Configuring the AX411 Access Point (Quick Configuration)

You can use J-Web Quick Configuration to quickly configure an AX411 Access Point.

Note: Changing some access point settings might cause the access point to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change access point settings when WLAN traffic is low.

To configure an AX411 Access Point with Quick Configuration:

Select Configure>Wireless LAN>Settings.
The Wireless LAN Configuration page displays a list of access points and radios configured on the SRX Series Services Gateway.
Click one:
- Add—Creates an access point or radio configuration.
- Edit—Edits an existing access point or radio configuration.
- Delete—Deletes an existing access point or radio configuration.
When you are adding or editing an access point, enter information as described in Table 200.

When you are adding or editing a radio, enter information as described in Table 201.

The radio information includes virtual access point configuration. When you are adding or editing a virtual access point, enter information as described in Table 202.
Click one:
- Apply—Apply the configuration and stay on the Quick Configuration page.
- OK—Apply the configuration and return to the main Configuration page.
- Cancel—Cancel your entries and return to the main page.

Table 200: Access Point Configuration Options

Option	Function	Action
Basic Settings
Access point name	Specifies a user-defined name for the access point.	Enter a string of up to 20 characters. The name must start with a letter and end with a letter or a number. Only letters, numbers, and dashes are allowed.
Description	Describes the access point.	Enter a brief description for the access point.
Access interface	Specifies the interface on the SRX Series device to which the access point is connected.	Select the interface.
Location	Describes the location of the access point.	Enter a string that describes the location of the access point.
Country	Specifies the country in which the access point is operating.	Select the country code.
NTP server	Specifies the Network Time Protocol (NTP) server that provides time information to the access point.	Enter the IP address of the server.
802.11d support	Disables or enables 802.11d world mode which causes the access point to broadcast the country in its beacons and probe responses.	Select to disable or enable.
Dot1x supplicant	Specifies the username and password that allows the access point to be authenticated on a network that uses IEEE 802.1x, port-based network access control.	Enter a username and password.
Management
Management VLAN ID	Specifies the VLAN associated with the IP address used to access the access point.	Enter a number from 1 to 4094.
Untagged VLAN ID	Specifies the traffic received on the Ethernet interface that is tagged with the specified VLAN ID.	Enter a number from 1 to 4094.
Domain name servers	Lists the DNS servers that are used to resolve domain names.	Click Add to add a server address. To delete a server from the list, select the server and click Remove.
Console access	Enables or disables connection to the access point through its console port and specifies the baud rate for the connection.	Select to enable or disable access. If access is enabled, select the baud rate for the console access.
Static IP settings	Specifies the IP address and default gateway address for the access point if a DHCP server is not available on the network to provide an IP address to the access point.	Enter addresses for the access point and the default gateway.
MAC Filtering
MAC address	Lists the MAC addresses that are allowed or denied access to the network through the access point.	Click Add to add a MAC address. To delete an address from the list, select the address and click Remove.
Action	Either allows only MAC addresses that are in the list (any client whose MAC address is not in the list is denied access to the network) or blocks MAC addresses that are in the list (any client whose MAC address appears on the list is denied access to the network).	Select allow or deny.
Quality of Service
Disable acknowledgement	Supresses sending of acknowledgements by the access point when a frame is correctly received.	Select to disable.
Disable auto power save delivery	Disables automatic power save delivery (APSD).	Select to disable.
Disable Wi-Fi multimedia (WMM)	Disables WMM.	Select to disable WMM.
Station queue	Configures enhanced distributed channel access (EDCA) parameters for upstream traffic from the client to the access point.	Click + to open queues. Enter or select values for any queue.
Access point queue	Configures EDCA parameters for downstream traffic from the access point to the client.	Click + to open queues. Enter or select values for any queue.

Table 201: Radio Configuration Options

Option	Function	Action
Radio
Radio Type	Configures radio 1 or radio 2 on the access point.	Select the radio type.
Enabled/Disabled	Specifies whether the radio is on or off. If you turn off a radio, the access point sends disassociation frames to all wireless clients it is currently supporting so that the radio can be gracefully shut down and clients can start the association process with other available access points.	Select to enable or disable the radio.
Virtual Access Points	Configures, edits, or removes a virtual access point configuration.	Click one: Add—Creates a virtual access point configuration. Edit—Edits an existing virtual access point configuration. Delete—Deletes an existing virtual access point configuration.
Radio Settings
Mode	Specifies the Physical Layer (PHY) standard used by the radio. Select one of the following standards: IEEE 802.11a IEEE 802.11b/g IEEE 802.11a/n IEEE 802.11b/g/n 5 GHz IEEE 802.11n 2.4 GHz IEEE 802.11n	Select a mode. Note: The modes available on your access point depend on the country code setting.
Channel	Specifies the portion of the radio spectrum the radio uses for transmitting and receiving. Note: The channels available depend on the radio mode and country code setting.	Enter one or more channels.
Channel bandwidth	(802.11n modes only) Allows use of 40 MHz channel or legacy 20-MHz channel.	Select a channel bandwidth.
Primary channel	(802.11n modes only) Allows designation of either the upper or lower 20-MHz channel in the 40-MHz band as the primary channel.	Select a primary channel.
More	Configures advanced radio options.	Click More to see additional radio options.
Advanced Options
Protection	Enables rules to guarantee that 802.11 transmission does not cause interference with legacy clients or access points. Note: This setting does not affect the ability of the client to associate with the access point.	Select to enable or disable.
Beacon interval	Specifies the interval at which the access point transmits beacon frames.	Enter a value from 20 to 2000 milliseconds.
DTIM period	Specifies in beacons the delivery traffic indication message (DTIM) period that clients served by the access point should check for buffered data on the access point.	Enter a value from 1 to 255 beacons.
RTS threshold	Specifies the packet size of a request to send (RTS) transmission.	Enter a value from 0 to 2347.
Max stations	Specifies the maximum number of clients allowed to access the access point simultaneously.	Enter a value from 0 to 200.
Transmit power	Specifies the percentage value for the transmit power for this access point.	Enter a value from 0 to 100.
Fixed multicast rate	Specifies the multicast transmission rate the access point supports.	Select a transmission rate.
TX rate sets	Specifies the supported rate, which is the rate that the access point supports, and the basic rate, which is the rate that the access point advertises to the network.	Select the supported rate and supported basic rate.
Broadcast Multicast Rate Limit	Specifies the rate limits for broadcast and multicast traffic, which can improve overall network performance by limiting the number of packets transmitted across the network.	Select the rate limit and rate limit bursts.

Table 202: Virtual Access Point Configuration Options

Option	Function	Action
Basic Settings
Virtual access point ID	Specifies an identifier for the virtual access point. Note: VAP 0 is the physical radio interface.	Specify an identifier from 1 through 15.
Description	Describes the virtual access point.	Enter a brief description for the virtual access point.
SSID	Specifies an alphanumeric string of up to 32 characters. You can use the same SSID for multiple virtual access points or you can use a unique SSID for each virtual access point.	Enter an SSID.
VLAN ID	Specifies a VLAN identifier that the access point tags on traffic from the wireless client. Note: When a RADIUS server is used for client authentication, the RADIUS server can be configured to return a VLAN ID. The VLAN ID assigned by a RADIUS server overrides the VLAN ID configured here.	Enter a value from 1 to 4094.
No Broadcast SSID	Disables the access point’s responses to probes from clients.	Select to disable responses.
HTTP Redirect	Redirects the user’s first HTTP access to a specified Web page.	Select to redirect HTTP access. Enter the URL where the user’s Web browser is to be redirected.
Security
MAC Authentication Type	Specifies client authentication using the client’s MAC address.	Select one: Disabled—No MAC authentication. Local—MAC authentication is performed using configured MAC addresses. Radius—MAC authentication is performed using a RADIUS server.
Security	Specifies the security mode for the virtual access point. You can choose one of the following: None—No security. No further configuration is needed. Static WEP—Preshared Wired Equivalent Privacy (WEP) protocol key is used for data encryption. Dot1x—Dynamically generated WEP keys are used with authentication by a RADIUS server. WPA Personal—Preshared key authentication with W-Fi Protected Access (WPA) with Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP) and/or Temporal Key Integrity Protocol (TKIP) data encryption. WPA Enterprise—RADIUS authentication with AES-CCMP and/or TKIP data encryption.	Select a security mode and configure any necessary parameters.
Static WEP
Authentication type	Determines if a client is allowed to associate with the access point. Choose one of the following options: open—Allow any client to associate with the access point. shared—Allow only clients with the correct WEP key to associate with the access point. both—Allows clients configured to use WEP (clients must have the correct WEP key) and clients configured to use WEP in an open system to associate with the access point.	Select an authentication type.
Key length	Specifies a length for the key.	Select either 64 bits or 128 bits.
Key type	Specifies a format for the key.	Select either ascii or hex.
Transfer key index	Indicates which WEP key the access point uses to encrypt the data it transmits. Up to four WEP keys can be configured.	Select a value from 1 to 4.
WEP key 1—WEP key 4	Specifies up to four WEP keys. The client must be configured to use one of these same WEP keys with the same index as configured here.	In each text box, enter a string of characters for each key, depending upon the key length and key type selected. For ASCII keys, you can enter upper- and lowercase alphabetic letters, digits, and special characters such as @ and #. For hexadecimal keys, you can enter digits 0–9 and the letters A through F.
Dot1x
Radius server	Specifies an IP address for the RADIUS server.	Enter a valid IP address.
Radius key	Specifies a shared secret used by the RADIUS server.	Enter a string of up to 64 bytes.
Broadcast key refresh rate	Specifies an interval, in seconds, between key rotations for clients associated to this virtual access point.	Enter a value from 0 to 86400. 0 disables key refreshes.
Session key refresh rate	Specifies an interval, in seconds, between session key rotations.	Enter a value from 0 to 86400. 0 disables key refreshes.
WPA Personal
WPA version	Specifies a Wi-Fi Protected Access (WPA) version supported by clients on the network. Choose one: v1—Select this option if all clients on the network support the original WPA. v2—Select this option if all clients on the network support WPA2. both—Select this option if there are clients that support both the original WPA and WPA2 on the network.	Select a WPA version.
Cipher suites	Specifies a cipher suite used for encryption. Choose one: tkip ccmp both	Select a cipher suite.
Key	Shared secret.	Enter a string of at least 8 characters to a maximum of 63 characters. Acceptable characters include upper and lower case alphabetic letters, numeric digits, and special symbols such as @ and #.
Broadcast key refresh rate	Interval, in minutes, between key rotations.	Enter a value from 1 to 86400. 0 disables key refresh.
WPA Enterprise
WPA version	Specifies a Wi-Fi Protected Access (WPA) version supported by clients on the network. Choose one: v1—Select this option if all clients on the network support the original WPA. v2—Select this option if all clients on the network support WPA2. both—Select this option if there are clients that support both the original WPA and WPA2 on the network.	Select a WPA version.
Cipher suites	Specifies a cipher suite used for encryption. Choose one of the following: tkip ccmp both	Select a cipher suite.
Pre authenticate	Allows preauthentication information for WPA2 wireless clients to be relayed to target access point. This feature can help speed up authentication for roaming clients who connect to multiple access points. Note: This option does not apply to WPA version 1, as the original WPA does not support this feature.	Select to enable preauthentication.
Radius server	Specifies an IP address for the RADIUS server.	Enter a valid IP address.
Radius key	Specifies a shared secret used by the RADIUS server.	Enter a string of up to 64 bytes.
Broadcast key refresh rate	Specifies an interval, in seconds, between key rotations for clients associated to this virtual access point.	Enter a value from 0 to 86400. 0 disables key refreshes.
Session key refresh rate	Specifies an interval, in seconds, between session key rotations.	Enter a value from 0 to 86400. 0 disables key refreshes.

[Next][Report an Error]