Configuring the AX411 Access Point (J-Web Configure)

You can use the J-Web Configure page to quickly configure an AX411 Access Point.

Note: Changing some access point settings might cause the access point to stop and restart system processes. If this happens, wireless clients will temporarily lose connectivity. We recommend that you change access point settings when WLAN traffic is low.

To configure an AX411 Access Point with the J-Web Configure page:

Select Configure>Wireless LAN>Settings.
The Wireless LAN Configuration page displays a list of access points and radios configured on the SRX Series Services Gateway.
Click one:
- Add—Create an access point or radio configuration.
- Edit—Edit an existing access point or radio configuration.
- Delete—Delete an existing access point or radio configuration.
When you are adding or editing an access point, enter information as described in Table 60.
When you are adding or editing a radio, enter information as described in Table 61.
The radio information includes virtual access point configuration. When you are adding or editing a virtual access point, enter information as described in Table 62.
Click one:
- OK—Apply the configuration and return to the main configuration page.
- Cancel—Cancel your entries and return to the main page.

When you enter a change in the Wireless LAN Configuration page, the change is stored but not committed to the configuration file on the device. At the same time, the following buttons appear in the global menu area at the top of the page (click the appropriate button):

Commit—All pending changes to the configuration are sent to the device and committed.
Compare—Show pending changes by comparing the pending configuration with the committed configuration on the device.

Discard—Discard pending changes.

Note: These buttons only appear if you make a change in the configuration.

Note: If you navigate to another configuration page or attempt to log out from the device when there are pending changes that have not been committed, you will be prompted to take action on the pending changes. If you log in to a device and there are pending changes that have not yet been committed, a popup window notifies you that there are changes from a previous session.

Table 60: Access Point Configuration Options

Option	Function	Action
Basic Settings
Access point name	Specifies a user-defined name for the access point.	Enter a string of up to 20 characters. The name must start with a letter and end with a letter or a number. Only letters, numbers, and dashes are allowed.
Description	Describes the access point.	Enter a brief description for the access point.
MAC address	Links the physical access point to its configuration on the SRX Series device.	Enter the MAC address of the access point.
Location	Describes the location of the access point.	Enter a string that describes the location of the access point.
Country	Specifies the country in which the access point is operating.	Select the country code.
NTP server	Specifies the Network Time Protocol (NTP) server that provides time information to the access point.	Enter the name of the server.
Dot1x supplicant	Specifies the username and password that allows the access point to be authenticated on a network that uses IEEE 802.1x, port-based network access control.	Enter a username and password.
Management
Management VLAN ID	Specifies the VLAN associated with the IP address used to access the access point.	Enter a number from 1 to 4094.
Untagged VLAN ID	Specifies the traffic received on the Ethernet interface that is tagged with the specified VLAN ID.	Enter a number from 1 to 4094.
Domain Name Servers	Lists the DNS servers that are used to resolve domain names.	Click Add to add a server address. To delete a server from the list, select the server and click Remove.
Console Access	Enables or disables connection to the access point through its console port and specifies the baud rate for the connection.	Select to enable or disable access. If access is enabled, select the baud rate for the console access. The default baud rate is 115200 bps.
Static IP Settings	Specifies a static IP address and default gateway address for the access point. Note: At its initial startup, the access point obtains its IP address from the DHCP server on the SRX Series device. After the access point has established a connection to the SRX Series device, you can configure static IP and default gateway addresses for the access point.	Enter IP addresses for the access point and the default gateway.
MAC Filtering
MAC address	Lists the MAC addresses that are allowed or denied access to the network through the access point.	Click Add to add a MAC address. To delete an address from the list, select the address and click Remove.
Action	Either allows only MAC addresses that are in the list (any client whose MAC address is not in the list is denied access to the network) or blocks MAC addresses that are in the list (any client whose MAC address appears on the list is denied access to the network).	Select allow or deny. The default is allow.

Table 61: Radio Configuration Options

Option	Function	Action
Radio
Radio Type	Configures radio 1 or radio 2 on the access point.	Select the radio type. The default is Radio 1.
Enabled/Disabled	Specifies whether the radio is on or off. If you turn off a radio, the access point sends disassociation frames to all wireless clients it is currently supporting so that the radio can be gracefully shut down and clients can start the association process with other available access points.	Select to enable or disable the radio.
Virtual Access Points	Configures, edits, or removes a virtual access point configuration.	Click one: Add—Creates a virtual access point configuration. Edit—Edits an existing virtual access point configuration. Remove—Deletes an existing virtual access point configuration.
Radio Settings
Mode	Specifies the Physical Layer (PHY) standard used by the radio. Select one of the following standards: IEEE 802.11a IEEE 802.11b/g IEEE 802.11a/n IEEE 802.11b/g/n 5 GHz IEEE 802.11n 2.4 GHz IEEE 802.11n	Select a mode. Note: The modes available on your access point depend on the country code setting.
Channel	Specifies the portion of the radio spectrum the radio uses for transmitting and receiving. Note: The channels available depend on the radio mode and country code setting.	Enter one or more channels.
Channel bandwidth	(802.11n modes only) Allows use of 40 MHz channel or legacy 20-MHz channel.	Select a channel bandwidth.
Primary channel	(802.11n modes only) Allows designation of either the upper or lower 20-MHz channel in the 40-MHz band as the primary channel.	Select a primary channel.
802.11d support	Disables or enables 802.11d world mode which causes the access point to broadcast the country in its beacons and probe responses.	Select to disable or enable.
More	Configures advanced radio options.	Click More to see additional radio options.
Advanced Options
Stbc mode	Enable 802.11n Space Time Block Coding (STBC). STBC is intended to improve the reliability of data transmissions.	Select to enable or disable.
Protection	Enables rules to guarantee that 802.11 transmission does not cause interference with legacy clients or access points. Note: This setting does not affect the ability of the client to associate with the access point.	Select to enable or disable.
Beacon interval	Specifies the interval at which the access point transmits beacon frames.	Enter a value from 20 to 2000 milliseconds. The default is 100.
DTIM period	Specifies in beacons the delivery traffic indication message (DTIM) period that clients served by the access point should check for buffered data on the access point.	Enter a value from 1 to 255 beacons. The default is 2.
RTS threshold	Specifies the packet size of a request to send (RTS) transmission.	Enter a value from 0 to 2347. The default is 2347.
Max stations	Specifies the maximum number of clients allowed to access the access point simultaneously.	Enter a value from 0 to 200. The default is 200.
Transmit power	Specifies the percentage value for the transmit power for this access point.	Enter a value from 0 to 100. The default is 100.
Fixed multicast rate	Specifies the multicast transmission rate the access point supports.	Select a transmission rate.
TX Rate Sets	Specifies the supported rate, which is the rate that the access point supports, and the basic rate, which is the rate that the access point advertises to the network.	Select the supported rate and supported basic rate.
Broadcast Multicast Rate Limit	Specifies the rate limits for broadcast and multicast traffic, which can improve overall network performance by limiting the number of packets transmitted across the network.	Select the rate limit and rate limit bursts.
Quality of Service
Disable acknowledgement	Supresses sending of acknowledgments by the access point when a frame is correctly received.	Select to disable.
Disable auto power save delivery	Disables automatic power save delivery (APSD).	Select to disable.
Disable Wi-Fi multimedia (WMM)	Disables WMM.	Select to disable WMM.
Station Queue	Configures enhanced distributed channel access (EDCA) parameters for upstream traffic from the client to the access point.	Click + to open queues. Enter or select values for any queue.
Access Point Queue	Configures EDCA parameters for downstream traffic from the access point to the client.	Click + to open queues. Enter or select values for any queue.

Table 62: Virtual Access Point Configuration Options

Option	Function	Action
Basic Settings
Virtual access point ID	Specifies an identifier for the virtual access point. Note: VAP 0 is the physical radio interface.	Specify an identifier from 1 through 15. The default is 0.
Description	Describes the virtual access point.	Enter a brief description for the virtual access point.
SSID	Specifies an alphanumeric string of up to 32 characters. You can use the same SSID for multiple virtual access points or you can use a unique SSID for each virtual access point.	Enter an SSID. The default is juniper-default.
VLAN ID	Specifies a VLAN identifier that the access point tags on traffic from the wireless client. Note: When a RADIUS server is used for client authentication, the RADIUS server can be configured to return a VLAN ID. The VLAN ID assigned by a RADIUS server overrides the VLAN ID configured here.	Enter a value from 1 to 4094. The default is 1.
No Broadcast SSID	Disables the access point’s responses to probes from clients.	Select to disable responses.
HTTP Redirect	Redirects the user’s first HTTP access to a specified webpage.	Select to redirect HTTP access. Enter the URL where the user’s Web browser is to be redirected.
Security
MAC Authentication Type	Specifies client authentication using the client’s MAC address.	Select one: Disabled—No MAC authentication. This is the default . Local—Perform MAC authentication using configured MAC addresses. Radius—Perform MAC authentication using a RADIUS server.
Security	Specifies the security mode for the virtual access point. You can choose one of the following: None—No security. No further configuration is needed. Static WEP—Preshared Wired Equivalent Privacy (WEP) protocol key is used for data encryption. Dot1x—Dynamically generated WEP keys are used with authentication by a RADIUS server. WPA Personal—Preshared key authentication with W-Fi Protected Access (WPA) with Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP) and/or Temporal Key Integrity Protocol (TKIP) data encryption. WPA Enterprise—RADIUS authentication with AES-CCMP and/or TKIP data encryption.	Select a security mode and configure any necessary parameter. By default, WPA Personal is selected.
Static WEP
Authentication type	Determines if a client is allowed to associate with the access point. Choose one of the following options: open—Allow any client to associate with the access point. shared—Allow only clients with the correct WEP key to associate with the access point. both—Allow clients configured to use WEP (clients must have the correct WEP key) and clients configured to use WEP in an open system to associate with the access point.	Select an authentication type.
Key length	Specifies a length for the key.	Select either 64 bits or 128 bits.
Key type	Specifies a format for the key.	Select either ascii or hex.
Transfer key index	Indicates which WEP key the access point uses to encrypt the data it transmits. Up to four WEP keys can be configured.	Select a value from 1 to 4.
WEP key 1—WEP key 4	Specifies up to four WEP keys. The client must be configured to use one of these same WEP keys with the same index as configured here.	In each text box, enter a string of characters for each key, depending upon the key length and key type selected. For ASCII keys, you can enter uppercase and lowercase alphabetic letters, digits, and special characters such as @ and #. For hexadecimal keys, you can enter digits 0–9 and the letters A through F. 5 Characters— Key length is 64 bits, Key type is ascii 13 Characters— Key length is 128 bits, Key type is ascii 10 Characters — Key length is 64 bits, Key type is hex 26 Characters — Key length is 128 bits, Key type is hex
Dot1x
Radius server	Specifies an IP address for the RADIUS server.	Enter a valid IP address.
Radius key	Specifies a shared secret used by the RADIUS server.	Enter a string of up to 64 bytes.
Broadcast key refresh rate	Specifies an interval, in seconds, between key rotations for clients associated to this virtual access point.	Enter a value from 0 to 86400. 0 disables key refreshes.
Session key refresh rate	Specifies an interval, in seconds, between session key rotations.	Enter a value from 0 to 86400. 0 disables key refreshes.
WPA Personal
WPA version	Specifies a Wi-Fi Protected Access (WPA) version supported by clients on the network. Choose one: v1—Select this option if all clients on the network support the original WPA. v2—Select this option if all clients on the network support WPA2. both—Select this option if there are clients that support both the original WPA and WPA2 on the network.	Select a WPA version.
Cipher suites	Specifies a cipher suite used for encryption. Choose one: tkip ccmp both	Select a cipher suite.
Key	Shared secret.	Enter a string of at least 8 characters to a maximum of 63 characters. Acceptable characters include upper and lower case alphabetic letters, numeric digits, and special symbols such as @ and #.
Broadcast key refresh rate	Interval, in minutes, between key rotations.	Enter a value from 1 to 86400. 0 disables key refresh.
WPA Enterprise
WPA version	Specifies a Wi-Fi Protected Access (WPA) version supported by clients on the network. Choose one: v1—Select this option if all clients on the network support the original WPA. v2—Select this option if all clients on the network support WPA2. both—Select this option if there are clients that support both the original WPA and WPA2 on the network.	Select a WPA version.
Cipher suites	Specifies a cipher suite used for encryption. Choose one of the following: tkip ccmp both	Select a cipher suite.
Pre authenticate	Allows preauthentication information for WPA2 wireless clients to be relayed to target access point. This feature can help speed up authentication for roaming clients who connect to multiple access points. Note: This option does not apply to WPA version 1, as the original WPA does not support this feature.	Select to enable preauthentication.
Radius server	Specifies an IP address for the RADIUS server.	Enter a valid IP address.
Radius key	Specifies a shared secret used by the RADIUS server.	Enter a string of up to 64 bytes.
Broadcast key refresh rate	Specifies an interval, in seconds, between key rotations for clients associated to this virtual access point.	Enter a value from 0 to 86400. 0 disables key refreshes.
Session key refresh rate	Specifies an interval, in seconds, between session key rotations.	Enter a value from 0 to 86400. 0 disables key refreshes.