Ruijie RG-WLAN Series Access Points

AP_RGOS 11.9(6)W1B1

Web-based Configuration Guide

Document Version: V1.0

Date: 2023.06.20
Copyright © 2023 Ruijie Networks
Copyright
Copyright © 2023 Ruijie Networks

All rights are reserved in this document and this statement.

Any reproduction, excerption, backup, modification, transmission, translation or commercial use of this document or
any portion of this document, in any form or by any means, without the prior written consent of Ruijie Networks is
prohibited.

Trademarks including and are owned by Ruijie Networks.

All other trademarks or registered trademarks mentioned in this document are owned by their respective owners.

Disclaimer
The products, services, or features you purchase are subject to commercial contracts and terms. Some or all of the
products, services or features described in this document may not be within the scope of your purchase or use.
Unless otherwise agreed in the contract, Ruijie Networks does not make any express or implied statement or
guarantee for the content of this document.

Due to product version upgrades or other reasons, the content of this document will be updated from time to time.
Ruijie Networks reserves the right to modify the content of the document without any notice or prompt.

This manual is for reference only. Ruijie Networks endeavors to ensure content accuracy and will not shoulder any
responsibility for losses and damages caused due to content omissions, inaccuracies or errors.
 Preface
Intended Audience
This document is intended for:

 Network engineers

 Technical support and servicing engineers

 Network administrators

Technical Support
 Ruijie Networks Website: https://www.ruijienetworks.com/

 Technical Support Website: https://ruijienetworks.com/support

 Case Portal: https://caseportal.ruijienetworks.com

 Community: https://community.ruijienetworks.com

 Technical Support Email: [email protected]

 Live Chat: https://www.ruijienetworks.com/rita

Conventions
1. Signs
The signs used in this document are described as follows:

Warning

An alert that calls attention to important rules and information that if not understood or followed can result in data
loss or equipment damage.

Caution

An alert that calls attention to essential information that if not understood or followed can result in function failure or
performance degradation.

Note

An alert that contains additional or supplementary information that if not understood or followed will not lead to
serious consequences.

Specification

An alert that contains a description of product or version support.

I
 Contents

Preface ................................................................................................................................................... I

1 Web-based Configuration ................................................................................................................ 1

1.1 Overview .................................................................................................................................... 1

1.2 Application ................................................................................................................................. 1

1.2.1 Web-based Management ........................................................................................... 1

1.3 Web Configuration ..................................................................................................................... 3

1.3.1 Config Wizard ............................................................................................................. 3

1.3.2 Monitor ........................................................................................................................ 6

1.3.3 Configuration .............................................................................................................. 8

1.3.4 Diagnosis .................................................................................................................. 60

1.3.5 Maintenance ............................................................................................................. 64

1.3.6 Others ....................................................................................................................... 72

1.4 Fit AP-Eweb ............................................................................................................................. 74

1.4.1 SmartAP ................................................................................................................... 74

1.5 Enabling the Web Server......................................................................................................... 75

1.6 Configuration Examples .......................................................................................................... 78

1.6.1 Constructing a WLAN for the DHCP Server on the AP Device ............................... 78

i
Configuration Guide Web-based Configuration

1 Web-based Configuration

1.1 Overview

A user accesses the Web-based management system using a browser such as Internet Explorer (IE) to manage the
AP device.

Web-based management involves two parts: Web server and Web client. A Web server is integrated into a device to
receive and process requests sent from a client (for example, read a Web file or execute a command request) and
returns the processing results to the client. Generally, a Web client refers to a Web browser.

Currently, this file is applicable to only AP devices.

1.2 Application

Application Description
Web-based Management After configuring, a user can access the Web-based management system through a
browser.

1.2.1 Web-based Management

Scenario

As shown in the following figure, an administrator can access a device through a browser on a PC to manage the
device.

Figure 1-1

Note The Web management system integrates configuration commands and sends them to the device through
AJAX requests.
Web service is enabled on the device to process HTTP requests to return requested data.

Function Deployment

1
Configuration Guide Web-based Configuration

 Configuration Environment Requirements

Requirements for Client

 An administrator logs in to the Web-based management system using the Web browser on a client to manage
the device. Generally, a client refers to a PC. It may also be other mobile terminal devices, for example, a laptop.

 Google Chrome is recommended, and Internet Explorer 11 and 360 Browser are supported. Exceptions such as
messy code and format errors may occur when other browsers are used.

 Resolution: It is recommended that the resolution be set to 1024 x 768, 1280 x 1024, or 1440 x 960. Exceptions
such as font alignment error and format error may occur when other resolutions are selected.

Requirements for server

 The Web service must be enabled for the AP device.

 Login authentication information for Web-based management must be configured for the AP device.

 A management IP address must be configured for the AP device.

 Default Configuration

The following table lists the Web management system default configuration.

Feature Default Settings

Web service Enabled
Management IP 192.168.110.1

Default Username/Password Permission Description

admin/admin Super administrator with all permissions.

The default password is not saved in show running-config.

 Login

Type http://X.X.X.X (management IP address), default: http://192.168.110.1, in the address bar of a browser and press
Enter to access the login page, as shown in the following figure.

Figure 1-2 Login page

2
Configuration Guide Web-based Configuration

After typing the username and password, click Login.

Enter the username and password. Click Login to access the Web management system.

Click Online Service for configuration help.

If you enter the wrong username or password for five consecutive times, your account will be locked for 10 minutes.

1.3 Web Configuration

1.3.1 Config Wizard

Build a Wi-Fi network for STAs to access for Internet services.

3
Configuration Guide Web-based Configuration

1) The Config Wizard page is displayed after successfully logging in to the Web if the device is in the default factory
setting state, as shown in the preceding figure.

2) The Config Wizard page is also displayed when you click the Config Wizard link in the upper-right corner on the
homepage.

The device supporting NAT can work in Bridge mode or NAT mode.

A device not supporting NAT can work only in Bridge Mode.

4
Configuration Guide Web-based Configuration

Configure the Wi-Fi parameters, and click Finish to finish the configuration.

After the AP device is initialized, please configure the AP device through the Config Wizard page.

5
Configuration Guide Web-based Configuration

All quick settings are scenario-based settings. And some of the configuration is delivered by default. If
configurations such as NAT, interface, or address pool are changed via CLI or MACC system, it is recommended
to not change the configuration again via Quick Settings, otherwise there could be incompatibility.

If the AP device is in access mode, it is recommended to build the gateway and address pool on the other device.
If the AP device is in routing mode, it is recommended to build the gateway and address pool on the AP device
and configure the NAT for it.

1.3.2 Monitor

1.3.2.1 Dashboard

The dashboard enables viewing basic information for the AP device, including the device MAC address, device model,
system alarm information, flow trends of AP device ports, latest trends of all management APs, and STA information
corresponding to each management AP. In addition, it enables you to know the distribution condition of STA signal
strength in real time.

Click the Traffics > Details or RSSI Summary > Details link in the lower left corner to view the STA details on the
displayed page, for example, the MAC address and RSSI.

1.3.2.2 User Info

User information is displayed here.

6
Configuration Guide Web-based Configuration

1.3.2.3 DHCP

DHCP includes DHCP client list and DHCP server status.

1.3.2.3.1 DHCP Client List

DHCP clients are displayed here.

1.3.2.3.2 DHCP Server Status

DHCP server status and address pool usage are displayed here.

7
Configuration Guide Web-based Configuration

1.3.3 Configuration

1.3.3.1 Wi-Fi/WLAN

A Wireless Local Area Network (WLAN) refers to a network system that allows different PCs to communicate and share
resources with each other by interconnecting different PCs through wireless communication technologies. The essence
of a WLAN is that PCs are interconnected with each other in wireless rather than wired mode, thus constructing a
network and allowing terminals to move more flexibly.

Wi-Fi or Wi-Fi is a technology for wireless local area networking with devices based on the IEEE
802.11standards. Devices that can use Wi-Fi technology include personal computers, video-game
consoles, smartphones, digital cameras, tablet computers, smart TVs, digital audio players and modern printers. Wi-Fi
compatible devices can connect to the Internet via a WLAN and a wireless access point. Such an access point
(or hotspot) has a range of about 20 meters (66 feet) indoors and a greater range outdoors. Hotspot coverage can be
as small as a single room with walls that block radio waves, or as large as many square kilometers achieved by using
multiple overlapping access points.

Service Set Identifier (SSID), also referred to as ESSID: It is used to distinguish different networks, that is, identifying
an ESS. An SSID contains a maximum of 32 characters. A WNIC configured with different SSIDs can access different
networks. SSIDs are usually broadcasted by an AP or a wireless router. The scanning function delivered with the XP
can be used to view SSIDs within the current area. In consideration of security, SSIDs may not be broadcasted. In this
case, users need to manually set SSIDs to access corresponding networks. To be simple, an SSID is the name of a
WLAN. Only computers with the same SSID can communicate with each other.

The WLAN allows wireless STAs to access the AP through Wi-Fi for Internet services. Multiple WLANs can be added
or deleted.

The following figure shows the page for adding a WLAN.

8
Configuration Guide Web-based Configuration

 Adding Wi-Fi/WLAN

1) Click , and a new panel for Wi-Fi configuration is displayed.

2) Set the Wi-Fi parameters.

3) Click Save to finish the configuration.

 Editing Wi-Fi/WLAN

9
Configuration Guide Web-based Configuration

1) Click the Wi-Fi panel you want to edit.

2) Edit the Wi-Fi configuration.

3) Click Save. The Edit succeeded message is displayed.

WLAN ID

WLAN ID is used to identify a WLAN network.

SSID

An SSID is the name of a wireless local area network.

Encryption Type

Open: No password is required.

WPA/WPA2-PSK: This encryption type is secure and simple, often used in homes and small offices.

WPA/WPA2-802.1x: An authentication server is required. This encryption type is complicated and costs much, not
recommended for common users.

Advanced Settings

Hide SSID

This function is disabled by default.

SSID Code

UTF-8: Most terminals support UTF-8. The default code is UTF-8.

GBK: Some terminals and PCs support GBK.

WiFi Type

10
Configuration Guide Web-based Configuration

Radio1 is a 2.4GHz network and Radio2 is a 5GHz network.

Rate Limiting

The device only supports rate limiting on each user currently.

wlan-qos wlan-based * per-user-limit up-streams average-data-rate ** burst-data-rate **

wlan-qos wlan-based * per-user-limit down-streams average-data-rate ** burst-data-rate **

5G-prior Access

This feature will be displayed if supported by the device.

 Deleting Wi-Fi/WLAN

1) Click the Wi-Fi panel you want to delete a Wi-Fi.

2) Click .

3) Click OK in the dialog box displayed to finish the deletion operation.

1.3.3.2 AP

1.3.3.2.1 Radio Settings

Wireless channels transmit RF medium between APs and wireless STAs. The use of channels varies with different
countries and frequency bands. For example, the 2.4 GHz frequency band can be configured with 13 channels (channel
1 to channel 13), and the 5 GHz frequency band can be configured with five channels (channels 149, 153, 157, 161,
and 165). The overlapping channels in the 2.4 GHz frequency band generate interference. It is recommended that
these channels be configured as non-overlapping channels (for example, channels 1, 6, and 11) to avoid radio signal
collision. The five channels in the 5 GHz frequency band do not overlap or generate interference.

11
Configuration Guide Web-based Configuration

Wireless channel settings are mainly about adjusting the strength of the Wi-Fi signal sent out by the device. Channel
parameters can be set for the 2.4G and 5G networks.

 Enabling the 2.4G Network

1) Click to enable or disable the 2.4G network.

 Enabling the 5G Network

12
Configuration Guide Web-based Configuration

1) Click to enable or disable the 5G network.

 Country & Region

The country or region of the current radio.

Radio Protocol

2.4G Network: (1) 11bgn indicates the set of 802.11b, 802.11g and 802.11n. (2) 11bgn+11ax indicates the set of 802.11b,
802.11g, 802.11n and 802.11ax.

5G Network: (1) 11an indicates the set of 802.11a and 802.11n. (2) 11an+11ac indicates the set of 802.11a, 802.11n,
802.11ac. (3) 11an+11ac+11ax indicates the set of 802.11a, 802.11n, 802.11ac and 802.11ax.

Radio Channel

The channel of the current radio.

RF Bandwidth

The channel width of the current radio, including 20 Mhz and 40 Mhz.

Power

The power of the current radio. Power Saving, Standard and Enhanced indicate 30, 80 and 100 respectively.

STA Limit

The number of clients associated to the current radio.

1.3.3.2.2 iBeacon

iBeacon uses Bluetooth low energy proximity sensing to transmit a universally unique identifier picked up by a
compatible app or operating system. The identifier and several bytes sent with it can be used to determine the device's
physical location, track customers, or trigger a location-based action on the device such as a check-in on social
media or a push notification.

iBeacon signals are broadcast over Bluetooth, and mainly applied to WeChat Shake.

If iBeacon is not displayed in the menu, this function is not supported.

 If the AP does not support Bluetooth radio, the following page will be displayed.

13
Configuration Guide Web-based Configuration

 If the AP supports Bluetooth radio, the following page will be displayed. You can configure iBeacon globally or
based on radio. Radio-based iBeacon settings prevail over global iBeacon settings.

1.3.3.2.3 Client Limit

Client limit refers to the maximum number of associated STAs.

1.3.3.2.4 Radio Balance

Radio balance refers to the balance of STAs on each radio.

14
Configuration Guide Web-based Configuration

1.3.3.3 Network

1.3.3.3.1 External Network Settings

External network settings are mainly about configuration of the communication mode between the AP and external
network. Two communication modes are available: Bridge mode and NAT mode.

In Bridge Mode, the Ruijie APs act as bridges, allowing wireless clients to obtain their IP addresses from an upstream
DHCP server.

In NAT Mode, the Ruijie APs run as DHCP servers to assign IP addresses to wireless clients out of a private 10.x.x.x
IP address pool behind a NAT.

The AP you use might not support this function, which is subject to the actual menu items.

15
Configuration Guide Web-based Configuration

You can select the AP working mode to determine the AP role and then configure based on the corresponding working
mode.

Set corresponding parameters and save the configuration.

1.3.3.3.2 Interface

A port is a physical entity that is used for connections on the network devices.

Speed

16
Configuration Guide Web-based Configuration

Generally, the speed of an Ethernet physical port is determined through negotiation with the peer device. The
negotiated speed can be any speed within the interface capability. You can also configure any speed within the interface
capability for the Ethernet physical port on the Web page.

When you configure the speed of an AP port, the configuration takes effect on all of its member ports. (All these member
ports are Ethernet physical ports.)

Duplex Mode

Set the duplex mode of the interface to full-duplex so that the interface can receive packets while sending packets.

Set the duplex mode of the interface to half-duplex so that the interface can receive or send packets at a time.

Set the duplex mode of the interface to auto-negotiation so that the duplex mode of the interface is determined through
auto negotiation between the local interface and peer interface.

Interface Name

You can configure the name of an interface based on the purpose of the interface. For example, if you want to assign
GigabitEthernet 1/1 for exclusive use by user A, you can describe the interface as "Port for User A."

Administrative Status

You can configure the administrative status of an interface to disable the interface as required. If the interface is disabled,
no frame will be received or sent on this interface, and the interface will loss all its functions. You can enable a disabled
interface by configuring the administrative status of the interface. Two types of interface administrative status are
defined: Up and Down. The administrative status of an interface is Down when the interface is disabled, and Up when
the interface is enabled.

 Interface Settings

 Editing port settings

17
Configuration Guide Web-based Configuration

1) Click the Edit button for a port in the list.

2) The configuration for the port is displayed in the dialog box. Next, edit the configuration.

3) Click Save. The Save operation succeeded message is displayed.

1.3.3.3.3 VLAN

A Virtual Local Area Network (VLAN) is a logical network created based on a physical network. A VLAN can be
categorized into Layer-2 networks of the OSI model.

A VLAN has the same properties as a common LAN, except for physical location limitation. Unicast, broadcast and
multicast frames of Layer 2 are forwarded and transmitted within a VLAN, keeping traffic segregated.

We may define a port as a member of a VLAN, and all terminals connected to this port are parts of a virtual network
that supports multiple VLANs. You do not need to adjust the network physically when adding, removing and modifying
users. Communication among VLANs is realized through Layer-3 devices, as shown in the following figure.

18
Configuration Guide Web-based Configuration

The VLANs supported by Ruijie products comply with the IEEE802.1Q standard. A maximum of 4094 VLANs (VLAN
ID 1-4094) are supported, among which VLAN 1 cannot be deleted.

 Adding a VLAN

19
Configuration Guide Web-based Configuration

Click Add VLAN. A dialog box is displayed, as shown in the preceding figure. Set corresponding parameters in the
dialog box and click Save. The newly added VLAN is displayed in the VLAN list after the Add operation succeeded
message is displayed.

 Deleting VLANs in batches

1) Select the VLAN to be deleted from the list.

2) Click Delete Selected to finish deleting.

 Editing a VLAN

20
Configuration Guide Web-based Configuration

Click the Edit button. A dialog box is displayed, as shown in the preceding figure. Click Save. The Save operation
succeeded message is displayed.

 Deleting a VLAN

Click the Delete button for a VLAN in the list and then click OK in the displayed dialog box to finish deleting.

1.3.3.3.4 Route

Routing is the process of selecting a path for traffic in a network, or between or across multiple networks.

Static routing is a form of routing that occurs when a router uses a manually-configured routing entry. In many cases,
static routes are manually configured by a network administrator by adding in entries into a routing table, though this
may not always be the case.

Default route is a setting on a computer that defines the packet forwarding rule to use when no specific route can be
determined for a given Internet Protocol (IP) destination address. All packets for destinations not established in
the routing table are sent via the default route.

21
Configuration Guide Web-based Configuration

 Adding a static route

Click Add Static Route, set the configuration items in the dialog box displayed, and click Save. The newly added static
route is displayed in the route list after the Save operation succeeded message is displayed.

 Adding the default route

22
Configuration Guide Web-based Configuration

Click Add Default Route. Set the configuration items in the displayed dialog box, and click Save. The newly added
route is displayed in the route list after the Save operation succeeded message appears.

 Deleting routes in batches

1) Select the route from the list.

2) Click Delete Selected Route to finish deleting.

 Editing a route

1) Click the Edit button for a route in the list.

2) A dialog box is displayed, as shown in the preceding figure. The configuration for the route is displayed. Next, edit
the configuration.

3) Click Save. The Save operation succeeded message is displayed.

 Deleting a route

23
Configuration Guide Web-based Configuration

Click the Delete button for a route in the list and then click OK in the displayed dialog box to finish deleting.

1.3.3.3.5 DHCP

Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol
(IP) host with its IP address and other related configuration information such as the subnet mask and default gateway.
RFCs 2131 and 2132 define DHCP as an Internet Engineering Task Force (IETF) standard based on Bootstrap Protocol
(BOOTP), a protocol with which DHCP shares many implementation details. DHCP allows hosts to obtain required
TCP/IP configuration information from a DHCP server.

DHCP supports three mechanisms for IP address allocation. In "automatic allocation", DHCP assigns a permanent IP
address to a client. In "dynamic allocation", DHCP assigns an IP address to a client for a limited period of time (or until
the client explicitly relinquishes the address). In "static allocation", a client's IP address is assigned by the network
administrator, and DHCP is used simply to convey the assigned address to the client. A particular network will use one
or more of these mechanisms, depending on the policies of the network administrator.

 DHCP Settings

 Adding a DHCP Pool

24
Configuration Guide Web-based Configuration

Click Add DHCP, set the configuration items in the dialog box displayed, and click Save. The newly added DHCP pool
is displayed in the DHCP pool list after the Save operation succeeded message is displayed.

 Deleting DHCPs in batches

1) Select the DHCP pool from the list.

2) Click Delete Selected DHCP and then click OK in the dialog box displayed to finish deleting.

 Configuring excluded address range

25
Configuration Guide Web-based Configuration

Click Excluded Address Range. A dialog box is displayed, as shown in the preceding figure. Set the configuration
items in the displayed dialog box, and click Save. The newly configured address range is displayed in the DHCP pool
list after the Save operation succeeded message is displayed.

 DHCP service

Click to enable or disable the DHCP service.

 Editing a DHCP pool

26
Configuration Guide Web-based Configuration

1) Click the Edit button for a DHCP pool in the list.

2) The configuration for the DHCP pool is displayed in the dialog box. Next, edit the configuration.

3) Click Save. The Save operation succeeded message is displayed.

 Deleting a DHCP pool

Click Delete to finish deleting.

 Static Address

27
Configuration Guide Web-based Configuration

 Adding a static address

Click Add Static Address, set the configuration items in the displayed dialog box, and then click Save. The newly
added static address is displayed in the list after the Save operation succeeded message is displayed.

 Deleting static addresses in batches

28
Configuration Guide Web-based Configuration

1) Select the static address from the list.

2) Click Delete Selected Address and then click OK in the dialog box displayed to finish deleting.

 Editing a static address

1) Click the Edit button for a static address in the list. A dialog box is displayed.

2) The configuration for the static address is displayed in the dialog box. Next, edit the configuration.

3) Click Save. The Save operation succeeded message is displayed.

 Deleting a static address

Click the Delete button for a static address in the list to finish deleting.

 DHCP Relay

29
Configuration Guide Web-based Configuration

Enter the relay server address and click Save.

 Client List

 Binding a MAC address to a dynamic IP address

1) Select the static address from the list.

2) Click Bind MAC to Dynamic IP and then click OK in the displayed dialog box to finish deleting.

 Querying clients based on IP address:

30
Configuration Guide Web-based Configuration

Input the IP address in the text box. Click Search. The search results meeting the criterion are displayed in the list.

1.3.3.3.6 Port Mapping

Generally, this function is used to map a specified port of a specified host in the internal network to a specified port of
an external network address.

This function may not be supported. The actual menu may vary with the device.

 Adding port mapping

31
Configuration Guide Web-based Configuration

Click Add Port Mapping, set the configuration items in the dialog box displayed, and then click Save. The newly added
port mapping is displayed in the list after the Save operation succeeded message is displayed.

 Batch deleting port mapping entries

1) Select the port mapping from the list.

2) Click Delete Selected Port Mapping and then click OK in the displayed dialog box to finish deleting.

 Editing port mapping

32
Configuration Guide Web-based Configuration

1) Click the Edit button for a port mapping in the list.

2) The configuration for port mapping is displayed in the dialog box. Next, edit the configuration.

3) Click Save. The Save operation succeeded message is displayed.

 Deleting port mapping

Click the Delete button for a port mapping entry in the list to finish deleting.

1.3.3.3.7 VPN

It is only allowed to configure VPN settings on a WAN port.

33
Configuration Guide Web-based Configuration

The Advanced Settings include some algorithm settings. It is recommended to use the default settings.

1.3.3.4 Security

1.3.3.4.1 Containment

Rogue APs may exist in a WLAN. Rogue APs may have security vulnerabilities and can be manipulated by attackers
to seriously threaten and endanger network security. The containment function can be enabled on the AP to attack
rogue devices and prevent other wireless STAs from being associated with rogue devices.

 Containment Settings

34
Configuration Guide Web-based Configuration

Click to enable or disable rogue AP containment for the device.

 Adding a MAC address

You can add the MAC address to be contained here.

 Adding an SSID blacklist

35
Configuration Guide Web-based Configuration

You can add the MAC address to be contained here.

 Trusted AP

When the rogue AP containment function is enabled, the APs not authorized will be contained. However, some APs
are trusted devices and special processing is required. You can configure the MAC addresses of trusted devices.

36
Configuration Guide Web-based Configuration

 Phishing Wi-Fi Keyword

If an SSID matches with the keyword fuzzily, the Wi-Fi is a phishing Wi-Fi.

1.3.3.4.2 Blacklist & Whitelist

This function allows or blocks specified users from accessing the Wi-Fi.

The whitelist/blacklist capacity is 1024 by default.

 Blacklist & Whitelist

Add the blacklist or whitelist user by adding the MAC address.

Click to add a MAC address for a user. You can add multiple MAC addresses.

37
Configuration Guide Web-based Configuration

 Deleting a blacklist user

Click Delete to delete a MAC address for a user.

 Deleting blacklist users in batches

1. Select one or more records from the list.

2. Click Delete Selected.

 Importing blacklist users

1. Click Batch Import Users.

2. Download the template file and enter the data.

38
Configuration Guide Web-based Configuration

3. Import the file.

 SSID-based Blacklist

Click in the list and configure the whitelist/blacklist for the specified SSID.

You can select the blacklist/whitelist type, add blacklist/whitelist users, and import blacklist/whitelist users.

 Dynamic Blacklist & Whitelist

Add malicious attack sources to the dynamic blacklist to prohibit access.

39
Configuration Guide Web-based Configuration

1) Set the parameters and then save the configuration.

2) Select the blacklist from the list.

3) Click Delete Selected and then click OK in the displayed dialog box to finish deleting.

 OUI Blacklist & Whitelist

 Add OUI

40
Configuration Guide Web-based Configuration

Click Add OUI, set the configuration items in the dialog box displayed, and click Save. The newly added OUI is
displayed in the OUI list after the Add succeeded message is displayed.

 Deleting OUIs in batches

1. Select the OUI from the list.

2. Click Delete Selected and then click OK in the dialog box displayed to finish deleting.

 Deleting a OUI

Click Delete to finish deleting.

 Importing OUIs

41
Configuration Guide Web-based Configuration

1. Click Import OUIs.

2. Download the template file and enter the data.

3. Import the file.

1.3.3.4.3 User Isolation

To ensure network security and prevent unwitting information transfer, you can prohibit communication between internal
network users by means of configuration. Some special users (users who can access each other) can be identified
based on the user name and MAC address.

1) Click to enable or disable mutual access for internal network users.

2) Click to delete the MAC address of the user.

3) Click the Add icon to add a MAC address for a mutual-access user. You can add multiple MAC addresses.

42
Configuration Guide Web-based Configuration

4) Click Save to finish the configuration.

1.3.3.4.4 Anti-attack

Some malicious attacks are always found in the network environment. These attacks may bring about an extremely
heavy burden for the switch, resulting in the switch using an excessive amount of CPU power and giving rise to a
potential operational failure.

1) ARP-guard: Enables ARP-guard configuration. Click the ARP-guard List link to view the host where ARP attack
is detected.

2) IP-guard: Enables IP-guard configuration. Click the IP-guard List link to view the host where IP scanning is
detected.

3) ICMP-guard: Enables ICMP-guard configuration. Click the ICMP-guard List link to view the host where an ICMP
attack is detected.

4) DHCP-guard: Enables DHCP-guard configuration. Click the DHCP-guard List link to view the host where a
DHCPv4 attack is detected.

5) DHCPv6-guard: Enables DHCPv6-guard configuration. Click the DHCPv6-guard List link to view the host where
a DHCPv6 attack is detected.

6) ND-guard: Enables ND-guard configuration.

43
Configuration Guide Web-based Configuration

1.3.3.4.5 ARP

 Dynamic Binding>>Static Binding

1) Select one or multiple records from the ARP list.

2) Click the Dynamic Binding>>Static Binding icon to switch from dynamic binding to static binding in batches.

 Remove static Binding

1) Select one or multiple records from the ARP list.

2) Click the Delete Selected icon to remove static binding in batches.

 Manual Binding

1) Click the Manual Binding icon.

2) Set the IP address and MAC address.

Click OK. The newly bound ARP is displayed in the ARP list after the Save operation succeeded message is displayed.

44
Configuration Guide Web-based Configuration

1.3.3.4.6 ACL

When receiving a packet on a port, the input ACL checks whether the packet matches the ACE entry for this port. When
the device intends to output a packet through a port, the output ACL checks whether the packet matches the ACE entry
for this port.

When there are different filtration rules, multiple rules may be applied simultaneously and only several of them can be
applied. If a packet matches an ACE entry, this packet is processed (permitted or denied) according to the action policy
defined by this ACE.

 ACL Settings

 Adding an ACL

Click Add ACL and set the configuration items in the dialog box displayed. Click OK. The newly added ACL is displayed
in the ACL List drop-down list on the left after the Save operation succeeded message is displayed.

 Deleting an ACL

45
Configuration Guide Web-based Configuration

1) Select the ACL from the ACL List drop-down list.

2) Click Delete ACL to finish deleting.

 Adding an access rule

1) Click Add Access Rule.

2) Set the configuration items in the dialog box displayed.

3) Click OK. The newly added access rule is displayed in the access rule list after the Save operation succeeded
message is displayed.

 Editing an access rule

1) Click the Edit button for an access rule in the access rule list.

2) The configuration for the access rule is displayed in the dialog box and the configuration can be edited.

3) Click OK. The Save operation succeeded message is displayed.

46
Configuration Guide Web-based Configuration

 Deleting an access rule

1) Select one or multiple records from the access rule list.

Click Delete Selected and then click OK in the displayed dialog box to finish deleting ACL Time

ACLs based on time can be enabled. For example, you can set ACLs to take effect in different time segments for a
week, but first a time object must be configured.

 ACL Time

 Adding a time object

47
Configuration Guide Web-based Configuration

Click Add Time Object, then set the configuration items in the dialog box displayed, and click Save. The newly added
time object is displayed in the time object list after the Save operation succeeded message is displayed.

 Deleting time objects in batches

1) Select one or multiple records from the time object list.

2) Click Delete Selected and then click OK in the dialog box displayed to finish deleting.

 Editing a time object

1) Click the Edit button for a time object in the list.

2) The configuration about the time object is displayed in the dialog box. Then edit the configuration.

3) Click Save. The Save operation succeeded message is displayed.

 Deleting a time object

48
Configuration Guide Web-based Configuration

Click the Delete button for a time object in the list.

 ACL Application

Apply an ACL to a port or a Wi-Fi to limit user access.

 Adding an ACL application

1. Click .

2. Select ACL number, port and direction in the popup window.

3. Click Save. After the message "Configuration succeeded." is displayed, the ACL will appear in the list.

49
Configuration Guide Web-based Configuration

 Deleting selected ACL applications

 Editing an ACL application

1.3.3.5 Authentication

1.3.3.5.1 Web Authentication

Web authentication allows you to control user access to the Internet. The users can perform authentication on the
browser without installing any application, which is easy and convenient. Web authentication can be classified into
iPortal authentication and ePortal authentication based on the server location.

 ePortal Authentication

Unauthenticated users will be redirected to the specified website for authentication. If the Portal is not built into the AC,
please select ePortal authentication.

50
Configuration Guide Web-based Configuration

 iPortal Authentication

Unauthenticated users will be redirected to the specified website for authentication. If the Portal is built into the AC,
please select iPortal authentication.

1.3.3.5.2 WeChat Authentication

WeChat Auth is an authentication solution that relieves users from the need of entering usernames and passwords.
Besides, it provides an AD space on WeChat for Wi-Fi service providers.
The following two authentication modes are available: WiFi Auth 3.x and WiFi+SMS Auth. (The default is the WeChat
template)

51
Configuration Guide Web-based Configuration

Choose Advanced Settings > WeChat Auth Advanced Settings

Choose Advanced Settings > Whitelist Settings.

1.3.3.5.3 WiFiDog Authentication

WiFiDog Authentication enables new users to be redirected to the authentication page.

52
Configuration Guide Web-based Configuration

Choose Advanced Settings > Advanced Settings.

Advanced Settings provide some optional features applicable to both Web authentication V1 and Web authentication
V2.

1.3.3.6 Optimization

1.3.3.6.1 RF Navigation

Your AP might not support this function. The menu may vary with the device.

Configure the navigation mode and type of the efficient RF navigation to optimize RF performance.

53
Configuration Guide Web-based Configuration

Navigation Mode

There are two navigation modes: auto and fixed. In auto mode, the AP can automatically steer stations (STAs) to
different bands based on the RF load during operation. In fixed mode, the AP steers high-performance STAs to
designated bands during operation regardless of RF environment differences.

Navigation Type

You can enable 802.11ax only, or enable both 802.11ac and 802.11ax.

1.3.3.7 Solution

1.3.3.7.1 E-bag Optimization

Your AP might not support this function. The menu may vary with the device.

This function is mainly applicable to the E-bag solution for schools. Balanced optimization ensures a smooth network
experience and avoids disconnection when a user uses the E-bag application.

 E-bag Optimization

54
Configuration Guide Web-based Configuration

Click Click to learn more, and the following page will appear.

Select an SSID, and click Associate to enable all 5G clients in the classroom to connect to this SSID. The maximum
number of 5G clients will be calculated automatically.

55
Configuration Guide Web-based Configuration

Enter the maximum number of 5G clients here, and click Save. E-bag optimization settings will take effect.

You can click Advanced Settings to configure advanced settings. If you perform E-bag optimization again, the
advanced settings will be overridden.

 Monitoring

This function allows you to monitor the network performance after E-bag settings are applied.

 Group Access

56
Configuration Guide Web-based Configuration

Toggle the button to enable or disable the Group Access function.

 Adding a user group

1. Click +.

2. On the Add MAC page, enter a MAC address.

3. Click Save, and the "Add succeeded." message appears.

 Deleting a user group

57
Configuration Guide Web-based Configuration

1. Click Delete.

2. In the deletion confirmation box, click OK.

3. The "Delete succeeded." message appears, indicating that the MAC address is deleted.

 Editing a user group

1. Click Edit.

58
Configuration Guide Web-based Configuration

2. On the Edit MAC page, edit the MAC address.

3. Click Save, and the "Edit succeeded." message appears.

1.3.3.8 Advanced

1.3.3.8.1 Unicast/Multicast

Unicast refers to a one-to-one transmission from one point in the network to another point; that is, one sender and one
receiver, each identified by a network address.

Multicast is group communication where information is addressed to a group of destination computers simultaneously.
Multicast can be one-to-many or many-to-many distribution. Multicast should not be confused with physical layer point-
to-multipoint communication.

Set parameters as required, and then click Save.

1.3.3.8.2 Antenna

The antenna is divided into internal and external, and can generate directional or omnidirectional radiation patterns.
Whether antenna type switchover and orientation switchover are supported depends on the radio capacity, which is
displayed on the page.

59
Configuration Guide Web-based Configuration

1.3.4 Diagnosis

1.3.4.1 Detection Tools

1.3.4.1.1 Network Diagnosis

 Connectivity Test

When the network malfunctions, you can test the network connectivity to facilitate troubleshooting.

Port Status
The system detects whether an interface of the AC is in the up state.
AC-AP Connection Status
The system detects whether an AP is online on the AC.
Internet Connection Status

The system detects whether the AC is reachable to an external network by pinging 114.114.114.114, or pinging 8.8.8.8
if the AC is deployed abroad.

 Ping

Dest IP/Domain Name

Indicates the address or domain name to be pinged.

60
Configuration Guide Web-based Configuration

Source IP
Indicates the source address.
Timeout Interval(s)
Indicates the timeout interval.
Repeat Times
Indicates the number of data packets to be transmitted.
Packet Size (Bytes)
Indicates the length of the data padding section in a data packet to be transmitted.
Fragment

Indicates the DF flag bit of an IP address. When the DF flag bit is set to 1, data packets are not fragmented. The DF
flag bit is 0 by default.

 Tracert

Dest IP/Domain Name

Indicates the Tracert destination address or domain name address.
Source IP
Indicates the source address.
Timeout Interval(s)

Indicates the timeout interval.

61
Configuration Guide Web-based Configuration

1.3.4.2 One-Click Collection

1.3.4.3 Syslog

1.3.4.3.1 Syslog

Syslog helps technical support to locate problems.

1.3.4.4 WIDS

1.3.4.4.1 Rogue AP

Rogue APs pose threat to the network security.

The following containment modes are available.

SSID mode: Contain APs emitting the same Wi-Fi signals as the local AP.

62
Configuration Guide Web-based Configuration

AdHoc mode: Contain AdHoc devices simulating the same Wi-Fi signals.

Rogue mode: Contain APs according to RSSI.

CONFIG mode: Contain APs by configuring the MAC address and the SSID blacklist manually.

63
Configuration Guide Web-based Configuration

1.3.5 Maintenance

1.3.5.1 Settings

1.3.5.1.1 Local Upgrade

Download the main program or Web package to the local device and perform local upgrade.

Click to select the main program or Web package to be upgraded.

You can click Cancel to terminate an ongoing upgrade.

Click the DNS Server and Route links to check network connection.

1.3.5.1.2 Restart

Conveniently restart the system with a click.

64
Configuration Guide Web-based Configuration

Click Restart to restart the device.

1.3.5.1.3 Backup & Restore

 Backup

Back up the configuration file on the device. You can export current settings for batch operation.

 Restore

After you restore the device to factory settings, please use the default IP address to access Eweb.

1.3.5.1.4 System Time

The network device system clock records the time of events on the device. For example, the time shown in system
logs is obtained from the system clock. Time is recorded in the format of year-month-day, hour:minute:second, day of
the week.

When you use a network device for the first time, set its system clock to the current date and time manually.

65
Configuration Guide Web-based Configuration

Set the system time based on the region for the device.

1.3.5.1.5 System Mode

Two types of APs are available: Fat Access Points and Fit Access Points.

A FAT AP is suitable for family and small-scaled networks and provides full features. Generally, one device can
implement access, authentication, routing, VPN, address translation, and even the firewall functions.

A FIT AP is suitable for large-scale wireless network deployment. A dedicated wireless controller is needed to provide
unified management. A FIT-AP can be used only after the wireless controller delivers configurations and it cannot
complete configuration by itself.

Select the AP mode.

1.3.5.1.6 Log Server

The device sends local logs to the server for storage. History logs are stored for ease of query.

Server Logging can be set to ON/OFF to enable/disable the server log function.

66
Configuration Guide Web-based Configuration

1.3.5.1.7 Device DNS

Domain names can be dynamically parsed only after a DNS server is configured.

1.3.5.2 System

1.3.5.2.1 Web Management

 Admin Password

To enhance the system security and information interaction security, you need to change the default password of the
system.
On the Admin Password tab page, enter the old password, new password, and confirm password, and click Save.

67
Configuration Guide Web-based Configuration

 Basic Settings

Configure the device location to better inspect devices and facilitate device management. Set the timeout time. When
you do not perform operations on the system for long, the Web-based system automatically exits to ensure your system
security.

Web Access Port: Indicates the access port. It needs to be added when you access the Web-based system from a
browser.

Login Timeout: Indicates the timeout time.

Device Location: Indicates the device location. Setting this parameter facilitates management.

 Permissions

68
Configuration Guide Web-based Configuration

A system may have multiple users of different levels that correspond to different permissions. You can set or view
permissions through the Permission Settings page. The system has two default users: user admin

 Adding an administrator

Click Add Administrator. A dialog box is displayed, as shown in the preceding figure. Set the configuration items in
the dialog box, and click Save. The newly added administrator is displayed in the list after the Save succeeded
message is displayed.

 Editing administrator information

1) Click the Edit button for an administrator in the list.

69
Configuration Guide Web-based Configuration

2) A dialog box is displayed, as shown in the preceding figure. The configuration about the administrator is displayed
in the dialog box. Then edit the configuration.

3) Click Save. The Save operation succeeded message is displayed.

 Deleting an administrator

Click Delete to delete an administrator.

1.3.5.2.2 Telnet

Enable Telnet and SSH access for security purposes.

1.3.5.2.3 Web Console

The Web console function is similar to the Telnet function and you can configure any command on the console. However,
the Web console function does not support commands in shell mode, telnetting to APs, or batch refresh of commands.

70
Configuration Guide Web-based Configuration

1.3.5.2.4 SNMP

The Simple Network Management Protocol (SNMP) is by far the dominant protocol in network management. This
Protocol (SNMP) was designed to be an easily implementable, basic network management tool that could be used to
meet network management needs. It is named Simple Network Management Protocol as it is really easy to understand.
A key reason for its widespread acceptance, besides being the chief Internet standard for network management, is its
relative simplicity. There are different versions of SNMP, such as SNMP V1, SNMP V2c, and SNMP V3.

1.3.5.2.5 CWMP/MACC
The CPE WAN Management Protocol (CWMP) is used by a server to manage, configure, and monitor ACs, APs,
routers, or switches.
The CWMP enables a device to interconnect to the cloud platform or other servers for management.

Your AP may not support this function and the actual menu items shall prevail. When a device is interconnected
to a server over CWMP, a correct DNS server needs to be configured so that the device correctly parses the
domain name of the server. Therefore, check whether a correct DNS server is configured.

71
Configuration Guide Web-based Configuration

Click DNS server behind Note to redirect to the related configuration page.
Set parameters and click Save.

CWMP
Indicates whether to enable CWMP.
Server URL
Indicates the server address.
Server Username
Indicates the server username, which can be used for verification.
Server Password
Indicates the server password, which can be used for verification.
Device URL
Indicates the device URL, which can be used for active connection within the server LAN.
Device Username
Indicates the device username, which can be used for verification.
Device Password
Indicates the device password, which can be used for verification.
CPE Inform Interval(s)

Indicates the interval for connecting to the server, that is, heartbeat packet interval. Other Functions

1.3.6 Others

1.3.6.1 Favorites

After you add frequently configured functions to favorites, you can click menu items in the favorites and configure the
functions rapidly next time.

Currently, a maximum of ten menu items can be added to favorites.

 Adding to favorites
Select a required menu and drag it to Favorites.

72
Configuration Guide Web-based Configuration

 Canceling favorites
Click Favorites to display the favorites list. Select a menu item from the list and click the icon. Confirm the delete
operation to delete the menu item from the favorites.

1.3.6.2 Fast Query Menu

There are increasing functions in the system. The fast query menu helps users rapidly search for required functions.

Enter a search condition in the search box on the home page. A list of records meeting the search condition is rapidly
displayed. Click a function to redirect to the function page.

1.3.6.3 More Functions

 Displaying the current account

The current account is displayed in the upper right corner of the home page. The current account is admin, as shown
in the figure below.

73
Configuration Guide Web-based Configuration

 Online Service
Click the current account icon in the upper right corner. A function drop-down list is displayed. Click Online Service
when you need to seek help.

 Language switching
Click the current account icon in the upper right corner. A function drop-down list is displayed. The second item is
used for language switching. If the system is in Chinese, click English to switch to the English edition; if the system
is in English, click 中文 to switch to the Chinese edition.

The language switching item is displayed based on actual requirements. If only Chinese is supported, this item is not
displayed. It is displayed only when both Chinese and English are supported.

 Exiting the system

Click the current account icon in the upper right corner. A function drop-down list is displayed. Click Logout and click
OK to exit the system.

1.4 Fit AP-Eweb

1.4.1 SmartAP
SmartAP allows you to deploy APs in mobile office scenario. Click Config Wizard to end the SmartAP configuration
page, including System Mode, Network Configuration and Change Web NMS Password. If APs are not applied to
mobile office scenario, only system mode will be displayed.

1. System Mode

74
Configuration Guide Web-based Configuration

Click Change and the System Mode window is displayed. You can select a mode among three modes available: Fit
AP, Fat AP and MACC.

2. Network Configuration

3. Change Web NMS Password

1.5 Enabling the Web Server

The Web service is enabled for an AP device when this AP is delivered. By default, the IP address is 192.168.110.1.
The following describes how to enable Web service on the CLI when it is disabled.

75
Configuration Guide Web-based Configuration

Configuration Commands
enable service web-server Enables the Web service.
ip address (Optional) Configures the IP address.
Configuring the
(Optional) Configures the username and
Web server
webmaster level username password password for logging in to the Web-based
management system.

Configuration Method

 Enabling the Web Service

 Mandatory configuration.

 This configuration is performed on the AP device.

 Configuring the IP Address

 Optional configuration.

 Configuring the Username and Password for Logging in to the Web-Based Management System

 Optional configuration.

 When the Web service is enabled, the administrator username/passwords (admin/admin) and guest
user/passwords (guest/guest) are created by default. The passwords of these two accounts can be changed. In
addition, you can create other Web-based management accounts.

Verification

Log in to the Web page by using the preset IP address and Web-based management account and password, then
check whether the login is successful.

Relevant Commands

 Enabling the Web Service

Command enable service web-server [ http | https | all ]

Parameter http | https | all: Enables corresponding services. http enables the HTTP service, https enables the
Description HTTPS service, and all enables both the HTTP and HTTPS services. By default, both the HTTP and
HTTPS services are enabled.
Command Global configuration mode.
Mode

 Configuring the IP Address

Command ip address ip-address ip-mask

Parameter ip-address: IP address
Description ip-mask: network mask.

76
Configuration Guide Web-based Configuration

Command Interface configuration mode.

Mode

 Configuring the Account and Password for Logging in to the Web-Based Management System

Command webmaster level privilege-level username name password { password | [ 0 | 7 ] encrypted-

password
Parameter privilege-level: indicates the level of the permission bound to the user. Three levels are available,
Description which are 0, 1, and 2. The super administrator account (admin) created by default corresponds to
level 0, a guest account (guest) corresponds to level 2, and other accounts correspond to level 1.
name: address of the static RP.
password: The ACL is used to limit the group address range of the static RP service. The default
range is all group services.
0 | 7: password encryption type. 0 indicates no encryption, and 7 indicates simple encryption. The
default value is 0.
encrypted-password: password.
Command Global configuration mode.
Mode
Usage Guide N/A

Configuration Example

 Configuring the Web Server

Configuration Enable the Web service.

Steps Configure the local username and password.
Configure the device management IP address. The default management VLAN is VLAN 1.
Configure an IP address for VLAN 1. Ensure that the management IP address can be pinged
from the user’s PC.
Ruijie# configure terminal
Ruijie(config)# enable service web-server
Ruijie(config)# webmaster level 0 username admin password admin
Ruijie(config)#interface vlan 1
Ruijie(config-if-VLAN 1)#ip address 192.168.1.200 255.255.255.0
Ruijie(config)# end

Verification Run the show running-config command to display related configuration commands.
Ruijie(config)#show running-config
Building configuration...
Current configuration: 6312 bytes

!
hostname ruijie

77
Configuration Guide Web-based Configuration

!
!
webmaster level 0 username admin password 7 08022b181b29
webmaster level 1 username manager password 7 06073f
webmaster level 2 username guest password 7 14155f083206
http update mode auto-detect
!
!
interface VLAN 1
ip address 192.168.1.200 255.255.255.0
no shutdown
!
line con 0
line vty 0 4
login
!
!
End

1.6 Configuration Examples

1.6.1 Constructing a WLAN for the DHCP Server on the AP Device

The AP is regarded as a wireless router and constructs a small-scale network as a fat AP. The DHCP server is
configured on the AP device. The following figure shows the topology.

Figure 1-3 Topology 1 (AP is in routing mode)

78
Configuration Guide Web-based Configuration

Configuration Description and Command

Mandatory. It is used to configure a WLAN.

Construction of a Associates internet access wireless signals

Wi-Fi name
WLAN for the DHCP for an STA
server on the AP An STA inputs the password for internet
Wi-Fi password
access.
DHCP configuration Allocates IP addresses to wireless STAs.

Verification

 Select AP working mode and set the Internet connection type

79
Configuration Guide Web-based Configuration

 The AP works in wireless routing mode.

 You can select the following Internet connection types when the AP works in wireless routing mode.

 Static IP (dedicated IP)

80
Configuration Guide Web-based Configuration

 PPPoE (ADSL line)

81
Configuration Guide Web-based Configuration

 DHCP (dynamic IP)

82
Configuration Guide Web-based Configuration

83
Configuration Guide Web-based Configuration

 Configure a Wi-Fi name (use a simple name that is easy to remember). A Wi-Fi name contains up to 32
characters.

Figure 1-4 AP Quick Settings for SSID

 Security configuration

By default, the WPA2-PSK mode is selected. A password consists of 8 to 64 characters and can be a combination of
letters, digits, and special characters.

84
Configuration Guide Web-based Configuration

Figure 1-5 AP Quick Settings for Security

85
Configuration Guide Web-based Configuration

 DHCP configuration

Figure 1-6 AP Quick Settings for DHCP

 IP address range: 192.168.1.0/24 to 192.168.1.254/24.

 DNS server: 192.168.58.110 (Perform configuration based on actual conditions.)

 Click Finish.

Verification

 Associate an STA with Wi-Fi: Eweb_AAAA1 and obtain the IP address 192.168.1.4.

 Verify that the STA can connect to the Wi-Fi and then visit the Web through 192.168.1.1.

If the management IP address is changed, use the new management IP address to use the Web again.

86