Wireless LAN

Configuring the AX411 Access Point (J-Web Configure)

You can use the J-Web Configure page to quickly configure an AX411 Access Point.

Note: Changing some access point settings might cause the access point to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change access point settings when WLAN traffic is low.

To configure an AX411 Access Point with the J-Web Configure page:

  1. Select Configure>Wireless LAN>Settings.

    The Wireless LAN Configuration page displays a list of access points and radios configured on the SRX Series Services Gateway.

  2. Click one:
    • Add—Create an access point or radio configuration.
    • Edit—Edit an existing access point or radio configuration.
    • Delete—Delete an existing access point or radio configuration.

    When you are adding or editing an access point, enter information as described in Table 52.

    When you are adding or editing a radio, enter information as described in Table 53.

    The radio information includes virtual access point configuration. When you are adding or editing a virtual access point, enter information as described in Table 54.

  3. Click one:
    • OK—Apply the configuration and return to the main configuration page.
    • Cancel—Cancel your entries and return to the main page.
  4. When you enter a change in the Wireless LAN Configuration page, the change is stored but not committed to the configuration file on the device. At the same time, the following buttons appear in the global menu area at the top of the page (click the appropriate button):
    • Commit—All pending changes to the configuration are sent to the device and committed.
    • Compare—Show pending changes by comparing the pending configuration with the committed configuration on the device.
    • Discard—Discard pending changes.

      Note: These buttons only appear if you make a change in the configuration.

      Note: If you navigate to another configuration page or attempt to log out from the device when there are pending changes that have not been committed, you will be prompted to take action on the pending changes. If you log in to a device and there are pending changes that have not yet been committed, a popup window notifies you that there are changes from a previous session.

Table 52: Access Point Configuration Options

Option

Function

Action

Basic Settings

Access point name

Specifies a user-defined name for the access point.

Enter a string of up to 20 characters. The name must start with a letter and end with a letter or a number. Only letters, numbers, and dashes are allowed.

Description

Describes the access point.

Enter a brief description for the access point.

MAC address

Links the physical access point to its configuration on the SRX Series device.

Enter the MAC address of the access point.

Location

Describes the location of the access point.

Enter a string that describes the location of the access point.

Country

Specifies the country in which the access point is operating.

Select the country code.

NTP server

Specifies the Network Time Protocol (NTP) server that provides time information to the access point.

Enter the name of the server.

Dot1x supplicant

Specifies the username and password that allows the access point to be authenticated on a network that uses IEEE 802.1x, port-based network access control.

Enter a username and password.

Management

Management VLAN ID

Specifies the VLAN associated with the IP address used to access the access point.

Enter a number from 1 to 4094.

Untagged VLAN ID

Specifies the traffic received on the Ethernet interface that is tagged with the specified VLAN ID.

Enter a number from 1 to 4094.

Domain Name Servers

Lists the DNS servers that are used to resolve domain names.

Click Add to add a server address. To delete a server from the list, select the server and click Remove.

Console Access

Enables or disables connection to the access point through its console port and specifies the baud rate for the connection.

Select to enable or disable access. If access is enabled, select the baud rate for the console access. The default baud rate is 115200 bps.

Static IP Settings

Specifies a static IP address and default gateway address for the access point.

Note: At its initial startup, the access point obtains its IP address from the DHCP server on the SRX Series device. After the access point has established a connection to the SRX Series device, you can configure static IP and default gateway addresses for the access point.

Enter IP addresses for the access point and the default gateway.

MAC Filtering

MAC address

Lists the MAC addresses that are allowed or denied access to the network through the access point.

Click Add to add a MAC address. To delete an address from the list, select the address and click Remove.

Action

Either allows only MAC addresses that are in the list (any client whose MAC address is not in the list is denied access to the network) or blocks MAC addresses that are in the list (any client whose MAC address appears on the list is denied access to the network).

Select allow or deny. The default is allow.

Table 53: Radio Configuration Options

Option

Function

Action

Radio

Radio Type

Configures radio 1 or radio 2 on the access point.

Select the radio type. The default is Radio 1.

Enabled/Disabled

Specifies whether the radio is on or off. If you turn off a radio, the access point sends disassociation frames to all wireless clients it is currently supporting so that the radio can be gracefully shut down and clients can start the association process with other available access points.

Select to enable or disable the radio.

Virtual Access Points

Configures, edits, or removes a virtual access point configuration.

Click one:

  • Add—Creates a virtual access point configuration.
  • Edit—Edits an existing virtual access point configuration.
  • Remove—Deletes an existing virtual access point configuration.
Radio Settings

Mode

Specifies the Physical Layer (PHY) standard used by the radio. Select one of the following standards:

  • IEEE 802.11a
  • IEEE 802.11b/g
  • IEEE 802.11a/n
  • IEEE 802.11b/g/n
  • 5 GHz IEEE 802.11n
  • 2.4 GHz IEEE 802.11n

Select a mode.

Note: The modes available on your access point depend on the country code setting.

Channel

Specifies the portion of the radio spectrum the radio uses for transmitting and receiving.

Note: The channels available depend on the radio mode and country code setting.

Enter one or more channels.

Channel bandwidth

(802.11n modes only) Allows use of 40 MHz channel or legacy 20-MHz channel.

Select a channel bandwidth.

Primary channel

(802.11n modes only) Allows designation of either the upper or lower 20-MHz channel in the 40-MHz band as the primary channel.

Select a primary channel.

802.11d support

Disables or enables 802.11d world mode which causes the access point to broadcast the country in its beacons and probe responses.

Select to disable or enable.

More

Configures advanced radio options.

Click More to see additional radio options.

Advanced Options

Stbc mode

Enable 802.11n Space Time Block Coding (STBC). STBC is intended to improve the reliability of data transmissions.

Select to enable or disable.

Protection

Enables rules to guarantee that 802.11 transmission does not cause interference with legacy clients or access points.

Note: This setting does not affect the ability of the client to associate with the access point.

Select to enable or disable.

Beacon interval

Specifies the interval at which the access point transmits beacon frames.

Enter a value from 20 to 2000 milliseconds. The default is 100.

DTIM period

Specifies in beacons the delivery traffic indication message (DTIM) period that clients served by the access point should check for buffered data on the access point.

Enter a value from 1 to 255 beacons. The default is 2.

RTS threshold

Specifies the packet size of a request to send (RTS) transmission.

Enter a value from 0 to 2347. The default is 2347.

Max stations

Specifies the maximum number of clients allowed to access the access point simultaneously.

Enter a value from 0 to 200. The default is 200.

Transmit power

Specifies the percentage value for the transmit power for this access point.

Enter a value from 0 to 100. The default is 100.

Fixed multicast rate

Specifies the multicast transmission rate the access point supports.

Select a transmission rate.

TX Rate Sets

Specifies the supported rate, which is the rate that the access point supports, and the basic rate, which is the rate that the access point advertises to the network.

Select the supported rate and supported basic rate.

Broadcast Multicast Rate Limit

Specifies the rate limits for broadcast and multicast traffic, which can improve overall network performance by limiting the number of packets transmitted across the network.

Select the rate limit and rate limit bursts.

Quality of Service

Disable acknowledgement

Supresses sending of acknowledgments by the access point when a frame is correctly received.

Select to disable.

Disable auto power save delivery

Disables automatic power save delivery (APSD).

Select to disable.

Disable Wi-Fi multimedia (WMM)

Disables WMM.

Select to disable WMM.

Station Queue

Configures enhanced distributed channel access (EDCA) parameters for upstream traffic from the client to the access point.

Click + to open queues. Enter or select values for any queue.

Access Point Queue

Configures EDCA parameters for downstream traffic from the access point to the client.

Click + to open queues. Enter or select values for any queue.

Table 54: Virtual Access Point Configuration Options

Option

Function

Action

Basic Settings

Virtual access point ID

Specifies an identifier for the virtual access point.

Note: VAP 0 is the physical radio interface.

Specify an identifier from 1 through 15. The default is 0.

Description

Describes the virtual access point.

Enter a brief description for the virtual access point.

SSID

Specifies an alphanumeric string of up to 32 characters. You can use the same SSID for multiple virtual access points or you can use a unique SSID for each virtual access point.

Enter an SSID. The default is juniper-default.

VLAN ID

Specifies a VLAN identifier that the access point tags on traffic from the wireless client.

Note: When a RADIUS server is used for client authentication, the RADIUS server can be configured to return a VLAN ID. The VLAN ID assigned by a RADIUS server overrides the VLAN ID configured here.

Enter a value from 1 to 4094. The default is 1.

No Broadcast SSID

Disables the access point’s responses to probes from clients.

Select to disable responses.

HTTP Redirect

Redirects the user’s first HTTP access to a specified webpage.

Select to redirect HTTP access. Enter the URL where the user’s Web browser is to be redirected.

Security

MAC Authentication Type

Specifies client authentication using the client’s MAC address.

Select one:

  • Disabled—No MAC authentication. This is the default .
  • Local—Perform MAC authentication using configured MAC addresses.
  • Radius—Perform MAC authentication using a RADIUS server.

Security

Specifies the security mode for the virtual access point. You can choose one of the following:

  • None—No security. No further configuration is needed.
  • Static WEP—Preshared Wired Equivalent Privacy (WEP) protocol key is used for data encryption.
  • Dot1x—Dynamically generated WEP keys are used with authentication by a RADIUS server.
  • WPA Personal—Preshared key authentication with W-Fi Protected Access (WPA) with Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP) and/or Temporal Key Integrity Protocol (TKIP) data encryption.
  • WPA Enterprise—RADIUS authentication with AES-CCMP and/or TKIP data encryption.

Select a security mode and configure any necessary parameter. By default, WPA Personal is selected.

Static WEP

Authentication type

Determines if a client is allowed to associate with the access point. Choose one of the following options:

  • open—Allow any client to associate with the access point.
  • shared—Allow only clients with the correct WEP key to associate with the access point.
  • both—Allow clients configured to use WEP (clients must have the correct WEP key) and clients configured to use WEP in an open system to associate with the access point.

Select an authentication type.

Key length

Specifies a length for the key.

Select either 64 bits or 128 bits.

Key type

Specifies a format for the key.

Select either ascii or hex.

Transfer key index

Indicates which WEP key the access point uses to encrypt the data it transmits. Up to four WEP keys can be configured.

Select a value from 1 to 4.

WEP key 1—WEP key 4

Specifies up to four WEP keys. The client must be configured to use one of these same WEP keys with the same index as configured here.

In each text box, enter a string of characters for each key, depending upon the key length and key type selected.

For ASCII keys, you can enter uppercase and lowercase alphabetic letters, digits, and special characters such as @ and #. For hexadecimal keys, you can enter digits 0–9 and the letters A through F.

  • 5 Characters— Key length is 64 bits, Key type is ascii
  • 13 Characters— Key length is 128 bits, Key type is ascii
  • 10 Characters — Key length is 64 bits, Key type is hex
  • 26 Characters — Key length is 128 bits, Key type is hex
Dot1x

Radius server

Specifies an IP address for the RADIUS server.

Enter a valid IP address.

Radius key

Specifies a shared secret used by the RADIUS server.

Enter a string of up to 64 bytes.

Broadcast key refresh rate

Specifies an interval, in seconds, between key rotations for clients associated to this virtual access point.

Enter a value from 0 to 86400. 0 disables key refreshes.

Session key refresh rate

Specifies an interval, in seconds, between session key rotations.

Enter a value from 0 to 86400. 0 disables key refreshes.

WPA Personal

WPA version

Specifies a Wi-Fi Protected Access (WPA) version supported by clients on the network. Choose one:

  • v1—Select this option if all clients on the network support the original WPA.
  • v2—Select this option if all clients on the network support WPA2.
  • both—Select this option if there are clients that support both the original WPA and WPA2 on the network.

Select a WPA version.

Cipher suites

Specifies a cipher suite used for encryption. Choose one:

  • tkip
  • ccmp
  • both

Select a cipher suite.

Key

Shared secret.

Enter a string of at least 8 characters to a maximum of 63 characters. Acceptable characters include upper and lower case alphabetic letters, numeric digits, and special symbols such as @ and #.

Broadcast key refresh rate

Interval, in minutes, between key rotations.

Enter a value from 1 to 86400. 0 disables key refresh.

WPA Enterprise

WPA version

Specifies a Wi-Fi Protected Access (WPA) version supported by clients on the network. Choose one:

  • v1—Select this option if all clients on the network support the original WPA.
  • v2—Select this option if all clients on the network support WPA2.
  • both—Select this option if there are clients that support both the original WPA and WPA2 on the network.

Select a WPA version.

Cipher suites

Specifies a cipher suite used for encryption. Choose one of the following:

  • tkip
  • ccmp
  • both

Select a cipher suite.

Pre authenticate

Allows preauthentication information for WPA2 wireless clients to be relayed to target access point. This feature can help speed up authentication for roaming clients who connect to multiple access points.

Note: This option does not apply to WPA version 1, as the original WPA does not support this feature.

Select to enable preauthentication.

Radius server

Specifies an IP address for the RADIUS server.

Enter a valid IP address.

Radius key

Specifies a shared secret used by the RADIUS server.

Enter a string of up to 64 bytes.

Broadcast key refresh rate

Specifies an interval, in seconds, between key rotations for clients associated to this virtual access point.

Enter a value from 0 to 86400. 0 disables key refreshes.

Session key refresh rate

Specifies an interval, in seconds, between session key rotations.

Enter a value from 0 to 86400. 0 disables key refreshes.

Configuring an Access Point Cluster (J-Web Procedure)

To configure an Access Point Cluster using J-Web:

  1. Select Configure>Wireless LAN>Clustering in the J-Web Interface.
  2. Click one:
    • Add — Creates a cluster or radio configuration.
    • Edit — Edits an existing cluster or radio configuration.
    • Delete — Deletes an existing cluster or radio configuration.
    • Associate/Dissociate APs — Associates or disassociates an access point.

    When you are adding or editing an access point or a radio configuration for the cluster, enter information as described in Table 55.

  3. Click one of the following buttons:
    • To save the configuration and return to the main Configuration page, click OK.
    • To cancel your entries and return to the main page, click Cancel.
    • To apply the configuration and other pending changes (if any), click Commit.

Table 55 describes the cluster and radio fields.

Table 55: Adding a Cluster and Radio

Field

Function

Action

Add Cluster

Basic Settings

Cluster ID

Specifies the cluster Identifier.

Enter the cluster ID.

Cluster Name

Specifies the name of the cluster.

Enter the cluster name.

Interface

Specifies the interfaces that are part of this cluster.

Select the configured interface.

NTP Server

Specifies the NTP server name.

Provide NTP server IP address.

Default Cluster

Specifies this cluster as the default cluster for the interface.

Select the check box to make the cluster be the default.

Channel Management

Enables channel management.

Select the check box to enable channel management.

Country

Specifies the country of operation for the access point.

Select the country.

MAC Filtering

MAC Address

Specifies the list of MAC addresses that are allowed or denied access to the network through the access point.

Click Add to add a MAC address. To delete an address from the list, select the address and click Remove.

Action

Either allows only MAC addresses that are in the list (any client whose MAC address is not in the list is denied access to the network) or blocks MAC addresses that are in the list (any client whose MAC address appears on the list is denied access to the network).

Select allow or deny. By default, allow is selected.

Add Radio

Radio

Radio Type

Configures radio 1 or radio 2 on the access point.

Select the radio type. The default is Radio 1.

Enabled/Disabled

Specifies if the radio is on or off. If you turn off a radio, the access point sends disassociation frames to all wireless clients it is currently supporting so that the radio can be gracefully shut down and clients can start the association process with other available access points.

Select to enable or disable the radio.

Virtual Access Points

Configures, edits, or removes a virtual access point configuration.

Click one:

  • Add—Creates a virtual access point configuration.
  • Edit—Edits an existing virtual access point configuration.
  • Remove—Removes an existing virtual access point configuration.

Radio Settings

Radio Options

Mode

Specifies the Physical Layer (PHY) standard used by the radio.

Select a mode.

Select one of the following:

  • IEEE 802.11a
  • IEEE 802.11b/g
  • IEEE 802.11a/n
  • IEEE 802.11b/g/n
  • 5 GHz IEEE 802.11n
  • 2.4 GHz IEEE 802.11n

Note: The modes available on your access point depend on the country code setting.

Channel bandwidth

(802.11n modes only) Allows use of 40-MHz channel or legacy 20-MHz channel.

Select a channel bandwidth.

Primary channel

(802.11n modes only) When channel bandwidth is set to 40 MHz, allows designation of either the upper or lower 20-MHz channel in the 40-MHz band as the primary channel.

Select a primary channel.

Fragmentation threshold

Configures size at which a frame is divided into multiple 802.11 frames.

Enter a value from 256 to 2346. The default is 2346.

RTS threshold

Sets packet size of a request to send (RTS) transmission.

Enter a value from 0 to 2347. The default is 2347.

Fixed multicast rate

Specifies the multicast transmission rate the access point supports.

Enter the fixed multicast rate.

Protection

Enables rules to guarantee that 802.11 transmissions do not cause interference with legacy clients or access points.

Note: This setting does not affect the ability of the client to associate with the access point.

Select check box to enable protection to auto.

SGI

Guard interval reduces inter-symbol and inter-carrier interferences. Enabling SGI reduces it from 800 ns to 400 ns, thereby improving throughput in 802.11n supported systems by up to 10%.

Select check box to disable short guard interval.

802.11d Support

Specifies the broadcast of country code in access point-enabled beacons and probe responses (IEEE 802.11d world mode).

Select to disable or enable.

More — Advanced Options

Supported Rates and Supported Basic Rates

Supported rates are the rates that the access point supports. Basic rates are the rates that the access point advertises to the network.

Select the supported rates and supported basic rates.

Broadcast Multicast Rate Limit

Specifies the rate limits for broadcast and multicast traffic can improve overall network performance by limiting the number of packets transmitted across the network.

Select the rate limit and rate limit bursts.

Quality of Service

Disable acknowledgement

Suppresses sending of acknowledgments by the access point when a frame is correctly received.

Select to disable.

Disable auto power save delivery

Disables automatic power save delivery (access point SD).

Select to disable.

Disable WIFI multimedia

Disables WMM.

Select to disable WMM.

Station Queue

Configures enhanced distributed channel access (EDCA) parameters for upstream traffic from the client to the access point.

Click + to open queues. Enter or select values for any queue. The queues available are:

  • Background Queue
  • Voice Queue
  • Video Queue
  • Best Effort Queue

Background Queue, Voice Queue, Video Queue, Best Effort Queue

Arbitration inter-frame space

Defines a period of time a client station must wait before it can access the wireless medium.

Enter a value from 1 to 255.

Transmit Opportunity limit

Specifies the duration during which the station is allowed to transmit.

Enter a value from 0 to 65,535.

Contention window size (Max):

In order to avoid collision, the station applies random backoff. The random backoff algorithm selects a value between a minimum contention window and a maximum contention window.

Select a value.

Contention window size (Min):

In order to avoid collision, the station applies random backoff. The random backoff algorithm selects a value between a minimum contention window and a maximum contention window.

Select a value.

AP Queue

Configures enhanced distributed channel access (EDCA) parameters for downstream traffic from the access point to the client.

Click + to open queues. Enter or select values for any queue. The queues available are:

  • Background Queue
  • Voice Queue
  • Video Queue
  • Best Effort Queue

Background Queue, Voice Queue, Video Queue, Best Effort Queue

Arbitration inter-frame space

Defines a period of time a client station must wait before it can access the wireless medium.

Enter a value from 1 to 255.

Maximum Burst

Defines the number of fragments, which can be transmitted using a single iteration of the Medium Access Mechanism.

Enter a value from 0 to 65535.

Contention window size (Max):

In order to avoid collision, the station applies random backoff. The random backoff algorithm selects a value between a minimum contention window and a maximum contention window.

Select a value.

Contention window size (Min):

In order to avoid collision, the station applies random backoff. The random backoff algorithm selects a value between a minimum contention window and a maximum contention window.

Select a value.

Firmware Upgrade on the AX411 Access Point (J-Web)

You can use J-Web Configure to upgrade software on an access point.

In this procedure, the software to be loaded onto the access point is a tar file on a Windows PC. The file is first transferred from the PC to the SRX Series device, and then loaded onto the access point from the SRX Series device.

To upgrade access point software:

  1. Copy the tar file that contains the access point software onto the Windows PC that is running the J-Web interface.
  2. In the J-Web interface, select Configure>Wireless LAN>Firmware upgrade.

    The Firmware Upgrade page displays a list of access points configured on the SRX Series Services Gateway.

  3. Click Upgrade.
  4. Select the access point to be upgraded.
  5. Enter the name of the tar file to be uploaded to the access point or click Browse to navigate to the file.
  6. Click Upgrade.