ACT Mod 2 Altai AP Basic Config v3.1 20200911

ALTAI Certification Training
___________________________________________________________________________
Module 2: Altai Access Point Basic Configuration
Version 3.0
Sep, 2020
Training Contents
• Power Up Your AP Device

• Initial Access to AP Web UI
• Configure IP Address of Access Point: (i) By Static IP & (ii) By DHCP
• Secondary IP Address
• Network Mode: Switch vs Gateway
• Radio Mode: AP, Station, Repeater & Bridge
• Configure AP Mode
• Configure Station Mode
• Configure Repeater Mode
• Configure Bridge Mode
• Enable VLAN Configuration
• Configure Gateway Mode and Relevant Features (PPPoE Client, WAN/LAN Assignment, NAT, DHCP Server)
• Update Admin Password
POWER UP YOUR AP DEVICE
Power Options
A8n(ac) AX500 A2(ac) C1n/

A3Ei CX200 IX500 A3c/A3w C2s VX200
Series Series Series C1an
* * *
802.3af PoE
802.3at PoE
Power
Supply # #
Passive PoE 56V 54V 56V 56V 54V 56V 24V 18V
12-24V via
12V via 12-24V via
DC Input Terminal
DC Jack DC Jack
Block
Max. Power Consumption 65W 20W 25W 20W 11.7W 12W 25W 12W 8W 12W
* Applicable when “Power Save Mode” is enabled.

# No PoE injector to be available for the AP.
4
Power Up Your AP Device via PoE Standards (Active PoE)
AP (PD)
802.3af/at-Compatible PoE Switch
(PSE)
ETH0 (PoE IN)
TERMINOLOGY:
PoE: Power Over Ethernet

PSE: Power Sourcing Equipment
PD: Powered Device
802.3af: also called PoE, supports a maximum of 15.4W delivered by PSE
802.3at: also called PoE+, supports a maximum of 30W delivered by PSE
Active PoE: Allows PSE and PD to negotiate how much voltage (power) is required, e.g. 802.3af, 802.3at
Passive PoE: Delivers power immediately to PD at fixed voltage without negotiation, e.g. Passive PoE injector
5
Power Up Your AP Device via Passive PoE
Types of Passive PoE:

1. AC Power Source (110-240V)
AP (PD)
DATA & Power
Out / PoE
DC Jack
PoE Injector
IEC C13
Connector
ETH0 (PoE IN)
Applicable to A8n(ac) Applicable to
Series, AX500 Series, C2s/C1n/C1an
A3Ei/A3c/A3w, A2(ac)
Series, and CX200
DATA IN / 2. DC Power Source (-48V)

LAN Applicable to A8n(ac) Series, A3Ei/A3c/A3w, and
A2(ac) Series
Positive: 0V
Negative: -48V
6
Power Up Your AP Device via DC Input
ETH0
DC Jack
V-
ETH0
V+ DC Terminal
Block
7
INITIAL ACCESS TO AP WEB UI
Change TCP/IP Setting on Your Computer
IP Address Any address in the subnet 192.168.1.x, except 192.168.1.222 and 192.168.1.255
Example: 192.168.1.2
Subnet Mask 255.255.255.0
Default Gateway/Router Leave it blank
DNS Leave it blank
9
Access AP Web UI
Procedures:
1. Open a web browser.
2. Type 192.168.1.222 in the address bar.
3. Enter the default credentials as below:
Username: admin
Password: admin
4. Click “Login” button.
10
Menu Tabs & Frequently-Used Function Buttons/Shortcuts
2. Reboot AP 3. Logout
4. Firmware Version
1. Menu Tabs
5. Uptime
6. Unsaved Changes 7. Save & Apply
8. Download Logs
9. Submit
1. Menu Tabs: Each tab corresponds to an individual content page for 6. Unsaved Changes: Review all configuration changes that have been
various AP functions. e.g. monitoring, configuration, administration, submitted but not yet applied. You can discard the changes if needed.
troubleshooting tools, and AP device information.
7. Save & Apply: Apply the previously submitted configurations to the AP
2. Reboot AP: Reboot the AP manually
8. Download Logs: Retrieve ALL logs such as syslog, wifi log and event log
3. Logout the current session in a single package file
4. Current Firmware Version 9. Submit: Temporarily store the configurations made on a single
configuration page. The configurations is not yet applied to the AP until
5. Current Uptime
you click “Save & Apply”
CONFIGURE IP ADDRESS OF ACCESS POINT
Option 1: Static IP Settings
Network Scenario:
PC
IP: 192.168.100.2/24
AP L2 SW Gateway
IP: 192.168.100.30/24 IP: 192.168.100.1/24
Procedures:
1. Go to Configuration > Network > General > WAN Setting

(IPv4).
2. Select “Static” as the Internet Connection Type.
3. Specify the desired IPv4 Address, IPv4 Subnet Mask, and

Default Gateway.
4. (Optional) Specify the IPv4 DNS Server IP Address, e.g.

8.8.8.8
5. Click “Submit” button.
6. Click Save and Apply to apply all configurations.

13
Verification
• Now you can change your computer’s IP to 192.168.100.100 with subnet mask 255.255.255.0. You should be able to use the new IP address to access
the AP. Go to Status > Overview > Network. It should show the new IP address settings.
14
Option 2: DHCP Client Settings
Network Scenario:
DHCP Server
AP
IP: 192.168.100.x/24
x from .30 to .40
L2 SW
Gateway
PC: IP: 192.168.100.1/24
IP: 192.168.100.2/24
Procedures:
1. Go to Configuration > Network > General > WAN

Setting (IPv4).
2. Select “DHCP” as the Internet Connection Type so that

your AP will request an IP from your DHCP server.
3. (Optional) Select whether or not to enable DNS Auto

NOTE:
Update from your DHCP server.
For DHCP case, we may not know what the exact IP address the AP
obtains, unless we go to the DHCP server to look up the IP lease table. Since
5. Click Save and Apply to apply all configurations. the IP is unknown, we have to use a secondary IP to access AP instead.
Verification By Secondary IP Address
Network Scenario:
AP PC
IP: 192.168.99.x/24 IP: 192.168.99.2/24
L2 SW
Procedures:
1. Configure your PC’s IP address to

192.168.99.2 and subnet mask to
255.255.255.0.
2. Connect your PC with target AP in Layer 2

environment, i.e. via a L2 switch.
3. Access your target AP with its secondary IP

address: 192.168.99.x/24 where x denotes the
decimal value of the last byte of the Ethernet
MAC address of the access point. EXAMPLE:
4. Go to Status > Overview > Network. It should In our case, the AP’s Ethernet MAC address is 00:19:be:a3:09:20. The last byte is 20 (HEX). Convert it
show Success to obtain an IP address from into a decimal value, which is 32. Therefore the secondary IP of this AP is 192.168.99.32.
16 the DHCP server.

Secondary IP Address
Exceptions:
Some of the IP addresses are invalid or reserved for particular purposes. If the last byte of MAC address is 00/01/02/03/04/FF, we shall follow a specific
MAC-to-IP-address mapping according to the table below.
Ethernet MAC Address Reserved Purpose Last MAC Byte Replaced By Secondary IP Address
XX:XX:XX:XX:XX:00 Invalid IP A0 192.168.99.160
XX:XX:XX:XX:XX:01 For gateway A1 192.168.99.161
XX:XX:XX:XX:XX:02 For operator computer A2 192.168.99.162
XX:XX:XX:XX:XX:FF Invalid IP AF 192.168.99.175
17
NETWORK MODE: SWITCH VS GATEWAY
Network Mode: Switch Mode vs Gateway Mode
Network Interfaces:
• Ethernet, i.e. Eth0, Eth1
• 2.4G (Radio0)
➢ WLAN0 – WLAN15
• 5G (Radio 1)
➢ WLAN0 – WLAN15
Switch Mode: Gateway Mode:

• As a layer 2 switch to forward data packets from one network • As a layer 3 device, like a home router, to separate interfaces into
interface to another. TWO different networks or subnets, namely WAN and LAN.
• All the interfaces belong to the same network segment and • There are TWO IP addresses, each for WAN and LAN interfaces
broadcast domain. respectively for AP management purposes.
• There is only ONE IP address from that single network segment for • Support DHCP server and NAT to handle outbound traffic (from
AP management purposes. LAN to WAN), and Port Forwarding to handle inbound traffic.
• Suitable for the scenario where you want to extend the network • Suitable for the scenario where you want to separate your trusted
segment from Ethernet to wireless side or vice versa so that clients network from an untrusted one so that the hosts on both sides
can acquire the core network resources directly across a flat cannot communicate to each other via Layer 2 directly, e.g. a
layer 2 network, e.g. DHCP, where IP can be retained when single AP, used as a home/office router, with WAN interface
clients roam from one AP to another. connected to the Internet (untrusted network), and LAN
19 interfaces to the office/home network (trusted network).
Network Mode: Switch Mode vs Gateway Mode
Network Scenario:
LAN LAN
IP: 192.168.10.10 Public IP
VLAN 10: 192.168.10.1 WAN IP: Public IP

VLAN 20: 192.168.20.1 Internet LAN IP: 192.168.98.1
(WAN)
IP: 192.168.20.10
L2
Gateway IP: 192.168.98.10
IP: 192.168.10.11
AP in SWITCH mode AP in GATEWAY mode
20
Switch Mode
• By default, the AP device is running on

Switch Mode.
• To change the setting, see the procedures

below.
Procedures:
1. Go to Configuration > Network > General >

Network Setting.
2. Select “Switch Mode” as Network Setting.
4. Click Save and Apply to apply all

configurations.
NOTE:
DHCP and Port Forward features are NOT

applicable to Switch Mode.
21
Gateway Mode
• To change the setting, see the procedures

below.
• Gateway features such as WAN/LAN IP

Settings, Interface Assignment, NAT and
DHCP Server will be discussed later.
Procedures:

WAN Setting (IPv4).
2. Select “Gateway Mode” as Network Setting.
4. Click Save and Apply to apply all

configurations.
NOTE:
VLAN is applicable to WAN interface ONLY.
22
RADIO MODE: AP, STATION, REPEATER & BRIDGE
AP Mode
• Advertises SSIDs so that the wireless clients are able to see it and to join the network.
• Available on 2.4G and 5G radios.
AP Mode SSID 1 for User Group 1 (2.4G/5G)
SSID 2 for User Group 2 (2.4G/5G)
User Group 1 User Group 2
LAN
24
Station Mode
• Works as a CPE (Customer Premises Equipment) to connect with a remote AP for WDS (Wireless Distribution System) bridge.
• Compared to AP mode, it does not advertise any SSID, but search a target SSID for connection instead.
• By using the AP-STA pair, we can bring two wired networks together. In general, the Station/CPE mode should be used on the remote network (client
side) and the AP mode on the local network (server side) for the sake of network access control and management.
• Available on 2.4G and 5G radios.
SSID 1 for Subscriber Group 1 (2.4G/5G)
3 x A3Ei SSID 2 for Subscriber Group 2 (2.4G/5G)

Remote AP
C1an C1n
Station Mode Station Mode
C1n C1an
Station Mode Station Mode
LAN
25
Repeater Mode
• Works as a relay station to pass data traffic between a remote AP and wireless clients.
• It is a mix of AP and Station modes. On one hand, it runs on Station mode to connect to the remote AP for wireless backhaul. On the other hand, it
runs on AP mode to advertise SSIDs to provide WiFi access to the end devices. Therefore, it is commonly used for coverage extension purpose while
wired backhaul is not available at sites.
• Due to the fact that WiFi, based on the 802.11 standards, is a half-duplex access medium by nature, the radio is not able to send/receive data
packets with AP and end devices at the same time. Put it in other words, the Repeater will use a double of time to process a data stream when
compared to other radio modes, i.e. AP, Station and Bridge. Therefore, the actual throughput is usually lower.
• Available on 2.4G and 5G radios

A8n
Remote AP
SSID 3 for Backhaul (2.4G)
C2s
SSID 1 for User Group 1 (2.4G/5G)
Repeater Mode in 2.4G
SSID 2 for User Group 2 (2.4G/5G) AP Mode in 5G
User Group 1 User Group 2

LAN
26
Bridge Mode
• Also called static bridge or MAC bridge, enables two devices to connect together over the air for layer 2 network (LAN) extension.
• Same as AP-STA pair, it forms a WDS which makes the bridge transparent to any layer 2 communication between the two Ethernet segments.
• The only difference is that a static bridge can be used for Point-to-Point (P2P) link only while an AP-STA bridge can be deployed on Point-to-
Multipoint (P2MP) configuration. Since the bridge setup requires the peer’s MAC, it is regarded as static bridge instead of dynamic, meaning that the
device does not pair with other devices under any circumstances.
• Available on 5G radio only.
Local A2 Remote A2
Bridge Mode Bridge Mode
LAN LAN
5G Static Bridge Link
27
CONFIGURE AP MODE
Demo: Network Scenario for AP Mode
Legend RADIUS Server

IP: 192.168.10.100
Altai Guest AP RADIUS Client: 192.168.100.30
Switch Mode RADIUS Secret: altairadius123
Altai Staff IP: 192.168.100.30/24 GW
GW: 192.168.100.1
IP: 192.168.10.1
Internet
Wireless Clients
DHCP: 192.168.100.100 – .200 GW
GW: 192.168.100.1 IP: 192.168.100.1/24
DHCP Server Enabled
AP Configuration Summary
WLAN0 WLAN1
SSID Name Altai Guest Altai Staff
WPA2-Enterprise (RADIUS)
WPA2-Personal (PSK)
Authentication • Server: 192.168.10.100
• Passphrase: altaiPSK123
• Secret: altairadius123
AP Management Disabled Full Access
Bandwidth Control 5 Mbps/User 10 Mbps/User
29
Step 1: Scan Channels to Select the Best Channels
Channel Scan is performed in order to choose the good channel(s) for WLAN operation. The key consideration to choose a good channel is to find one
which has relatively low busy %, low noise floor, and low No. of AP. For 2.4 GHz channel, try to select one in combination of channels 1,6 and 11, or
channels 2, 7, 12, or channels 3, 8, 13 for static channel operation. Or alternatively, choose the entire combination (3 channels together) for AP auto
channel switching.
Procedures:
1. Go to Tools > Channel Scan >

Radio0(2.4G)/Radio1(5G).
2. Click “Start Scan” button. Wait for a

moment for the AP to scan the channels.
3. Find the cleanest channel(s) and take

note of it for channel configuration in
later steps. In this case (2.4 GHz Radio),
we take into consideration channels 3, 8
and 13 for AP auto channel switching.
NOTE:
To get radio scanning to work, make sure the

30
radio is enabled first.
Step 2: Configure Radio settings
Procedures:
1. Go to Configuration > Wireless > Radio0(2.4G)/Radio1(5G) >

General.
2. Enable the Radio.
3. Select “AP” as the Radio Mode.
4. Select an appropriate wireless mode. For 2.4G, “802.11ng HT20”

is recommended. For 5G, “802.11ac HT20”, “802.11ac HT40+/-”
are recommended but “802.11ac HT80” is still acceptable
depending on channel planning and site conditions.
5. Select an appropriate channel(s) based on the channel scan

results in Step 1. In our case, “Auto channel” is selected with
channels 3, 8 and 13 checked.
6. Set Transmit Power to your desired level.
7. Enable User Isolation in different WLAN (SSID) to avoid direct L2

communication between staff and guest through AP.

31
Step 3-1: Configure WLAN Settings for Guest SSID
Procedures:
1. Go to Configuration > Wireless >

Radio0(2.4G)/Radio1(5G) > WLAN.
2. Enable the first WLAN, i.e. WLAN 0.
3. Specify the SSID Name. In this scenario it is

“Altai Guest”.
4. Select your desired Authentication Mode. In

this scenario, we select “WPA2-Personal”.
5. Specify the Pass Phrase for SSID association.

NOTE:
6. In the Station Uplink/Downlink Control fields,
specify the bandwidth limit to be 5000 (Kbps) The field for WLAN Uplink/Downlink Control is
for both Uplink and Downlink. to limit bandwidth for the entire WLAN traffic.
8. Click More… to continue.
32
Step 3-1: Configure WLAN Settings for Guest SSID
Procedures:
9. Select an appropriate Access Traffic Right

for the SSID. In this scenario, the AP
management is disabled for guest SSID.
11. Click “Back to WLAN List” button to

continue configuration for another SSID for
staff.
33
Step 3-2: Configure WLAN Settings for Staff SSID
Procedures:
1. Clink More… on the second row (i.e. WLAN 1)

to continue.
34
Procedures:
2. Enable the WLAN.
3. Specify the SSID Name, in this scenario it is

“Altai Staff”
4. Select an appropriate Access Traffic Right.

In this scenario, we select “Full Access” for
staff SSID.
35
Procedures:
6. Select “WLAN Security” tab.
7. Select your desired

Authentication Mode. In this
scenario, we select “WPA2
Enterprise”.
8. Specify the RADIUS Server IP

address and secret
accordingly.
36
Procedures:
10. In the Station Uplink/Downlink Control

fields, specify the bandwidth limit to be
10000 (Kbps) for both Uplink and
Downlink.
12. Click Save and Apply.
NOTE:
The field for WLAN Uplink/Downlink Control is

to limit bandwidth for the entire WLAN traffic.
37
Verification
Get 2 clients to connect to the SSIDs “Altai Guest” and “Altai Staff” respectively, and go through the checklist below.
✓ Check if the clients are successfully authenticated and connected
✓ Check if the clients successfully acquire IP addresses from your DHCP server
✓ Check if the clients successfully access to the Internet
✓ Check if the guest client’s speed is limited to 5 Mbps, and staff client’s to 10Mbps
✓ Check if the access right is granted to staff client only
38
Verification
Go to Status > Radio0(2.4G)/Radio1(5G) > Association List > Station List.
The first digit refers to the WLAN

TX: Downlink (from AP to client)
ID and the second digit refers to
RX: Uplink (from client to AP)
Station ID
39
CONFIGURE STATION MODE
Demo: Network Scenario for Station Mode

Remote AP
IP: 192.168.10.100
Altai Guest Switch Mode
RADIUS Client: 192.168.100.30
IP: 192.168.100.30/24
RADIUS Secret: altairadius123
Altai Staff GW: 192.168.100.1
GW
Station IP: 192.168.10.1
Switch Mode
IP: 192.168.100.40/24
GW: 192.168.100.1
Internet
GW
PC IP: 192.168.100.1/24
DHCP: 192.168.100.100 - .200 DHCP Server Enabled
GW: 192.168.100.1
Station Configuration Summary

WLAN0 (1st Association) WLAN0 (2nd Association)
SSID Name Altai Guest Altai Staff
WPA2-Enterprise (RADIUS)
WPA2-Personal (PSK)
Authentication • PEAP-MSCHAPv2
• Username/Password
41
Distance Setting
For a Point to Pont (P2P) or a Point to Multi-Points (P2MP) networks, if the link distance exceeds 2km, you SHOULD set a proper value for the distance
parameter on ALL the devices with the following rules.
1. The distance value is in kilometers (km).
2. The default value is 2km. If the actual distance between the two devices are less than 2 km, just leave it as default.
3. The distance value SHOULD be rounded up to the nearest integer. For example, if the actual distance is 4.3 km, we should set the distance
to 5 km.
4. For a P2MP configuration, the distance between the AP and the stations may be different from each other. In this case, the distance value of
ALL the devices in the P2MP group, including the AP and Stations, MUST be set to the largest one. An example scenario
is shown below. We should set the distance to 4 km for ALL of them even though the actual distance is shorter for some of the links.
A2e Station 1
1 km
A2e Station 2
2 km
A2e Station 3
4 km
A8-Ein(ac) AP
42
Step 1: Configure Distance for AP
NOTE:
For AP Radio and WLAN settings, refer to Section Configure AP

Mode.
Procedures:
1. Go to Configuration > Wireless > Radio0(2.4G)/Radio1(5G)

> Advanced.
2. Set the desired distance value.
43
Step 2: Configure Radio Settings for STA
Procedures:

Radio0(2.4G)/Radio1(5G) > General.
3. Select “Station” as the Radio Mode.
44
Step 3-1: Configure STA WLAN Settings for Guest SSID Association
Procedures:
1. Select “Station” tab.
3. Click “[Scan]”.
45
Procedures:
4. A scan result is displayed to show what

available SSIDs around. Find and select
the target SSID for the Station device to
associate. You can choose up to three but
of the same SSID name for connection. In
our case, we choose “Altai Guest” SSID. If
there is no desired SSID found on the list,
you can try to click “Refresh” button to
perform scanning again.
5. Click “Select” button.
46
Procedures:
6. The fields Remote SSID and

Preferred AP0/AP1/AP2 MAC will
be automatically filled out for
you based on your selection from
the scan result.
47
Procedures:
7. Go to WLAN Security tab.
8. Select the desired Authentication

Mode. In our case, we select
“WPA2-Personal” to associate
with Guest SSID.
9. Specify the correct Pass Phrase

which should be the same as
what is configured on the AP
end.
48
Step 3-2: Configure STA WLAN Settings for Staff SSID Association
Procedures:
1. Select “Station” tab.
3. Click “[Scan]”.
49
Procedures:
4. A scan result is displayed to show what

available SSIDs around. Find and select
the target SSID for the Station device to
associate. You can choose up to three but
of the same SSID name for connection. In
our case, we choose “Altai Staff” SSID. If
there is no desired SSID found on the list,
you can try to click “Refresh” button to
perform scanning again.
5. Click “Select” button.
50
Procedures:
6. The fields Remote SSID and

Preferred AP0/AP1/AP2 MAC will
be automatically filled out for
you based on your selection from
the scan result.
51
Procedures:
8. Select the desired

Authentication Mode and EAP
Method. In our case, we select
“WPA2-Enterprise” and “PEAP-
MSCHAPv2” to associate with
Staff SSID.
9. Enter your account credentials:

Username and Password for
RADIUS server to verify your
identity.
52
Step 4: Configure Distance for Station
Procedures:

Radio0(2.4G)/Radio1(5G) > Advanced.
2. Set the desired distance value.
53
Verification
Get a PC to connect with the Station via Ethernet cable. Go through the checklist below for the cases where the Station is associating to the SSIDs “Altai
Guest” and “Altai Staff” respectively.
✓ Check if the Station are successfully authenticated and connected
✓ Check if the PC successfully acquire IP addresses from your DHCP server
✓ Check if the PC successfully is able to access to the Internet
✓ Check if the AP’s access right is NOT granted to the PC which is using guest connection via the station device.
54
Verification (Guest SSID Association)
Check Connection Status from AP End:
Go to Status > Radio0(2.4G)/Radio1(5G) >

Association List > Station List.
Check Connection Status from Station End:

Connection Info > AP Info.
55
Check Connection Speed:
Go to AP: Status > Radio0(2.4G)/Radio1(5G) >

Association List > Station List. Click icon.
Check Internet Access:
Go to Station: Tools > Diagnosis > Ping. Enter

the target host in the Internet, e.g. 8.8.8.8, or
google.com. Then click “Start” button.
Note: Be reminded to have DNS setting

configured for the Station so that it can get
the DNS server to help resolve the domain
name to IP address.
56
Check Access Right to AP:
Connect a computer to Station via Ethernet and you should found the AP inaccessible via Web UI (HTTP/HTTPS) or SSH.
57
Verification (Staff SSID Association)

Check Connection Status from Station End:

58
Check Connection Speed:
Go to AP: Status > Radio0(2.4G)/Radio1(5G) >

Association List > Station List. Click icon.
Check Internet Access:
Go to Station: Tools > Diagnosis > Ping. Enter

the target host in the Internet, e.g. 8.8.8.8, or
google.com. Then click “Start” button.
Note: Be reminded to have DNS setting

configured for the Station so that it can get
the DNS server to help resolve the domain
name to IP address.
59
Check Access Right to AP:
Connect a computer to Station via Ethernet and you should be able to access AP via Web UI (HTTP/HTTPS) or SSH.
60
CONFIGURE REPEATER MODE
Demo: Network Scenario for Repeater Mode

Remote AP
IP: 192.168.10.100
Altai Guest Switch Mode
IP: 192.168.100.30/24
Altai Staff GW: 192.168.100.1
GW RADIUS Secret: altairadius123
Altai Backhaul IP: 192.168.10.1
Repeater
Switch Mode Internet
IP: 192.168.100.40/24
GW: 192.168.100.1
GW
IP: 192.168.100.1/24
Wireless Client DHCP Server Enabled
DHCP: 192.168.100.100 - .200
GW: 192.168.100.1
Remote AP Configuration Summary Repeater Configuration Summary

WLAN2 WLAN0 WLAN1 WLAN9 (Association)
Altai Backhaul SSID Name Altai Guest Altai Staff Altai Backhaul
SSID Name
(hidden)
WPA2-Enterprise (RADIUS) WPA2-Personal
WPA2-Personal (PSK)
WPA2-Personal (PSK) Authentication • Server: 192.168.10.100 • Passphrase:
Authentication • Passphrase: • Secret: altairadius123 altaiLINK123
altaiLINK123
AP Management Disabled Full Access ---
AP Management Full
Bandwidth
5 Mbps/User 10 Mbps/User No Limit
Bandwidth Control No Limit Control
62
Step 1: Configure Backhaul SSID for AP
NOTE:
For AP Radio and WLAN settings, refer to

Section Configure AP Mode. Be reminded to
enable “Hide SSID” for the backhaul SSID
because it is not expected to be seen by any
ordinary clients.
63
Step 2: Configure Radio Settings for Repeater
Procedures:

Radio0(2.4G)/Radio1(5G) > General.
3. Select “Repeater” as the Radio Mode.
5. Enable User Isolation in different WLAN

(SSID) to avoid direct L2 communication
between staff and guest through the
repeater.
64
Step 3: Configure Station Settings for Repeater
Procedures:
1. Select WLAN tab.
2. In the Station Configuration section, there

is ONLY one entry for station interface, i.e.
WLAN9. click More… to continue.
65
Procedures: Repeater
3. Fill out the target Remote SSID. In our scenario,
it is Altai Backhaul.
Note: Hidden SSID cannot be scanned out by

the tool provided here, so manual input is
required.
4. (Option) Enter the Preferred AP MAC if

necessary.
Note: Each SSID has its own BSSID (MAC

Address) on AP end. To confirm the MAC
address, go to the remote AP: Status > Remote AP
Radio0(2.4G)/Radio1(5G) > Association List >
WLAN
66
Procedures:
7. Select the desired Authentication Mode. In

our case, we select “WPA2-Personal” to
associate with Backhaul SSID.
8. Specify the correct Pass Phrase which

should be the same as what is configured
on the AP end.
10. Click “Back to Station List” to continue

configuring the AP interfaces for repeater.
67
Step 4: Configure AP Settings for Repeater
Procedures:
1. Follow the same procedures as what we
did in the section Configure AP Mode Step
3-1 and Step 3-2 for configuration of Guest
and Staff SSIDs.
68
Verification (Backhaul Status)

Check Connection Status from Repeater End:

69
Verification (Client Association)
Get 2 clients to connect to the SSIDs “Altai Guest” and “Altai Staff” via Repeater respectively, and go through the checklist below.
✓ Check if the access right to Repeater is granted to staff client only
70
Check from the Repeater End, and go to Status > Radio0(2.4G)/Radio1(5G) > Association List > Station List.
The first digit refers to the WLAN

TX: Downlink (from AP to client)
ID and the second digit refers to
RX: Uplink (from client to AP)
Station ID
71
CONFIGURE BRIDGE MODE
Demo: Network Scenario for Bridge Mode
Remote Bridge Local Bridge

RADIUS Server
Switch Mode Switch Mode
IP: 192.168.10.100
IP: 192.168.100.50/24 IP: 192.168.100.30/24
GW: 192.168.100.1 GW: 192.168.100.1
GW
IP: 192.168.10.1
Internet
Legend Wireless Client
DHCP: 192.168.100.100 - .200 GW
Altai Guest GW: 192.168.100.1 IP: 192.168.100.1/24
Altai Staff DHCP Server Enabled
5G Static Bridge
Local Bridge/Remote Bridge 5G Configuration Summary Remote Bridge 2.4G Configuration Summary
Wireless Mode Same for both WLAN0 WLAN1
Channel Same for both SSID Name Altai Guest Altai Staff
Remote MAC Address Remote 5G MAC WPA2-Enterprise (RADIUS)
WPA2-Personal (PSK)
Authentication • Server: 192.168.10.100
Cipher Mode AES • Passphrase: altaiPSK123
• Secret: altairadius123
AP Management Disabled Full Access
Bandwidth Control 5 Mbps/User 10 Mbps/User
73
Step 1: Scan Channels to Select the Best Channels
Channel Scan is performed in order to choose the good channel(s) for WLAN operation. The key consideration to choose a good channel is to find one
which has relatively low busy %, low noise floor, and low No. of AP.
Procedures:
1. Go to Tools > Channel Scan >

Radio1(5G).
2. Click “Start Scan” button on both local

and remote bridge peers. Wait for a
moment for the device to scan the
channels.
3. Find the cleanest channel(s) out of the

two devices and take note of it for
channel configuration in later steps. In
our case, we consider channels 157 + 161
running in HT40 for the bridge operation.
NOTE:
NOTE:
It is NOT recommended to use DFS channels for bridge mode operation because everything in
To get radio scanning to work, make sure the bridge mode is static including operation channel and wireless mode. In case of radar signal
radio
74
is enabled first. detection, the bridge will not switch to other channels to continue its operation.
Step 2: Take Note of 5G MAC Addresses of Local Bridge and Remote Bridge
The Bridge mode basically sets a Point-to-Point connection between two devices using their 5G MAC address for mutual authentication.
Procedures:
1. Go to Status > Radio1(5G) > Status >

Radio Setting.
2. Take a note of the MAC address of the

device. Do this to both of the Local
Bridge and the Remote Bridge. The MAC
address will be used in later steps.
75
Step 3: Configure Radio Settings for Bridge
Procedures:
1. Go to Configuration > Wireless > Radio1(5G) >

General.
2. Select “Bridge” as the Radio Mode.
3. Select an appropriate Country Code, which

limits the channel pool and maximum Transmit
Power to use.
4. Select the desired Wireless Mode. The wireless

mode is selected based on the required
throughput versus the available channels to
use by channel scan result in Step 1. In our
case, “802.11ac HT40-” is selected.
5. Select the cleanest Channel based on the NOTE:

channel scan result in Step 1. In our case,
The setting procedures no. 2 – 5 have to be the same in both the Local AP and Remote AP. Please
“Channels 161 + 157” are selected.
take note of the settings in order to setup the bridge appropriately.
7.
76 Click “Submit” button.
Step 4: Configure Remote Bridge 5G MAC Information
Procedures:
1. Go to Static Bridge tab.
2. Enter the Remote AP 5GHz MAC Address.

The format should be aa:bb:cc:dd:ee:ff
77
Step 5: Configure AES Encryption
Procedures:
1. Go to Bridge Security tab.
2. Select “AES” as Cipher Mode.
3. Enter a string of 32 HEX characters long (128

bit) as Pass Phrase, e.g.
0123456789abcdef0123456789abcdef
5. Click “Back to Static Bridge Setting” button.
78
Step 6: Configure Distance
Procedures:
1. Go to Configuration > Wireless > Radio1(5G)

> Advanced.
2. Set the desired Distance value, e.g. 4 in our

example. See slide 42 for the instructions on
how to set an appropriate value for
distance.
NOTE:
The distance value has to be the same in both

the Local AP and Remote AP.
79
Verification
Here is the checklist to evaluate bridge connection status.
✓ Check if the bridge peers are successfully connected
✓ Check if you can access the remote bridge peer from the local-end network
To test network access over the bridge, get 2 clients to connect to the SSIDs “Altai Guest” and “Altai Staff” respectively, and go through the checklist
below.
✓ Check if the access right to remote bridge is granted to staff client only
80
Verification (Bridge Status)
Check Connection Status from both Local

Bridge and Remote Bridge:
Go to Status > Radio1(5G) > Connection Info >

Bridge Remote Info.
81
Enable VLAN Configuration
Introduction to VLAN
• VLAN (Virtual Local Area Network) is a Layer 2 feature that allows you to logically divide a LAN into multiple subnets such that downstream hosts are
separated into distinct broadcast domains.
• Only those which belong to the same VLAN (same broadcast domain) can directly communicate to each other.
• To achieve the purpose of logical network segmentation, we can assign different VLAN ID tags (based on 802.1Q) to the Ethernet frame headers for
identifying different network traffic. AP and other neighboring layer 2 devices will look at the VLAN ID tags and have corresponding packet
processing and switching, so as to keep different VLAN traffic isolated from each other while sharing the same physical connection environment.
• There are two VLAN modes for interface operation: 1) Access mode; 2) Trunk mode
83
CONFIGURE VLAN FOR AP MODE
Demo: Network Scenario for AP Mode
AP
SSID-VLAN Mapping Switch Mode RADIUS Server
Mgmt IP: 192.168.100.30/24 IP: 192.168.10.100
WLAN VLAN Mgmt VLAN: 100 RADIUS Client: 192.168.100.30
GW: 192.168.100.1 RADIUS Secret: altairadius123
Altai Staff VLAN 150 (Service) GW
Altai Guest VLAN 160 (Service) VLAN 10: 192.168.10.1
Trunk
(VLAN 100, 150, 160) Internet
Wireless Clients GW
Staff: 192.168.150.2 – .254 VLAN 100: 192.168.100.1/24
Guest: 192.168.160.2 – .254 VLAN 150: 192.168.150.1/24
VLAN 160: 192.168.160.1/24
DHCP Server Enabled on VLAN 150 & 160
VLAN Configuration Summary
Interface Ethernet WLAN0 (Altai Guest) WLAN1 (Altai Staff)
Trunk (VLAN 1, 100, 150, 160); OR
VLAN Type Access VLAN 160 Access VLAN 150
Trunk ALL
Remark:
1. VLAN 100 is Management VLAN. In such case, Guest or Staff clients cannot access AP directly unless inter-VLAN routing is enabled at the gateway.
2. To allow various VLAN traffic to pass through between the AP and the neighboring switch or gateway, the counterpart of the switch or gateway
should be configured to be running in “Trunk” mode allowing VLAN 100, 150 and 160 as well.
3. VLAN 10 and VLAN 100 are inter-reachable by gateway configuration so that the AP can communicate with the RADIUS server for Staff auth.
85 VLAN 1 serves as Native VLAN.
4.
Step 1: Enable VLAN Feature
Procedures:
1. Go to Configuration > Network > VLAN.
2. Enable VLAN.
86
Step 2: Add New VLAN Profiles
Procedures:
1. Click “Add VLAN” button in the VLAN

Profiles section.
2. Specified the VLAN ID to be added, i.e. 100,

which is used for management purpose.
4. Repeat steps 1-3 above to add other VLAN

profiles, i.e. VLAN 150 and VLAN 160.
NOTE:
The fields IPv4 Address and IPv4 Subnet Mask

can be left as is. The system will update it once
we confirm the management VLAN in later
steps.
87
Step 3: Select Management VLAN
Procedures:
1. Select one of the VLAN IDs as Management

VLAN. In our case, VLAN 100 is selected as
Management VLAN.
NOTE:
The IP address of the selected Management

VLAN should be updated accordingly so that
the TCP/IP access to the device is permitted
via management VLAN ONLY.
88
Step 4: Configure Trunk Mode for Backhaul Interfaces
Procedures:
1. In our case, the Ethernet interface is used

for backhaul, which is to carry multiple
VLAN traffic, so we should set Trunk mode
for it. By default it is on Trunk mode allowing
ALL VLANs, so this step can be skipped for
our case.
2. Or alternatively, set it to allow particular

VLANs to pass through. To do so, click Edit.
89
NOTE:
PVID: Port VLAN ID, which is the default VLAN specifically assigned for untagged frames (Native VLAN) which is received at the trunk interface for AP
operation.
By default, PVID is set to VLAN 1, as it is the most common setting as native VLAN for all the other network nodes.
Default VLAN Tagging: Used with “PVID”. If selected, AP will add the tag of PVID to those untagged frames leaving the interface. By default, the box is
unchecked. Thus, the frames which are of PVID will be untagged when they leave the trunk interface.
Trunk Interface PVID = 1
Incoming
VLAN VLAN VLAN VLAN VLAN VLAN VLAN
Payload Payload Payload Payload Payload Payload Payload Payload
160 150 100 160 1 150 100
VLAN VLAN VLAN VLAN VLAN VLAN VLAN

Payload Payload Payload Payload Payload Payload Payload Payload
100 150 160 100 150 1 160
Outgoing
VLAN VLAN VLAN VLAN
Payload Payload Payload Payload
100 150 1 160 AP Packet Processing
If Default VLAN Tagging = Unchecked
If Default VLAN Tagging = Checked
90
Procedures:
3. Uncheck the box VLAN Pass Through.
4. Select the target VLANs to be allowed for

the backhaul interface.
5. (Optional) Set PVID. In our case, we keep it

as default, i.e. 1, meaning that for every
untagged frames coming in, we treat it as
VLAN 1 for processing.
6. (Optional) Enable/Disable Default VLAN

Tagging depending on your situation. For
most cases, it should be disabled.
7. Click “Submit” button and then “Back”

button.
91
Step 5: Configure Access Mode for End-Device Connection
Procedures:
1. In our case, we have two WLAN interfaces

used for end device access. Since there is
no VLAN tag attached to their packets by
default, so we should set Access mode for
the interface so that an appropriate VLAN
tag can be added to any traffic coming
NOTE:
from them for AP processing and on the
other hand remove the tag from any traffic AP<RADIO_ID>_<WLAN_ID> denotes the WLAN Interface,
destined to them. By default it is set to
where RADIO_ID = 0 refers to 2.4G, RADIO_ID = 1 refers to 5G.
Access VLAN 1.
2. Click Edit on one of the WLAN interfaces.
3. Set the desired VLAN. In our case, Altai

Guest traffic is mapped to VLAN 160 and
Altai Staff traffic to VLAN 150.
4. Click “Submit” button and then “Back”

button.
92
Configuration Summary
The final configuration should look like the following.
93
Verification
✓ Check if the clients successfully acquire IP addresses from your DHCP server on different VLANs
✓ Check if the access right is NOT granted to anyone including staff unless inter-VLAN routing is allowed at the gateway
94
Verification
Go to Status > Radio0(2.4G)/Radio1(5G) > Association List > Station List.
• Guest Client gets 192.168.160.x from DHCP server on VLAN 160.

• Staff Client gets 192.168.150.x from DHCP server on VLAN 150.
95
CONFIGURE VLAN FOR STATION MODE
Demo: Network Scenario for Station Mode – Case 1
• Case 1: Associate the station device to either staff SSID or guest SSID.
• No VLAN configuration is required on the Station end, meaning that the management traffic of the station itself and the user data traffic of the
computers sitting behind belong to the same VLAN, either VLAN 150 or 160 depending on the SSID the station is connecting to.
• Suitable for the case for BYOD. No management required for station devices, just like ordinary clients.
Remote AP
Legend Switch Mode RADIUS Server
Mgmt IP: 192.168.100.30/24 IP: 192.168.10.100
Altai Guest Mgmt VLAN: 100 RADIUS Client: 192.168.100.30
Altai Staff
GW
Station VLAN 10: 192.168.10.1
Switch Mode
Staff: 192.168.150.2 – .254
Trunk
Guest: 192.168.160.2 – .254
GW
PC VLAN 100: 192.168.100.1/24
Staff: 192.168.150.2 – .254 VLAN 150: 192.168.150.1/24
Guest: 192.168.160.2 – .254 VLAN 160: 192.168.160.1/24
97
• Case 2: Associate the station device to trunk SSIDs in order to separate Station management traffic from user data traffic.
• Suitable for the case that you want to put the station device as part of WiFi infrastructure.
SSID-VLAN Mapping
WLAN VLAN
Remote AP
Altai Staff VLAN 150 (Service) + VLAN 100 (Mgmt) RADIUS Server
Switch Mode
Altai Guest VLAN 160 (Service) + VLAN 100 (Mgmt) Mgmt IP: 192.168.100.30/24 IP: 192.168.10.100
Mgmt VLAN: 100 RADIUS Client: 192.168.100.30
GW
Station VLAN 10: 192.168.10.1
Switch Mode
Mgmt IP: 192.168.100.40
Trunk
Mgmt VLAN: 100
GW: 192.168.100.1
GW
PC VLAN 100: 192.168.100.1/24
Staff: 192.168.150.2 – .254 VLAN 150: 192.168.150.1/24
Guest: 192.168.160.2 – .254 VLAN 160: 192.168.160.1/24
Access VLAN
150 / VLAN 160
98
Remote AP VLAN Configuration Summary

Interface Ethernet WLAN0 (Altai Guest) WLAN1 (Altai Staff)
Trunk (VLAN 1, 100, 150, 160); OR Trunk (VLAN 1, 100, 160); OR Trunk (VLAN 1, 100, 150); OR
VLAN Type
Trunk ALL Trunk ALL Trunk ALL
Station VLAN Configuration Summary

Interface Ethernet WLAN0 (Association to Altai Guest) WLAN0 (Association to Altai Staff)
Trunk (VLAN 1, 100, 160); OR Trunk (VLAN 1, 100, 150); OR
VLAN Type Access VLAN 150; OR Access VLAN 160
Trunk ALL Trunk ALL
Remark:
1. VLAN 100 is Management VLAN. In such case, Guest or Staff clients sitting behind the Station cannot access AP and Station directly unless inter-VLAN
routing is enabled at the gateway.
4. VLAN 1 serves as Native VLAN.
99
Configuration Summary for AP
The final configuration should look like the

screenshot on the right. For details of how to
enable VLAN and trunk mode, refer to the
Section Configure VLAN for AP mode.
100
Configuration Summary for Station When Connecting to Staff SSID

enable VLAN, management VLAN, trunk mode
and access mode, refer to the Section
Configure VLAN for AP mode.
101
Configuration Summary for Station When Connecting to Guest SSID

102
Verification
Get a PC to connect with the Station via Ethernet cable. Go through the checklist below for the cases where the Station is associating to the SSIDs “Altai
Guest” and “Altai Staff” respectively.
✓ Check if the Station are successfully authenticated and connected
✓ Check if the Station can be accessed via management VLAN
✓ Check if the PC successfully acquire IP addresses from your DHCP server on the designated VLAN
✓ Check if the access right is NOT granted to any PC including staff unless inter-VLAN routing is allowed at the gateway
103
CONFIGURE VLAN FOR REPEATER MODE
SSID-VLAN Mapping
WLAN VLAN
Altai Staff VLAN 150 (Service)

Altai Guest VLAN 160 (Service)
Altai Backhaul VLAN 100 (Mgmt) + VLAN 150 (Service) + VLAN 160 (Service)
Remote AP
RADIUS Server
Switch Mode
Mgmt IP: 192.168.100.30/24 IP: 192.168.10.100
Mgmt VLAN: 100 RADIUS Client: 192.168.100.30
GW: 192.168.100.1 RADIUS Client: 192.168.100.40
Repeater GW RADIUS Secret: altairadius123
Switch Mode VLAN 10: 192.168.10.1
Mgmt IP: 192.168.100.40/24
Mgmt VLAN: 100
GW: 192.168.100.1 Trunk
GW
Wireless Clients VLAN 100: 192.168.100.1/24
VLAN 150: 192.168.150.1/24
Staff: 192.168.150.2 – .254
VLAN 160: 192.168.160.1/24
Guest: 192.168.160.2 – .254
105
Remote AP VLAN Configuration Summary

Interface Ethernet WLAN0 (Altai Guest) WLAN1 (Altai Staff) WLAN2 (Altai Backhaul)
Trunk ALL Trunk ALL
Repeater VLAN Configuration Summary

Interface WLAN9 (Association to Altai Backhaul) WLAN0 (Altai Guest) WLAN1 (Altai Staff)
Trunk (VLAN 100, 150, 160); OR
Trunk ALL
Remark:
4. VLAN 1 serves as Native VLAN 1.
106
Configuration Summary for Remote AP

107
Configuration Summary for Repeater

108
Get 2 clients to connect to the SSIDs “Altai Guest” and “Altai Staff” via Repeater respectively, and go through the checklist below.
109
CONFIGURE VLAN FOR BRIDGE MODE
Remote Bridge Local Bridge

Switch Mode Switch Mode
RADIUS Server
Mgmt IP: 192.168.100.50/24 Mgmt IP: 192.168.100.30/24
Mgmt VLAN 100 Mgmt VLAN 100 IP: 192.168.10.100
GW: 192.168.100.1 GW: 192.168.100.1 RADIUS Client: 192.168.100.50
GW
VLAN 10: 192.168.10.1
Internet
Wireless Clients
GW
Staff: 192.168.150.2 – .254
VLAN 100: 192.168.100.1/24
Guest: 192.168.160.2 – .254 VLAN 150: 192.168.150.1/24
VLAN 160: 192.168.160.1/24
SSID-VLAN Mapping
WLAN VLAN
Altai Staff VLAN 150 (Service)

Altai Guest VLAN 160 (Service)
Static Bridge VLAN 100 (Mgmt) + VLAN 150 (Service) + VLAN 160 (Service)
111
Local Bridge VLAN Configuration Summary

Interface Ethernet 5G WLAN0 (Backhaul)
VLAN Type
Trunk ALL Trunk ALL
Remote Bridge VLAN Configuration Summary

2.4G 5G
Interface Ethernet
WLAN0 (Altai Guest) WLAN1 (Altai Staff) WLAN0 (Backhaul)
Trunk ALL Trunk ALL
Remark:
4. VLAN 1 serves as Native VLAN 1.
112
Configuration Summary for Local Bridge

enable VLAN, management VLAN and trunk
mode, refer to the Section Configure VLAN for
AP mode.
113
Configuration Summary for Remote Bridge

114
Verification
Here is the checklist to evaluate bridge connection status.
✓ Check if the bridge peers are successfully connected
✓ Check if you can access the remote bridge peer from the local-end network via management VLAN
To test network access over the bridge, get 2 clients to connect to the SSIDs “Altai Guest” and “Altai Staff” respectively, and go through the checklist
below.
115
CONFIGURE GATEWAY MODE
Network Scenario for Gateway Mode
AP DHCP Server,
Gateway Mode PPPoE Server RADIUS Server
WAN IP: (i) By Static IP (192.168.100.30); or
WAN IP: (ii) By DHCP; or
WAN IP: (iii) By PPPoE
LAN IP: 192.168.98.1/24
L2 SW
Internet
GW
IP: 192.168.100.1/24
Wireless Clients
IP: 192.168.98.2 – .254
117
Step 1: Configure WAN IP Address
There are 3 methods for AP to obtain IP address for WAN interface.
Option 1: Static IP (For configuration details, see Configure IP Address of Access Point)
Option 2: DHCP (For configuration details, see Configure IP Address of Access Point)
Option 3: PPPoE, see next slides for configuration details.
118
Step 1: Configure WAN IP Address
Procedures for configuring PPPoE (Option 3):

WAN Setting (IPv4).
2. Select “PPPoE” as Internet Connection Type.
3. (Optional) Select whether or not to enable

DNS Auto Update from your PPPoE server.
4. Enter Username and Password for PPPoE

connection.
NOTE:
• PPPoE and VLAN cannot be enabled

together.
• Only one WAN interface is allowed for PPPoE.
119
Step 2: Configure LAN IP Address
Procedures:
1. Specify the LAN IP Address and Subnet

Mask for the AP. The IP will be seen as
gateway by the LAN-side clients. In our
case, we keep the default configuration,
i.e. 192.168.98.1/24.
120
Step 3: Configure Wireless Settings
• For details, refer to section RADIO MODE: AP, STATION, REPEATER & BRIDGE.
• In our example, we configure as AP mode and advertise two SSIDs “Altai Guest” and “Altai Staff”.
121
Step 4: Assign LAN/WAN Interfaces
Procedures:

WAN/LAN Interface Assignment.
2. Select Detail Icon on WAN/LAN entries.
3. Select the target interface(s) as LAN/WAN.

In our example, we assign eth0 to WAN and
eth1, Altai Guest, Altai Staff to LAN.
122
Step 5: Enable/Disable NAT
Procedures:
1. Enable/Disable NAT (Network Address

Translation) for LAN traffic. It depends on
your network planning. If enabled, the
device will implement NAT to masquerade
all outgoing traffic from LAN to WAN with
the AP WAN IP, hence protecting the
devices on the LAN side. If disabled, make
sure you set a return route on WAN-side
network nodes for inbound traffic back to
LAN. If you are attaching the device to the
internet directly, this feature MUST be
enabled.
123
Step 6: Configure DHCP Server for LAN Devices
Procedures:
1. Go to Configuration > Network > DHCP.
2. Make sure DHCP Server Mode is enabled

if you want the AP to assign IP addresses
to your clients on LAN.
3. There are 4 Address Pools available for

configuration. For example, click Detail
icon on the Pool #1.
124
Step 6: Configure DHCP Server for LAN Devices
Procedures:
4. Enable the Pool.
5. Specify the IP range, from Start IP Address

to End IP Address. It MUST be the same
subnet as AP’s LAN IP address, i.e.
192.168.98.x/24.
6. Specify DNS addresses, up to 3. If you fill

out the AP’s LAN IP, make sure you have
DNS setting for the AP in step 1; otherwise
the AP will not help forward the DNS
request out.
7. (Optional) Modify the Lease Time if

needed.
8. Click “Submit” button and then “Back to

Pools List” to continue other pool settings
if any; other click Save and Apply.
125
Verification
✓ Check if the clients successfully acquire IP addresses from AP
✓ Check if you can access the AP via LAN interface, e.g. 192.168.98.1, when connecting with staff SSID
126
Verification – Access to AP
TIPS AND TRICKS:
• The secondary IP address is applicable to WAN interface ONLY. Therefore, if you just have LAN interface for AP access, especially via WiFi, make sure
you give Full Access Right for ALL the SSIDs in the first place, including Guest SSID, so that you can access the AP via LAN interface. Once you confirm
all the other settings are running well, set the Access Right as the very last step.
• For PPPoE case, the WAN traffic is all tunneled between AP and the PPPoE server (ISP device). Therefore, it is not feasible to access AP via WAN
interface using secondary IP address within customer’s premises. To access the AP, you have to use LAN interfaces.
To check WAN status such IP address, default gateway and DNS server, you may need to access the AP via LAN interface, i.e. 192.168.98.1 and go to
Status > Overview > Network (Gateway Mode). The screenshot below shows the PPPoE status when the AP is successfully connected with PPPoE server to
obtain an IP address.
127
Verification – DCHP Lease
Go to Status > DHCP Server.
128
UPDATE ADMIN PASSWORD
Update Admin Password
Procedures:
1. Go to Administration > User Admin.
2. Select admin in the Username drop-down

list.
3. Enter the new Password twice.
5. A window pops up. Click “OK” button to

re-login AP with the new password.
6. Likewise, you can change guest

password or even disable Guest Login to
secure AP access.
130
Thank You

ACT Mod 2 Altai AP Basic Config v3.1 20200911

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ACT Mod 2 Altai AP Basic Config v3.1 20200911

Uploaded by

Copyright:

Available Formats

ALTAI Certification Training

Module 2: Altai Access Point Basic Configuration

• Power Up Your AP Device

A8n(ac) AX500 A2(ac) C1n/

* Applicable when “Power Save Mode” is enabled.

ETH0 (PoE IN)

PoE: Power Over Ethernet

Types of Passive PoE:

DATA IN / 2. DC Power Source (-48V)

1. Open a web browser.

2. Type 192.168.1.222 in the address bar.

3. Enter the default credentials as below:

4. Click “Login” button.

6. Unsaved Changes 7. Save & Apply

1. Go to Configuration > Network > General > WAN Setting

2. Select “Static” as the Internet Connection Type.

3. Specify the desired IPv4 Address, IPv4 Subnet Mask, and

4. (Optional) Specify the IPv4 DNS Server IP Address, e.g.

5. Click “Submit” button.

6. Click Save and Apply to apply all configurations.

1. Go to Configuration > Network > General > WAN

2. Select “DHCP” as the Internet Connection Type so that

3. (Optional) Select whether or not to enable DNS Auto

1. Configure your PC’s IP address to

2. Connect your PC with target AP in Layer 2

3. Access your target AP with its secondary IP

16 the DHCP server.

Switch Mode: Gateway Mode:

VLAN 10: 192.168.10.1 WAN IP: Public IP

Gateway IP: 192.168.98.10

AP in SWITCH mode AP in GATEWAY mode

• By default, the AP device is running on

• To change the setting, see the procedures

1. Go to Configuration > Network > General >

2. Select “Switch Mode” as Network Setting.

3. Click “Submit” button.

4. Click Save and Apply to apply all

DHCP and Port Forward features are NOT

• To change the setting, see the procedures

• Gateway features such as WAN/LAN IP

1. Go to Configuration > Network > General >

2. Select “Gateway Mode” as Network Setting.

3. Click “Submit” button.

4. Click Save and Apply to apply all

VLAN is applicable to WAN interface ONLY.

• Available on 2.4G and 5G radios.

AP Mode SSID 1 for User Group 1 (2.4G/5G)

SSID 2 for User Group 2 (2.4G/5G)

User Group 1 User Group 2

• Available on 2.4G and 5G radios.

SSID 1 for Subscriber Group 1 (2.4G/5G)

3 x A3Ei SSID 2 for Subscriber Group 2 (2.4G/5G)

• Available on 2.4G and 5G radios

User Group 1 User Group 2

• Available on 5G radio only.

5G Static Bridge Link

Legend RADIUS Server

1. Go to Tools > Channel Scan >

2. Click “Start Scan” button. Wait for a

3. Find the cleanest channel(s) and take

To get radio scanning to work, make sure the

1. Go to Configuration > Wireless > Radio0(2.4G)/Radio1(5G) >