Searching...

Matching results

    Configuring Wi-Fi

    This page shows you how to configure Wi-Fi for your AirLink router in Access Point mode and Client mode.

    When configured as a Wi-Fi Access Point, multiple wireless devices can connect to the router and use the router’s WAN connection to access the network. The router can also be configured as a Wi-Fi Client where the router can connect to another Wi-Fi network to access the WAN, replacing the router’s previously active WAN connection.

    Initializing Table Of Contents...

    Wi-Fi Interfaces

    The following Wi-Fi Interfaces are available:

    • Wi-Fi AP (2.4GHZ or 5GHz)
    • Wi-Fi Client (2.4GHz + 5GHz)

    Vehicle applications often require that the router provide Wi-Fi interfaces in both Access Point mode and Client mode.

    For example:

    • The router will provide a Wi-Fi Access Point (using the cellular WAN) in the vehicle for laptops and other client devices.
    • The router will also provide a Client mode interface for when the vehicle enters a depot, where the router can connect to another Wi-Fi network (instead of the cellular WAN). The in-vehicle devices can then take advantage of the Wi-Fi WAN network (for example, to upload video camera or vehicle data to the depot network.)

    The REGION field is the regulatory domain that the router Wi-Fi is using. It is determined by using either the Global Navigation Satellite System(GNSS) sensors in the router, or by the Mobile Country Code (MCC) or Mobile Network Code (MNC) received from the carrier and received directly by the receiver on the device. The router will automatically load the operating frequencies for that regulatory region on each Wi-Fi radio interface in the software and will enable 802.11d for broadcasting the newly obtained country information. If the XR60 cannot determine the location, no default region is assigned, and 5GHz channels will not be available. For more information on supported channels, please refer to the Wi-Fi specifications in the AirLink XR60 Hardware User Guide .

    Configuring a Wi-Fi Access Point

    To configure an interface as an Access Point, click at the end of the Wi-Fi AP row in the WI-FI INTERFACES table (as shown above).

    The Edit Wi-Fi Interface menu appears — configure the fields in any order.

    • ENABLE the interface.
    • Select the BAND the Access Point will use — 2.4GHz or 5GHz

    • Select the LAN SEGMENT that you’re going to use for this access point.

      Tip: Click X to display the list of available LAN segments. LAN segments are configured under Networking > Zones Settings > LAN Segments.

    • Enter the access point’s SSID (a case-sensitive network name).

    • Select the SECURITY MODE — Depending on the mode selected, specific security credential types are required:

      • OPEN — No security. (This mode is not recommended.)
      • WPA — Requires only a SECURITY PASSPHRASE (This mode is NOT recommended.)
      • WPA2 — Requires a SECURITY PASSPHRASE and 802.11w options.
      • WPA2/WPA3 Transition Mode — Requires a SECURITY PASSPHRASE, plus 802.11w options.
      • WPA3 — Requires only a SECURITY PASSPHRASE.
      • WPA2-Enterprise — es RADIUS Authentication & Acceptance server details.

    • For all security modes except OPEN and WPA2-Enterprise, enter a SECURITY PASSPHRASE of at least 8 characters.

    • For WPA2-Enterprise security mode only:

      • Select the RADIUS AUTHENTICATION SERVER to use. This is the primary RADIUS server and is required. If there are no servers in the list, select CREATE and enter the following:
        • LABEL — name of the server
        • SERVER — IPv4 address of the server
        • PORT — optional. The port that is used to to connect to the server. Default is 1812.
        • CLIENT IP — optional. RADIUS client IPv4 address. The router will use this as IP source address when making RADIUS requests. Use this setting if a RADIUS server or VPN tunnel requires a specific source IP for the RADIUS client.
        • TIMEOUT — Not applicable for primary RADIUS server. For the secondary RADIUS server, it indicates the timeout for switching back to the primary RADIUS server after failover.
        • SECRET — the shared secret used for encryption when a client connected to the device’s AP is connecting to the RADIUS authentication server
      • Optionally select the RADIUS AUTHENTICATION SERVER 2 to specify the backup RADIUS server. Select from the list, or select CREATE.
      • Optionally select the RADIUS ACCOUNTING SERVER to use. Select from the list, or select CREATE.

    Note:
    • For the RX55 and XR60, both RADIUS authentication servers must have the same shared secret.
    • RADIUS servers must use IPv4 addresses. FQDNs and IPv6 addresses are not supported.
    • RADIUS servers can also be created by going to System > User Accounts > RADIUS.
    • As an access point (AP), the router does not establish a direct connection to the RADIUS server. Instead, it relays authentication requests from the client to the server for processing.

    • Enable LEGACY MODE to restore security option WPA (version 1) and support TKIP encryption for WPA/WPA2 modes. By default, this is disabled and only AES encryption is supported.
      Note: TKIP is only supported in non-US regions even with LEGACY MODE enabled.

    • For WPA2-Enterprise security modes only, select the 802.11W option.
      The 802.11w standard uses Protected Management Frames (PMF) to ensure clients are legitimate. Options are:

      • Disabled
      • Optional (default) — 802.11w is used for clients that support it, while clients that do not support 802.11w will still connect to the router.
      • Required — Forces 802.11w operation; clients that do not support 802.11w will not connect.

    • Enable AUTO-CHANNEL to have the router choose the channel on which to operate.
      To use a specific channel, disable AUTO-CHANNEL and then select a channel from the CHANNEL list that appears.

    • Set the BEACON INTERVAL to configure how often the router sends periodic messages (beacons) to advertise its availability. 100 milliseconds is the default setting.

    • Set the DTIM PERIOD to the number of beacons (plus 1) that a client device can sleep through before waking to check for messages.
      For example, if the DTIM Period is set to 3, the client sleeps through two beacons and wakes for the third beacon. The higher DTIM PERIOD value, the longer the client device can sleep, and the more battery power the client device can potentially save. However, high DTIM periods can also reduce throughput to the client. The default period is 2 (wake for every second beacon).

    • Enable BROADCAST SSID to have the router make the SSID visible to client devices. If BROADCAST SSID is disabled, the SSID is not shown to other devices, and the SSID and passphrase must be entered on the client for a client to connect.

    • When CLIENT ISOLATION is disabled (the default setting), clients can “see” each other, and potentially sniff traffic from each other.

      • For passenger Wi-Fi applications, enable Client Isolation to enhance security.
      • Disable Client Isolation if you have client applications on the same LAN segment that need to interact with each other.

    • Set MSS CLAMPING — MSS (Maximum TCP Segment Size) Clamping controls the maximum packet size used for TCP connections between a local (LAN-side) host and a remote host over the Wi-Fi WAN interface. MSS Clamping helps avoid possible issues with sending and receiving large TCP packets over the WAN interface when other standard MTU mechanisms do not appear to be working with your installation. The options are:

      • Disabled (default)
      • Auto — When set to Auto, the MSS is calculated based on the detected MTU(Maximum Transmission Unit) of the network path as discovered by Path MTU Discovery(PMTUD).
      • Manual — MSS is clamped to the specified maximum value bi-directionally for all inbound (remote-to-LAN) and outbound (LAN-to-remote) TCP connections when the TCP session is established using the Wi-Fi interface.

    • MSS — When MSS CLAMPING is set to Manual, set the Maximum TCP Segment Size.

      • Range is 1–2000 bytes (default is 1460)

    Additional Access Point Settings

    Below the WI-FI INTERFACES table, you can configure the settings shown here.

    • USE ADDITIONAL SSIDS — See Adding Additional SSIDs (Virtual Access Points) below.

    • Enable DFS CHANNELS to open up more Wi-Fi channels for the router to use, while preventing the router interfering with channels used by radar equipment (near airports, for example). With DFS CHANNELS enabled, the router will switch channels if it detects radar equipment using the same channel. Unless you know that your operating equipment is DFS capable, Semtech recommends leaving DFS CHANNELS disabled.

      • If the router Access Point (AP) switches channels because of radar activity, the AP does not broadcast for about 30 minutes. In addition, Semtech recommends against configuring the AP interface during that time, otherwise the AP will not resume broadcasting until the router is restarted.
      • The DFS CHANNELS setting is unavailable when Client is enabled and the Access Point BAND is configured for 5GHz.
      • Enabling DFS may result in delayed connectivity at boot.

    • Set the MAX NUMBER OF CLIENTS — Enter the maximum number of clients that can connect simultaneously to all access point interfaces. As a guideline, set a limit that is slightly higher than the number of clients you expect to connect. The default is 32, with a range of 1 to 32.

    • DISABLE APS ON CLIENT ASSOCIATION — See Managing APs During Client Association below.

    Managing APs During Client Association

    A DISABLE APS ON CLIENT ASSOCIATION switch is below the WI-FI INTERFACES table.

    This switch is disabled by default.

    If this switch is enabled, the router will automatically disable some or all of its Access Points and Additional SSIDs when its Wi-Fi Client connects to a Wi-Fi access point (for example, when arriving at a service vehicle depot). Then, when the router disconnects from the access point, its own Access Points and Additional SSIDs are automatically re-enabled.

    To configure this feature:

    1. Enable the switch. Configuration fields appear.
    2. Set the DISABLE AP DELAY to the length of time to wait before disabling the router’s Access Point. If no delay is required, set the delay to 0.
    3. Optionally, choose from the DISABLE AP IGNORE LIST any APs and Additional SSIDs that should not be disabled by this feature.

    Adding Additional SSIDs (Virtual Access Points)

    A USE ADDITIONAL SSIDS switch is below the Wi-Fi configuration table. Enable this switch when you require multiple SSIDs broadcasting on separate LAN segments that are configured for different security protocols.

    When enabled, an ADDITIONAL SSIDS table opens, from which you can select, enable, and edit SSIDs (Virtual Access Points — “VAP”s).

    Up to two additional SSIDs can be enabled for the Wi-Fi AP 2.4GHz and Wi-Fi AP 5GHz interfaces (i.e., one for Wi-Fi AP 5GHz and one for Wi-Fi AP 2.4GHz).

    To configure an additional SSID, click at the end of the row in the ADDITIONAL SSIDS table (as shown above).

    The Edit Wi-Fi Interface menu appears — configure the fields in any order.

    This menu is identical to the Edit Wi-Fi Interface menu described above except that the CHANNEL settings cannot be configured. Those settings are inherited from the main Wi-Fi AP interface.


    Configuring the Wi-Fi Radios

    When USE ADDITIONAL SSIDS is enabled, you can configure each radio in the WI-FI RADIO CONFIGURATION table that appears below. These settings override the settings for the AP and Client in the WI-FI INTERFACES table. Note that these are general radio settings that are shared by the AP and Client interfaces.

    For each radio listed in the WI-FI RADIO CONFIGURATION table:

    • Enable or disable Auto-Channel. When Auto-Channel is disabled, you can select the channel on which to operate.

      • To select the channel, click at the end of a row in the WI-FI RADIO CONFIGURATION table and use the Edit Wi-Fi Interface menu.

    • Select the Channel Bandwidth to use (up to 80 MHz). Each 20 MHz of bandwidth corresponds to 1 channel (i.e., 1 channel = 20 MHz, 4 channels = 80 MHz).

    Monitoring Access Point Mode Operation

    On Status/Monitoring > Dashboard, the LAN dashboard shows you the Wi-Fi LAN interfaces and the LAN segments they use. A blue Access Point icon ( ) indicates the interface is enabled and operating.

    Tip: Click a Wi-Fi LAN interface icon to go to the WI-FI INTERFACES configuration table and review your configuration. Hover your cursor over the DATA USAGE pie chart segments to see usage for each connection type.

    Additionally, you can go to Status/Monitoring > System > Wi-Fi to view detailed Wi-Fi Access Point status, including the active channel and connected stations (clients).

    Configuring Wi-Fi Client Mode

    You can create a Client Mode configuration by using a scanned SSID from the SSID Database, or by creating an SSID. The router will use the SSID for its WAN connection.

    When connecting the router to an internal network via Wi-Fi or Ethernet WAN, ensure that the network providing a WAN link does not use the router’s default internal subnet (192.168.1.0/24). The address conflict will prevent the WAN connection from being established.

    For more information, see this Semtech Customer Community article.

    Tips:

    • Click SCAN NOW to refresh the SCANNED SSIDS table.

    • Rest the pointer on an SSID to view the channel, BSSID and RSSI for each band.

    To use a scanned SSID:

    1. In the SCANNED SSIDS table, click + to add the desired SSID to the SELECTED SSIDS table. You must then fully enable the new SSID by adding the SSID’s security passphrase.
    2. In the SELECTED SSIDS table, click (Edit) for the desired Client SSID.
    3. In the Edit SSID screen, add the security passphrase and assign a priority (optional).
    4. Click UPDATE.

    After you configure the SSID with a passphrase, the Wi-Fi Client interface starts using it (if another SSID with a higher priority is not configured).

    To create an SSID manually:

    1. Under the SELECTED SSIDS table, click CREATE SSID.
    2. In the Create SSID screen, enter the SSID name.
    3. Select the SECURITY MODE — Depending on the mode selected, specific security credential types are required:
      • OPEN — No security. (This mode is NOT recommended.)
      • WPA — Requires only a SECURITY PASSPHRASE (This mode is NOT recommended.)
      • WPA2 — Requires a SECURITY PASSPHRASE, plus 802.11w options.
      • WPA2/WPA3 Transition Mode — Requires a SECURITY PASSPHRASE, plus 802.11w options.
      • WPA3 — Requires only a SECURITY PASSPHRASE.
      • WPA2-Enterprise — Requires RADIUS Authentication & Acceptance server details.
       
    4. For all security modes except OPEN and WPA2-Enterprise, enter a SECURITY PASSPHRASE of at least 8 characters.
    5. For WPA2-Enterprise security mode only:
      • Select the EAP METHOD to use. Options are:
        • PEAP — when selected, requires the following:
          • USER PASSWORD
          • A ROOT CERTIFICATE. Optional. If required by RADIUS server, then select a certificate from the list, or select CREATE and enter the following:

            SETTING DESCRIPTION
            TYPE Root Certificate
            NAME Required name identifying the certificate
            ROOT CERTIFICATE Click to upload the root certificate file
        • TLS — when selected, requires the following:
          • A USER CERTIFICATE WITH A ROOT CERTIFICATE. Select a certificate from the Uploaded certificates list or the Generated certificates list. If the certificate is not present, click CREATE. For Uploaded certificates, enter the following:

            SETTING DESCRIPTION
            TYPE Certificate
            NAME Required name identifying the certificate
            PRIVATE KEY Click to upload the private key
            ROOT CERTIFICATE Click to upload the root certificate file
            For Generated certificates, clicking CREATE will open the Create Certificate Signing Request screen, where you can enter a certificate signing request to be sent to your certificate management system. See Managing Security Certificates for more information.
        Note:
        • Certificates can also be created by going to System > Security > Certificates. See Managing Security Certificates for more information.
        • As a client, it is the router's remote access point that passes the authentication to the RADIUS server.

    1. Optionally select the 802.11w. The 802.11w standard uses Security Association Query Requests to ensure that clients are legitimate. Options are:
      • Disabled: not available as an option when WPA2/WPA3 Transition Mode is selected
      • Optional (default): 802.11w will be used when connecting to access points that support it.
      • Required: forces 802.11w operation; the router will not connect to access points unless they have 802.11w enabled.
    2. Enter the PRIORITY. Priority of networks ordered from 1 (high priority) to 65535 (low priority).
    3. Enter the RSSI THRESHOLD. Connects only if RSSI is above the specified threshold.
    4. For WPA2-Enterprise security mode only, enter the IDENTITY. The IDENTITY or username as defined on the RADIUS server
    5. Select CREATE.

    When making a template to include the selected Client SSID with the enterprise certificates, the certificates will automatically be included in the template except for the private key. If the private key needs to be in the template, than like a password, it will need to be provided while in template creation mode.

    Additional Client mode configuration

    You can complete or edit the Client mode configuration in the WI-FI INTERFACES table.

    To configure an interface as a Client, click at the end of the row of a Client interface.

    The Edit Wi-Fi Interface menu appears — configure the fields in any order.

    • ENABLE the interface

    • Select the BAND — 5GHz, 2.4GHz, or 2.4GHz + 5GHz

    • Set the SSID SELECTION switch:

      When you have multiple SSIDs configured, Semtech recommends leaving SSID SELECTION at the default Auto (Highest Priority) setting. The router will automatically search and connect to an SSID depending on priority. If priorities are identical, the router will use the closest SSID with the fastest estimated link speed.

    To configure the Wi-Fi client to use only a single, specific SSID, set SSID Selection to “Manual” and then choose the CONFIGURED SSID you wish to connect to.

    • Enter the SCAN INTERVAL, which sets how often the router scans for SSIDs when disconnected.
    • Set MSS CLAMPING — MSS (Maximum TCP Segment Size) Clamping controls the maximum packet size used for TCP connections between a local (LAN-side) host and a remote host over the Wi-Fi WAN interface. MSS Clamping helps avoid possible issues with sending and receiving large TCP packets over the cellular network when other standard MTU mechanisms do not appear to be working with your installation. The options are:
      • Disabled (default)
      • Auto — MSS is clamped at 40 bytes (20 byte IP header + 20 byte TCP header) less than the MTU of the Wi-Fi interface.
      • Manual — MSS is clamped to the specified maximum value bi-directionally for all inbound (remote-to-LAN) and outbound (LAN-to-remote) TCP connections when the TCP session is established using the Wi-Fi interface.
    • MSS — When MSS CLAMPING is set to Manual, set the Maximum TCP Segment Size.
      • Range is 1–2000 bytes (default is 1460)

    Below the WI-FI INTERFACES table, you can configure the following settings:

    • Enable DFS CHANNELS to open up more Wi-Fi channels for the router to use, while preventing the router interfering with channels used by radar equipment (near airports, for example). With DFS CHANNELS enabled, the router will switch channels if it detects radar equipment using the same channel. Unless you know that your operating equipment is DFS capable, Semtech recommends leaving DFS CHANNELS disabled.
      • If the router Access Point (AP) switches channels because of radar activity, the AP does not broadcast for about 30 minutes. In addition, Semtech recommends against configuring the AP interface during that time, otherwise the AP will not resume broadcasting until the router is restarted.
      • The DFS CHANNELS setting is unavailable when Client is enabled and the Access Point BAND is configured for 5GHz.
      • Enabling DFS may result in delayed connectivity at boot.

    Monitoring Client Mode Operation

    On Status/Monitoring > Dashboard, the WAN dashboard shows you the Wi-Fi WAN interfaces. A grey Wi-Fi icon ( ) indicates a disconnected interface. A blue Wi-Fi icon ( ) indicates a connected interface.

    Tip: Click a Wi-Fi icon to go to the WI-FI INTERFACES configuration table and review your configuration.

    Additionally, you can go to Status/Monitoring > System > Wi-Fi to view detailed Wi-Fi Client status, including bitrate and the active channel.

    TOP