ORiNOCO AP-700 User Guide
AP-700 User Guide IMPORTANT! Before installing and using this product, see the Safety and Regulatory Compliance Guide located on the product CD. Copyright © 2007 Proxim Wireless Corporation. All rights reserved. Covered by one or more of the following U.S. patents: 5,231,634; 5,875,179; 6,006,090; 5,809,060; 6,075,812; 5,077,753. This User Guide and the software described in it are copyrighted with all rights reserved.
AP-700 User Guide Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Introduction to Wireless Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Guidelines for Roaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AP-700 User Guide SNTP (Simple Network Time Protocol) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Operational Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AP-700 User Guide 5 Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 ICMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 IP/ARP Table . . . . .
AP-700 User Guide Setting IP Address using Serial Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Related Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 RADIUS Authentication Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 TFTP Server. . . . . . . .
AP-700 User Guide Reboot Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 B ASCII Character Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 C Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 Software Features . . . . . . . . . . . . .
AP-700 User Guide Introduction 1 This chapter contains information on the following: • Introduction to Wireless Networking • Guidelines for Roaming • Management and Monitoring Capabilities Introduction to Wireless Networking An Access Point extends the capability of an existing Ethernet network to devices on a wireless network. Wireless devices can connect to a single Access Point, or they can move between multiple Access Points located within the same vicinity.
Introduction Management and Monitoring Capabilities AP-700 User Guide • All workstations with an 802.11 client adapter installed must use either a Network Name of “any” or the same Network Name as the Access Points that they will roam between. If an AP has Closed System enabled, a client must have the same Network Name as the Access Point to communicate (see Reboot the AP.). • All Access Points and clients must have matching security settings to communicate.
Introduction Management and Monitoring Capabilities AP-700 User Guide SNMP Management In addition to the HTTP and the CLI interfaces, you can also manage and configure an AP using the Simple Network Management Protocol (SNMP). Note that this requires an SNMP manager program, like HP Openview or Castlerock’s SNMPc.
Introduction Management and Monitoring Capabilities AP-700 User Guide The SSH server (AP) has host keys - a pair of asymmetric keys - a private key that resides on the AP and a public key that is distributed to clients that need to connect to the AP. As the client has knowledge of the server host keys, the client can verify that it is communicating with the correct SSH server. NOTE: The remainder of this guide describes how to configure an AP using the HTTP Web interface or the CLI interface.
AP-700 User Guide Installation and Initialization 2 In this chapter: • AP-700 Hardware Description – Overview – LED Indicators – Power-over-Ethernet (PoE) – Antennas • Prerequisites • System Requirements • Product Package • Hardware Installation • – Attach Cables – Install the Security Cover (Optional) – Mount the AP-700 – Power On the Unit – Install External Antennas (Professional Installation Required) Initialization – Using ScanTool – Logging In – Using the Setup Wizar
Installation and Initialization AP-700 Hardware Description AP-700 User Guide AP-700 Hardware Description Overview The AP-700 is a tri-mode AP that supports 802.11b, 802.11g, or 802.11a clients. The unit contains one embedded 802.11a/b/g radio that supports the following operational modes: • 802.11a only mode • 802.11b only mode • 802.11g only mode • 802.11b/g mode • 802.11g-wifi NOTE: In countries in which 802.11a (5 GHz) is not available for use, the AP-700 provides dual-band (802.11b and 802.
Installation and Initialization AP-700 Hardware Description Ethernet Wireless AP-700 User Guide Power Figure 2-2 LED Indicators on the Top Panel Power-over-Ethernet (PoE) The AP-700 is equipped with an 802.3af-compliant Power-over-Ethernet (PoE) module. PoE delivers both data and power to the access point over a single Ethernet cable. If you choose to use PoE, there is no difference in operation; the only difference is in the power source.
Installation and Initialization AP-700 Hardware Description AP-700 User Guide External Antennas The AP-700 also has two antenna connectors for use with external antennas. NOTE: AP-700 units using external antennas must be installed by a suitably trained professional installation technician or by a qualified installation service.
Installation and Initialization Prerequisites AP-700 User Guide Prerequisites Before installing your unit, you need to gather certain network information. The following table identifies the information you need. Network Name (SSID of the wireless cards) You must assign the Access Point a Network Name before wireless users can communicate with it. The clients also need the same Network Name. This is not the same as the System Name, which applies only to the Access Point.
Installation and Initialization Product Package AP-700 User Guide Product Package Each AP-700 shipment includes the items in the following table. Verify that you have received all parts of the shipment. NOTE: Unless noted in this table, cables are not supplied with the unit.
Installation and Initialization Hardware Installation AP-700 User Guide Hardware Installation NOTE: AP-700 units using external antennas must be installed by a suitably trained professional installation technician or by a qualified installation service. NOTE: Before installing and using this product, see the Safety and Regulatory Compliance Guide. NOTE: Avant d’installer et d’utiliser ce produit, consultez le manuel Safety and Regulatory Compliance Guide.
Installation and Initialization Hardware Installation • AP-700 User Guide Use a cross-over Ethernet cable or adapter if you intend to connect the unit to a single computer. Figure 2-4 Cabling without PoE 3. Optionally, connect an RS-232 cable (not shown) to the RS-232 console port (the right port, labeled “RS-232”). NOTE: You cannot install the security cover to the AP-700 if an RS-232 cable is connected. 4. Continue with Install the Security Cover (Optional). Cabling with Power Over Ethernet (PoE) 1.
Installation and Initialization Hardware Installation AP-700 User Guide Install the Security Cover (Optional) You can optionally install a security cover to deter unauthorized access to the unit. The security cover is a plastic enclosure that prevents access to the cabling and the Reset and Reload buttons. 1.
Installation and Initialization Hardware Installation AP-700 User Guide 5. Carefully slide the unit to the right until the tabs snap securely onto the narrow holes of the unit. If the unit is mounted correctly, no portion of the mounting plate should protrude from any of the sides of the unit. Figure 2-7 Mounting the AP to a Wall Ceiling Mounting Follow these steps to mount the unit to a ceiling: 1. If the unit’s power supply is plugged in, unplug it. 2.
Installation and Initialization Hardware Installation AP-700 User Guide The LED indicators exhibit the following behavior: Indication Solid Green Ethernet Solid Red Ethernet interface is connected at 100 Mbps with no traffic. Ethernet interface is connected at 100 Mbps with traffic. Ethernet interface is connected at 10 Mbps with no traffic. The Ethernet interface is connected at 10 Mbps with traffic. n/a Blinking Red n/a Blinking Green Solid Amber Blinking Amber Wireless Interface Power (802.
Installation and Initialization Hardware Installation AP-700 User Guide Figure 2-8 Opening the Antenna Compartment 2. There are two antenna connectors in the AP-700, labeled 1 and 2 Connect the antenna cable to connector 1 (the connector closer to the LED panel in the compartment). Figure 2-9 Antenna Connectors 3. If installing a second external antenna (not recommended), connect the antenna cable to connector 2. 4. Close the external antenna access compartment. 5.
Installation and Initialization Hardware Installation AP-700 User Guide FL = Feeder loss including loss of connectors G = Antenna Gain Band EIRP Limit (dBm) USA and Canada 36 20 When G < 6: 36 20 When G >/= 6, use the following equation: 2.4 - 2.4835 GHz (Point-to-Multipoint 2.4 - 2.4835 GHz (Point-to-Point) EU –6 36 - G -------------3 5.15 - 5.25 GHz 5.25 - 5.35 GHz 5.47 - 5.725 GHz 5.725 - 5.850 GHz (Point-to-Multipoint) 5.725 - 5.
Installation and Initialization Initialization AP-700 User Guide Initialization The following sections detail how to initialize the AP using ScanTool, log in to the HTTP interface, perform an initial configuration of the AP using the Setup Wizard, and download the required AP software. • Using ScanTool • Logging In • Using the Setup Wizard • Installing the Software Using ScanTool ScanTool is a software utility that is included on the installation CD-ROM.
Installation and Initialization Initialization AP-700 User Guide NOTE: If your Access Point does not appear in the Scan List, click the Rescan button to update the display. If the unit still does not appear in the list, see Troubleshooting for suggestions. Note that after rebooting an Access Point, it may take up to five minutes for the unit to appear in the Scan List. 4. Do one of the following: • If the AP has been assigned an IP address by a DHCP server on the network: a.
Installation and Initialization Initialization AP-700 User Guide k. Click the Change button to return to the Change screen. l. Click the Web Configuration button at the bottom of the Change screen. m. Proceed to the Logging In section for information on how to access the HTTP interface using this IP address. Logging In Once the AP has a valid IP Address and an Ethernet connection, you may use your web browser to monitor and configure the AP.
Installation and Initialization Initialization AP-700 User Guide Figure 2-13 System Status Screen The buttons on the left of the screen provide access to the monitoring and configuration options for the AP. See Advanced Configuration to begin configuring the AP manually. You can also exit the Web interface or reboot the AP using these buttons. The Command Line Interface (CLI) also provides a method for monitoring and configuring the AP using Telnet or a serial connection.
Installation and Initialization Initialization AP-700 User Guide • Save & Next Button: Each Setup Wizard screen has a Save & Next button. Click this button to submit any changes you made to the unit’s parameters and continue to the next page. The instructions below describe how to navigate the Setup Wizard using the Save & Next buttons. • Navigation Panel: The Setup Wizard provides a navigation panel on the left-hand side of the screen.
Installation and Initialization Initialization AP-700 User Guide — Primary Network Name (SSID): Enter a Network Name (between 1 and 32 characters long) for the wireless network. You must configure each wireless client to use this name as well. Note that the unit supports up to 16 SSIDs/VLANs. Please see the Advanced Configuration chapter for information on the detailed rules on configuring multiple SSIDs, VLANs, and security profiles.
Installation and Initialization Initialization AP-700 User Guide NOTE: The Knowledgebase is available to all website visitors. First-time users will be asked to create an account to gain access. 3. Click Search Knowledgebase. 4. In the Search Knowledgebase field, enter 1686. 5. Click Search. 6. Click on the appropriate link to access the download page. 7. Use the instructions in the following sections to install the new software.
Installation and Initialization Initialization AP-700 User Guide If the operation is successful, you will receive a confirmation message. 7. Reboot the AP as follows: • Click Commands > Reboot. • Enter 0 in the Time to Reboot field. • Click OK. Install Software with TFTP Server A Trivial File Transfer Protocol (TFTP) server allows you to transfer files across a network. You can upload files from the AP for backup or copying, and you can download the files for configuration and AP Image upgrades.
Installation and Initialization Initialization AP-700 User Guide 4. Enter the CLI password when prompted. 5. Enter the command: download img The download will begin, and the image will be downloaded to the Access Point. 6. When the download is complete, type reboot 0 and press Enter.
AP-700 User Guide System Status 3 The first screen displayed after Logging In is the System Status screen. You can always return to this screen by clicking the Status button. Figure 3-1 System Status Screen The System Status screen provides the following information: • System Status: This area provides system-level information, including the unit’s IP address and contact information. See System for information on these settings. • System Alarms: System traps (if any) appear in this area.
AP-700 User Guide Advanced Configuration 4 This chapter contains information on configuring settings in the following categories: • System: Configure specific system information such as system name and contact information. • Network: Configure IP, DNS client, DHCP server, DHCP Relay Agent, DHCP Relay Servers, Link Integrity, and SNTP settings. • Interfaces: Configure the Access Point’s interfaces: Wireless and Ethernet. Configure the Channel Blacklist Table and a Wireless Distribution System (WDS).
Advanced Configuration AP-700 User Guide Figure 4-1 Configure Main Screen 2. Click the tab that corresponds to the parameter you want to configure. For example, click Network to configure the Access Point’s TCP/IP settings. Each Configure tab is described in the remainder of this chapter.
Advanced Configuration System AP-700 User Guide System You can configure and view the following parameters within the System Configuration screen: • Name: The name assigned to the AP. See the Dynamic DNS Support and Access Point System Naming Convention sections for rules on naming the AP. • Country: The country in which the AP will be used. Note that some countries have two selectable options (one for indoor use and one for outdoor use).
Advanced Configuration System AP-700 User Guide Figure 4-2 System Tab Dynamic DNS Support DNS is a distributed database mapping the user readable names and IP addresses (and more) of every registered system on the Internet. Dynamic DNS is a lightweight mechanism which allows for modification of the DNS data of host systems whose IP addresses change dynamically. Dynamic DNS is usually used in conjunction with DHCP for mapping meaningful names to host systems whose IP addresses change dynamically.
Advanced Configuration Network AP-700 User Guide Network The Network tab contains the following sub-tabs: • IP Configuration • DHCP Server • DHCP Relay Agent • Link Integrity • SNTP (Simple Network Time Protocol) IP Configuration This tab is used to configure the internet (TCP/IP) settings for the access point. These settings can be either entered manually (static IP address, subnet mask, and gateway IP address) or obtained automatically (dynamic).
Advanced Configuration Network AP-700 User Guide Basic IP Parameters • IP Address Assignment Type: Set this parameter to Dynamic to configure the Access Point as a Dynamic Host Configuration Protocol (DHCP) client; the Access Point will obtain IP settings from a network DHCP server automatically during boot-up. If you do not have a DHCP server or if you want to manually configure the Access Point’s IP settings, set this parameter to Static. • IP Address: The Access Point’s IP address.
Advanced Configuration Network AP-700 User Guide Figure 4-4 DHCP Server Configuration Screen You can configure and view the following parameters within the DHCP Server Configuration screen: NOTE: You must reboot the AP before changes to any of these DHCP server parameters take effect. • Enable DHCP Server: Place a check mark in the box provided to enable DHCP Server functionality. NOTE: You cannot enable the DHCP Server functionality unless there is at least one IP Pool Table Entry configured.
Advanced Configuration Network AP-700 User Guide NOTE: The Default Lease Time cannot be larger than the Maximum Lease Time. If you set the Maximum Lease Time, you should also set the Default Lease Time to ensure that the Default Lease Time is less than the Maximum. – Comment (optional) – Status: IP Pools are enabled upon entry in the table. You can also disable or delete entries by changing this field’s value.
Advanced Configuration Network AP-700 User Guide DHCP Server IP Address Table The AP supports the configuration of a maximum of 10 server settings in the DHCP Relay Agents server table. At least one server must be configured to enable DHCP Relay. To add entries to the table of DHCP Relay Agents, click Add in the DHCP Server IP Address Table; to edit existing entries, click Edit. The following window is displayed.
Advanced Configuration Network AP-700 User Guide Figure 4-7 Link Integrity Configuration Screen SNTP (Simple Network Time Protocol) SNTP allows a network entity to communicate with time servers in the network/internet to retrieve and synchronize time of day information. When this feature is enabled, the AP will attempt to retrieve the time of day information from the configured time servers (primary or secondary), and, if successful, will update the relevant time objects in the AP.
Advanced Configuration Network AP-700 User Guide Figure 4-8 SNTP Configuration Screen You can configure and view the following parameters within the SNTP screen: • SNTP Status: Select Enable or Disable from the drop-down menu. The selected status will determine which of the parameters on the SNTP screen are configurable. NOTE: When SNTP is enabled, it will take some time for the AP to retrieve the time of day from the configured time servers and update the relevant date and time parameters.
Advanced Configuration Network – Year: Enter the current year. – Month: Enter the month in digits (1-12). – Day: Enter the day in digits (1-31). – Hour: Enter the hour in digits (0-23). – Minutes: Enter the minutes in digits (0-59). – Seconds: Enter the seconds in digits (0-59).
Advanced Configuration Interfaces AP-700 User Guide Interfaces From the Interfaces tab, you configure the Access Point’s operational mode settings, power control settings, wireless interface settings and Ethernet settings. You may also configure a Wireless Distribution System for AP-to-AP communications. The Interfaces tab contains the following sub-tabs: • Operational Mode • Wireless A (802.
Advanced Configuration Interfaces AP-700 User Guide • 802.11b/g mode: This is the default mode. Use this mode if you want to support a mix of 802.11b and 802.11g devices. • 802.11g-wifi mode: The 802.11g-wifi mode has been defined for Wi-Fi testing purposes. It is not recommended for use in your wireless network environment. NOTE: In countries in which 802.11a (5 GHz) is not available for use, the AP-700 provides dual-band (802.11b and 802.11g) support only. 802.
Advanced Configuration Interfaces AP-700 User Guide spectrum. When a client enters a regulatory domain, it passively scans to learn at least one valid channel, i.e., a channel upon which it detects IEEE Standard 802.11 frames. The beacon frame contains information on the country code, the maximum allowable transmit power, and the channels to be used for the regulatory domain. The same information is transmitted in probe response frames in response to a client’s probe requests.
Advanced Configuration Interfaces AP-700 User Guide Configuring TX Power Control 1. Click Configure > Interfaces > Operational Mode. 2. Select Enable Transmit Power Control. 3. Enter the desired backoff from the maximum Transmit Power level (between 0 and 35 dBm) in the Wireless-A: Transmit Power Level Back-Off field. 4. Click OK.
Advanced Configuration Interfaces AP-700 User Guide Wireless A (802.
Advanced Configuration Interfaces AP-700 User Guide You can view and configure the following parameters for the Wireless interface: NOTE: You must reboot the Access Point before any changes to these parameters take effect. • Physical Interface Type: Depending on the Operational Mode, this field reports: – For 802.11a mode: “802.11a (OFDM 5 GHz).” NOTE: In countries in which 802.11a (5 GHz) is not available for use, the AP-700 provides dual-band (802.11b and 802.11g) support only. 802.
Advanced Configuration Interfaces AP-700 User Guide NOTE: Turbo mode is supported in only in 802.11a mode in the FCC regulatory domain when DFS is not required. If turbo mode is enabled, then this is displayed in the web UI and the transmit speeds and channels pull-down menus are updated with the valid values. • DTIM Period: The Deferred Traffic Indicator Map (DTIM) Period determines when to transmit broadcast and multicast packets to all clients.
Advanced Configuration Interfaces • 161: 5.805 GHz • 165: 5.825 GHz AP-700 User Guide If you are using the unit in a country and band that require DFS, keep in mind the following: • DFS is not a configurable parameter; it is always enabled and cannot be disabled. • You cannot manually select the device’s operating channel; you must let the unit select the channel.
Advanced Configuration Interfaces AP-700 User Guide When RTS/CTS occurs, the sending radio first transmits a Request to Send (RTS) packet to confirm that the medium is clear. When the receiving radio successfully receives the RTS packet, it transmits back a Clear to Send (CTS) packet to the sending radio. When the sending radio receives the CTS packet, it sends the data packet to the receiving radio.
Advanced Configuration Interfaces AP-700 User Guide channel is blacklisted automatically if it is found to be busy or occupied by radar during a scan at start-up. When a channel has been automatically blacklisted, it will remain blacklisted for 30 minutes. Additionally, an administrator can blacklist channels manually to prevent them from being used when ACS is enabled. NOTE: Any change in channel-related parameters (e.g.
Advanced Configuration Interfaces AP-700 User Guide Figure 4-12 Channel Blacklist Table - Edit Screen Wireless Distribution System (WDS) A Wireless Distribution System (WDS) creates a link between two 802.11a, 802.11b, or 802.11b/g APs over their radio interfaces. This link relays traffic from one AP that does not have Ethernet connectivity to a second AP that has Ethernet connectivity. WDS allows you to configure up to six (6) ports.
Advanced Configuration Interfaces • AP-700 User Guide When WDS is enabled, Spanning Tree protocol is automatically enabled. It may be manually disabled. If Spanning Tree protocol is enabled by WDS and WDS is subsequently disabled, Spanning tree will remain enabled until it is manually disabled. See Spanning Tree. WDS Setup Procedure NOTE: You must disable Auto Channel Select to create a WDS. Each Access Point that is a member of the WDS must have the same channel setting to communicate with each other.
Advanced Configuration Interfaces AP-700 User Guide Figure 4-15 Adding WDS Links 6. Select which encryption method to use (if any) from the WDS Security Mode drop-down menu. 7. If you selected a WDS Security Mode, do one of the following: • If you selected WEP: Enter an encryption key. • If you selected AES: Enter a shared secret. 8. Enter the MAC Address that you wrote down in Step 2 in one of the Partner MAC Address field of the Wireless Distribution Setup window. 9.
Advanced Configuration Interfaces AP-700 User Guide Figure 4-16 Ethernet Sub-tab For best results, Proxim recommends that you configure the Ethernet setting to match the speed and transmission mode of the device the Access Point is connected to (such as a hub or switch). If in doubt, leave this setting at its default, auto-speed-auto-duplex.
Advanced Configuration Management AP-700 User Guide Management The Management tab contains the following sub-tabs: • Passwords • IP Access Table • Services • Automatic Configuration (AutoConfig) • Hardware Configuration Reset (CHRD) Passwords Passwords are stored in flash memory and secured using encryption. You can configure the following passwords: • SNMP Read Community Password: The password for read access to the AP using SNMP.
Advanced Configuration Management AP-700 User Guide IP Access Table The Management IP Access table limits in-band management access to the IP addresses or range of IP addresses specified in the table. This feature applies to all management services (SNMP, HTTP, and CLI) except for CLI management over the serial port. To configure this table, click Add and set the following parameters: • IP Address: Enter the IP Address for the management station.
Advanced Configuration Management • AP-700 User Guide Secure Management Status: Enables the further configuration of HTTPS Access, SNMPv3, and Secure Shell (SSH). After enabling Secure Management, you can choose to configure HTTPS (SSL) and Secure Shell access on the Services tab, and to configure SNMPv3 passwords on the Passwords tab. SNMP Settings • SNMP Interface Bitmask: Configure the interface or interfaces (Ethernet, Wireless, All Interfaces) from which you will manage the AP via SNMP.
Advanced Configuration Management AP-700 User Guide Figure 4-17 Management Services Configuration Screen 64
Advanced Configuration Management AP-700 User Guide Telnet Configuration Settings • Telnet Interface Bitmask: Select the interface (Ethernet, Wireless, All Interfaces) from which you can manage the AP via telnet. This parameter can also be used to Disable telnet management. • Telnet Port Number: The default port number for Telnet applications is 23.
Advanced Configuration Management AP-700 User Guide NOTE: When Secure Management is enabled on the AP, SSH will be enabled by default and cannot be disabled. Host keys must either be generated externally and uploaded to the AP (see Uploading Externally Generated Host Keys), generated manually, or auto-generated at the time of SSH initialization if SSH is enabled and no host keys are present. There is no key present in an AP that is in a factory default state.
Advanced Configuration Management AP-700 User Guide Serial Configuration Settings The serial port interface on the AP is enabled at all times. See Setting IP Address using Serial Port for information on how to access the CLI interface via the serial port. You can configure and view the following parameters: • Serial Baud Rate: Select the serial port speed (bits per second). Choose between 2400, 4800, 9600, 19200, 38400, or 57600; the default Baud Rate is 9600.
Advanced Configuration Management AP-700 User Guide • RADIUS Profile for Management Access Control: Specifies the RADIUS Profile to be used for RADIUS Based Management Access. • Local User Status: Enables or disables the local user when RADIUS Based Management is enabled. The default local user ID is root. • Local User Password and Confirm Password: The default local user password is public.
Advanced Configuration Management AP-700 User Guide Figure 4-19 Automatic Configuration Screen Set up Automatic Configuration for Dynamic IP Perform the following procedure to enable and set up Automatic Configuration when you have a dynamic IP address for the TFTP server via DHCP. The Configuration filename and the TFTP server IP address are contained in the DHCP response when the AP gets its IP address dynamically from the DHCP server.
Advanced Configuration Management AP-700 User Guide Figure 4-20 DHCP Options: Setting the Boot Server Host Name 4. Add the Boot Server Hostname and Boot Filename parameters to the Available Options list. 5. Set the value of the Boot Server Hostname Parameter to the hostname or IP Address of the TFTP server. For example: 11.0.0.7. Figure 4-21 DHCP Options: Setting the Bootfile Name 6. Set the value of the Bootfile Name parameter to the Configuration filename. For example: AP-Config. 7.
Advanced Configuration Management AP-700 User Guide access to the AP is not protected, an unauthorized person could reset the AP to factory defaults and thus gain control of the AP. The user can disable the hardware configuration reset functionality to prevent unauthorized access.
Advanced Configuration Management AP-700 User Guide 2. Check (enable) or uncheck (disable) the Enable Hardware Configuration Reset checkbox. 3. Change the default Configuration Reset Password in the “Configuration Reset Password” and “Confirm” fields. 4. Click OK. 5. Reboot the AP. NOTE: It is important to safely store the configuration reset password.
Advanced Configuration Filtering AP-700 User Guide Filtering The Access Point’s Packet Filtering features help control the amount of traffic exchanged between the wired and wireless networks. There are four sub-tabs under the Filtering heading: • Ethernet Protocol • Static MAC • Advanced • TCP/UDP Port Ethernet Protocol The Ethernet Protocol Filter blocks or forwards packets based on the Ethernet protocols they support. Follow these steps to configure the Ethernet Protocol Filter: 1.
Advanced Configuration Filtering • AP-700 User Guide To add an entry, click Add, and then specify the Protocol Number and a Protocol Name. – Protocol Number: Enter the protocol number. See http://www.iana.org/assignments/ethernet-numbers for a list of protocol numbers. – Protocol Name: Enter related information, typically the protocol name.
Advanced Configuration Filtering AP-700 User Guide Figure 4-26 Static MAC Filter Configuration Each static MAC entry contains the following fields: • Wired MAC Address • Wired Mask • Wireless MAC Address • Wireless Mask • Comment: This field is optional. Each MAC Address or Mask is comprised of 12 hexadecimal digits (0-9, A-F) that correspond to a 48-bit identifier. (Each hexadecimal digit represents 4 bits (0 or 1).
Advanced Configuration Filtering AP-700 User Guide A maximum of 200 entries can be created in the Static MAC filter table. To create an entry, click Add and enter the appropriate MAC addresses and Masks to setup a filter. The entry is enabled automatically when saved. Figure 4-27 Static MAC Filter Table - Add Entries To edit an entry, click Edit. To disable or remove an entry, click Edit and change the Status field from Enable to Disable or Delete.
Advanced Configuration Filtering AP-700 User Guide Prevent All Wireless Devices from Communicating with a Single Wired Device Configure the following settings to prevent all three Wireless Clients from communicating with Wired Server 1: • Wired MAC Address: 00:40:F4:1C:DB:6A • Wired Mask: FF:FF:FF:FF:FF:FF • Wireless MAC Address: 00:00:00:00:00:00 • Wireless Mask: 00:00:00:00:00:00 Result: The Access Point blocks all traffic between Wired Server 1 and all wireless clients.
Advanced Configuration Filtering AP-700 User Guide Figure 4-28 Advanced Filter Configuration The following protocols are listed in the Advanced Filter Table: • Deny IPX RIP • Deny IPX SAP • Deny IPX LSP • Deny IP Broadcasts • Deny IP Multicasts The AP can filter these protocols in the wireless-to-Ethernet direction, the Ethernet-to-wireless direction, or in both directions. Click Edit and use the Status field to Enable or Disable the filter.
Advanced Configuration Filtering AP-700 User Guide Figure 4-29 Static MAC Filter Table - Edit Entries TCP/UDP Port Port-based filtering enables you to control wireless user access to network services by selectively blocking TCP/UDP protocols through the AP.
Advanced Configuration Filtering AP-700 User Guide Figure 4-30 TCP/UDP Port Filter Configuration 2. Click Add under the TCP/UDP Port Filter Table heading. 3. In the TCP/UDP Port Filter Table, enter the Protocol Names to filter. 4. Set the destination Port Number (a value between 1 and 65535) to filter. See the IANA Web site at http://www.iana.org/assignments/port-numbers for a list of assigned port numbers and their descriptions. 5. Set the Port Type for the protocol: TCP, UDP, or both (TCP/UDP). 6.
Advanced Configuration Filtering AP-700 User Guide Figure 4-31 TCP/UDP Port Filter Table - Add Entries Editing TCP/UDP Port Filters 1. Click Edit under the TCP/UDP Port Filter Table heading. 2. Make any changes to the Protocol Name or Port Number for a specific entry, if necessary. 3. In the row that defines the port, set the Status to Enable, Disable, or Delete, as appropriate. 4. Select OK.
Advanced Configuration Alarms AP-700 User Guide Alarms The Alarms tab has the following sub-tabs: • Groups • Alarm Host Table • Syslog • Rogue Scan Groups Alarm groups can be enabled or disabled via the Web interface. Place a check mark in the box provided to enable a specific group. Remove the check mark from the box to disable the alarms. Alarm severity levels are as follows: • Critical alarms will often result in severe disruption in network activity or an automatic reboot of the AP.
Advanced Configuration Alarms AP-700 User Guide Trap Name oriTrapAuthenticationFailure Description Client authentication failure has occurred. Authentication failures can range from: • MAC Access Control table • RADIUS MAC authentication • 802.
Advanced Configuration Alarms Trap Name AP-700 User Guide Description Severity Level oriTrapDHCPFailed Response to the DHCP client request not received; device not dynamically assigned an IP address Major oriTrapDNSClientLookupFailure DNS client attempts to resolve a specified hostname (DNS lookup) and a failure occurs because either the DNS server is unreachable or there is an error for the hostname lookup. Trap specifies the hostname that was being resolved.
Advanced Configuration Alarms AP-700 User Guide Trap Name Description Severity Level oriTrapInvalidImage Invalid image loaded onto device Major oriTrapImageTooLarge Image loaded on the device exceeds the size limitation of flash Major oriTrapIncompatibleImage Incompatible image loaded onto device Major oriTrapInvalidImageDigitalSignature Image with invalid digital signature is loaded onto device Major SNTP Trap Group Trap Name Description Severity Level oriTrapSNTPFailure SNTP time retr
Advanced Configuration Alarms AP-700 User Guide Syslog The Syslog messaging system enables the AP to transmit event messages to a central server for monitoring and troubleshooting. The access point logs “Session Start (Log-in)” and “Session Stop (Log-out)” events for each wireless client as an alternative to RADIUS accounting. See RFC 3164 at http://www.rfc-editor.org for more information on the Syslog standard.
Advanced Configuration Alarms AP-700 User Guide • Syslog Lowest Priority Logged: The AP will send event messages to the Syslog server that correspond to the selected priority number and any priority numbers below it. For example, if set to 6, the AP will transmit event messages labeled priority 1 to 6 to the Syslog server. This parameter supports a range between 1 and 7; 6 is the default.
Advanced Configuration Alarms AP-700 User Guide Syslog Message Name Client Login Authentication Status Priority 6 Severity Informational Description Client logs in/authenticates. Message includes: • Client MAC Address • Authentication Type = None, ACL, RADIUS MAC, 802.
Advanced Configuration Alarms AP-700 User Guide Syslog Message Name Priority Severity Description CLI Configuration File Execution Errors 4 Minor There is an error in execution of the CLI configuration file. The message specifies the filename, line number, and error reason.
Advanced Configuration Alarms AP-700 User Guide and port does not have a valid Access Point as per the administrator’s database. Thus it labels Client 2’s AP as a Rogue AP and proceeds to prevent the Rogue AP attack by blocking this switch’s port. APs can be detected either by active scanning using 802.11 probe request frames or passively by detecting periodic beacons, or both. Wireless clients are detected by monitoring 802.
Advanced Configuration Alarms AP-700 User Guide Rogue Scan Perform this procedure to enable Rogue Scan and define the Scan Interval and Scan Interface. See Figure 4-35. The Rogue Scan screen also displays the number of new access points and clients detected in the last scan on each wireless interface. 1. Enable the Security Alarm Group. Select the Security Alarm Group link from the Rogue Scan screen. Configure a Trap Host to receive the list of access points (and clients) detected during the scan. 2.
Advanced Configuration Alarms AP-700 User Guide Figure 4-35 Rogue Scan Screen 92
Advanced Configuration Bridge AP-700 User Guide Bridge The AP is a bridge between your wired and wireless networking devices. As a bridge, the functions performed by the AP include: • MAC address learning • Forward and filtering decision making • Spanning Tree protocol used for loop avoidance Once the AP is connected to your network, it learns which devices are connected to it and records their MAC addresses in the Learn Table. The table can hold up to 10,000 entries.
Advanced Configuration Bridge AP-700 User Guide Figure 4-36 Spanning Tree Sub-Tab Storm Threshold Storm Threshold is an advanced Bridge setup option that you can use to protect the network against data overload by: • Specifying a maximum number of frames per second as received from a single network device (identified by its MAC address). • Specifying an absolute maximum number of messages per interface.
Advanced Configuration Bridge • AP-700 User Guide Wireless Threshold: Enter the maximum allowed number of packets per second. Intra BSS The wireless clients (or subscribers) that associate with a certain AP form the Basic Service Set (BSS) of a network infrastructure. By default, wireless subscribers in the same BSS can communicate with each other.
Advanced Configuration QoS AP-700 User Guide QoS Wi-Fi Multimedia (WMM)/Quality of Service (QoS) Introduction The AP supports Wi-Fi Multimedia (WMM), which is a solution for QoS functionality based on the IEEE 802.11e specification. WMM defines enhancements to the MAC for wireless LAN applications with Quality of Service requirements, which include transport of voice traffic over IEEE 802.11 wireless LANs.
Advanced Configuration QoS AP-700 User Guide 4. To add a QoS Policy, click the Add button in the “QoS Policies Table” box. The Add Entries box appears. Figure 4-38 Add QoS Policy 5. Enter the Policy Name. 6.
Advanced Configuration QoS AP-700 User Guide Priority Mapping Use this page to configure QoS 802.1p to 802.1d priority mappings (for layer 2 policies) and IP DSCP to 802.1d priority mappings (for layer 3 policies). The first entry in each table contains the recommended priority mappings. Custom entries can be added to each table with different priority mappings. 1. Click Configure > QoS > Priority Mapping. Figure 4-39 Priority Mapping 2. Click Add in the 802.1p and 802.1d priority mapping table.
Advanced Configuration QoS AP-700 User Guide Figure 4-40 Add Priority Mapping Entry 3. Select the 802.1p Priority (from 0-7) for 802.1d Priorities 0-7. 4. Click OK. 5. Click Add in the IP Precedence/DSCP ranges and 802.1d Priority table. 6. Select the IP DSCP Range for each 802.1d Priority. 7. Click OK. NOTE: Changes to Priority Mapping require a reboot of the AP to take effect.
Advanced Configuration QoS AP-700 User Guide Perform the following procedure to configure the Station and AP EDCA tables. 1. Click Configure > QoS > EDCA. Figure 4-41 EDCA Tables 2. Click Edit and configure the following parameters in each table: NOTE: Changes to EDCA parameters require a reboot of the AP to take effect. • Index: read-only.
Advanced Configuration QoS AP-700 User Guide • AIFSN: Arbitration IFS per access category. Configurable range is 2 to 15. • Tx OP Limit: The Transmission Opportunity Limit. The Tx OP is an interval of time during which a particular QoS enhanced client has the right to initiate a frame exchange sequence onto the wireless medium. The Tx OP Limit defines the upper limit placed on the value of Tx OP a wireless entity can obtain for a particular access category. Configurable range is 0 to 65535.
Advanced Configuration Radius Profiles AP-700 User Guide Radius Profiles Configuring Radius Profiles on the AP allows the administrator to define a profile for RADIUS Servers used by the system or by a VLAN. The network administrator can define RADIUS Servers per Authentication Mode and per VLAN. The AP communicates with the RADIUS server defined in a profile to provide the following features: • MAC Access Control Via RADIUS Authentication • 802.
Advanced Configuration Radius Profiles AP-700 User Guide This figure shows a network with separate authentication servers for each authentication type and for each VLAN. The clients in VLAN 1 are authenticated using the authentication servers configured for VLAN 1. The type of authentication server used depends on whether the authentication is done for an 802.1x client or a non-802.1x client.
Advanced Configuration Radius Profiles AP-700 User Guide NOTE: This page configures only the Primary RADIUS Server associated with the profile. After configuring these parameters, save them by clicking OK. Then, to configure the Secondary RADIUS Server, edit the profile from the main page. Figure 4-44 Add RADIUS Server Profile • Server Profile Name: the profile name. This is the name used to associated a VLAN to the profile. See Configuring Security Profiles.
Advanced Configuration Radius Profiles AP-700 User Guide – Colon delimited/MAC: MAC addresses are formatted with a colon between each pair of digits (xx:yy:zz:aa:bb:cc) and the password sent to the RADIUS server is the MAC address of the client. – Single dash delimited/MAC: MAC addresses are formatted with a dash between the sixth and seventh digits (xxyyzz-aabbcc) and the password sent to the RADIUS server is the MAC address of the client.
Advanced Configuration Radius Profiles AP-700 User Guide RADIUS Accounting Using an external RADIUS server, the AP can track and record the length of client sessions on the access point by sending RADIUS accounting messages per RFC2866. When a wireless client is successfully authenticated, RADIUS accounting is initiated by sending an “Accounting Start” request to the RADIUS server. When the wireless client session ends, an “Accounting Stop” request is sent to the RADIUS server.
Advanced Configuration Radius Profiles AP-700 User Guide – Obtained during the Authentication process and used for determining the time interval for sending Accounting Update messages. – This attribute value takes precedence over the value of the Accounting Update Interval. Accounting Attributes • Acct-Delay-Time – • Acct-Session-Id – • Number of packets sent by subscriber. Acct-Terminate Cause – • Number of packets received by subscriber.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide SSID/VLAN/Security The AP provides several security features to protect your network from unauthorized access. This section gives an overview of VLANs and then discusses the SSID/VLAN/Security configuration options in the AP: • VLAN Overview • Management VLAN • Security Profile • MAC Access • Wireless The AP also provides Broadcast Unique Beacon/Closed System and Rogue Scan to protect your network from unauthorized access.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide Figure 4-45 Components of a Typical VLAN VLAN Workgroups and Traffic Management Access Points that are not VLAN-capable typically transmit broadcast and multicast traffic to all wireless Network Interface Cards (NICs). This process wastes wireless bandwidth and degrades throughput performance. In comparison, a VLAN-capable AP is designed to efficiently manage delivery of broadcast, multicast, and unicast traffic to wireless clients.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide Management VLAN Figure 4-46 Mgmt VLAN VLAN Tagging Management Control Access to the AP Management access to the AP can easily be secured by making management stations or hosts and the AP itself members of a common VLAN. Simply configure a non-zero management VLAN ID and enable VLAN to restrict management of the AP to members of the same VLAN.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide Disable VLAN Tagging 1. Click Configure > SSID/VLAN/Security > Mgmt VLAN. 2. Remove the check mark from the Enable VLAN Tagging box (to disable all VLAN functionality) or set the VLAN Management ID to -1 (to disable VLAN Tagging only). NOTE: If you disable VLAN Tagging, you will be unable to configure security per SSID.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide Different servers support different EAP types and each EAP type provides different features. See the documentation that came with your RADIUS server to determine which EAP types it supports. NOTE: The AP supports the following EAP types when Security Mode is set to 802.1x, WPA, or 802.11i (WPA2): EAP-TLS, PEAP, EAP-TTLS, EAP-MD5, and EAP-SIM. Authentication Process There are three main components in the authentication process.
Advanced Configuration SSID/VLAN/Security • • AP-700 User Guide – Each client uses a different key to encrypt and decrypt unicast packets exchanged with the AP – A client's key is different for every session; it changes each time the client associates with an AP – The AP uses a single global key to encrypt broadcast packets that are sent to all clients simultaneously – Encryption keys change periodically based on the Re-keying Interval parameter – WPA uses 128-bit encryption keys Dynamic Key d
Advanced Configuration SSID/VLAN/Security AP-700 User Guide VLANs and Security Profiles The AP allows you to segment wireless networks into multiple sub-networks based on Network Name (SSID) and VLAN membership. A Network Name (SSID) identifies a wireless network. Clients associate with Access Points that share an SSID. During installation, the Setup Wizard prompts you to configure a Primary Network Name for each wireless interface.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide 3. Configure one or more types of wireless stations (security modes) that are allowed access to the AP under the security profile. The WEP/PSK parameters are separately configurable for each security mode. To enable a security mode in the profile (Non Secure Station, WEP Station, 802.1x Station, WPA Station, WPA-PSK Station, 802.11i (WPA2) Station, 802.11i-PSK Station), check the box next to the mode. See Figure 4-49.
Advanced Configuration SSID/VLAN/Security • • AP-700 User Guide Cipher: CCMP based on AES 802.11i-PSK Station: • Authentication Mode: PSK • Cipher: CCMP based on AES • PSK Passphrase: an 8-63 character user-defined phrase. It is recommended a passphrase of at least 13 characters, including both letters and numbers, and upper and lower case characters, to ensure that the generated key cannot be easily deciphered by network infiltrators. 5. When finished configuring all parameters, click OK. 6.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide Figure 4-49 Security Profile Table - Add Entries 117
Advanced Configuration SSID/VLAN/Security AP-700 User Guide MAC Access The MAC Access sub-tab allows you to build a list of stations, identified by their MAC addresses, authorized to access the network through the AP. The list is stored inside each AP within your network. Note that you must reboot the AP for any changes to the MAC Access Control Table to take effect. Up to 1000 entries can be made in the table.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide Wireless Each SSID can have its own Security Profile that defines its security mode, authentication mechanism, and encryption, so that customers can have multiple types of clients (non-WEP, WEP, 802.1x, WPA, WPA-PSK, 802.11i, 802.11i-PSK) on the same system separated per VLAN. See the Security Profile section for more information. Each SSID can support a unique VLAN.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide • Enable: MAC addresses in the MAC Access Control List stored on the RADIUS server are blocked or allowed, based on the MAC ACL settings. If a higher priority authentication protocol is also enabled, the higher-priority settings will override the MAC ACL settings. See Authentication Protocol Hierarchy. • Disable: RADIUS MAC ACL settings are disabled. • Strict: RADIUS MAC ACL settings are enabled.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide Figure 4-52 SSID/VLAN Edit Entries Screen (VLAN Tagging Disabled) 9. Enter a unique Network Name (SSID) between 1 and 32 characters. This parameter is mandatory. NOTE: Do not use quotation marks (single or double) in the Network Name; this will cause the AP to misinterpret the name. 10.Enter a unique VLAN ID. This parameter is mandatory. • A VLAN ID is a number from -1 to 4094. A value of -1 means that an entry is “untagged.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide 16.Enable Broadcast Unique Beacon using the drop-down menu. When enabled, Broadcast Unique Beacon allows the broadcast of a up to four unique beacons when the AP is configured for multiple SSIDs. If Closed System (above) is set to Partial or Disable, each beacon (up to four) will be broadcast a single SSID.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide NOTE: If you disable (uncheck) the Enable Security per SSID option, you will be able to add multiple SSID/VLANs, but the same configuration parameters (described below) will applied to all of them. 3. Click Add to configure additional SSIDs, VLANs, and their associated security profiles and RADIUS server profiles, or click Edit to modify existing SSIDs. The Add Entries or Edit Entries screen appears. See Figure 4-54.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide • You can set the VLAN ID to “-1” or “untagged” if you do not want clients that are using a specific SSID to be members of a VLAN workgroup. Only one “untagged” VLAN ID is allowed per interface. • The VLAN ID must match an ID used by your network; contact your network administrator if you need assistance defining the VLAN IDs. 6.
Advanced Configuration SSID/VLAN/Security AP-700 User Guide 19.If editing an entry, enable or disable the parameters on this page using Status drop-down menu. If adding a new entry, this drop-down menu will not appear. 20.Reboot the AP.
AP-700 User Guide 5 Monitoring This chapter discusses the following monitoring options: • Version: Provides version information for the Access Point’s system components. • ICMP: Displays statistics for Internet Control Message Protocol packets sent and received by the AP. • IP/ARP Table: Displays the AP’s IP Address Resolution table. • Learn Table: Displays the list of nodes that the AP has learned are on the network.
Monitoring Version AP-700 User Guide Version From the HTTP interface, click the Monitor button and select the Version tab. The list displayed provides you with information that may be pertinent when calling Technical Support. With this information, your Technical Support representative can verify compatibility issues and make sure the latest software are loaded. This screen displays the following information for each Access Point component: • Serial Number: The component’s serial number, if applicable.
Monitoring ICMP AP-700 User Guide ICMP This tab provides statistical information for both received and transmitted messages directed to the AP. Not all ICMP traffic on the network is counted in the ICMP (Internet Control Message Protocol) statistics.
Monitoring IP/ARP Table AP-700 User Guide IP/ARP Table This tab provides information based on the Address Resolution Protocol (ARP), which relates MAC Address and IP Addresses.
Monitoring Learn Table AP-700 User Guide Learn Table This tab displays information relating to network bridging. It reports the MAC address for each node that the device has learned is on the network and the interface on which the node was detected. There can be up 10,000 entries in the Learn Table.
Monitoring IAPP AP-700 User Guide IAPP This tab displays statistics relating to client handovers and communications between Access Points.
Monitoring RADIUS AP-700 User Guide RADIUS This tab provides RADIUS authentication, EAP/802.1x authentication, and accounting information for both the Primary and Backup RADIUS servers for each RADIUS Server Profile. NOTE: Separate RADIUS servers can be configured for each RADIUS Server Profile. Select the RADIUS Server Profile to view statistics on from the Select Server Profile drop-down menu.
Monitoring Interfaces AP-700 User Guide Interfaces This tab displays statistics for the Ethernet and wireless interfaces.
Monitoring Interfaces AP-700 User Guide • Ethernet Chipset (Ethernet): Identifies the chipset used to realize the interface. • Excessive Collisions (Ethernet): The number of frames for which transmission fails due to excessive collisions. • Failed ACK Count (Wireless): The number of times an acknowledgment (or ACK) is not received when expected. • Failed Count (Wireless): The number of packets not transmitted successfully due to too many transmit attempts.
Monitoring Interfaces AP-700 User Guide • Out Errors (Ethernet/Wireless): The number of outbound packets that could not be transmitted because of errors. • Out Non-unicast Packets (Ethernet/Wireless): The total number of packets that higher-level protocols requested be transmitted to a non-unicast (i.e., a subnetwork-broadcast orsubnetwork-multicast) address, including those that were discarded or not sent.
Monitoring Station Statistics AP-700 User Guide Station Statistics This tab displays information on wireless clients attached to the AP and on Wireless Distribution System. Enable the Monitoring Station Statistics feature (Station Statistics are disabled by default) by checking Enable Monitoring Station Statistics and click OK. You do not need to reboot the AP for the changes to take effect.
Monitoring Station Statistics AP-700 User Guide • Time since Last Frame Received: The time elapsed since the last frame from the associated wireless station (or WDS link partner) was received. • Number of Stations and WDS Links: The number of stations and WDS links monitored. The following stations statistics are available through SNMP: • Octets Received: The number of octets received from the associated wireless station (or WDS link partner) by the AP.
Monitoring Mesh Statistics AP-700 User Guide Mesh Statistics As the AP-700 does not support Mesh functionality, this tab contains no information. Visit www.proxim.com for information on Mesh.
AP-700 User Guide Commands 6 This chapter contains information on the following Command functions: • Introduction to File Transfer via TFTP or HTTP: Describes the available file transfer methods. • Update AP: Download files via TFTP or HTTP to the AP. • Retrieve File: Upload configuration files from the AP to a TFTP server. • Reboot: Reboot the AP in the specified number of seconds. • Reset: Reset all of the Access Point’s configuration settings to factory defaults.
Commands Introduction to File Transfer via TFTP or HTTP AP-700 User Guide Introduction to File Transfer via TFTP or HTTP There are two methods of transferring files to or from the AP: TFTP or HTTP (or HTTPS if enabled): • Downloading files (Configuration, AP Image, Bootloader, License, Private Key, Certificate, CLI Batch File) to the AP using one of these two methods is called “Updating the AP.” • Uploading files (Configuration, CLI Batch File, etc) from the AP is called “Retrieving Files.
Commands Update AP AP-700 User Guide Update AP Update AP via TFTP Use the Update AP via TFTP tab to download Configuration, AP Image, Bootloader files, Certificate and Private Key files, and CLI Batch File to the AP. A TFTP server must be running and configured to point to the directory containing the file. Figure 6-2 Update AP via TFTP Command Screen If you do not have a TFTP server installed on your system, install the TFTP server from the installation CD.
Commands Update AP – • AP-700 User Guide CLI Batch File: a CLI Batch file that contains CLI commands to configure the AP. This file will be executed by the AP immediately after being uploaded. See CLI Batch File for more information. File Operation: Select either Update AP or Update AP & Reboot. You should reboot the AP after downloading files. Update AP via HTTP Use the Update AP via HTTP tab to download Configuration, AP Image, Bootloader files, and Certificate and Private Key files to the AP.
Commands Update AP AP-700 User Guide Figure 6-4 Warning Message 4. Click OK to continue with the operation or Cancel to abort the operation. NOTE: An HTTP file transfer using SSL may take extra time. If the operation completes successfully the following screen appears. Figure 6-5 Update AP Successful If the operation did not complete successfully the following screen appears, and the reason for the failure is displayed.
Commands Retrieve File AP-700 User Guide Retrieve File Retrieve File via TFTP Use the Retrieve File via TFTP tab to upload files from the AP to the TFTP server. The TFTP server must be running and configured to point to the directory to which you want to copy the uploaded file. We suggest you assign the file a meaningful name, which may include version or location information. If you don’t have a TFTP server installed on your system, install the TFTP server from the installation CD.
Commands Retrieve File AP-700 User Guide Retrieve File via HTTP Use the Retrieve File via HTTP tab to retrieve configuration files, CLI Batch Files, or CLI Batch Logs from the AP. For more information on CLI Batch Files and CLI Batch Logs see CLI Batch File. 1. Select the type of file (Config, CLI Batch File, CLI Batch Log) from the File Type drop-down menu. 2. Click on the Retrieve File button to initiate the operation.
Commands Retrieve File AP-700 User Guide Figure 6-10 File Download Dialog Box 4. On clicking the Save button the Save As window displays. Select an appropriate filename and location and click OK.
Commands Reboot AP-700 User Guide Reboot Use the Reboot tab to save configuration changes (if any) and reset the AP. Enter a value between 0 and 65535 seconds; entering a value of 0 (zero) seconds causes an immediate reboot. Note that Reset, described below, does not save configuration changes. CAUTION: Rebooting the AP will cause all users who are currently connected to lose their connection to the network until the AP has completed the restart process and resumed operation.
Commands Reset AP-700 User Guide Reset Use the Reset tab to restore the AP to factory default conditions. Since this will reset the AP’s current IP address, a new IP address must be assigned. See Logging In for more information. CAUTION: Resetting the AP to its factory default configuration will permanently overwrite all changes that have made to the unit. The AP will reboot automatically after this command has been issued.
Commands Help Link AP-700 User Guide Help Link Use the Help tab to configure the location of the AP Help files. During initialization, the AP on-line help files are downloaded to the default location: C:/Program Files/ORiNOCO/AP700/HTML/index.htm. To enable the Help button on each page of the Web interface to access the help files, however, copy the entire Help folder to a web server, then specify the new HTTP path in the Help Link box.
AP-700 User Guide Troubleshooting 7 This chapter provides information on the following: • Troubleshooting Concepts • Symptoms and Solutions • Recovery Procedures • Related Applications NOTE: This section helps you locate problems related to the AP device setup. For details about RADIUS, TFTP, serial communication programs (such as HyperTerminal), Telnet applications, or web browsers, please see the documentation that came with the respective application for assistance.
Troubleshooting Symptoms and Solutions AP-700 User Guide Symptoms and Solutions Connectivity Issues Connectivity issues include any problem that prevents you from powering up or connecting to the AP. AP Unit Will Not Boot - No LED Activity 1. Make sure your power source is operating. 2. Make sure all cables are connected to the AP correctly. 3. If you are using PoE, make sure you are using a Category 5, foiled, twisted pair cable to power the AP. Serial Link Does Not Work 1.
Troubleshooting Symptoms and Solutions AP-700 User Guide 2. The AP only contacts a DHCP server during boot-up. If your network’s DHCP server is not available while the AP is booting, the device will use the default IP address (169.254.128.132). Reboot the AP once your DHCP server is on-line again or use the ScanTool to find the Access Point’s current IP address. 3.
Troubleshooting Symptoms and Solutions AP-700 User Guide 5. If you have a problem uploading a file, verify that the TFTP server is configured to allow uploads (typically the default setting is to allow only downloads). Client Connection Problems Client Software Finds No Connection Make sure you have configured your client software with the proper Network Name and Security settings. Network Names and WEP Keys are typically allocated and maintained by your network administrator.
Troubleshooting Symptoms and Solutions AP-700 User Guide CAUTION: The Forced Reload procedure disconnects all users and resets all values to factory defaults. Power-Over-Ethernet (PoE) The AP Does Not Work 1. Verify that you are using a standard UTP Category 5 cable. 2. Try a different port on the same PoE hub (remember to move the input port accordingly) – if it works, there is probably a faulty port or bad RJ-45 port connection. 3. If possible, try to connect the AP to a different PoE hub. 4.
Troubleshooting Recovery Procedures AP-700 User Guide Recovery Procedures The most common installation problems relate to IP addressing. For example, without the TFTP server IP Address, you will not be able to download a new AP Image to the AP. IP Address management is fundamental. We suggest you create a chart to document and validate the IP addresses for your system. If the password is lost or forgotten, you will need to reset the AP to default values.
Troubleshooting Recovery Procedures – AP-700 User Guide Download a New Image Using the Bootloader CLI Because the CLI option requires a physical connection to the unit’s serial port, Proxim recommends the ScanTool option.
Troubleshooting Recovery Procedures AP-700 User Guide You must also connect the AP to a computer with a standard serial cable and use a terminal client, such as HyperTerminal. From the terminal, enter CLI Commands to set the IP address and download an AP Image. Preparing to Download the AP Image Before starting, you need to know the Access Point’s IP address, subnet mask, the TFTP Server IP Address, and the AP Image file name.
Troubleshooting Recovery Procedures AP-700 User Guide [Device name]> reboot The AP will reboot and then download the image file. You should see downloading activity begin after a few seconds within the TFTP server’s status screen. 8. When the download process is complete, configure the AP. Setting IP Address using Serial Port Use the following procedure to set an IP address over the serial port using the CLI. The network administrator typically provides the AP IP address.
Troubleshooting Recovery Procedures AP-700 User Guide Figure 7-1 Result of “show ip” CLI Command 6. Change the IP address and other network values using set and reboot CLI commands, similar to the example below (use your own IP address and subnet mask). Note that IP Address Type is set to Dynamic by default.
Troubleshooting Related Applications AP-700 User Guide Related Applications RADIUS Authentication Server If you enabled RADIUS Authentication on the AP, make sure that your network’s RADIUS servers are operational. Otherwise, clients will not be able to log in. There are several reasons the authentication server services might be unavailable, here are two typical things to check: • Make sure you have the proper RADIUS authentication server information setup configured in the AP.
AP-700 User Guide Command Line Interface (CLI) A This section discusses the following: • General Notes • Command Line Interface (CLI) Variations • CLI Command Types • Using Tables and Strings • Configuring the AP using CLI commands • CLI Monitoring Parameters • Parameter Tables • CLI Batch File CLI commands can be used to initialize, configure, and manage the Access Point. • CLI commands may be entered in real time through a keyboard or submitted with CLI scripts.
Command Line Interface (CLI) General Notes AP-700 User Guide General Notes Prerequisite Skills and Knowledge To use this document effectively, you should have a working knowledge of Local Area Networking (LAN) concepts, network access infrastructures, and client-server relationships. In addition, you should be familiar with software setup procedures for typical network operating systems and servers. Notation Conventions • Computer prompts are shown as constant width type.
Command Line Interface (CLI) General Notes Key Combination Tab ? AP-700 User Guide Operation Complete the command line List available commands CLI Error Messages The following table describes the error messages associated with improper inputs or expected CLI behavior.
Command Line Interface (CLI) Command Line Interface (CLI) Variations AP-700 User Guide Command Line Interface (CLI) Variations Administrators use the CLI to control Access Point operation and monitor network statistics. The AP supports two types of CLI: the Bootloader CLI and the normal CLI. The Bootloader CLI provides a limited command set, and is used when the current AP Image is bad or missing. The Bootloader CLI allows you to assign an IP Address and download a new image.
Command Line Interface (CLI) Command Line Interface (CLI) Variations AP-700 User Guide Figure A-2 Results of “show” bootloader CLI command 165
Command Line Interface (CLI) CLI Command Types AP-700 User Guide CLI Command Types This guide divides CLI Commands into two categories: Operational and Parameter Controls. Operational CLI Commands These commands affect Access Point behavior, such as downloading, rebooting, and so on. After entering commands (and parameters, if any) press the Enter key to execute the Command Line.
Command Line Interface (CLI) CLI Command Types AP-700 User Guide Example 2. Display specific Commands To show all commands that start with specified letters, enter one or more letters, then ? with no space between letters and ?. [Device-Name]>s? Figure A-4 Result of “s?” CLI command Example 3. Display parameters for set and show Example 3a allows you to see every possible parameter for the set (or show) commands. Notice from example 3a that the list is very long.
Command Line Interface (CLI) CLI Command Types AP-700 User Guide Figure A-7 Result of “show iparp?” CLI command Example 4. Display Prompts for Successive Parameters Enter the command, a space, and then ?. Then, when the parameter prompt appears, enter the parameter value. The parameter is changed and a new CLI line is echoed with the new value (in the first part of the following example, the value is the IP Address of the TFTP server).
Command Line Interface (CLI) CLI Command Types AP-700 User Guide help Displays instructions on using control-key sequences for navigating a Command Line and displays command information and examples. 1. Using help as the only argument: [Device-Name]>help Figure A-8 Results of “help” CLI command 2. Complete command description and command usage can be provided by: [Device-Name]>help [Device-Name]> help history Shows content of Command History Buffer.
Command Line Interface (CLI) CLI Command Types AP-700 User Guide search Lists the parameters supported by the specified table. This list corresponds to the table information displayed in the HTTP interface. In this example, the CLI returns the list of parameters that make up an entry in the IP Access Table. [Device-Name]> search mgmtipaccesstbl Figure A-9 Results of “search mgmtipaccesstbl” CLI command upload Uploads a text-based configuration file from the AP to the TFTP Server.
Command Line Interface (CLI) CLI Command Types AP-700 User Guide [Device-Name]>show network [Device-Name]>show mgmtipaccesstbl “set” CLI Command Sets (modifies) the value of the specified parameter. To see a definition and syntax example, type only set and then press the Enter key. To see a list of available parameters, enter a space, then a question mark (?) after set (example: set?). Syntax: [Device-Name]>set [Device-Name]>set ...Command Line Interface (CLI) CLI Command Types AP-700 User Guide Example 2 - Create a table entry or row Use 0 (zero) as the index to a table when creating an entry. When creating a table row, only the mandatory table elements are required (comment is usually an optional table element). For optional table elements, the default value is generally applied if you do not specify a value.
Command Line Interface (CLI) CLI Command Types AP-700 User Guide Figure A-10 Results of “show network” and “show ip” CLI Commands Example 6 - Show Individual and Table Parameters 1. View a single parameter. Syntax: [Device-Name]>show Example: [Device-Name]> show ipaddr Displays the Access Point IP address. Figure A-11 Result of “show ipaddr” CLI Command 2. View all parameters in a table.
Command Line Interface (CLI) Using Tables and Strings AP-700 User Guide Using Tables and Strings Working with Tables Each table element (or parameter) must be specified, as in the example below. [Device-Name]>set mgmtipaccesstbl 0 ipaddr 10.0.0.10 ipmask 255.255.0.0 Below are the rules for creating, modifying, enabling/disabling, and deleting table entries. • • • • Creation – The table name is required. – The table index is required – for table entry/instance creation the index is always zero (0).
Command Line Interface (CLI) Using Tables and Strings AP-700 User Guide The string delimiter does not have to be used for every string object. The single quote or double quote only has to be used for string objects that contain blank space characters. If the string object being used does not contain blank spaces, then the string delimiters, single or double quotes, mentioned in this section are not required.
Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide Configuring the AP using CLI commands Log into the AP using HyperTerminal 1. Open your terminal emulation program (like HyperTerminal) and set the following connection properties: • Com Port: • Baud rate: 9600 • Data Bits: 8 • Stop bits: 1 • Flow Control: None • Parity: None 2.
Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide Set Basic Configuration Parameters using CLI Commands There are a few basic configuration parameters that you may want to setup right away when you receive the AP. For example: • Set System Name, Location and Contact Information • Set Static IP Address for the AP • Download an AP Configuration File from your TFTP Server • Set up Auto Configuration • Set Network Names for the Wireless Interface • Enable 802.
Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide [Device-Name]>set snmprpasswd (SNMP read password) [Device-Name]>set snmprwpasswd (SNMP read/write) [Device-Name]>set snmpv3authpasswd (SNMPv3 authentication password) [Device-Name]>set snmpv3privpasswd (SNMPv3 privacy password) [Device-Name]>reboot 0 CAUTION: Proxim strongly urges you to change the default passwords to restrict access to your network devices to
Command Line Interface (CLI) Configuring the AP using CLI commands Country Code AP-700 User Guide Country Code Country Code Armenia AM Iceland IS Philippines PH Australia AU India IN Poland PL Austria AT Indonesia ID Portugal PT Azerbaijan AZ Ireland 5.
Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide Perform the following commands to enable TX Power Control and set the transmit power level: [Device-Name]>set txpowercontrol enable [Device-Name]>set wif currentbackofftpcvalue <0-9 dBm1-35 dBm> Configure SSIDs (Network Names), VLANs, and Profiles Perform the following command to configure SSIDs and VLANS, and to assign Security and RADIUS Profiles.
Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide NOTE: The configuration filename and TFTP server IP address are configured only when the AP is configured for Static IP. If the AP is configured for Dynamic IP these parameters are not used and obtained from DHCP. The default filename is “config”. The default TFTP IP address is “169.254.128.133”.
Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide Other Network Settings There are other configuration settings that you may want to set for the AP. Some of them are listed below.
Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide Configure DHCP Relay Perform the following command to enable or disable DHCP Relay Agent Status. NOTE: You must have at least one entry in the DHCP Relay Server Table before you can set the DHCP Relay Status to Enable. [Device-Name]>set dhcprelaystatus enable Configure DHCP Relay Servers Perform the following command to configure and enable a DHCP Relay Server.
Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide Shutdown/Resume Wireless Service [Device-Name]>set wif 3 wssstatus <1 (resume)/2 (shutdown)> Set Load Balancing Maximum Number of Clients [Device-Name]>set wif 3 lbmaxclients <1–63> Set the Multicast Rate (802.11a/b/g) [Device-Name]>set wif 3 multrate <6, 12, 24 (Mbits/sec)> Enable/Disable Super Mode (802.11a/g only) [Device-Name]>set wif 3 supermode Enable/Disable Turbo Mode (802.
Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide Set Ethernet Speed and Transmission Mode [Device-Name]>set etherspeed (see below) [Device-Name]>reboot 0 Ethernet Speed and Transmission Mode 10 Mbits/sec - half duplex 10 Mbits/sec - full duplex 10 Mbits/sec - auto duplex 100 Mbits/sec - half duplex 100 Mbits/sec - full duplex Auto Speed - half duplex Auto Speed - auto duplex Value 10halfduplex 10fullduplex 10autoduplex 100halfduplex 100fullduplex autohalfduplex
Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide Set Telnet Session Timeouts [Device-Name]>set tellogintout
Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide Add an Entry to the MAC Access Control Table [Device-Name]>set macacltbl 0 macaddr status enable [Device-Name]>show macacltbl Disable or Delete an Entry in the MAC Access Control Table [Device-Name]>set macacltbl status [Device-Name]>show macacltbl NOTE: For larger networks that include multiple Access Points, you may prefer to maintain this list on a centralized location using the R
Command Line Interface (CLI) Configuring the AP using CLI commands Index Primary/Backup Profile Name Server Status Server Addressing Format IP Address/Host Name Destination Port VLAN Identifier MAC Address Format Response Time Maximum Retransmission . AP-700 User Guide : : : : : : : : : : : 1 Backup MAC Authentication notReady ipaddr 0.0.0.0 1812 -1 dashdelimited 3 3 : : : : : : : : : : : : : 4 Backup Management Access notReady ipaddr 0.0.0.0 1812 -1 dashdelimited 3 3 0 0 . .
Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide To define the Configuration Reset Password to be used for configuration reset during boot up, enter the following command [Device-Name]>set configresetpasswd It is important to safely store the NOTE: It is important to safely store the configuration reset password.
Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide Example: [Device-Name]>set secprofiletbl 5 secmode wpa status enable Configure a Security Profile with WPA-PSK Security Mode [Device-Name]>set secprofiletbl secmode wpa-psk passphrase status enable Example: [Device-Name]>set secprofiletbl 6 secmode wpa-psk passphrase 12345678 status enable Configure a Security Profile with 802.11i Security Mode [Device-Name]>set secprofiletbl secmode 802.
Command Line Interface (CLI) CLI Monitoring Parameters AP-700 User Guide CLI Monitoring Parameters Using the show command with the following table parameters will display operating statistics for the AP (these are the same statistics that are described in the Monitoring section). • staticmp: Displays the ICMP statistics. • statarptbl: Displays the IP ARP Table statistics. • statbridgetbl: Displays the Learn Table. • statiapp: Displays the IAPP statistics.
Command Line Interface (CLI) Parameter Tables AP-700 User Guide Parameter Tables Objects contain groups that contain both parameters and parameter tables. Use the following Tables to configure the Access Point.
Command Line Interface (CLI) Parameter Tables – • • • TCP/UDP Port Filtering - Filter IP packets based on TCP/UDP port Alarms Parameters – SNMP Table Host Table Parameters - Enter the list of IP addresses that will receive alarms from the AP – Syslog Parameters - Configure the AP to send Syslog information to network servers Bridge Parameters – Spanning Tree Parameters - Used to help prevent network loops – Storm Threshold Parameters - Set threshold for number of broadcast packets – Intra BSS S
Command Line Interface (CLI) Parameter Tables AP-700 User Guide System Parameters Name Type System Name Location Country Identifier* Group DisplayString DisplayString DisplayString Contact Name Contact E-mail Contact Phone DisplayString DisplayString DisplayString FLASH Backup Interval Flash Update Integer System OID Descriptor DisplayString DisplayString Up Time Integer System Security ID Emergency Restore to defaults DisplayString Value N/A User Defined User Defined See Country Identifiers
Command Line Interface (CLI) Parameter Tables Country Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands Norway Poland Portugal Puerto Rico Russia Spain Sweden Switzerland United Kingdom/ Great Britain AP-700 User Guide Indoor/Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Ind
Command Line Interface (CLI) Parameter Tables AP-700 User Guide Inventory Management Information The inventory management commands display advanced information about the AP’s installed components. You may be asked to report this information to a representative if you contact customer support.
Command Line Interface (CLI) Parameter Tables AP-700 User Guide DNS Client for RADIUS Name Resolution Name DNS Client DNS Client status Primary DNS Server IP Address Secondary DNS Server IP Address Default Domain Name Type Access R RW CLI Parameter dns dnsstatus IpAddress Value N/A enable disable (default) User Defined RW dnspridnsipaddr IpAddress User Defined RW dnssecdnsipaddr Integer32 User Defined (up to 254 RW characters) dnsdomainname Group Integer DHCP Server Parameters Name DHCP Se
Command Line Interface (CLI) Parameter Tables AP-700 User Guide DHCP Relay Group The DHCP Relay Group allows you to enable or disable DHCP Relay Agent Status. Name DHCP Relay Group Status DHCP Relay Server Table Type Group Integer Value N/A enable disable N/A Table Access R RW CLI Parameter dhcprelay dhcprelaystatus R dhcprelaytbl DHCP Relay Server Table The DHCP Relay Server Table contains the commands to set the table entries.
Command Line Interface (CLI) Parameter Tables SNTP Parameters Name SNTP Group SNTP Status AP-700 User Guide Type Group Integer Primary Server Name or DisplayString IP Address Secondary Server Name DisplayString or IP Address Time Zone Integer Daylight Savings Time Integer Year Month Day Hour Minutes Seconds Addressing Format Integer32 Integer32 Integer32 Integer32 Integer32 Integer32 Integer Link Integrity Parameters Name Link Integrity Link Integrity Status Type Group Integer Link Integrity Poll I
Command Line Interface (CLI) Parameter Tables AP-700 User Guide Interface Parameters Wireless Interface Parameters The wireless interface group parameter is wif. The wireless interface uses table index 3. Common Parameters to 802.11a and 802.
Command Line Interface (CLI) Parameter Tables Distance Between APs Large Medium Small Mini Micro AP-700 User Guide Receive Sensitivity Threshold (dBm) -96 -86 -78 -70 -62 Transmit Defer Threshold (dBm) -62 -62 -52 -42 -36 ** Each 802.11 packet is acknowledged by the receiving station. On links longer than about 100m, the time that it takes for the ACK to get back to the sending station is long enough to cause the sending station to believe that the packet was not properly received.
Command Line Interface (CLI) Parameter Tables AP-700 User Guide 802.11b Specific Parameters Name Operating Frequency Channel Integer Type Multicast Rate Integer Closed Wireless System Integer MAC Address Supported Data Rates PhyAddress Octet String Transmit Rate Integer32 Physical Layer Type Integer Regulatory Domain List DisplayString Value 1 - 14; available channels vary by regulatory domain/country; see Available Channels 1 Mbits/sec (1) 2 Mbits/sec (2) (default) 5.
Command Line Interface (CLI) Parameter Tables Name Transmit Rate AP-700 User Guide Type Integer32 Value For 802.11b-only mode: 0 (auto fallback; default) 1 Mbits/sec 2 Mbits/sec 5.5 Mbits/sec 11 Mbits/sec Access RW CLI Parameter txrate R R phytype regdomain RW supermode For 802.
Command Line Interface (CLI) Parameter Tables AP-700 User Guide Wireless Distribution System (WDS) Parameters Name WDS Table Port Index Status Partner MAC Address Type Table Integer Integer PhysAddress Value N/A 3.1 - 3.
Command Line Interface (CLI) Parameter Tables Name RADIUS EAP Profile RADIUS Accounting Profile QoS Policy AP-700 User Guide Type DisplayString DisplayString Value User defined User defined Access RW RW CLI Parameter radeapprofile radacctprofile Integer32 User defined RW qospolicy Ethernet Interface Parameters Name Ethernet Interface Speed Type Group Integer MAC Address PhyAddress Value N/A 1 (10halfduplex) 2 (10fullduplex) 3 (10autoduplex) 4 (100halfduplex) 5 (100fullduplex) 6 (autohalfduplex
Command Line Interface (CLI) Parameter Tables AP-700 User Guide Management Parameters Secure Management Parameters Name Secure Management SNMP Parameters Name SNMP SNMP Management Interface Bitmask Type Integer Type Group Interface Bitmask Read Password DisplayString Read/Write Password DisplayString SNMPv3 Authentication Password DisplayString SNMPv3 Privacy Password DisplayString HTTP Parameters Name HTTP HTTP Management Interface Bitmask Type Group Interface Bitmask HTTP Password Display
Command Line Interface (CLI) Parameter Tables AP-700 User Guide Telnet Parameters Name Telnet Telnet Management Interface Bitmask Type Group Interface Bitmask Telnet Port Integer Telnet Login Inactivity Time-out Telnet Session Idle Time-out Integer Integer Value N/A 0 or 2 = No interfaces (disable) 1 or 3 = Ethernet 4 or 6 = Wireless 5 or 7 = All interfaces (default is 7) User Defined 23 (default) 30 - 300 seconds 60 sec (default) 60 - 36000 seconds 900 sec (default) Access R RW CLI Parameter teln
Command Line Interface (CLI) Parameter Tables Name SSH Public Host Key Fingerprint SSH Host Key Status AP-700 User Guide Type DisplayString Value AP Generated Access RW CLI Parameter sshkeyfprint Integer create delete RW sshkeystatus The AP SSH feature, open-SSH, confirms to the SSH protocol, and supports SSH version 2. The following SSH clients have been verified to interoperate with the AP’s server. The following table lists the clients, version number, and the website of the client.
Command Line Interface (CLI) Parameter Tables AP-700 User Guide IP Access Table Parameters When creating table entries, you may either specify the argument name followed by argument value or simply enter the argument value. When only the argument value is specified, then enter the values in the order depicted by the following table. CLI applies default values to the omitted arguments. Due to the nature of the information, the only argument that can be omitted is the “comment” argument.
Command Line Interface (CLI) Parameter Tables Name Static MAC Address on Wired Network Static MAC Address Mask on Wired Network Static MAC Address on Wireless Network Static MAC Address Mask on Wireless Network Comment (optional) Status (optional) AP-700 User Guide Type PhysAddress Value User Defined Access RW CLI Parameter wiredmacaddr PhysAddress User Defined RW wiredmask PhysAddress User Defined RW wirelessmacaddr PhysAddress User Defined RW wirelessmask DisplayString Integer max 255 c
Command Line Interface (CLI) Parameter Tables AP-700 User Guide TCP/UDP Port Filtering Table The following parameters are used to configure TCP/UDP Port filters.
Command Line Interface (CLI) Parameter Tables AP-700 User Guide Name Password Type DisplayString Comment (optional) DisplayString Status (optional) Integer Value User Defined (up to 64 characters) User Defined (up to 254 characters) enable (default) disable delete Access W CLI Parameter passwd RW cmt RW status Syslog Parameters The following parameters configure the Syslog settings.
Command Line Interface (CLI) Parameter Tables AP-700 User Guide Bridge Parameters Spanning Tree Parameters Name Spanning Tree Spanning Tree Status Type Group Integer Bridge Priority Integer Maximum Age Integer Hello Time Integer Forward Delay Integer Value N/A enable disable (default) 0 - 65535 32768 (default) 600 - 4000 (in 0.01 sec intervals; i.e., 6 to 40 seconds) 2000 (default) 100 - 1000 (1/100 second; i.e., 1 to 10 seconds); enter values in increments of 100 200 (default) 400 - 3000 (in 0.
Command Line Interface (CLI) Parameter Tables AP-700 User Guide Storm Threshold Table Name Storm Threshold Table Table Index Table Integer Type Broadcast Threshold Integer Multicast Threshold Integer Value N/A 1 = Ethernet 3 = Wireless 0 - 255 packets/sec (default is 0) 0 - 255 packets/sec (default is 0) Access R R CLI Parameter stmthrestbl index RW bcast RW mcast Intra BSS Subscriber Blocking The following parameters control the Intra BSS traffic feature, which prevent wireless clients that
Command Line Interface (CLI) Parameter Tables AP-700 User Guide RADIUS Parameters General RADIUS Parameters Name RADIUS Client Invalid Server Address Type Group Counter32 Value N/A N/A Access R R CLI Parameter radius radcliinvsvradd RADIUS Server Configuration Parameters NOTE: Use a server name only if you have enabled the DNS Client functionality. See DNS Client for RADIUS Name Resolution.
Command Line Interface (CLI) Parameter Tables AP-700 User Guide Security Parameters MAC Access Control Parameters Name MAC Address Control Status Type Group Integer Operation Type Integer Value N/A enable disable (default) passthru (default) block Access R RW RW CLI Parameter macacl aclstatus macacloptype MAC Access Control Table Name MAC Address Control Table Table Index MAC Address Comment (optional) Status (optional) Type Value Table N/A N/A PhysAddress DisplayString N/A User Defined User
Command Line Interface (CLI) Parameter Tables Name Hardware Configuration Reset Status Configuration Reset Password AP-700 User Guide Type Integer DisplayString Value enable (1) disable (2) User Defined Access R RW CLI Parameter hwconfigresetstatus configresetpasswd Security Profile Table The Security Profile Table allows you to configure security profiles. A maximum of 16 security profiles are supported.
Command Line Interface (CLI) Parameter Tables Key Length 128-bit 152-bit AP-700 User Guide Hexadecimal 26 characters (0 - F) 32 characters (0 - F) ASCII 13 alphanumeric characters 16 alphanumeric characters Each ASCII character corresponds to two hexadecimal digits. See ASCII Character Chart for ASCII/Hexadecimal correspondence.
Command Line Interface (CLI) Parameter Tables AP-700 User Guide Enabling QoS Name QoS Status Type Object Status QoS Maximum Medium Threshold Integer Value enable disable (default) 50 - 90 Access RW CLI Parameter qosstatus RW qosmaximummediumthresh old Value Access N/A N/A R R RW RW CLI Parameter qos qospolicytbl index secindex policyname type RW RW mapindex markstatus RW status Configuring QoS Policies The QoS group manages the QoS policies: Name QoS Group QoS Policy Table Table Primary In
Command Line Interface (CLI) Parameter Tables AP-700 User Guide Specifying the Mapping between IP Precedence/DSCP Ranges and 802.1D Priorities The QoS IP DSCP to 802.1D Mapping Table specifies the mapping between IP Precedence/DSCP Ranges and 802.1D priorities. Name QoS IP DSCP to 802.1D Mapping Table Table Index (Primary Index) 802.
Command Line Interface (CLI) Parameter Tables Name CWmax AIFSN Tx OP Limit MSDU Lifetime AC Mandatory AP-700 User Guide Type Integer Integer Integer Integer Truth Value Value 0 - 65535 2 - 15 0 - 65535 0 - 500 true false Access RW RW RW RW RW CLI Parameter cwmax aifsn txoplimit msdulifetime acmandatory Examples: show qosedcatbl (or qosqapedcatbl) set qosedcatbl (or qosqapedcatbl) . For example: set qosedcatbl 3.
Command Line Interface (CLI) CLI Batch File AP-700 User Guide CLI Batch File A CLI Batch file is a user-editable file that lists a series of CLI set commands, that can be uploaded to the Access Point to change its configuration. The Access Point executes the CLI commands specified in the CLI Batch file after upload and the configuration gets changed accordingly. A CLI Batch file can also be used for Auto Configuration.
Command Line Interface (CLI) CLI Batch File AP-700 User Guide Reboot Behavior When a CLI Batch file contains a reboot command, the reboot will occur only after the entire CLI Batch file has been executed.
AP-700 User Guide B ASCII Character Chart You can configure WEP Encryption Keys in either Hexadecimal or ASCII format. Hexadecimal digits are 0-9 and A-F (not case sensitive). ASCII characters are 0-9, A-F, a-f (case sensitive), and punctuation marks. Each ASCII character corresponds to two hexadecimal digits. The table below lists the ASCII characters that you can use to configure WEP Encryption Keys. It also lists the Hexadecimal equivalent for each ASCII character.
AP-700 User Guide C Specifications • Software Features • Hardware Specifications • Available Channels Software Features The tables below list the software features available on the AP-700.
Specifications Software Features AP-700 User Guide Advanced Bridging Functions Feature Supported by AP-700 IEEE 802.
Specifications Software Features AP-700 User Guide Security Functions Feature Supported by AP-700 Security Profiles per VLAN 3 RADIUS Profiles per VLAN 3 IEEE 802.11 WEP* 3 MAC Access Control 3 RADIUS MAC-based Access Control 3 IEEE 802.1x Authentication† 3 Multiple Authentication Server Support per VLAN‡ 3 Rogue Scanning to Detect Rogue Access Points and Clients 3 Per User Per Session (PUPS) Encryption § 3 Wi-Fi Protected Access (WPA)/802.
Specifications Hardware Specifications AP-700 User Guide Hardware Specifications Category Specification Physical Dimensions (H x W x L) 1 x 4.75 x 7.1 in (25 x 121 x 180 mm) Weight Unit: .65 lb (.295 kg) Power Supply: .45 lbs (.
Specifications Available Channels AP-700 User Guide Available Channels Available channels vary based on operational mode and country. To verify which channels are available for your product: 1. Locate the product model number on the underside of your AP unit or on the unit’s box. 2. Note the alphanumeric code following the number 8675. (e.g., 8675-EU) 3. See the following tables. • 802.11a/b/g Channels • WD SKU Channels by Country 802.11a/b/g Channels Mode Channel 802.
Specifications Available Channels AP-700 User Guide WD SKU Channels by Country Available channel bands depend on the selected country and mode of use (indoor/outdoor). The typical channels available in each 802.
Specifications Available Channels Country Lithuania Luxembourg Malta Netherlands Norway Poland Portugal Russia Spain Sweden Switzerland United Kingdom/ Great Britain AP-700 User Guide Indoor/Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor/Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor Indoor Outdoor 802.
AP-700 User Guide Technical Services and Support D See the following sections: • Obtaining Technical Services and Support • Support Options – Proxim eService Web Site Support – Telephone Support – ServPak Support Obtaining Technical Services and Support If you are having trouble utilizing your Proxim product, please review this manual and the additional documentation provided with your product.
Technical Services and Support Support Options AP-700 User Guide Support Options Proxim eService Web Site Support The Proxim eService Web site is available 7x24x365 at http://support.proxim.com. On the Proxim eService Web Site, you can access the following services: • New Product Registration: Register your product for free support. • Open a Ticket or RMA: Open a ticket or RMA and receive an immediate reply. • Search Knowledgebase: Locate white papers, software upgrades, and technical information.
AP-700 User Guide Statement of Warranty E Warranty Coverage Proxim Wireless Corporation warrants that its Products are manufactured solely from new parts, conform substantially to specifications, and will be free of defects in material and workmanship for a Warranty Period of 1 year from the date of purchase.
Statement of Warranty Other Information AP-700 User Guide and shipping instructions. Buyer must return the defective Product to Proxim Wireless, properly packaged to prevent damage, shipping prepaid, with the RMA number prominently displayed on the outside of the container.
