .................................................................... 66
Figure 6-23 AC Upgrade ............................................................................................................... 67
Figure 6-24 AC Upgrade Success ................................................................................................ 67
Figure 6-25 System Information .................................................................................................... 68
Figure 6-26 AC License ................................................................................................................. 68
Figure 6-27 Wireless Basic Settings ............................................................................................... 70
Figure 6-28 Wireless Advanced Settings ..................................................................................... 72
Figure 6-29 Wireless Channel Configuration .............................................................................. 73
Figure 6-30 Payloadbalance Configuration .............................................................................. 74
Figure 6-31 Payloadbalance Configuration by Flow Control .................................................. 75
Figure 6-32 AP Background Scanning ........................................................................................ 76
Figure 6-33 CAPWAPTimer Configuration ................................................................................... 77
Figure 6-34 MAC Filter ................................................................................................................... 77
Figure 6-35 WLAN Security Policy List........................................................................................... 78
Figure 6-36 Intrusion Detection Settings ...................................................................................... 80
Figure 6-37 Dynamic Blacklist ....................................................................................................... 81
Figure 6-38 AP Configuration ....................................................................................................... 82
Figure 6-39 WLAN Group Configuration ..................................................................................... 84
Figure 6-40 Time Policy Group...................................................................................................... 87
Figure 6-41 Time Policy Group...................................................................................................... 87
Figure 6-42AP AP Policy Apply ..................................................................................................... 88
Figure 6-43 WLAN-VLAN Association ........................................................................................... 88
Figure 6-44 AP List .......................................................................................................................... 89
Figure 6-45 AP Security Mode ...................................................................................................... 89
Figure 6-46 Parameters of AP Online Scanning ......................................................................... 90
Figure 6-47 AP Software Upgrade ............................................................................................... 91
Figure 6-48 Configuration of AP upgrading ............................................................................... 91
Figure 6-49 Wireless Radio Statistics ............................................................................................. 92
Figure 6-50 Wireless User List ......................................................................................................... 92
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 10/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-51 Cycle of Reporting AP Statistics ............................................................................... 93
Figure 6-52 Rogue AP List .............................................................................................................. 95
Figure 6-53 Permitted BSSID List .................................................................................................... 95
Figure 6-54 Permitted SSID List ...................................................................................................... 96
Figure 6-55 Operation Log Search .............................................................................................. 96
Figure 6-56 Operation Log Query Results ................................................................................... 97
Figure 6-57 Log Saving Remote FTP Server ................................................................................. 97
Figure 6-58 Alarm Log ................................................................................................................... 98
Figure 6-59 AP Log ......................................................................................................................... 98
Figure 6-60 Intrusion Detection Log .......................................................................................... 99
Content of Tables
Table 6-1 Description of Access Controller Main Menu ......................................................... 52
Table 6-2 AC Configuration ....................................................................................................... 54
Table 6-3 Configuration Parameters of AC Hotstandby ........................................................ 56
Table 6-4 Radius Server Configuration ..................................................................................... 57
Table 6-5 AS Server Configuration ............................................................................................ 58
Table 6-6 AC NTP Configuration ............................................................................................... 59
Table 6-7 SYSLOG Configuration............................................................................................... 60
Table 6-8 AP Version Information Edit ...................................................................................... 60
Table 6-9 Version Server Edit ...................................................................................................... 62
Table 6-10 Management Platform Route Edit ........................................................................... 63
Table 6-11 WAPI Certificate Edit .................................................................................................. 64
Table 6-12 AC Advanced ............................................................................................................ 65
Table 6-13 Tunnel Configuration.................................................................................................. 65
Table 6-14 Multiple Access Boards Configuration ..................................................................... 66
Table 6-15 AC Upgrade ................................................................................................................ 67
Table 6-16 AC License Parameter Settings ................................................................................ 69
Table 6-17 Wireless Basic Settings ................................................................................................ 70
Table 6-18 Wireless Advanced Settings ...................................................................................... 72
Table 6-19 Wireless Channel Configuration ............................................................................... 74
Table 6-20 Payloadbalance Configuration ............................................................................... 74
Table 6-21 AP Background Scanning ......................................................................................... 76
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 11/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Table 6-22 CAPWAP timer configuration .................................................................................... 77
Table 6-23 MAC Filter .................................................................................................................... 78
Table 6-24 WLAN Security Policy .................................................................................................. 79
Table 6-25 Intrusion Detection Settings ....................................................................................... 80
Table 6-26 AP Configuration ........................................................................................................ 83
Table 6-27 WLAN Configuration .................................................................................................. 85
Table 6-28 Time Policy Group....................................................................................................... 87
Table 6-29 AP List ........................................................................................................................... 89
Table 6-30 Parameters of AP Online Scanning .......................................................................... 90
Table 6-31 Configuration of AP upgrading ................................................................................ 91
Table 6-32 Wireless User List .......................................................................................................... 92
Table 6-33 Rogue AP Configuration ........................................................................................... 95
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 12/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
1 Preface
1.1 Conventions
Altai wireless access controller (hereinafter called AC) provides a
managemental platform for broadband wireless access service, which is
oriented to broadband wireless access ISP and enterprises with wireless
access. It fully supports the over-all operation and management solution for
broadband wireless access.
The manual introduces the system function, structure, specification, and
basic settings of Altai AC, as a convenience for engineersâs maintenance.
1.2 Symbols
1. Labels
Format Meaning
[ ]âăăârepresents window name, menu, and data sheet, such asâpromt ăNew
Built Usersăâ
/Multi-menus is separated byâ/â. For example , âClick ăBasic Settingsă/ăAC
Upgradeăâ means the screen prompt is to configure AC upgrade.
2. Safety Symbols
The document adopts the following symbols to inform readers of safety
requirements. Please read them before use the device.
Safety Symbols Meanings
Safety symbols:
Danger stands for a big potential harm
to human body if not avoided.
Warning stands for a big potentialdamage to device or business if not
avoided.
Attention stands for a moderate
damage to device or business if not
avoided.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 13/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Danger Electricity! Be aware ofelectricity shock.
Danger Laser! Be aware of laserdanger.
Danger Microwave! Be aware of
microwave dager.
Danger Hot! Be aware of hot danger.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 14/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
2 Product Introduction
2.1 Overview
Altai AC provides a managemental platform for broadband wireless
access service, which is oriented to broadband wireless access ISP and
enterprises with wireless access. It fully supports the over-all operation and
management solution for broadband wireless access.
Altai AC adopts advance technology of network processing and data
exchange bus. It provides a high forwarding compacity and protocol
processing ability, strengthening the processing of user management,
network security, accounting and netrwork management.
Altai AC provides various network access methods to support user
management with abundant network ptotocols and flexible accountings. It
provides different interface configurations and strict network security to avoid
attack from outside. Meanwhile it is easy to manage for a rich network
management methods.
3 System Features
3.1 Protocol Support
Support Ethernet Protocols like IEEE 802.3u, 802.3z, 802.3 , 802.1q, 802.1p,
802.3x
Support IP Protocols like IP, TCP, UDP, ICMP
Support static route protocols
Support protocols like TELNET, HTTP, FTP, RADIUS
Support DHCP Relay and DHCP Server
Support ARP, and PROXY ARP
Support NAT
Support IGMP Proxy
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 15/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
3.2 User Management and Business Support
Support MAC, port, VLAN, and IP address binding
Support userâs mult-access like fixed port, VLAN, MAC/IP address, PPPOEand DHCP
Support users to get VLAN information automatically and support one
user only user one IP address
Support user business management
Support rate restriction, bandwidth restriction for users, and different
upstream or downstream bandwidth for various users
Support route strategy
Support various QoS strategies
Support RADIUS as proxy server to realize the function of authentication,
accounting and authorization
Support IP strategy for various users
Support back-up Radius Server and account checking server
Support different service authorizations for various users, like time strategy,
flow stragety, bandwidth strategy and route strategy
Supply informations pointed to users like syslog and staristics
Support VLAN authentication, local authentication, and local account
Support account block
Support PPPOE quick-dial
Support VLANâs user number restriction
Support one or more ISP, at most 256
3.3 Network Security Support PAP and CHAP
Support RADIUS authenticaiton
Support usersâ binding of MAC address, VLAN, Port, IP Address, and
sesstions
Support anti-attack for userâs DHCP IP address
Support secure network management
Support WEB authentication
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 16/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Support 802.1x authenticaiton
3.4 Network Management Specified network interface like 10M/100M/1000M Ethernet interface and
Console interface
Support specified port as network port
Support Telnet management
Support graded SNMP
Support dynamic online update
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 17/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
4 Preparation before Installation
4.1 Precautions before Operation
To avoid personal injury and device harms, please follow the precautions
listed here.
1. Before clean the device, please unplug the power plug. Donât wipe
device with a damp cloth, and no liquid cleaning at the same time.
2. Donât lay the device near water or places too moisted.
3. Donât lay device on unsteady chest or table.
4. Keep room with good ventilation and keep device ventilation holes
clear.
5. Make sure device is working under right voltage.
6. Donât open the shell while device is running, and for safety consideration
try your best not to open the shell at will.
7. Wear an ESD wrist while replacing interface modules.
4.2 Environment Requirements
The device must work in room. No matter where the device is laid down,
please make sure device runs under the following environment conditions.
1. Make sure there is enough room for ventilation holes.
2. Make sure the rack or platform where device laid with a good ventilation
system.
3. Make sure the rack and platform is solid enough to bear the device and
other mounting accessories.
4. Make sure the rack and platform with a good ground connection.
5. The room should keep its temperature between 0â and 40â, relative
humidity 5%~95%, dust(whose diameterâ„5ÎŒm) density â€3 Ă 104 pieces
/m3.
4.3 Installation Safety Requirements
1. Eclectrical Precautions
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 18/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
To example deviceâs internal structure, please unplug all the power plug
and cables. Be care of voltage.
The chasiss needs no maintainence. Please do not open the shell.
2. To operate the chasiss, please follow the rules listed here.
ïŒ1ïŒ Before install or uninstall the chasiss, please cut off all the power.
ïŒ2ïŒ Do no changes to system, avoiding potential harms to devices or
engingeers.
ïŒ3ïŒ After maintainence, please tighten all the screws on board or
power.
3. ESD Harms Avoidance
Since the components are sensitive to Electro Static Discharge, please
follow the rules listed here.
ïŒ1ïŒ Wear an ESD wrist while operating any system board.
ïŒ2ïŒ While carry the borad please lay your hand on the holders. The
board not used should be stored with electrostatic shield
protection.
4.4 Tools Needed
Before installing the device please prepare the following tools.
1. ïŒ1 srewdriver
2. #12ïŒ24 screw or #10ïŒ32 screw
3. Corresponding socket wrench for power screw
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 19/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5 Initial Configuration
5.1 CLI Overview
The user interface is CLIïŒComand-line InterfaceïŒ, which provides a
textual interface for terminal users. All the CLI commands consist of key words
and parameters.
CLI consist of several modes, under which the related commands will be
fully operated. Some commands can only run in related modes and some
others can sun in all modes. CLI will stop at user mode after booting, whichallows users to check system running state. However user mode could not
allow users to change system state, which could be modified in privileged
mode. With âenableâ command, users can go to privileged mode.
In privileged mode input âconfig terminalâ, users can go to global
configuration mode. By inputing disable, users will go back to user mode and
by <ctrl+z>, end, or exit will go back to privileged mode.
Inputâ?â could inquiry all available commands under the mode. While
input question mark, there would prompt a list of keywords.
Under any mode, using tab will fill in the whole command automatically.
While inputing some command, push tab will prompt a list of possible
commands. All the commands support uncomplete form like just a few words
to stand for the whole command. Of course the form should not be
ambiguous. For example conf can stand for configure, but co could not
stand for it because co could not make a distinction between configure and
copy.
Most command support keyword of no. With ânoâ command, the relatedcommand will be deleted.
The following part will describe each mode.
5.1.1 User Mode
Login by telnet or console, you have to input user name and password. In
user mode, users can only inquire configurations except for system
configuration file.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 20/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
In user mode, system prompt isăhostnameă>.
5.1.2
Privileged Mode
After login user mode, input enable and the password of privileged mode,
you can login in privileged mode. In this mode, you can write and have some
complex operation. The system prompt isăhostnameăïŒ.
5.1.3 ROM Monitor Mode
ROM Monitor Mode is a running mode under abnormal instance. While
the device is abnormally booting or the device could not find sytem image,
then AC will go into ROM Monitor mode, which allow you to boot the system
manually.
Of course you can go to ROM Monitor mode by input CTRL+C while
system is booting in 5 seconds with console interface connected.
5.1.4 Global Configuration Mode
Global configuration mode will allow you to configure AC. The command
will change the running mode and take effect immediately. In globalconfiguration mode, the command in user mode and privileged mode will be
useless. After login into privileged mode, you do not need to input any
password just input configure terminal, you will go to global configuration
mode. The system promt isăhostnameïŒconfigïŒăïŒ.
5.1.5 System Description
There are three operation systems on AC for management platform,
access platform and fast forwarding platform.
5.1.6 System IP Address Configurations
For IPV4, all the IP address for management platform must be configured
in virtual port. For example, ifconfig eth7 12.12.12.1 netmask 255.255.255.0. At
the same time, the IPïŒ12.12.12.1ïŒmust be configured in access platform
according to business. For the IP on access platform, to configure a default IP
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 21/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
on management platform is enough. There is no need to copy all the IP of
acess platform.
5.1.7 Version Booting
Connect AC and version server as follows.
Figure 5-1 Topology
The following figure shows the procedures of system booting.
AC
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 22/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 5-2 System Booting
Power on
Boot System
Load Operate System
Locate Operation System
Locate Configuration
File
Load Configuration File
Configure Mode
Initialize COnfiguration
If not found
If found
Power on AC and system will run POST( Power-On Self-TestïŒPOST )
procedure to boot system.
The program will print information to control table and then boot
hardware component. After that the program will copy OS image to main
store. Before this, the program will print âBooting in 5 units. Press Ctrl + C to
abort...â and wait for 5 seconds. If users press âCTRL-Câ during this time, system
will go ROM-monitor mode.If users not, system will boot automatically.
Figure 5-3 Auto-boot procedureïŒmanagement platformïŒ
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 23/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Connect console cable to access platform. After the power transferredto OS image, the software booting initializes like kernel booting, application
program booting, and network processor booting. After the booting, system
will look for the configuration file created and saved before from flash. If there
is no such file ,system will operate the Setup Dialog. Once finish the dialog, the
next booting will be loaded with default values.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 24/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 5-4 Configure the DialogïŒAccess PlatformïŒ
If system find the file, there will promt information of âPress 'CTRL-C' to stop
running startup-config...â and wait for 3 seconds. If users pressâCTRL-Câ during
this time ,the configuration file will not be executed.
Figure 5-5 Configuration File BootingïŒAccess PlatformïŒ
Right now the system boot successfully.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 25/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.2 Login Access Platform
5.2.1 Login by Console Interface
There are two console interfaces on front panel. Console0 is to manage
the Management Platform and Console1 the Access Platform. The Fast
Forwarding Platform is managed through the Access Plarform.
Connect to Console1 with baud rate 115200.
Figure 5-6 Login access platform by console interface
User Name: bnas
Password: bnas
Privileged Mode Password: super
5.2.2 Login by Telnet
Input the IP address and the port number of 23.
User Name: bnas
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 26/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Password: bnas
Privileged Mode Password: super
5.3 Login Management Platform
5.3.1 Login by Console Interface
Connect Console 0 Interface with baud rate 115200.
Figure 5-7 Login Management Platform
User Name: root
Password: fitap^_^
5.3.2 Login by Telnet
Input the IP address of Management Platform, which should be the same
with that of the Access Platform. Port 87 is suggested.
User Name: root
Password: fitap^_^
5.3.3 Login by WEB
Open IE web brower and input https://x.x.x.x (the IP address of
Mangement Platform).
User Name: icac
Password: icaclogin
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 27/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 5-8 Login Management Platform by WEB
5.4
System UpdateBefore introduce the three update mehod, there are three points should be
aware.
Firstly, there are two platforms of management platform and access
platform. To visit management platform, the device must be connected with
an Ethernet interface. The IP and mask of the interface should be
configured both on management and access platform.
Secondly, IP address must be configured on the right interface. For
access platform, the interface should be the one physically connected. For
example, if interface0 is connected to version server then the IP must be
configured on interface0. However for management platform, the IP can
only be configured on interface7, which is a virtual interface and can
communicate with any interface on the access platform.
Thirdly, bootloader is a driver for system update. If there is a need to
update a new version, we will supply one.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 28/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.4.1 Update under ROM MONITOR Mode
If there is need to change or update ACâs software, please follow the
following steps.
1. Topology
Please make sure AC can communicate with version server and connect
ACâs console interface.
Figure 5-9 Topology under ROM MONITOR Update
2. Make sure there is a new version on version server. Suppose the version is
saved at d:\ Altai-AC with a file name as MIPS_1018L1.8V8.10_R29_T15ïŒ
3. Enable tftp server on version server and make its working directory as d:\
Altai-ACïŒ
4. Enable hyper terminal on version server and set the frequency as
115200B/SïŒ
5. Power on Altai ACïŒ
6. While seeing âBooting in 5 units, Press Ctrl + C to abort...â please press
Ctrl-C in 5 seconds.
7. Input âccâto configure version update parametersïŒ
AC
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 29/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
boot device : gmac0 <-//ACâs uplink port with version
server
ip address : 10.9.0.22 <-//IP of ethernet interface
subnet mask : 255.255.255.0 <-//subnet mask
gateway : 10.9.0.21 <-//IP of gateway
tftp host ip address : 10.9.0.21 <-//IP of version server or tftp server
ac file name : MIPS_1018L1.8V8.10_R29_T15 <-//version to be update
8. input â@@â and then press enter to trigger loading system. If it does not
work, inputâ@@âand press enter again.
9. After the system is successfully udated, system will go to management
platform. Show version information withâcat /proc/rmi/mips-versionâ:
# cat /proc/rmi/mips-version
the running version:
MCR_rmios_1.0.8.10C31
MCR_vxWorks_1.0.8.10C42
cwc_1.0.1.8C48M_MIPS
MIPS_1018L1.8V8.10_R29_T15
dev-boot-version:C16
next-boot-active-version:version0
5.4.2 Update by FTP
Update by FTP needs to save the version to be update on AC. Each time
when AC reboots, system will read version information. There can be saved
two versions at most, âversion0âandâversion1â.
1. Topology
Please make sure AC can communicate with version server and connect
ACâs console interface.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 30/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 5-10 the Topology for Update by FTP
2. Save a new version on version server and suppose it is saved at
d:\Altai-AC with a file name of MIPS_1018L1.8V8.10_R29_T15 Version
name must start withâMIPSâïŒ
3. Enable ftp server and make its working directory as d:\Altai-ACïŒ
4. Configure IP for management platform and access platform, and make
sure AC can visit version server. (suppose the IP is 221.162.62.137ïŒ.
Configure IP for management platformïŒ
# ifconfig //optional command, by this you can show all the management pla
tform interface information
# ifconfig eth7 221.162.62.137 netmask 255.255.255.0 //requied command, to co
nfigure IP for management platform. No matter which interface is used on access pl
atform, the IP for management platform can only be configured on eth7.
# ifconfig eth7 //show IP of eth7 interface
eth7 Link encap:Ethernet HWaddr 00:08:D2:00:00:08
inet addr:221.162.62.137 Bcast:221.162.62.255 Mask:255.255.255.0
For a notice, if eth7 is not configured rightly, you can input âifconfig eth7
upâand then configure it again.
5. Configure IP for access platformïŒ
Suppose Altai AC is connected to version server by interface0.
AC
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 31/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Altai-AC (config)# interface GigabitEthernet 1/0.0 //enter interface0 configuration
mode
Altai-AC (config-interface)# ip address 221.162.62.137 255.255.255.0 //configure IPan
d subnetmask for interface0. It is must be the same with that of eth7 interface.
After configuration to check the information withâshow
running-configâ.
6. Configure version serverâs IP as 221.162.62.12ïŒthe IP must be in the same
network segmentïŒ. Input âping 221.162.62.12â on management and
access platform to make sure the two platforms can communicate with
version server. For a notice, you must pressâCTRL-Câ to stop the Ping
program on management platform.
Show version information on Altai AC.ïŒoptinal commandïŒ
# cat /proc/rmi/mips-version
MCR_rmios_1.0.8.10C29
MCR_vxWorks_1.0.8.10C39
cwc_1.0.1.8C46M_MIPS
MIPS_1018L1.8V8.10_R29_T13 //the running version is MIPS_1018R29T13
dev-boot-version:C16
next-boot-active-version:version0 //if reboot version0 will be active( MIPS_1018L1.8
V8.10_R29_T13)
7. Upload new version on AC by FTP. Enable CMD and follow the steps
listed here.
D:\>cd /Altai-AC //enter into the save directory of MIPS_1018L1.8V8.10_R29_T15
D:\ Altai-AC>ftp 221.162.62.137 //login to ACâs management platform by FTP. With
command ofâbyâ, you can quit the ftp mode.
Connected to 221.162.62.137
⊠âŠ
User (221.162.62.137:(none)): root //input user name of management platform and pre
ss enter.
331 User root OK. Password required
Password: //input password and press enter
230 OK. Current directory is /root
ftp> put MIPS_1018L1.8V8.10_R29_T15 //upload MIPS_1018L1.8V8.10_R29_T15 to manage
ment platform
⊠âŠ
ftp: ćé 45223563 ćèïŒçšæ¶ 16.86Seconds 2682.46Kbytes/sec. //upload successfully
show the version updated on management platform
# ls
MIPS_1018L1.8V8.10_R29_T15 //the version has been uploaded to management platfo
rm
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 32/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
If you need to update versions, input the following command. (Suppose version0 sta
nds for MIPS_1018L1.8V8.10_R29_T13 and the version to be update is MIPS_1018L1.8V
8.10_R29_T15ïŒ:
# version upgrade0 //update version0. If there is a need to update version1, then
change the command as version upgrade1
0:EXT2-fs warning: maximal mount count reached, running e2fsck is recommended
To activate version please input the following command, which will take effect on t
he next booting.
# version active0 //activate version0 0:Done.
Show version information.
# cat /proc/rmi/mips-versionthe running version:
MCR_rmios_1.0.8.10C29
MCR_vxWorks_1.0.8.10C39
cwc_1.0.1.8C46M_MIPS
MIPS_1018L1.8V8.10_R29_T13 //the running version is MIPS_1018R29T13
dev-boot-version:C16
next-boot-active-version:version0 //for the next boot system will load version0
# reboot //reboot system
After reboot, input âcat /proc/rmi/mips-versionâ on management
platform to show version information.
âversion0âis just a mark, standing for the new version updated.
âversion1âis also follow this principle.
There is no priority between version0 and version1. If you inputâversion
active0âthen version0 will be loaded at next reboot. Version 1 is the same
case. Svae two versions is just for backup use.
5.4.3 Update by WEB
The user can replace or upgrade Altai ACsystem software according to the
following steps.
1. Topology
Please make sure AC can communicate with version server and connect
ACâs console interface.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 33/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 5-11 the Topology for Update by WEB
Configure IP address for management platform and access platform to make
sure that AC can visit version server. Please refer to âUpdate by FTPâ for the
specific configuration methods.ïŒAssuming 221.162.62.137 is the interface
addressïŒă
Open the web browser on the version server, and input the following
address in the address bar https://221.162.62.137.
Notice:
The beginning of Website is âhttpsâ. Click âYesâ while the following screen
prompt.
Figure 5-12 Security Alarm
AC
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 34/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Input the user name of âicacâ and the password ofâicacloginâ.
For a notice, the user name and password is case sensitive.
Figure 5-13 Access Controller Login Screen
Click ăBasic Settingsă,ăAC Upgradeă,and AC upgrade screen will prompt
on the right. If you want to set version0 as the current version, please select
version0 and click âSet as current versionâ .
Figure 5-14 AC Upgrade
After updating the current version the following screen will prompt, and
donât reboot right away. If you want to modify the real version which âCurrent
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 35/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Versionâ refers to,please clickâBrowseâ,and select the version need to
upgrade. Click âUploadâ to wait for versionâs upload.
Figure 5-15 AC Upgrade
Figure 5-16 AC Upgrade
Finally, click ârebootâ. After reboot, the version update will take effect.
5.5 Upload/Download Configuration Files
5.5.1 Upload Configuration Files
Users can upload configuration files to remote fit server to backup, in
case of accidental damage. You can upload the active configuration files or
other files specified.
For a notice, there are only two configuration files on system. One is the
running system in use and the other is the backup file on local.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 36/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following command can be used to upload configuration files.
ftp put filetype /tffs/nmconf [ localfile {/tffs/nmconf | /tffs/nmconf1} ]
remotefile filename
filetypeïŒ type of the configuration files uploaded
localfileïŒname of the configuration file uploaded
remotefileïŒ the name of configuration file needs to be uploaded
5.5.2 Download Configuration Files
Users can download configuration files remotely to recover system.
ftp get filetype /tffs/nmconf remotefile filename
filetypeïŒ type of the file
remotefileïŒ name of the file
5.6 Global Configurations
5.6.1 Login Settings
hostname(config)#local-user username user password passsword
service-type all level priv-level
hostname(config)#enable secret super
For a notice, three could be multiply user names and password but only one
privilieged name.
Default settings are listed here.
User Name: bnas
Password: bnas
Privilieged Mode Password: super
5.6.2 Set System Name
BNAS(config)# hostname Altai-AC
Altai-AC (config)#
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 37/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.7 Interface Configurations
Fast Ethernet Interface and Gigabit Ethrenet Interface shoule be set in tht
form of subinterface. Please follow the steps listed here to configure. Create a SubinterfaceïŒRequiredïŒ
Create VlanïŒOptinalïŒ
Set IP AddressïŒRequiredïŒ
Enable or Disable SubinterfaceïŒOptinalïŒ
Configure the working mode of the interfaceïŒOptinalïŒ
Configure the working rate of the interfaceïŒOptinalïŒ
5.7.1 Create a Subinterface
Altai-AC(config)# interface GigabitEthernet interface-specifier
interface-specifier defines the interface in form of slot/port.subif. Slot stands
for the interface module, port the port number, and subtif the subintreface
number. For example,
Altai-AC(config)# interface GigabitEthernet 1/0.1
The command means subinterface1 is created on module1 and port 0.
For a notice, the fast Ethernet module number is 1 and the port number is from
0 to 5. The subinterface number could not be omitted and should lie in the
range of 0~255.
The command to configure Ethernet interface is the same with that of SFP
interface. For a physical interface, it could only be a SFP interface or an
Ethernet interface.
5.7.2 Set Vlan
If there is an existing VLAN, please configure the VLAN before you set IP
address for the created subinterface.
Altai-AC(config-interface)# vlan id vlan-id
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 38/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.7.3 Configure IP Address
IP Address can be a secondary assress except the primary address, but all the
IP Address in the system should not be crossovered.
Altai-AC(config-interface)# ip address ip_address ipMask [ secondary ]
5.7.4 Enable or Disable Subinterface
Altai-AC(config-interface)# shutdown
Altai-AC(config-interface)# no shutdown
5.7.5 Configure the Work Mode for Interface
Configure the work mode for interface as auto, full-duplex, or half-duplex.
Altai-AC(config-interface)# duplex duplex-mode
For a notice, the work mode will take effect for the whole interface. If there
are plenty of subinterfaces are configured under a work mode, the last
configuration will take effect.
While constructing networks, please keep all the decives are working in the
same work mode.
5.7.6 Configure Work Rate for Interface
Configure interfaceâs work rate as auto, 1000m, 100m, 10m, fiber and copper.
Altai-AC(config-interface)# speed speed-mode
For a notice, the work rate will take effect on the whole interface. If there are
plenty of subinterfaces are configured under a work rate, the last
configuration will take effect.
While configure SFP interface as an electrical module, the work mode must
be speed mode, but while as a Ethernet interface, the mork mode could notbe configured as speed auto.
You can not configure the same interface both as SFP indteface and
Ethernet interface at the same time.
While constructing networks, please keep all the decives are working in the
same work rate.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 39/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.7.7 Configure Interfaceâs Description
Altai-AC(config-interface)#description String
5.7.8 Check Interface
Altai-AC# show interface gigabitEthernet 1/ port
The command above will display all the details on the interface, like interface
state,message statistics, and flow rate.
5.7.9 Application Example
The following example configures a Gigabit Ethernet Interface.
Altai-AC(config)# interface GigabitEthernet 1/0.0
Altai-AC(config-interface)# ip address 10.10.5.1 255.255.255.0
Altai-AC(config-interface)# duplex full
Altai-AC(config-interface)# end
Altai-AC#show interface gigabitEthernet 1/0
5.8 IP Configurations
5.8.1 Configure Static IP Address
Altai-AC(config)# ip route ipAddress ipMask ipNextHop
For example,
Altai-AC(config)# ip route 10.0.0.0 255.255.255.0 192.168.26.33
Altai-AC(config)# ip route 0.0.0.0 0.0.0.0 192.168.25.1
Notice:
The ipNextHop must be the IP Address of direct connected network. It could
not be any interfaceâs IP Address. If ipAddress and ipMask is configures as 0, it
stands for a default toute.
5.8.2 Configure IP Forwading Feature
There are two IP forwarding features. One is for user to visit AC and the other is
for users to visit each other. The two configurations should be set at the same
time.
Altai-AC(config)# ip forward bnas-access enable/disable user-access
enable/disable
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 40/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
bnas-access is used to configure whetehr users can visit AC or not.
user-access is used to configure whetehr users can visit each other or not.
Notice:
This command is a global configuration, which will take effect on all users.
The following example means users can visit AC but can not visit each other.
Altai-AC(config)# ip forward bnas-access enable user-access disable
5.9 RADIUS Configurations
5.9.1 Overview
Remote Authentication Dial In User Service (RADIUS) is a
networking protocol that provides centralized Authentication, Authorization,
and Accounting (AAA) management for computers to connect and use a
network service. RADIUS is a client/server protocol that runs in the application
layer, using UDP as transport.
5.9.2 Configure AC as Radius Client
Before make any settings, please make sure there is a subinterface could
reach Radius Server.
1. Access to Radius Cilent Configuration ModeïŒRequiredïŒ
2. Configure IP AddressïŒRequiredïŒ
3. Configure a Port to AuthenticateïŒOptionalïŒ
4. Configure a Port to AccountïŒOptionalïŒ
5. Check whether the configuration is taking effect or not.
5.9.2.1 Access Radius Client Configuration Mode
All the configuration should be set in radius client configuration mode.
Altai-AC(config)#radius-client
Altai-AC(radius-client)#
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 41/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.9.2.2 Configure IP Address
The IP address for Radius Client should be a subinterfaceâs IP address, and the
subinterface should be able to reach Radius Server.
Altai-AC(radius-client)#ipaddress A.B.C.D
5.9.2.3 Configure an Authentication UDP Port
The port number is 1645 by default. If there is a need to chage, please use the
following command.
Altai-AC(radius-client)# auth-port port
The port number should be the same with that of Radius Server.
The following command can change port number to default value.
Altai-AC(radius-client)# no auth-port
5.9.2.4 Configure an Account UDP Port
The port number is 1646 by default. If there is a need to chage, please use the
following command.
Altai-AC(radius-client)# account-port port
The port number should be the same with that of Radius Server.
The following command can change port number to default value.
Altai-AC(radius-client)# no account â port
5.9.2.5 To Confirm the Configuration with Show Command
Altai-AC# show running-config
Altai-AC# show radius client
5.9.2.6 Application Example
Suppose there is subinterface with IP address 192.168.25.234, and Radius
Client can use this IP address to communicate with Radius Server. The
authentication poar numner is 1812 and the Account port number 1813.
Altai-AC(config)#radius-client
Altai-AC(radius-client)#ipaddress 192.168.25.234
Altai-AC(radius-client)# auth-port 1812
Altai-AC(radius-client)# exit all
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 42/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
With show command as follows, you can see the configuration has been
updated.
Altai-AC#show running-config
... ...
interface FastEthernet 1/0.3
vlan id 4095
ip address 192.168.25.234 255.255.255.0
radius-client
ipaddress 192.168.25.234
auth-port 1812
account-port 1813
... ...
Altai-AC#show radius client
5.10 Domain Configurations
5.10.1
Overview
Domain in this paper could stand for certain ISP, or kinds of service like
viewing webpage or VOD. It also could be the combinantion of ISP and
service.
5.10.2 Define Domainâs Name
Define domainâs name and access to a sub-configuration mode.
Altai-AC(config)# domain domainname
Users can input usrname@domainname to select a domain in web brower or
SIM Dialer.
Users can use default domain to access by configuring a domain named
âdefaultâ.
Altai-AC(config)# domain default
If the domain name is not configured on AC or users do not input any domain
name, AC will put these users to a default domain to authenticate and
account.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 43/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.10.3 Configure Radius Server
There is a radius server for each domain and the radius server should be
configured in chapter 5.9. Therefore AC can choose different authentication
and accounting servers according to various domains.
Altai-AC(domain)# radius server A.B.C.D authentication
Altai-AC(domain)# radius server E.F.G.H accounting
Once users choose a domain, they actually slect an authentication server
and accounting server.
Meanwhile AC supports backup authentication server, accounting server,
and accounting checking server.
5.10.3.1 Backup Server
The configuration of backup server is the same with master server.
Altai-AC(domain)# radius server I.J.K.L authentication
Altai-AC(domain)# radius server M.N.O.P accounting
That is to say the server configured first is master server and the other backup
server.
The following command is used to cancel configurations either on master or
backup server.
Altai-AC(domain)#no radius server x.x.x.x {authentication | accounting}
If the configuration on master server is canceld, the backup server will
become master server.
5.10.3.2 Account Checking Server
Configure account checking server.
Altai-AC(domain)# radius server A.B.C.D dup-accounting
Cancel the configurations.
Altai-AC(domain)#no radius server A.B.C.D dup-accounting
5.10.4 Configure DNS Server
The radius server doesnât issue DNS, users can use the DNS server configured
for domains. Othervise, users can use the DNS issued by radius server.
Altai-AC(domain)# dns A.B.C.D E.F.G.H
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 44/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
A.B.C.D is the primary DNS IP address and E.F.G.H is that of secondary DNS.
For a notice, the DNS server configured in domain only takes effect on users
who assess by PPPOE but not DHCP and Fixed IP.
5.10.5 Configure Domain without Authentication and Accounting
If a domain is defined not to authenticate, then the users accessed by this
domain will be authenticate directly by AC. And AC will not send request
package to radius server to ask for authentication.
IF a domain is defined not to account, for the users accessed by this domain
will not be accounted. And AC will not send start and stop package to radius
server.
Altai-AC(domain)# aaa authentication none
Altai-AC(domain)# aaa accounting none
The following command will recover the domain as an accounting or
authentication domain.
Altai-AC(domain)# aaa authentication radius
Altai-AC(domain)# aaa accounting radius
Altai-AC(domain)# no aaa authentication
Altai-AC(domain)# no aaa accounting
5.10.6 Configure Service Strategy for Domain
Altai-AC(config)# domain domainname
Altai-AC(domain)# service-policy spname ïŒspname is the service strategy
defined in AC.
5.10.7 Configure Real-time Accounting
Altai-AC(config)# domain domainname
Altai-AC(domain)# interim-time timenum ïŒ timenum is the interval for
real-time accounting.
Notice:
AC supports configuring real-time accounting interval and the interval
returned from radius server. If the two intervals exist at the same time, the
interval returned from radius server has a higher priority.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 45/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.10.8 Check Domain Configurations
Altai-AC # show domain-name domain-name
Altai-AC # show all domain-name
5.11 Service Strategy Configurations
5.11.1 Overview
Service strategy includes broadband and filtering strategy.
Broadband strategy can control data flow, which could meet ISPâs service for
different users. Filtering strategy will allow different users to asscess different
wensite.
Before specify service strategy to users, you must configure broadband, route
and filtering stragety. Please follow the following steps to configure.
Configure broadband and filtering strategy
Specify broadband and filtering strategy in service strategy list
According to different users choose different service strategy
Notice:
All the service strategy only takes effect on the users who access after theservice is configured. If a strategy is modified, the users who access before
the modification will not be influenced.
5.11.2 Broadband Strategy Configurations
5.11.2.1 Configure a Name for Broadband Strategy
Altai-AC(config)# rate-policy bandname
Altai-AC (rate-policy)#
5.11.2.2 Configure Bandwidth
Configure upstream and downstream bandwidth.
Altai-AC (rate-policy)# downstream number1 number2
Altai-AC (rate-policy)# upstream number3 number4
The unit for downstream and upstream broadband is bytes per second. The
meanding for each number is listed here.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 46/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
number1ïŒthe average bytes for each second in downstream
number2ïŒthe outbreak bytes for each second in downstream
number3ïŒthe average bytes for each second in upstream
number4ïŒthe outbreak bytes for each second in upstream
Notes:
The average flow control stands for the maximum data allowed in one
second. The outbreak flow control stands for the maximum data allowed in
0.25s.
The following command will delete the specified broadband strategy.
Altai-AC(config)# no rate-policy policyname
5.11.2.3 Show Broadband Strategy
Altai-AC # show rate-policy bandname
Altai-AC # show all rate-policy
5.11.3 Filtering Strategy Configurations
5.11.3.1 Overview
One filtering strategy consists of several filtering rules, at most 16.
To configure filtering strategy, you have to create filtering rules at first and
then assign them to filtering strategy.
5.11.3.2 Configure Filtering Rules
The following command is used to configure filtering rules.
rule rule-name {permit | deny} {ip | tcp | udp} src-ip src-mask [src-port]dest-ip dest-mask [dest-port]
·rule-name â the name of filtering rules, at most 15 characters
·permit â allow package to pass through
·deny â refuse package to pass through
·ip â operate on IP package
·tcp â operate on tcp package
·udp â operate on udp package
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 47/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
·src-ip â the source IP of this filtering rule
·src-mask â the mack of source IP
·src-port â the port of source tcp/udp, which is optional
·dest-ip â the destination IP of this rule
·dest-mask â the mask of destination IP
·dest-port â the port of destination tcp/udp, which is optional
Notice:
1. While configuring filtering rules, you have to specify the operation of permit
or deny, the protocol of ip, tcp, or udp. If it is tcp or udp, you have to assign
tcp or udp port at the same time.
2. If the rule is configured for all IP address, the IP and mask should be set as
0.0.0.0.
3. If the rule is configured for one specified IP, the mask should be set as
255.255.255.255.
4. If the tcp or udp port is set as 0, the filtering rule will take effect on all tcp or
udp port.
Example 1:
Suppose portalâs IP is 202.104.108.115, the following fitering rule will allow users
tovisit Portal Server.
Altai-AC(config)# rule portal permit ip 0.0.0.0 0.0.0.0 202.104.108.115
255.255.255.255
Example 2:
The following filtering rule allow any DNS package to pass through.
Altai-AC(config)# rule dns permit udp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0
53
Example 3ïŒ
Suppose user is located at 10.10.0.0 network, and the following rule allow
users to visit this network segment.
Altai-AC(config)# rule wan permit ip 10.10.0.0 255.255.0.0 10.10.0.0
255.255.0.0
5.11.3.3 Delete Filtering Rules
The command here will delete filtering rules.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 48/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
no rule rule-name
For example,
Altai-AC(config)# no rule wan
5.11.3.4 Configure Filtering Strategy
Configure a name for filtering strategy.
Altai-AC(config)# filter-policy filter-name
Altai-AC(filter-policy)#
Assign filtering rules for filtering strategy, at most 16.
Altai-AC(filter-policy)# fi lter-rule filter-nameFor example,
Altai-AC(config)# filter-policy wan-policy
Altai-AC(filter-policy)# filter-rule portal
Altai-AC(filter-policy)# filter-rule dns
Altai-AC(filter-policy)# fi lter-rule wan
Altai-AC(filter-policy)# end
5.11.3.5 Delete Filtering Strategy
Use no command to delete a defined filtering strategy.
Altai-AC(filter-policy)# no filter-rule filter-name
For example,
Altai-AC(filter-policy)# no filter-rule wan
5.11.3.6 Show Filtering Strategy
Altai-AC# show filter-policy filter-name
For example,
Altai-AC# show filter-policy wan
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 49/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.11.4 Service Strategy Configurations
Service strategy is the conllection of broadband strategy, route strategy and
filtering strategy. One service stragtegy could not only consisit of broadband
and filtering strategy, but also of certain combination of the two strategies.
For a notice, if there is a filtering strategy configured in service strategy and
another independent filtering strategy configured, the independent filtering
strategy will take effect.
5.11.4.1 Configure a Name for Service Strategy
Altai-AC(config)# service-policy servicename
5.11.4.2 Configure Service Strategy
For one service strategy, there should be one broadband and filtering
strategy at most.
Altai-AC(service-policy)# rate-policy bandname
Altai-AC(service-policy)# filter -policy filterpolicyname
Altai-AC(service-policy)#exit
5.11.4.3 Delete Service Strategy
Use no command to delete seveice strategy defined. The command will not
delete the broadband, filtering or route strategy quoted.
Altai-AC(config)# no service-policy servicename
5.11.4.4 Show Service Strategy
show service-policy servicename
show all service-policy
5.12 Internal Portal Configurations
5.12.1 Configure Portal Server
Altai-AC(config)# portalserver x.x.x.x internal
The command here will configure IP address for portal server.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 50/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.12.2 Configure AC-name
Altai-AC(config)# ex-portal ac-name ACN.CTY.PRO.OPE
AC-Nameâs format is wlanacname=ACN.CTY.PRO.OP. The attribute namemust be lowercase letter and the value number should follow the rules as
regulated.
Altai-AC(config)# ex-portal ac-name 0004.0543.531.00
5.12.3 Configure NAS-id Hot-code
Altai-AC(config)# vlan-nas-identifier vlan-id nas-id
NAS-ID is used to charge the data service of roaming, whose format is
HST.CTY.PRO.OPE.NATïŒ The â.â here is just a mark to identify. For real
configuration, only 16 numbers are enough.ïŒ. For example,
Altai-AC(config)# vlan-nas-identifier 101 0101053553100460
5.13 IP POOL Configurations
There are two types of ip-pool, layer2 ip-pool and layer3 ip-pool. Layer2
ip-pool is used for users who access by layer2 device and layer3 ip-pool for
users who access by layer3 device.
5.13.1 Configure Layer2 IP POOL
In network if the device connected to AC is layer2 access device, the
device should be configured a layer2 ip-pool. For AC as the gateway, it
should also be configured an IP in this ip-pool.
5.13.1.1 Configure a Name for IP Pool
Altai-AC(config)# ip-pool pool-name
Altai-AC(ip-pool)#
5.13.1.2 Configure a Range for IP Pool
Configure a range for ip pool and assign an IP for AC.
Altai-AC(ip-pool)#ipaddress DevBnasIp networkMask
Altai-AC(ip-pool)#ipaddress 10.0.1.1 255.255.255.0
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 51/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
In the above esample, ACâs ip is 10.0.1.1 and the mask is 255.255.255.0.
Therefore,the range for this ip pool is 10.0.1.0~10.0.1.255. Except for the zero
address, the broadcast address and the address for AC, there are 253
addresses left.
5.13.1.3 Configure Allocation Mode for IP Pool
Thre are several allocation mode for IP pool like PPPOE, DHCP, RADIUS, FIXIP,
and LOCALDHCP.
Altai-AC(ip-pool)# alloc-mode mode [pppoe|dhcp|radius|fixip|localdhcp]
5.13.1.4 Assign Service Stratefy
Assign service strategy for ip pool.
Altai-AC(ip-pool)# service-policy service-name
Use no command to delete the service strategy for IP pool.
Altai-AC(ip-pool)# no service-policy [service-name]
For example, configure a service strategy named service-wan for ip pool.
Altai-AC(ip-pool)# service-policy service-wan
Notice:
For DHCP and FIXIP users, the service strategy used before autenticaion is
defined in ip pool and after authentication the service strategy will transfer to
that of radius server. For the prevelige of radius server is higher than that of
domain. If there is no service strategy defined neither in radius server nor
domain, then users will have no service limitation.
For PPPOE users, the service strategy defined in ip pool is useless before
authentication. Therefore if the allocation mode is PPPOE, threre is no need to
configure service strategy in ip pool. After authentication the service strategy
will be that of radius server. For the prevelige of radius server is higher than
that of domain. If there is no service strategy defined neither in radius server
nor domain, then users will have no service limitation.
For a suggestion, it is better not to quote filtering service in ip pool but to
quote service strategy which includes filtering strategy.
5.13.1.5 Configure proxyarp
Altai-AC(ip-pool)#proxyarp [enable|disable ]
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 52/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.13.2 Configure Layer3 IP POOL
5.13.2.1
Configure a Name for IP PoolAltai-AC(config)# ip-pool pool-name l3
Altai-AC(ip-pool)#
5.13.2.2 Configure a Range for IP Pool
For layer3 ip pool, there is no need to configure an IP for AC but an IP for
next-hop route address.
Altai-AC(ip-pool)# ipnetwork ipnet ipmask nexthop
Altai-AC(ip-pool)# ipnetwork 10.10.0.0 255.255.0.0 10.9.0.1
5.13.2.3 Configure Allocation Mode for IP Pool
There is only three allocation mode support layer3 ip-pool, which is dhcp,
localdhcp, fixip.
Altai-AC(ip-pool)# alloc-mode [ dhcp ipadress | fixip ]
5.13.2.4 Configure Reserved IP
The reserved IP will not be allocated to users, which is used to manage users.
Altai-AC(ip-pool)#reservedip A.B.C.D
5.13.2.5 Assign Service Strategy
Assign service strategy for ip pool.
Altai-AC(ip-pool)# service-policy service-name
Use no command to delete service strategy.Altai-AC(ip-pool)# no service-policy [service-name]
For example, configure a service strategy named wan for ip pool.
Altai-AC(ip-pool)# service-policy wan
For DHCP and FIXIP users, the service strategy used before autenticaion is
defined in ip pool and after authentication the service strategy will transfer to
that of radius server. For the prevelige of radius server is higher than that of
domain. If there is no service strategy defined neither in radius server nor
domain, then users will have no service limitation.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 53/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
For a suggestion, it is better not to quote filtering service in ip pool but to
quote service strategy which includes filtering strategy.
5.13.2.6 Configure proxyarp
Altai-AC(ip-pool)#proxyarp [enable|disable ]
5.14 Business Application Configurations
5.14.1 Address Management for Fit AP
Usually the Fit AP in the network will be assigned a management IP through
the ip-pool with a certain dhcp option. The IP in this ip-pool will not be
allocated to users.
5.14.1.1 Configure ip-pool for DHCP
Configure the range, default gateway and least time.
Altai-AC(ip-pool)#ipaddress DevBnasIp networkMask
Altai-AC(ip-pool)# alloc-mode localdhcp
Altai-AC(ip-pool)# default-router gw
Altai-AC(ip-pool)# max-lease time
For example,
ip-pool AP
ipaddress 10.172.220.1 255.255.254.0
alloc-mode localdhcp
default-router 10.172.220.1
max-lease 3600
5.14.1.2 Bind Port and VLAN for IP-Pool
available-interface { port | port-port} vlan { vlan | vlan-vlan}
·port â port number
·port-port â port number range
·vlan â the port number of vlan
·vlan-vlan â the port number range of vlan
For example,
Altai-AC(ip-pool)# available-interface port 2 vlan 3333
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 54/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.14.1.3 Configure option
Altai-AC(ip-pool)# option-60 enterprise-code 3902
5.14.1.4 Configure ACâs Address
Altai-AC(ip-pool)# option-60 ac-manage-ip A.B.C.D
5.14.2 Business Configuration for DHCP+WEB Access
5.14.2.1 Overview
There is no need to install client software for DHCP+WEB access. Users can be
authenticated through brower.
The following point should be aware.
Basic Authority is for DHCP and FIXIP users, which is authenticated from IP-pool.
Right now, the authority can be configured in ip-pool is service strategy and
authentication and accounting strategy.
Authority after authentication is also for DHCP and FIXIP users, but it is
authenticated by radius server.
The service strategy in ip-pool do not include filtering strategy, that is to say,
users can visit any website without limitation. Therefore for web authentication
business, the service strategy should include filtering syrategy which defines
the following filtering rules like only to visit portal server, only to visit dns port
(unp 53), and only to visit certain IP.
5.14.2.2 Configuration Steps
1. Configure SubinterfaceïŒrequiredïŒïŒ
There are to purpose to configure a subinterface.
First, by subinterface, radius client can communicate with radius server.
Second, the subinterface could be ACâs uplink port.
2. Configure RADIUS clientïŒrequiredïŒïŒ
3. Configure Radius Server ïŒrequiredïŒïŒ
4. Configure domain for users (required)ïŒ
5. Configure Portal Server relatedïŒrequiredïŒïŒ
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 55/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6. Configure broadband strategy, filtering strategy, and service strategy
ïŒrequiredïŒïŒ
7. Configure service strategy in domainïŒoptionalïŒïŒ
8. Assign IP for DHCP Server ïŒrequiredïŒïŒ
9. Configure ip-pool for usersïŒrequiredïŒïŒ
10. Configure service strategy in ip-poolïŒrequiredïŒïŒ
11. Configure gateway, DNS, lease time for DHCP Server âs ip-pool
ïŒrequiredïŒïŒ
12. bind port and vlan for ip-poolïŒrequiredïŒïŒ
5.14.2.3 Configure IP for DHCP Server
If the allocation mode for ip-pool is localdhcp, you should enable ACâs
dhcp server, which can be configured in global mode. The IP for dhcp server
can be any interfaceâs IP.
Altai-AC(config)ïŒip dhcp server A.B.C.D
5.14.2.4 Configure Filtering Strategy for Authentication
The fitering strategy for authentication should include the following
filtering rules like only to visit portal server, only to visit dns port (unp 53), and
only to visit certain IP.
1ïŒdefine filtering rules
rule portal permit ip 0.0.0.0 0.0.0.0 portal_ip 255.255.255.255
rule dns permit udp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0 53
2ïŒencapsulate filtering strategy
filter-policy unauth
filter-rule portal
filter-rule dns
5.14.2.5 Configure ip-pool for DHCP
To configure ip-pool for DHCP Server, you have to configure default router,
max-lease time and DNS.
Altai-AC(config)# ip-pool dhcpsvrpool
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 56/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Altai-AC(ip-pool)# ipaddress 192.168.26.1 255.255.255.0
Altai-AC(ip-pool)# alloc-mode localdhcp
Altai-AC(ip-pool)# default-router 192.168.26.1
Altai-AC(ip-pool)# dns-server 220.120.64.194
Altai-AC(ip-pool)# max-lease 7200
Altai-AC(ip-pool)# filter-policy unauth
5.14.2.6 Bind Port and VLAN for ip-pool
The operation of binding port and VLAN for ip-pool is to make sure users
accessed by DHCP can get ip and basic authority from ip-pool.
available-interface { port | port-port} vlan { vlan | vlan-vlan}
For example, suppose the DHCP users accessed by port0 and VLAN10 will get
IP from ip-pool1.
Altai-AC(config)# ip pool ippool1 available-interface 0 vlan 10
For example, suppose the DHCP users accessed by port1-4 and any VALN will
get IP from ip-pool2.
Altai-AC(config)# ip pool ippool2 available-interface 1-4
5.14.2.7 Configure Detection Time for Idle Users
Users accessed by DHCP+WEB will be charged once they pass the
authentication. To save spending, AC supports the function of idle-detection.
If user data flow is lower than flow threshold in detection time, then the users
will be regarded as an idle user and the accounting will stop. The detection
time is 900s, which could be changed by the following command.
Altai-AC(config)# ip dhcp idle-interval interval threshold threshold
Altai-AC(config)# ip dhcp idle-interval 600 threshold 30000
In the above example, the detection time is adjusted to 600s and the flowthreshold is 30000 bytes.
Notice:
If the detection time is 0, then AC will not detect users.
Altai-AC(config)# ip dhcp idle-interval 0
5.14.2.8 Check and Debug
1. Show on-line users
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 57/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Altai-AC# show auth-user
String - NULL, or pool name, or domain name following with '@'
port - port-id
vlan - vlan-id
2. Show IP address assigned
Altai-AC# show dhcpuser
3. Show usersâ information
Altai-AC# show user
String - user name, ip or mac
4. Force users off-line manually
Altai-AC# kick
List Elements - kick mode(ip,user-name,mac,index)String - ip user-name mac index
5. show dhcp ip assigned by manual release
Altai-AC# release
A.B.C.D - user's ip address
6. debug radius
5.15 NAT Configurations
NAT includes three types of static NAT, dynamic NAT, and PAT (Port
Address Translation). Static NAT is to map an internal private IP to external
legal IP permanently. Dynamic NAT is to map legal external IP to internal
network. PAT is to map internal IP to external IPâs different port. Usually we use
PAT.
5.15.1 Static NAT
1. Enable NAT function
Altai-AC(config)# ip nat router
2. Define subinterface
Altai-AC(config-interface)#ip nat outside
For a notice, to configure a subinterface, you have to configure an IP for
the interface and then configure âip nat outsideâ. If you want to delete
and modify the subinterfaceâs IP, you have to delete âip nat outsideâ first,
delete the IP of interface, and then configure interfaceâs IP and âip nat
outsideâ.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 58/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
3. Configure static NAT
Altai-AC(config)# ip nat static inside in_ipaddr out_ipaddr
255.255.255.255
For example, map internal IP 172.16.1.100 to external IP 221.8.9.10.
Altai-AC(config)# ip nat static inside 172.16.1.100 221.8.9.10 255.255.255.255
5.15.2 Dynamic NAT
1. Enbale NAT function
Altai-AC(config)# ip nat router
2. Define subinterface
Altai-AC(config-interface)#ip nat outside
For a notice, to configure a subinterface, you have to configure an IP for
the interface and then configure âip nat outsideâ. If you want to delete
and modify the subinterfaceâs IP, you have to delete âip nat outsideâ first,
delete the IP of interface, and then configure interfaceâs IP and âip nat
outsideâ.
3. Define NATinternal ip-pool
Altai-AC(config)# ip nat pool pool_name ip_address ipMask
Altai-AC(config)# ip nat pool In-pool 10.223.160.1 255.255.254.0
4. Define NAT external ip-pool
Altai-AC(config)# ip nat pool pool_name ip_address ipMask
Altai-AC(config)# ip nat pool Out-pool 221.1.2.3 255.255.255.128
5. Bind internal ip-pool and external ip-pool
Altai-AC(config)# ip nat inside In_pool Out_pool overload
For a notice, to delete a nat pool, you have to depart internal ip-pool
and external ip-pool with ânoâ command and then delete ip-pool.
5.15.3 PAT
1. Enable NAT function
Altai-AC(config)# ip nat router
2. Define subinterface
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 59/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Altai-AC(config-interface)#ip nat outside
For a notice, to configure a subinterface, you have to configure an IP for
the interface and then configure âip nat outsideâ. If you want to delete
and modify the subinterfaceâs IP, you have to delete âip nat outsideâ first,
delete the IP of interface, and then configure interfaceâs IP and âip nat
outsideâ.
3. Configure internal ip-pool
Altai-AC(config)# ip nat pool pool_name ip_address ipMask
Altai-AC(config)# ip nat pool In-pool 10.223.160.1 255.255.254.0
4. Configure external ip-pool
Altai-AC(config)# ip nat pool pool_name ip_address ipMask Altai-AC(config)# ip nat pool Out-pool 221.1.2.3 255.255.255.128
5. Bind internal ip-pool and external ip-pool
Altai-AC(config)# ip nat inside In_pool Out_pool overload
5.16 Hot Standby Configurations
5.16.1 Overview
In upstream, the master AC and backup AC will occupy three IP in the
same network segment and two MAC address with VRRP protocol.
In operation and maintainence, the master AC and backup AC will use
different IP address and MAC address.
In business, the master AC and backup AC will use the other IP and the
same MAC.
The uplink port is open and the three IP address could be telnet.
In access side, the same port of master AC and backup AC share the same
MAC, but only the port on master AC will be open.
5.16.2 Command
1. [no] vrgroup groupid
ModeïŒconfig
ParametersïŒgroupid â virtual group ID, range from 1 to 16ïŒ
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 60/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
DescriptionïŒconfigure virtual groupïŒ
2. [no] prioroty num
ModeïŒvrgroup
ParametersïŒnum â the priority of virtual group, range from 1 to 255ïŒ
DescriptionïŒconfigure the priority of virtual groupïŒ
3. [no] adver-interval interval
ModeïŒvrgroup
ParametersïŒinterval â the heartbeat intervalïŒ
DescriptionïŒconfigure the heartbeat intervalïŒ
4. [no] track-port GigabitEthernet String priority num
ModeïŒvrgroup
ParametersïŒString â listener portïŒ
num â the priority of binding portïŒ while the port is down ,the prioriry will
get lowïŒ
5. [no]preempt
ModeïŒvrgroup
ParametersïŒenable preempt modeïŒ
6. [no]threshold-priority num
ModeïŒvrgroup
Parameters: num â the priority of virtual group, range from 1 to 255ïŒ
DescriptionïŒconfigure the threshold for hot back groupïŒ
7. [no]attend A.B.C.D group groupid [vrip]
ModeïŒconfigure subinterface
ParametersïŒA.B.C.D â subinterfaceâs IP
Groupid â virtual group ID
Vrip â optional parameter, with it, the IP will attend the group as a
virtual IP, otherwise the IP will be regarded as a real IP.
DescriptionïŒConfigure IP for hot backup group, including virtual IP and
real IP. Add some IP to the group.
8. [no] vrip A.B.C.D group groupid
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 61/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
ModeïŒconfigure subinterface
ParametersïŒA.B.C.D-must be the same port in the same network
segment
Groupid â must be the group existed
DescriptionïŒconfigure IP for hot backup group and add some IP to a
group
9. Show hotstandby group-info Al l |current | groupid
ModeïŒPrivileged Mode
ParametersïŒAl l âshow all groupâs important information
Current â show details of the running hot backup group
Groupid â show details of specified group
DescriptionïŒshow groupâs information
6 WEB Configurations
6.1 Login by WEB
The URL is:https://10.1.1.3ïŒ10.1.1.3 is the IP of management platform
configured on Eth7ïŒ.
The default user name is icac, and the password is icaclogin.
The login screen is displayed as follows.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 62/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-1 Access Controller Login Screen
The device supports three languages mode,ăSimplified Chineseă,ăTraditional
Chineseă ,andă Englishă .You can select the language environment
needed.Please input the user name and password,and click ăLogină.
The following screen will prompt.
The main menu includes:ăBasic Settingsă,ăWireless Settingsă,ăWireless Securityă,
ăWLANă,ăOnline APă,ăStatisticsă,ăRogue APă,ăLOGă.ăicac Loggedă,
ăChange Passwordă,andăExităare in the right above.
Figure 6-2 Access Controller Main Menu
The following table will introduce the main menu.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 63/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Table 6-1 Description of Access Controller Main Menu
Menu Description
Basic Settings
The configuration of system essential information,
providing basic configuration of Altai AC like APâs versioninformation management, loading version service
management and so on.
Wireless Settings The configuration of wireless setting and capwap timer.
Wireless Security The configuration of wireless security.
WLAN The configuration of WLAN management.
Online APThe configuration of online AP,including AP informationâs
view,and the configuration of AP issued.
Statistics It provides statistics information of AP and user.
Rogue APIt provides rogue AP scan switch,and displays rogue AP
list.
LOG It provides operation log and security log.
Change Password Change the password.
SaveConfiguration
Click save button to save configurations.
ExitLog out management platform, and return to loginscreen.
The following chapters will introduce various function of WEB.
6.2 Basic Settings
Click ăBasic Settingsă,and the following screen will prompt.
On this screen the following functions will be configured,includingăAC
Configurationă,ăAC Hotstandbyă,ăRadius Server ă,ăAS Server ă,ăNTP Server ă,
ăSYSLOG Server ă,ăAP Versionă,ăVersion Server ă,ăRoutingă,ăEthernet Interface
Informationă,ăWAPI Certificateă,ăAC Advancedă,ăTunnel Configurationă,
ăMultiple Access Boards Configurationă ,ă AC Upgradeă ,ă System
Informationă,andăAC Licenseă.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 64/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-3 Basic Settings
6.2.1 AC Configuration
Click ăBasic Settingsă/ăAC Configurationă,and AC configuration screen will
prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 65/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-4 AC Configuration
The configuration of AC in detail is displayed as follows.
Table 6-2 AC Configuration
Items Description
AC Name The name of AC.
AC IP Address The IP address of AC.
Number of
Connected APsThe number of AP connected.
Number of
Connected STAsThe number of wireless user connected.
SNMP Community RSNMP read-only command, and the default value ispublic.
SNMP Community
R&WSNMP read-write command, and the default is private.
AC Trap IP The IP address where the alarm message is sent.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 66/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
AC Trap IP2The IP address where the alarm message is sent.You canset two tra IP at the same time.
Trap Community Trap command, and the default value is private.SNMP Port R&W SNMP read-write port,and the default value is 161.
Trap port Trap port,and the default value is 162.
LoadbalanceOn: Enable load balance function.Off: disable the function, and it is the default option
User IsolationOn: Enable user isolation function.
Off: Disable the function, and it is the default option.
Last polling time The last polling time.
Domain The nation domain where the device located.
AC Authentication
AC supports eight authentications.
no-auth: No authentication.
eap-sim: Eap-sim authentication.web: Web authentication.
eap-md5: Eap-md5 authentication.simAndweb: SimAndweb authentication.
simAndmd5: SimAndmd5 authentication.webAndmd5: WebAndmd5 authentication.
simAndwebAndmd5: SimAndwebAndmd5
authentication.
Use MAC as Index
On: While network administrator collecting information,
use MAC as index.Off: While network administrator collecting
information,use AP ID as index. This function is disabled by
default.
SNMP instantly collectOn: Enable SNMP instantly collecting switch.Off: Disable the function and it is the default option.
LongitudePlease fill in the longitude as the sample formatdisplayed.
Latitude Please fill in the latitude as the sample format displayed.
MoreClick More, and the advanced setting screen willprompt.
6.2.2 AC Hotstandby
Click ă Basic Configurationă /ăAC Hotstandbyă , and AC hotstandbyconfiguration screen will prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 67/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-5 AC Hotstandby
The following table will introduce the configuration parameters of AC
Hotstandby.
Table 6-3 Configuration Parameters of AC Hotstandby
Items Description
AC HotstandbyEnabledïŒEnable hotstandby function
DisabledïŒDisable hotstandby function
AP Cold StandbyEnabledïŒEnable cold standby function
DisabledïŒDisable cold standby function
Data
Synchronization
EnabledïŒEnable cold standby function
DisabledïŒDisable cold standby function
Preempt Mode
EnabledïŒEnable preempt mode. Under
this mode, AC with high priority will
become master AC. If the priority is thesame, then the AC with bigger IP will
become master AC.
DisabledïŒDisable preempt mode.
Local IPThe heartbeats address which iscommunicated with the client.
Peer IPThe heartbeats address which thismachine is linked to the client.
6.2.3 Radius Server
Click ăBasic Settingsă/ăRadius Server ă,and radius servers configuration screen
will prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 68/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-6 Radius List
Select one radius server configuration,click ăModifyă,and the radius servers
edit screen will prompt.
Figure 6-7 Radius Servers Edit
The following table will introduce the configuration items.
Table 6-4 Radius Server Configuration
Items Description
Type
Authentication: the radius server to realize
authentication function.Account: the radius server to realize account
function.Checking: the radius server to realize checking
function.
PriorityPriority choice: the primary radius server.Reserve: the radius server reserved will be used
if priority server canât work.
IP Address The IP address of radius server.
Port The port of radius server.
Password The password of account or checking
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 69/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Re-enterpassword
Re-enter the password of radius server.
6.2.4 AS Server
Click ăBasic Configurationă/ăAS Server ă,and AC server configuration screen
will prompt.
Figure 6-8 AS Server Configuration
Table 6-5 AS Server Configuration
Items Description
AS server IP The IP address of AS server.
AS server port The port of AS server.
6.2.5 NTP Server
Click ăBasic Settingsă/ăNTP Server ă,and NTP configuration screen will
prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 70/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-9 AC NTP Configuration
Table 6-6 AC NTP Configuration
Items Description
NTP ServerOn: Set AC as NTP server, and AP or other clientwill e synchronize with AC.
Off: AC is not set as NTP server.
NTP Client
On: Set AC as NTP client, and it will synchronizewith NTP server automatically.
Off: AC is not set as NTP client.
Server 1 The IP address of NTP server.
Server 2 The IP address of NTP server.
Server 3 The IP address of NTP server.
Sync IntervalAC will synchronize with NTP server as the timesetting passed.
6.2.6 SYSLOG Configuration
Click ăBasic Settingsă/ăSYSLOG Configurationă,and SYSLOG configuration
screen will prompt.
Figure 6-10 SYSLOG Configuration
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 71/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Table 6-7 SYSLOG Configuration
Items Description
Syslog Level
Emergency: System logs like the system canât
work.alert: Alarm logs like the system will shut down.
critical: important logs like users login and log out.
error: The error logs like some process goes wrong.warning: Warning logs like userâs authentication is
failed.
notice: Notice logs like system needs to beupdated.
informational: informational logs like the recordsof IP visited.
debug: Debug logs.
IP Address The IP address of syslog server.
Port The port of syslog,and the default port is 514.
OperationClick ăApplyă,and the SYSLOG configuration will
be used.
6.2.7 AP Version
Click ăBasic Settingsă/ăAP Versionă, and AP version configuration screen will
prompt.
Figure 6-11 AP Version Information Edit
Table 6-8 AP Version Information Edit
Items Description
Manufacturer Manufacturer information.
Device Type Device type information.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 72/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
HardwareVersion
Hardware version information.
Update Type
1: Firmware. If there is no need to update,please choose this option.
2: Software. Update through software.
3: Configuration file. Update throughconfiguration file.
UpdateFeature
The description of update feature.
Target
Update
Feature
The description of target update feature.
Upload Ways It includes WEB upload and manual upload.
Path TypeFull path
Relative pathTarget
Updated FileClick ăBrowseă,and select target update file.
6.2.8 Version Server
Click ăBasic Settingsă/ăVersion Server ă,and version server configuration screen
will prompt.
Figure 6-12 Version Server List
Select a list,click ăModifyă,and version server edit screen will prompt.
Figure 6-13 Version Server Edit
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 73/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce the version server edit.
Table 6-9 Version Server Edit
Items Description
Server IP The IP address of version server.
Port The port of verion server.
UserName Please input the user name.
Password Please input the password.
Confirm
PasswordPlease input the password again.
Transfer
Protocol
AC supports four transfer protocols.
ftp
tftp
httphttps
6.2.9 Routing
Click ăBasic Settingsă/ăRoutingă,and route information of management
platform screen will prompt.
Figure 6-14 Route Information of Management Platform
Click ăAddă,and the management platform route edit screen will prompt.
Figure 6-15 Management Platform Route Edit
The following table will introduce the management platform route edit.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 74/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Table 6-10 Management Platform Route Edit
Items Description
Destination IP The destination IP
Netmask The subnet network netmask
Next hop The next hop network address
6.2.10 Ethernet Interface Information
Click ăBasic Settingsă/ăEthernet Interface Informationă,and ethernet interface
information screen will prompt.
Figure 6-16 Ethernet Interface Information
Notice: The information on screen of read-only canât be added, modified
and deleted.
6.2.11 WAPI Certificate
Click ăBasic Settingsă/ăWAPI Certificateă,and WAPI certificate screen will
prompt.
Figure 6-17 WAPI Certificate
Click ăAddăto prompt the following screen.
Figure 6-18 WAPI Certificate Edit
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 75/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce WAPI certificate edit.
Table 6-11 WAPI Certificate Edit
Items Description
Certificate Type
There are three certificate typesïŒ
Server
APCA
Path TypeRelative pathFull path
Certificate
Uploading
Click ăBrowseă,and select the certificate
need to be uploaded.
6.2.12 AC Advanced
Click ăBasic Settingsă/ăAC Advancedă,and AC advanced screen will prompt.
Figure 6-19 AC Advanced
The following table will introduce AC advanced.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 76/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Table 6-12 AC Advanced
Items Description
AC
ConfigurationExport
Click ăDownloadă,and the AC configuration
will be exported.
ACConfiguration
Import
Click ăBrowseăto select the configuration file
to be imported,and click ăImportă.
Select
Configuration
to Reset
You can select the following configuration.Business configuration: The configuration onthe screenïŒexcept for AC nameïŒ.
System configuration: The configuration ofmanagement platform.
Factory Reset Click ăResetăto reset default configurations.,
Reboot AC Click ăRebootă,and it will reboot AC.
Warning:
To restore the factory default, and restart AC will affect the running business.
Please do not do such operation at will.
6.2.13 Tunnel Configuration
Click ăBasic Settingsă/ăTunnel Configurationă,and tunnel configuration screenwill prompt.
Figure 6-20 Tunnel Configuration
The following table will introduce the tunnel configuration items.
Table 6-13 Tunnel Configuration
Items Description
Mode Switch On: Enable tunnel mode.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 77/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Off: Disable tunnel mode.
AccessPlatform IP
IP address of access platform which enablestunnel mode
Port The default port is 5248.
Forwarding
Type
It supports three tunnel modes.1-MACBridge
2-Reserve
3-802.11 frame tunnel mode
Switch of DataSynchronization
On: Enable data synchronization function.Off: Disable data synchronization function.
6.2.14 Multiple Access Boards Configuration
Click ăBasic Settingsă/ăMultiple Access Boards Configurationă,and thefollowing screen will prompt.
Figure 6-21 Multiple Access Boards Configuration
Click ăNew Access Boardăto prompt the following screen.
Figure 6-22 Multiple Access Boards Configuration
The following table will introduce multiple access boardsâ configuration.
Table 6-14 Multiple Access Boards Configuration
Items Description
Slot No. The slot number of access board.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 78/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Access BoardIP
The IP address of access board.
Port The port that access platform andmanagement platform to communicate.
Tunneladdress(IPv4)
The Tunnel IP address in the form of IPv4
Tunneladdress(IPv6)
Tunnel IP address in the form of IPv6.
Tunnel port The tunnel port number.
Tunnel SwitchOn: Enable tunnel.OffïŒDisable tunnel.
Password(R)Read-only command,and the default valueis public.
Password(R&W) Read-write command,and the default valueis private.
6.2.15 AC Upgrade
Click ăBasic Settingsă/ăAC Upgradeă,and AC Upgrade screen will prompt.
Figure 6-23 AC Upgrade
The following table will introduce AC upgrade items.
Table 6-15 AC Upgrade
Items Description
AC Version
AC supports version 0 and version 1.
Click ăSet as Current Versionă,and the version
selected will be set as current version.
AC VersionUpload
Click ă Browseă to select files need to be
updated,and click ăUploadă.
Upgrade successfully screen will prompt.
Figure 6-24 AC Upgrade Success
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 79/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.2.16 System Information
Click ăBasic Settingsă/ăSystem Informationă,and system information screen
will prompt.It is the read-only screen.
Figure 6-25 System Information
Click ăRefreshă,and you can acquire the newest system information.
6.2.17 AC License
Click ăBasic Settingsă/ăAC Licenseă,and AC license screen will prompt.
Figure 6-26 AC License
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 80/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce AC license parameter settings.
Table 6-16 AC License Parameter Settings
Items Description
Device serialNumber
The serial number of device.Click ăDownload
Device Fileăto export device file.
StatusThe status of License.Please click ă Refresh
Informationăto update license information.
Max APNumber
The max number of AP supported.
AC DeviceModel
The model of AC device.
Hotstandby
Support(y/n)Whether to support hotstanfby function or not.
Device ID Number of the device.
Upload
License File
Click ăBrowseăto select the file needed,and
click ăUploadăto upload the files.
6.3 Wireless Settings
Wireless settings includesăWireless Basică,ăWireless Advancedă,ăWireless
Channelă,ăPayloadbalanceă,ăAP Background Scană,ăCAPWAP Timer ă.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 81/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
They are global configurations to AP. The following part will introduce them
independently.
6.3.1 Wireless Basic
Click ăWireless Settingsă/ăWireless Basică,and Wireless basic settings screen
will prompt.
Figure 6-27 Wireless Basic Settings
The following table will introduce wireless basic settings.
Table 6-17 Wireless Basic Settings
Items Description
Radio ID Select the radio id of AP.
RF Switch
On: Enable RF, and wireless user can search to
the SSID issued.Off: Disable RF, and wireless user can not
search to the SSID issued.
Power
Configuration
There are three ways.
Adjust Power Automat: When nearby AP power
increases, the device power willdecrease.When nearby AP power weaken, the
device will increase, which is up to the change
of environment.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 82/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Percentage: Work in the designated power.
Actual Power: Work in the actual power.
Auto PowerAdjustment
Interval
AP power will be adjusted as the time intervalpassed, and the default unit is minute.
WirelessMode
There are eight wireless rate modes to beselected.
802.11b Only(2.4G)
802.11g Only(2.4G)802.11n Only(2.4G)
802.11b and 802.11g (2.4G)
802.11n802.11b and 802.11g (2.4G)
802.11a Only(5G)
802.11n and 802.11a (5G)
Work Rate
There are thirteen work rate to be selected.Select Automatically: AP work rate is relatedwith the environment like the direction and
distance of antenna.
1Mbps2Mbps
5.5Mbps
6Mbps9Mbps
11Mbps
12Mbps18Mbps
24Mbps36Mbps
48Mbps
54Mbps
11N Work
Rate
802.11n RF rate configures by MCS (Modulationand Coding Scheme) index value torealize.There are seventeen 11N work rate to
be selected.
AutoïŒAP selects work rate independently.
MCS Index0MCS Index1MCS Index2
MCS Index3MCS Index4
MCS Index5
MCS Index6MCS Index7
MCS Index8
MCS Index9MCS Index10
MCS Index11
MCS Index12MCS Index13
MCS Index14
MCS Index15
Space FlowThere are four space flows to be selected.1*12*2
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 83/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
3*3
4*4
Channel
Bandwidth
There are four channel bandwidths to beselected.
20MHzAuto 20/40 MHzïŒ20MHză40MHz self-adaption
40-MHz
40+MHz
GuardInterval
There two settings to be selected.
LongïŒ800usïŒ
ShortïŒ400usïŒ
A-MPDUOn: Enable A-MPDU function to increase thewireless network throughput.
Off: Disable A-MPDU function.
A-MSDUOn: Enable A-MSDU function to increase MACtransmission efficiency.
Off: Disable A-MSDU function.
11N WorkMode
There are two 11N work modes to be selected.
HT-MixedHT-Greenfield
6.3.2 Wireless Advanced
Click ăWireless Settingsă/ăWireless Advancedă,and wireless advanced settings
screen will prompt.
Figure 6-28 Wireless Advanced Settings
The following table will introduce wireless advanced settings items.
Table 6-18 Wireless Advanced Settings
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 84/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Layer2
port-isolate
Select layer 2 port-isolate mode.
Layer 2 Isolation Disabled
Isolate UnicastIsolate Multicast
Isolate Broadcast
Isolate All
IGMPSNOOPING
Enabled: Enable IGMP SNOOPINGfunction.Disabled: Disable IGMP SNOOPING
function.
Pre-certificationEnabled: Enable pre-certification function.
Disabled: Disable pre-certification function.
RoamingEnabled: Enable roaming function.Disabled: Disable roaming function.
Detection Timefor Roaming Input the detection time for roaming,andthe default unit is seconds.
Uplink Integrity
Disabled
Disconnect of AP UplinkDisconnect of AP/AC CAPWA
Disconnect of link to a Certain
ActionClose AP RFReboot AP
NTP Server
AddressNTP server IP address.
NTP SynchronousInterval
NTP synchronous interval.The default unit isminutes, and the default range value is
1-1092.
6.3.3 Wireless Channel
Click ăWireless Settingsă /ăWireless Channelă ,and wireless channel
configuration screen will prompt.
Figure 6-29 Wireless Channel Configuration
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 85/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce wireless channel configuration items.
Table 6-19 Wireless Channel Configuration
Items Description
Radio ID12
Autochannel
adjustment
Enabled: Enable auto channel adjustment
function,and AP will select channelautomatically.
Disabled: Disable auto channel adjustmentfunction.
Adjustment
Mode
Adjust when starts.
Periodic adjustment.
Adjustment
Interval
Input adjustive interval, and the default unit is
minutes.
Minimumsigna
standards
Input minimum signa standards.The default unitis dbm,and the range is from -90 to 10.
6.3.4 Payloadbalance
Click ă Wireless Settings ă / ă Payloadbalanceă ,and payloadbalance
configuration screen will prompt.
Figure 6-30 Payloadbalance Configuration
The following table will introduce payloadbalance configuration items.
Table 6-20 Payloadbalance Configuration
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 86/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Payloadbalance
Switch
Enabled: Enable payloadbalancefunction.When the number of user reachesto a certain amount, payloadbalance
among APswill be adjusted automatically.Disabled: Disable payloadbalancefunction.
Payloadbalance
Type
User: Payloadbalance among APs is
decided by the number of user.
Flow: Payloadbalance among APs isdecided by flow.
StartedThreshold of
Access Users
Enable payloadbalance function when
the threshold set is exceeded.
User ControlDeviation of
Load Balance
When user control deviation of loadbalance is exceeded, new access user will
be related to the AP with lower load.
User ThresholdWhen user threshold is exceeded,payloadbalance function will take no
effect
For example, suppose theconfiguration is set as follows, it stands for tthat the
payloadbalance function will be enabled when the flow value is 0kbps
between the two usersïŒat least 2ïŒ.If the flow d-value is 500kbps among users,
and the newcomer will be connected to the lower flow AP. When the flow is
more than 1000000000 KBPS, payloadbalance will take no effect.
Figure 6-31 Payloadbalance Configuration by Flow Control
6.3.5 AP Background Scan
Click ăWireless Settingsă/ăAP Background Scană ,and AP background
scanning screen will prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 87/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-32 AP Background Scanning
The following table will introduce payloadbalance configuration parameters.
Table 6-21 AP Background Scanning
Items Description
Radio ID Input radio ID,and the range is 1~31.
ScanningChannel
All-Channel
1ïŒ11b/g)
2ïŒ11b/g)
3ïŒ11b/g)
4ïŒ11b/g)
5ïŒ11b/g)
6ïŒ11b/g)
7ïŒ11b/g)8ïŒ11b/g)
9ïŒ11b/g)
10ïŒ11b/g)
11ïŒ11b/g)
12ïŒ11b/g)
13ïŒ11b/g)
149ïŒ11a)
153ïŒ11a)
157ïŒ11a)
161ïŒ11a)
165ïŒ11a)
Scanning
Enable
On: Enable backgrounf scanning function.
Off: Disable backgrounf scanning function.
ScanningCycle
Input scanning cycle.The default unit issecond,and the range is 0~65535.
6.3.6 CAPWAP Timer
Click ăWireless Settingsă/ăCAPWAP Timer ă,and CAPWAP timer configuration
screen will prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 88/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-33 CAPWAPTimer Configuration
The following table will introduce CAPWAP timer configuration items.
Table 6-22 CAPWAP timer configuration
Items Description
Echo TimerThe interval time for AP to send keep alivemessage.
Discovery
TimerNo definition.
Keep-alivetime for AC
The time for AC to detect AP.
6.4 Wireless Security
Wireless security mainly includesăMAC Filter ă,ăWLAN Securityă,ăIntrusion
Detection Settingsă ,ăDynamic Blacklistă .The function in detail will be
introduced as follows.
6.4.1 MAC Filter
Click ăWireless Securityă/ăMAC Filter ă,and MAC filter screen will prompt.
Figure 6-34 MAC Filter
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 89/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce MAC filter configuration items.
Table 6-23 MAC Filter
Items DescriptionMACAddress 1
Input MAC address like AA-BB-CC-DD-EE-FF.
MACAddress 2
Input MAC address like AA-BB-CC-DD-EE-FF.
MAC
Address 3Input MAC address like AA-BB-CC-DD-EE-FF.
MAC
Address 4Input MAC address like AA-BB-CC-DD-EE-FF.
6.4.2 WLAN Security
Click ăWireless Securityă/ăWLAN Securityă,and WLAN security policy list screen
will prompt.
Figure 6-35 WLAN Security Policy List
Click ăAddăto prompt WLAN security policy configuration screen.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 90/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce WLAN security policy configuration items.
Table 6-24 WLAN Security Policy
Items Description
Security PolicyID
The ID for security policy, which is generatedautomatically.
Security Policy
NameInput security policy name.
Security Mode
Please enter the security mode.
WEP
802.11iWAPI
Authentication
Mode
If 802.11i is selected as security mode, andtwo authentication modes will be displayed
as follows.
WPA/WPA2-PSKWPA/WPA2(EAP)
if WAPI is selected as security mode, and twoauthentication modes will be displayed as
follows.
WAPI-PSKWAPI Certificate(Primary install wap
certificate)
Key Length
64bit128bit
152bit
Key Type ASCII
Encryption
Method
SMS4
AES
TKIP
Key Input the key.
Index of
Default KeyKey 1: The default key is key 1.Key 2: The default key is key 2.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 91/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Key 3: The default key is key 3.
Key 4: The default key is key 4.
Key 1 Please input key 1.
Key 2 Please input key 2.
Key 3 Please input key 3.
Key 4 Please input key 4.
6.4.3 Intrusion Detection Settings
Click ăWireless Securityă/ăIntrusion Detection Settingsă,and intrusion detection
settings screen will prompt.
Figure 6-36 Intrusion Detection Settings
The following table will introduce intrusion detection settings.
Table 6-25 Intrusion Detection Settings
Items Description
Spoofing
Attack
DetectionSwitch
Enabled: Enable spoofing attack detection
function.
Disabled: Disable spoofing attack detectionfunction.
Flood AttackDetection
Switch
Enabled: Enable flood attack detectionfunction.
Disabled: Disable flood attack detection
function.
Flood AttackDetectionThreshold
Set flood attack detection threshold,and therange value is 1-6000.
Dynamic
Blacklist
Enabled: Enable dynamic blacklist
function.When the number of flood attack
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 92/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Switch detected is more than the threshold, the user will
be pulled into blacklist.
Disabled: Disable dynamic blacklist function.
DynamicBlacklist alivetime
Set dynamic blacklist alive time.The default unitis second, and the range is 60-3600.
6.4.4 Dynamic Blacklist
Click ăWireless Securityă/ăDynamic Blacklistă,and dynamic blacklist screen
will prompt.
Figure 6-37 Dynamic Blacklist
Select an invasion MAC,and click ăAdd to static blacklistă.The MAC will besaved in the blacklist permanently.
SelectăAttack Typeă,and MAC address under the attack type will be
displayed.The attack type which the device supports includes flood
attack(Unknown Type),flood attack(Authentication),flood
attack(Deauthentication),flood attack(Assocation),flood
attack(Disassocation),flood attack(Reassocation),flood attack(Probe
Request),flood attack(null data),flood attack(action),spoof attack(Unknown
Type),spoof attack(Authentication),spoof attack(Deauthentication),spoof
attack(Assocation),spoof attack(Disassocation).
6.5 WLAN
WLAN mainly includesăAP Configurationă,ăWLAN Groupsă,ăTime Policy
Groupsă,ăAP Policy Applyă,ăWLAN-VLAN Associationă.The function in detail
will be introduced as follows.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 93/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.5.1 AP Configuration
Click ăWLANă/ăAP Configurationă, and AP Configuration screen will prompt.
Figure 6-38 AP Configuration
The screen will display AP group information, supporting information displayedafter filtering and informationâs export. For example:
Step one,Click ăImport CSV fileă,and the following screen will prompt.
Step two,Click ăBrowseă,and you can select CSV file needed.Please click
ăUploadă,and the following screen will prompt.
Step three,Click ă
Add Importă
to add new AP group informton.Click ă
AllReplaceă,and the old AP group information will be replaced. Click add
import button,and the following screen will prompt.
Click ăConfirmă,and the following screen will prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 94/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Step four,Click ăReturnă,and upload the system file successfully.
Warning:
Click ăDownload CSV Sampleăto acquire instruction in detail of CSV file
layout.Youâd better download this file in orde to avoid uploading abnormally.
Click ăAdd AP+ă,and the following screen will prompt.
The following table will introduce AP configuration items.
Table 6-26 AP Configuration
Items Description
AP MACAddress
The MAC address of AP. Please fill in theform of 00-18-7D-09-16-49.
AP GroupDefault Group: AP group is the defaultgroup.
Test Group: AP group is the test group.
AP Number AP number.
Location APâs geographic location
AP Name APâs name
Description APâs description
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 95/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.5.2 WLAN Groups
Click ăWLANă/ăWLAN Groupsă, and WLAN group configuration screen will
prompt.
Figure 6-39 WLAN Group Configuration
This screen displays the WLAN group.Click ăEdit Groupă,and modify WLAN
group information.Input new WLAN group name ,and click ăAddăto add new
group.
Click the default groupâsăEdit Groupă,and the following screen will prompt.
Click ăAddă,and WLAN configuration screen will prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 96/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce WLAN configuration.
Table 6-27 WLAN Configuration
Items Description
WLAN IDWLANâs ID number, which is generated
automatically.
WLAN GroupWLAN group which is generatedautomatically.
Security Mode
Open: Disable encryption mode.
WEP: Enable WEP encryption mode. To
enable WEP mode, you have to create a
WEP strategy in WLAN securityconfiguration.
802.11i: Enable 802.11i encryption mode.
To enable WEP mode, you have to create
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 97/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
a WEP strategy in WLAN security
configuration WAPI ïŒ Enable WAPI
encryption mode.
Security Policy
Select the SSID of security strategy
configured in WLAN securityconfiguration.
SSID WLANâs SSID.
SSID Mode
Broadcast: Broadcast WLANâs SSID, and
the user can search to the WLAN.
Hide: The user canât search to the WLAN.
Vlan ID VLANâs ID.
QoSEnabled: Enable QoS function to optimizequality of the network service.
Disabled: Disable QoS function.
Max number ofusers
The max number of users which is allowedto access.
MAC Filteringpolicy
OPENïŒSet no filtering strategy.
Whitelist: The MAC address of whitelist canaccess WLAN.
Blacklist: he MAC address of whitelist can
not access WLAN.
Flow control
AC supports three flow control modes.
Fixed flow
Guaranteed minimum flowBased on the number of users
Downlink SSID
FlowLimit/Guarantee
Configure downlink flow control based onSSID.
Downlink User
FlowLimit/Guarantee
Configure downlink flow control based on
users connected to the SSID.
Uplink SSID FlowLimit/Guarantee
Configure uplink flow control based onSSID.
Uplink User FlowLimit/Guarantee
Configure uplink flow control based onusers connected to the SSID.
Tunnel Mode
Local Forwarding.
Concentrated Forwarding: To use
concentrated forwarding fucntion, you
have to enable the tunnel modefirst.And the VLAN ID should not be
configured as 0.
EAP Auth Type Select EAP authentication type.
Auth Service
MAC
The MAC address of authentication
server.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 98/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.5.3 Time Policy Groups
Click ăWLANă/ăTime Policy Groupsă, and time policy group screen will
prompt.
Figure 6-40 Time Policy Group
Input the name of time policy group,and click ăAddăto add new entry.Select
a entry need to modify, click ăEdit groupă,and the following screen will
prompt.
Figure 6-41 Time Policy Group
The following table will introduce time policy group items.
Table 6-28 Time Policy Group
Items Description
Policy ID Policy ID.
Policy Name Name of the policy.
Policy Type
Day
WeekMonth
Year
All day ornot
Yes: Policy applys to every day.No: Please set start time and end time.
Start Time The time when policy takes effect.
End Time The time when policy lose effectiveness.
Week Select the week when the plocy take effect.
Month Select the month when the policy take effect.
Day Select the day when the policy take effect.
Operation Save: Save the time policy.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 99/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.5.4 AP Policy Apply
Click ăWLANă/ăAP Policy Applyă, and AP policy apply screen will prompt.
Figure 6-42AP AP Policy Apply
On this screen WLAN group can be associated with different limit policies.
6.5.5 WLAN-VLAN Association
Click ăWLANă/ăWLAN-VLAN Associationă, and WLAN-VLAN association
screen will prompt.
Figure 6-43 WLAN-VLAN Association
On this screen WLAN group can associate to relevant VLAN group.
6.6 Statistics
Statistics mainly includesăAP Informationă,ăAP Upgrateă,ăWireless
Interface Statisticsă,ăWireless Users Statisticsă,ăIntrusion Detection Statisticsă,
ăStatistica Report Cycleă. The function in detail will be introduced as follows.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 100/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.6.1 AP Information
Click ăStatisticsă/ăAP Informationă,and AP information screen will prompt.
Figure 6-44 AP List
The following table will introduce AP information configuration items.
Table 6-29 AP List
Items Description
AP ID APâs ID
MACAddress
APâs MAC address
IP Address APâs IP address
AP Group AP group
AP Name APâs name
FP NO. The RF number of AP
Online Time APâs online time Start Time The time AP starts up
Last 3 Join
TimeThe last three timeof APâs joining
Join Reason Reason of APâs joining.
Status
ALL: Display APâs status.
Configuration: Display APs in the configurationstatus.
Run: Display APs in the run status.
Idle: Display APs in the Idle status.
Details
Click ăDetailsă to show detail information ,
including AP basic information , wireless
configuration, software and hardwareconfiguration, and user information list.
Select the AP need to be set,and click ăLoad Balanceăto configurate load
balance.
Select the AP need to be set,click ăSecurity Modeă,and the following screen
will prompt.
Figure 6-45 AP Security Mode
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 101/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
There are three security modes to select, including 802.11i, WAPI, API&802.11i.
Select AP need to be set, click ăParameters of AP Online Scanningă,and the
following screen will prompt.
Figure 6-46 Parameters of AP Online Scanning
Table 6-30 Parameters of AP Online Scanning
Items Description
Radio ID Select the radio id need to be set.
ScanningChannel
11a: Select a channel like Full Channel,
149,153,157,161,165 to realize scanning.11b/g: Select a channel like Full Channel, 1-13
channels to realize scanning.
Scanning
Mode
Passive Scanning
Positive Scanning: The AP scans other APs
nearby positively.Stop Scanning: Stop scanning operation.
ScanningCycle
Cycle of scanning.The unit is second, and therange is from 0 to 65535.
Click ăRecovery Factory Setăto reset all the APs.
Click ăSystem Rebootă,and reboot the AP selected.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 102/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.6.2 AP Software Upgrade
Click ăStatisticsă/ăAP Software Upgradeă,and AP information screen will
prompt.
Figure 6-47 AP Software Upgrade
Click ăSoftware Upgrade Settingă,and the following screen will prompt.
Figure 6-48 Configuration of AP upgrading
The following table will introduce configuration of AP upgrading.
Table 6-31 Configuration of AP upgrading
Items Description
Retries whenit fails
The number of retry after upgrading fails
Numbers of
Simultaenous
AP
The number of APâthatupgradsat the same
time.
Time ofupgrading
timeout
The time for AP to update. If AP does notsuccessfully upgrade during this time, then the
upgrade fails
Click the button on the left of screen, and the following functions can be
realized.
Click ăUpgradingăto upgrade AP by software.
Click ăCancel upgrading softwareă,and cancel upgrading command like
APâs status is waiting for upgrade or is upgrading and so on.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 103/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Click ăUpgrade configured fileăto update AP by configured file.
Click ăUpgrade WAPI certificateăto update AP by WAPI certificate.
Click ăReboot APăto restart AP.
6.6.3 Wireless Radio Statistics
Click ăStatisticsă/ăWireless Radio Statisticsă,and wireless radio statistics
screen will prompt.
Figure 6-49 Wireless Radio Statistics
Click ăWireless Mode Configurationă,ăWireless Channel Configurationă,
ăWireless Power Configurationă,and the AP selected can be configurated
for wireless mode,channel or power. Please refer to 5.3.1 wireless settings
basic configuration and 5.3.3 wireless channel configuration to get
parameters introduction in detail.
6.6.4 Wireless User List
Click ăStatisticsă/ăWireless User Listă,and wireless user list screen will prompt.
Figure 6-50 Wireless User List
The following table will introduce wireless user list items.
Table 6-32 Wireless User List
Items Description
AP IP APâs IP address
AP MAC APâs MAC address
Access IP address of the access platform.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 104/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Platform IP
User MACAddress
MAC address of the user.
SSID WLAN SSID which is used
Session Id Session ID which is used
Tunnel Id The tunnelâs ID
Upline Time Online time
6.6.5 Intrusion Detection Statistics
Click ăStatisticsă/ăIntrusion Detection Statisticsă,and intrusion detection
statistics screen will prompt.
6.6.6 Cycle of Reporting AP Statistics
Click ăStatisticsă/ăCycle of Reporting AP Statisticsă,and cycle of reporting
AP statistics screen will prompt.
Figure 6-51 Cycle of Reporting AP Statistics
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 105/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.7 Rogue AP
Rogue AP mainly includesăRogue APă,ăPermitted BSSID Listă,ăPermitted
SSID Listă. The function in detail will be introduced as follows.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 106/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.7.1 Rogue AP
Click ăRogue APă/ăRogue APă,and rogue AP list screen will prompt.
Figure 6-52 Rogue AP List
Enable rogue AP scanning function, and configure the 5.2.5 AP background
scanning fucntion at the same time will realize the function of rogue APscanning.
The following table will introduce rogue AP configuration items.
Table 6-33 Rogue AP Configuration
Items Description
BSSID Rogue APâs BSSID
SSID Rogue APâs SSID
Radio ID Rogue APâs radio id
Channel Rogue APâs channel
SignalStrenth(dBm)
Rogue APâs signal strength
SNR Rogue APâs SNR
DataTransfer Rate
Rogue APâs transfer rate
MACAddress
The MAC address of scanning AP.
AP TypeDisplay the scanned AP type. Generally the APdisplayed is rouge AP.
6.7.2 Permitted BSSID List
Click ăRogue APă/ăPermitted BSSID Listă,and permitted BSSID list screen
will prompt.
Figure 6-53 Permitted BSSID List
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 107/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Choose a BSSID in the rogue AP list to add in permitted BSSID list, and the
corresponding rogue AP will be turned into the lawful AP.
6.7.3 Permitted SSID List
Click ăRogue APă/ăPermitted SSID Listă,and permitted SSID list screen willprompt.
Figure 6-54 Permitted SSID List
Choose a SSID of rogue AP to add in permitted SSID list, and the
corresponding rogue AP will be turned into the lawful AP.
6.8 LOG
Log mainly includesăOperation Logă,ăOperation Log Hold Timeă,ăAlarm
Logă,ăAP Logă,ăIntrusion Detection Logă. The function in detail will be
introduced as follows.
6.8.1 Operation Log
Click ăLOGă/ăOperation Logă,and operation log screen will prompt.
Figure 6-55 Operation Log Search
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 108/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
This screen can query user operation log,including User Login,WLAN,User
Quit,Group Policy,Basic Settings,AP Group List,Rogue AP.Select the operation
need to search in the ă Operation Typeă option. For example,select
userlogin ,click ăSearchă,and the following screen will prompt.
Figure 6-56 Operation Log Query Results
Click ăRemote Save +ă,and log will be uploaded to the FTP server specified.
Figure 6-57 Log Saving Remote FTP Server
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 109/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.8.2 Operation Log Hold Time
Click ăLOGă/ăOperation Log Hold Timeă,and operation log hold time
screen will prompt.
Operation log hold time can be set on this screen,and the unit is day.
6.8.3 Alarm Log
Click ăLOGă/ăAlarm Logă,and alarm log screen will prompt.
Figure 6-58 Alarm Log
Click ăDownloadăand log can be saved to the location.
6.8.4 AP Log
Click ăLOGă/ăAP Logă,and AP log screen will prompt.
Figure 6-59 AP Log
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 110/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Enable SYSLOG switch,and SYSLOG server can be configured.
6.8.5 Intrusion Detection Log
Click ăLOGă/ăIntrusion Detection Logă,and intrusion detection log screen will
prompt.
Figure 6-60 Intrusion Detection Log