ORiNOCO AP-2500 User Guide
Copyright © 2003 Proxim Corporation. All rights reserved. Covered by one or more of the following U.S. patents: 5,231,634; 5,875,179; 6,006,090; 5,809,060; 6,075,812; 5,077,753. This user’s guide and the software described in it are copyrighted with all rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form by any means without the written permission of Proxim Corporation.
ORiNOCO AP-2500 User Guide Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 Introducing the AP-2500 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Overview of Product Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Public Space Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Configure Network Names for the Wireless Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Configure the Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Set WEP Encryption for each Wireless Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Set and Change Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Disabling the AP’s DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 IP Upsell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 DNS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Special Considerations Regarding VPN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 5 Public Space Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Authorized Subscribers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Authorized Subscribers Table and the Current Subscribers Table . . . . . . . . . . . . . . . . . . . . 154 Manually Adding a Subscriber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Removing a Subscriber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Client Connection Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Client Manager Finds No Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Client PC Card Does Not Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Intermittent Loss of Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Command Line Interface (CLI) Variations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Bootloader CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 CLI Command Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Operational CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Set the Multicast Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Set Ethernet Speed and Transmission Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Set Interface Management Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Set Communication Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents URL Filtering Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 URL Filtering IP Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 URL Filtering DNS Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 ICC (Information Control Console) Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
External Authentication Procedure (Detailed) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 Sample XML Communications with the AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 C Credit Card Interface Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242 Data sent by the AP-2500 to the credit card clearing server . . . . . . . . . . . . . . . . . . . . 242 Data sent by credit card clearing server to the AP-2500 . . . . . . . .
ORiNOCO AP-2500 User Guide Introduction 1 In This Chapter • • • • • • Introducing the AP-2500 Overview of Product Features The Product Package Minimum System Requirements Management and Monitoring Capabilities Active Ethernet Introducing the AP-2500 The ORiNOCO AP-2500 is an all-in-one wireless access point and access gateway specifically designed for public hotspot providers and enterprises.
Introduction • • • • • • • • • • • • • Outgoing e-mail (SMTP) Redirection: You can configure the AP-2500 to redirect outgoing e-mail messages to a specified Simple Mail Transfer Protocol (SMTP) server. Subscribers can send e-mails as if they were connected to their home network. See SMTP Redirection for details. VPN Passthrough: The AP-2500 can support multiple PPTP and IPsec VPN sessions for subscribers. See VPN for details.
Introduction One of the key features of DAT is a technique known as Network Address Translation (NAT). NAT is an Internet standard that allows a device (like the AP-2500) to use a single public IP address to provide Internet connectivity to multiple devices (which would otherwise each need to have its own public IP address to communicate with the network).
Introduction Networking Features The AP-2500 provides wireless access to the Internet for hotspot subscribers. This means that your customers can surf the Internet and send e-mails from anywhere within range of the Access Point without having to install extra wires or cabling.
Introduction 802.11a and 802.11b Networks The AP-2500 supports both the IEEE 802.11a and 802.11b standards. The AP-2500 can be used with the following combinations of 802.11a and 802.11b radio cards: • • • One 802.11b card (second slot empty) One 802.11a 5 GHz upgrade kit (second slot empty) Two 802.11b cards • One 802.11b card and one 802.11a 5 GHz upgrade kit You can have an 802.11a and an 802.11b card present in the AP-2500 at the same time and 2.
Introduction List of Networking Features The IEEE standards that governs wireless communications are different for the 2.4 GHz band and the 5 GHz band. The table below compares the software features supported for each type of card in the AP-2500 device: Feature 2.4 GHz 5 GHz (802.11b) (802.
Introduction The following table provides detailed information on the differences between the 802.11a and 802.11b feature sets. 2.4 GHz (802.11b) 5 GHz (802.11a) Physical Layer Type (Modulation Type) DSSS (Direct Sequence Spread Spectrum) ODFM (Orthogonal Frequency Division Multiplexing) Auto Channel Select enable (default) disable enable (default) disable Frequency Channel 1 - 2.412 GHz 2 - 2.417 GHz 3 - 2.422 GHz (default FCC, ETSI, Japan) 4 - 2.427 GHz 5 - 2.432 GHz 6 - 2.437 GHz 7 - 2.
Introduction The Product Package Each AP-2500 comes with the following: • • • • AP processor module AP cover Mounting plate Mounting hardware – Four 3.
Introduction Web Browser Interface The Web Browser interface (also known as the HTTP interface) provides easy access to configuration settings and network statistics from any computer in the network. Use the Web browser interface through your LAN (switch, hub, etc.), over the Internet, or with a “crossover” Ethernet cable connected directly to your computer’s Ethernet Port.
Introduction The Nomadix MIB controls the following settings: • • All of the Public Space features found under the PublicSpace and Subscriber headings within the Web browser interface (described in Public Space Parameters). The following Network parameters: — IP Configuration — DHCP Server — DNS Server — RADIUS — VPN Refer to the MIB files for more information; the MIB files can be opened with any text editor, such as Microsoft Word or Notepad.
ORiNOCO AP-2500 User Guide Installation & Basic Configuration 2 In This Chapter This chapter describes how to install the AP-2500 hardware and perform basic configuration operations. • • • • • • Prerequisites Hardware Installation Initialization (ScanTool) Basic Configuration Download the Latest Software Back-up the AP’s Configuration Files Prerequisites Before installing an AP-2500, you need to gather certain network information. The following section identifies the information you need.
Installation & Basic Configuration Hardware Installation Refer to the steps below that correspond to your configuration: • • • • • AP-2500 with Active Ethernet AP-2500 with Power Supply Installing a Card in Slot B 5 GHz Kit Installation Installing the AP-2500 in a Plenum AP-2500 with Active Ethernet Follow these installation steps if you purchased an AP with Active Ethernet: 1. Slide the AP module onto the mounting bracket. Make sure it is properly seated.
Installation & Basic Configuration NOTE If you want to install a second 802.11b wireless card in Slot B, you will first need to remove the slot cover (which is provided for plenum-rating purposes). See Installing a Card in Slot B for instructions. If you want to install a 5 GHz kit, see 5 GHz Kit Installation. 3. Connect one end of a Category 5 straight-through Ethernet cable to the Access Point’s Ethernet port. The AP will receive both power and Ethernet connectivity over the cable. 4.
Installation & Basic Configuration AP-2500 with Power Supply Follow these installation steps if you purchased an AP with a power supply: 1. Clip the power supply into the mounting bracket. 2. Plug the AC power cord into the power supply. Figure 2-5 Install the power supply 3. Slide the AP module onto the mounting bracket. Make sure it is properly seated. 4. Plug the DC connector from the power supply into the top of the AP module.
Installation & Basic Configuration Figure 2-7 Slide a PC Card into the AP NOTE If you want to install a second 802.11b wireless card in Slot B, you will first need to remove the slot cover (which is provided for plenum-rating purposes). See Installing a Card in Slot B for instructions. If you want to install a 5 GHz kit, see 5 GHz Kit Installation. 6. Attach one end of an Ethernet cable to the AP's Ethernet port and the other end to a network hub or switch. 7.
Installation & Basic Configuration NOTE Proxim recommends that you perform a Site Survey prior to determine the installation location for your AP-2500. For information about how to conduct a Site Survey, contact your local reseller. 10. Once you have chosen a final location for your unit, mount the wall bracket and the processor module and place the cover onto the unit as shown.
Installation & Basic Configuration Figure 2-11 Remove the AP cover 4. Remove the power and Ethernet cables from the unit. 5. Position the antenna adapter, card inward, facing the top of the unit (see diagram) and insert the 5 GHz card into the available card slot. Figure 2-12 Insert card 6. Angle the antenna adapter slightly upwards, pinch the end tabs inwards and carefully slide the antenna adapter onto the mounting bracket. 7.
Installation & Basic Configuration 8. Position the antenna for best reception: • at a 90° angle for flat surface mounts • at a 180° angle for wall mounts 9. Re-attach the power and Ethernet cabling. 10. Re-install the cover and mount the AP back in place. 11. Re-connect the power supply to the power source or the Ethernet cable to the AE power injector.
Installation & Basic Configuration Initialization (ScanTool) ScanTool is a software utility that is included on the installation CD-ROM. The tool automatically detects the Access Points installed on your network, regardless of IP address, and lets you configure each unit’s IP settings. In addition, you can use ScanTool to download new software to an AP that does not have a valid software image installed (see Download a New Image Using ScanTool).
Installation & Basic Configuration 7. Locate the MAC address of the AP you want to initialize within the Scan List. NOTE If your Access Point does not show up in the Scan List, click the Rescan button to update the display. If the unit still does not appear in the list, see Troubleshooting for suggestions. Note that after rebooting an Access Point, it may take up to five minutes for the unit to appear in the Scan List. 8. Highlight the AP’s entry and click the Change button.
Installation & Basic Configuration Basic Configuration Once you have a valid IP Address assigned to your AP-2500 and you can communicate with it over an Ethernet network, use your web browser to configure the AP-2500. This section describes how to perform some basic functions and configure some of the AP’s basic settings to get you started.
Installation & Basic Configuration Figure 2-17 Enter Network Password Figure 2-18 Web Interface’s System Status Screen 34
Installation & Basic Configuration Set System Name, Location and Contact Information Figure 2-19 System Configuration 1. Click Configure > System. 2. Enter a name for the AP, its location within your network or its physical location (such as “Front Lobby” or Engineering), and the name, phone number, and e-mail address of the person responsible for this device. 3. Click OK.
Installation & Basic Configuration Figure 2-20 Network IP Configuration Configure Network Names for the Wireless Interfaces During boot-up, the AP automatically detects the number and type of radio cards installed and updates the wireless configuration parameters accordingly. Many of the wireless settings can be left at their default value. However, you may want to change the Network Name for each wireless interface.
Installation & Basic Configuration Configure the Ethernet Interface 1. Click Configure > Interfaces > Ethernet. 2. Set the Speed and Transmission Mode for the AP’s Ethernet interface. • This is the speed and duplex at which the AP communicates with your Ethernet network. By default, the AP automatically detects the settings of the hub or switch to which it is connected. If you are having problems communicating with the AP over the Ethernet, manually set the mode to match your hub or switch’s settings.
Installation & Basic Configuration 5. Select the Key that the Access Point will use to encrypt outgoing data from the Encrypt Data Transmissions Using drop-down menu. By default, this parameter is set to Key 1. 6. Repeat these steps for the second slot (if applicable). 7. Click OK. 8. Reboot the AP for these changes to take effect. Figure 2-21 WEP Encryption Set and Change Passwords 1. Click Configure > Management > Passwords. 2. Set the SNMP Read Password.
Installation & Basic Configuration NOTE For security purposes Proxim recommends that you change ALL PASSWORDS from the default “public” immediately to restrict access to authorized personnel. If you lose or forget your password settings, you can always perform the Reset to Factory Default Procedure. Configure the Date and Time The AP boots up using January 1, 1970 as the date and 00:00:00 as the time.
Installation & Basic Configuration Reboot the AP Most of the AP’s configuration settings take effect immediately; they do not require a reboot. However, some parameters do a require a reboot before they take effect. Therefore, reboot the AP after configuring the basic settings to ensure that all of your changes take effect. 1. Click Commands > Reboot. 2. Click OK to reboot the unit immediately. NOTE Wait for the unit’s Power LED to turn green before attempting to browse any other page.
Installation & Basic Configuration Download Updates from your TFTP Server using the CLI Interface 1. Download the latest software at http://www.proxim.com/. 2. Copy the latest software updates to your TFTP server. 3. Open the CLI interface via Telnet or a serial connection. (See Using the Command Line Interface for more information.) 4. Enter the CLI password when prompted. 5. Type set tftpfilename (include the file extension) and press Enter. 6. Type set tftpfiletype img and press Enter. 7.
Installation & Basic Configuration Downloading Configuration Files Follow these steps to download configuration files to the AP: 1. 2. 3. 4. 5. 6. Copy config.sys and current.txt to your TFTP server’s root directory (if necessary). Login to the AP’s Web browser interface. Click Commands > Download. Enter the IP address of the computer running the TFTP server application in the Server IP Address field. Enter current.txt in the File Name field. Set the File Type to Generic. 7.
ORiNOCO AP-2500 User Guide AP-2500 Authentication Methods 3 The AP-2500 is a versatile Access Point for hotspot locations that supports multiple authentication methods. The unit includes all of the features necessary for a user to set up a hotspot quickly and easily without requiring servers or advanced Web design skills.
AP-2500 Authentication Methods Internal Authentication In this configuration, the AP-2500 provides all authentication services to subscribers using its Internal Web Server (IWS). This is the easiest configuration to design and implement but it offers limited functionality.
AP-2500 Authentication Methods NOTE If you want to provide the user with the ability to log in or out of the connection, you need to use a RADIUS server. See Internal Authentication with RADIUS for details. End User Experience The following procedure details the experience of the typical customer if you configure the AP-2500 to use internal authentication: 1. Customer enters the hotspot and turns on his laptop that has a wireless card installed.
AP-2500 Authentication Methods • You can disable the AP’s DHCP server if there is another DHCP server that you want to use instead. See Disabling the AP’s DHCP Server for details. 4. Configure IP Upsell, if desired. See IP Upsell for details. • In general, it costs more to obtain public IP addresses from your ISP due to limited availability.
AP-2500 Authentication Methods NOTE Advanced users can also manage the AP from a network computer using XML commands (tasks such as adding and deleting users). See AAA Basic for configuration information and XML Interface Specification for information on XML commands. 12. Click OK to save your changes to the AAA settings. 13. Click the Internal tab. 14. Configure the SSL parameters (Enable SSL and Certificate DNS Name), if desired. • This provides secure communication between subscribers and the AP.
AP-2500 Authentication Methods 17. If you want to charge customers for access time via credit card, configure the Credit Card Services options. • You need an account with a credit card service provider to use this feature. • The AP-2500 works with the following credit card providers by default: — Datacenter Luxembourg (in Europe) -- http://www.dclux.com/ — ChainFusion (in Asia) -- http://www.chainfusion.com/ — Authorize.net’s WebLink solution (U.S.) -- http://www.authorize.
AP-2500 Authentication Methods • If you want all outgoing mail traffic redirected to the specified server, enable both the Misconfigured and Properly Configured options.
AP-2500 Authentication Methods 6. 7. 8. • • Configure the Amount Paid field, if desired. The AP automatically fills in this field after a successful credit card purchase. Configure the optional User Alias fields, if desired. These are for notes only and do not have an impact on the authentication process. Configure the Upstream and Downstream Bandwidth limits for the user. The user’s bandwidth is not limited if you leave this blank or set it to 0. 9. Click OK to add the subscriber. 10.
AP-2500 Authentication Methods Internal Authentication with RADIUS In this configuration, the AP-2500 provides all of the authentication services described in Internal Authentication, but it also communicates with a Remote Authentication Dial-In User Service (RADIUS) server on the network to determine if a user is valid. RADIUS is an authentication and accounting protocol that is used by many ISPs.
AP-2500 Authentication Methods 3. Client sends AP its login credentials (User name/password or MAC address). 4. AP checks its Authorized Subscribers Table. If the client is not listed, the AP forwards the authentication request to the RADIUS server. 5. The RADIUS server authenticates the user based on the client’s login credentials and notifies AP of successful authentication. 6.
AP-2500 Authentication Methods 1. Install the RADIUS application on your network server, if necessary. • IAS is included with Windows 2000 Server. If you want to install IAS, follow these steps: 1. Click Start > Control Panel. 2. Double-click the Add/Remove Programs icon. 3. Click the Add/Remove Windows Components option. 4. Double-click the Networking Services option. 5. Place a check mark next to the Internet Authentication Service option. 6. Click OK. 7.
AP-2500 Authentication Methods 16. Return to the Internet Authentication Services window and right-click the Remote Access Policies entry in the navigation tree. 17. Select New Remote Access Policy from the drop-down menu. 18. Enter a Policy friendly name in the field provided and click Next. 19. 20. 21. 22. 23. Click Add. Select Windows-Groups from the list and click Add. Click Add again to view the list of groups. Select the group that contains your AP’s subscribers and click Add.
AP-2500 Authentication Methods Configure the AP-2500 After you have installed and configured your RADIUS server, you need to configure your AP to communicate with the RADIUS server and provide internal authentication. Follow these steps: 1. Configure the AP-2500 to use its Internal Web Server for authentication. See Internal Authentication > Configuration Instructions for step-by-step instructions. 2. If not already open, access the AP’s Web browser interface. 3. Click Configure > Security > RADIUS.
AP-2500 Authentication Methods 5. Configure the Retransmission Options. • Select a Retransmission Method. This option is only valid if you have configured settings for a Secondary Server. — Failover: The AP make multiple attempts to reach the Primary Server. If the Primary Server fails to respond (after the specified number of Retransmission Attempts), the AP falls over to the Secondary Server. — Round-Robin: The AP first attempts to reach the Primary Server.
AP-2500 Authentication Methods • Place a check mark in the Send NAS Port Type box if you want to include the port type in the messages sent to the RADIUS server. • Set the NAS Port Type to 19 if you enabled Send NAS Port Type. — Port Type 19 corresponds to a connection made over an IEEE 802.11 Wireless network. See RFC 2865 for details (the RFC is available at http://www.rfc-editor.org/). — You can also use NAS Port Type to establish different access policies.
AP-2500 Authentication Methods External Authentication The External Web Server (EWS) interface was designed for customers who want to develop and use their own content. It allows for more customization than if using the Internal Web Server (IWS). By using an EWS (External Web Server) you can authenticate subscribers externally; the EWS is responsible for interacting with accounting or authorizing services.
AP-2500 Authentication Methods • The customer must try to access a valid Web site to initiate a redirect. Entering an unreachable URL or invalid Web address will not initiate a redirect to the External portal page. • Customers who try to access e-mail first will not have a connection. Customers need to login via a Web browser first. 3. Client sends its login credentials (User name/password) to the EWS (by way of the AP). 4.
AP-2500 Authentication Methods • Some applications require a public IP address to function properly over the Internet (such as certain VPN applications, on-line gaming, and Web hosting). Customers who require a public IP address may be willing to a premium for this service. • The subscriber’s wireless card must be configured to obtain an IP address from a DHCP server to use the IP Upsell feature (that is, this feature doesn’t work if the subscriber’s computer is assigned a static IP address). 5.
AP-2500 Authentication Methods 22. Click the AAA Port tab and configure the AAA Passthrough Port settings, if applicable. For example, if you are redirecting customers to a secure HTTPS page, you should set the AAA Passthrough Port for port 443. See Passthrough AAA Port. 23. If you plan to limit subscriber bandwidth or offer multiple access plans based on bandwidth speeds, click the Bandwidth Mgmt tab to notify the AP of its bandwidth settings.
ORiNOCO AP-2500 User Guide Network Parameters 4 In This Chapter This chapter describes all of the network operating parameters that can be configured using the Access Point’s Web browser interface (that is, the parameters accessible after clicking the Configure button). • • • • • • • • System: Configure specific system information such as system name and contact information. Network: Configure IP settings, DHCP server, DNS servers, and VLAN.
Network Parameters Network The Network category contains four sub-categories.
Network Parameters Overview of DHCP Server Parameters You can configure and view the following parameters within the DHCP Server Configuration screen: • • • • • • • • • • • • Enable DHCP Server: Place a check mark in the box provided to enable DHCP Server functionality. Remove the check mark if you do not want the AP to act as a DHCP server. DHCP Server Type: Specifies the type of IP address the AP will provide to clients: public or private. By default, the AP serves addresses in the 10.0.0.
Network Parameters Figure 4-1 DHCP Server Configuration Screen Configuring the AP to Serve Public IP Addresses If you have a pool of public IP addresses and do not want the AP to perform NAT for subscribers who have DHCP client support enabled, follow these steps (note that this is not a typical configuration for the device): 1. 2. 3. 4. 5. 6. 7. 8. Login to the Web interface. Click Configure > Network > DHCP Server. Set the DHCP Server Type to public.
Network Parameters 5. In the Relay Type field, select the type of addresses your DHCP server will assign to subscribers: Public or Private. 6. In the DHCP Relay Server IP field, enter the IP address of your DHCP server. 7. Configure the DHCP Relay Agent IP as follows: • If the DHCP Relay Server is on the same IP network as the AP, enter 0.0.0.0 in this field. • If the DHCP Relay server is on a different IP network from the AP, enter the AP’s IP address in this field. 8. Click OK. 9. Reboot the AP.
Network Parameters Figure 4-2 Enabling IP Upsell 11. Configure the billing plans that you want to offer. – At least one plan should offer private IP addresses and at least one plan should offer public IP addresses (you can configure up to six different billing plans). – See Billing Options for Subscribers for detailed instructions on how to configure the billing plans. 12. Reboot the AP. Notes Concerning IP Upsell • • • • A subscriber needs to have DHCP enabled to use the IP Upsell feature.
Network Parameters • If you use external authentication, you can add an IP_Type attribute to the User_Add XML command and specify the address type (public or private), as shown in the following example: johndoe doededoe 3600 CREDIT_CARD PUBLIC
Network Parameters 4. Enter the DNS Domain name. This name is provided by your ISP or network administrator. 5. Enter up to three DNS Server IP addresses in the fields provided. You must configure at least the Primary DNS Server IP address. These IP addresses should be provided by your ISP or network administrator. 6. Click OK. 7. Reboot the AP. VLAN Virtual Local Area Networks (VLANs) are logical groupings of network resources.
Network Parameters VLAN Workgroups and Traffic Management Traditional, dual-slot access point devices that are not VLAN-capable typically broadcast and multicast traffic over both wireless cells. This process wastes wireless bandwidth and degrades throughput performance. In comparison, the dual-slot, VLAN-capable AP-2500 device is designed to efficiently manage delivery of broadcast, multicast, and unicast traffic to wireless clients.
Network Parameters Figure 4-5 VLAN Configuration Screen (Wireless A and Wireless Tagged with Different VLAN IDs) 1. Login to the Web interface. 2. Click Configure > Interfaces > Wireless A. 3. Set the SSID for card A. 4. Click the Wireless B tab. 5. Set the SSID for card B (this should be different from the SSID for card A). 6. Click Network > VLAN. 7. Set a unique VLAN ID for each wireless card (enter a value between 1 and 4094) 8. Place a check mark in the Enable VLAN Protocol box. 9. Click OK. 10.
Network Parameters Figure 4-6 VLAN Configuration Screen (Slot A tagged; Slot B untagged) 1. Login to the Web interface. 2. Click Configure > Interfaces > Wireless A. 3. Set the SSID for card A. 4. Click the Wireless B tab. 5. Set the SSID for card B (this should be different from the SSID for card A). 6. Click Network > VLAN. 7. Set the VLAN ID for one card to 0. 8. Set the VLAN ID for the other card to a value between 1 and 4094. 9. Place a check mark in the Enable VLAN Protocol box. 10. Click OK. 11.
Network Parameters Figure 4-7 VLAN Configuration Screen (Wireless A and Wireless B Use Same VLAN ID) 1. Login to the Web interface. 2. Click Configure > Interfaces > Wireless A. 3. Set the SSID for card A. 4. Click the Wireless B tab. 5. Set the SSID for card B (this can be the same SSID as card A). 6. Click Network > VLAN. 7. Set the VLAN ID for the card in Slot A to a value between 1 and 4094. 8. Set the VLAN ID for the card in Slot B to the same value configured for the card in Slot A. 9.
Network Parameters Wireless (802.11a) You can configure and view the following parameters within the Wireless Interface Configuration screen for an 802.11a radio: NOTE You must reboot the Access Point before any changes to these parameters take effect. • • • • • • Physical Interface Type: This field reports: “802.11a (OFDM 5 GHz).” OFDM stands for Orthogonal Frequency Division Multiplexing; this is the name for the radio technology used by 802.11a devices.
Network Parameters Dynamic Frequency Selection (DFS) 802.11a devices sold in Europe use a technique called Dynamic Frequency Selection (DFS) to automatically select an operating channel. During boot-up, the AP scans the available frequency and selects a channel that is free of interference. If the AP subsequently detects interference on its channel, it automatically reboots and selects another channel that is free of interference. DFS only applies to 802.11a devices used in Europe (i.e.
Network Parameters • Distance Between APs: Set to Large, Medium, Small, Microcell, or Minicell depending on the site survey for your system. By default, this parameter is set to Large. The distance value is related to the Multicast Rate (described next). In general, a larger distance between APs means that your clients operate a slower data rates (on average). See Distance Between APs for more information. Figure 4-9 Wireless Interface Configuration Screen (802.
Network Parameters • Multicast Rate: Sets the rate at which Multicast messages are sent. This value is related to the Distance Between APs parameter (described previously). The table below displays the possible Multicast Rates based on the Distance between APs setting. By default, this parameter is set to 2 Mbits/sec. See Multicast Rate for more information. Distance between APs Multicast Rate Large • • • • 1 and 2 Mbits/sec Medium 1, 2, and 5.5 Mbits/sec Small 1, 2, 5.
Network Parameters ! CAUTION You should conduct a Site Survey to determine the strength of the wireless connection on the borders of your hotspot. Contact your reseller for information on how to conduct a Site Survey. Multicast Rate The multicast rate determines the rate at which broadcast and multicast packets are transmitted by the Access Point to the wireless network.
Network Parameters Wireless Distribution System (WDS) A Wireless Distribution System (WDS) creates a link between two APs over their radio interfaces. This link relays traffic from one AP that does not have Ethernet connectivity to a second AP that has Ethernet connectivity. Two AP-2500s cannot establish a WDS link with each other because each AP treats its wireless interfaces as subscriber interfaces only.
Network Parameters • • • • • • • The WDS link shares the communication bandwidth with the clients. Therefore, while the maximum data rate for the Access Point’s cell is still 11 Mbits/sec, client throughput will decrease when the WDS link is active. The connection over the link will be slower than if the client were communicating directly with the AP-2500. If there is no partner MAC address configured in the WDS table, the WDS port remains disabled.
Network Parameters 14. Click Configure > Interfaces > Wireless (A or B, if applicable) to open the configuration screen for the radio that will use WDS. 15. Disable Auto Channel Select if necessary. 16. Change the Frequency Channel to match the AP-2500’s Frequency Channel, if necessary. 17. Scroll down to the Wireless Distribution System heading. 18. Click the Edit button to update the Wireless Distribution System (WDS) Table. 19.
Network Parameters NOTE For security purposes Proxim recommends changing ALL PASSWORDS from the default “public” immediately, to restrict access to your network devices to authorized personnel. If you lose or forget your password settings, you can always perform the Reset to Factory Default Procedure. IP Access Table The IP Access Table limits management access over the Ethernet to the IP addresses or range of IP addresses specified in the table.
Network Parameters Figure 4-13 Management Services Configuration Screen Telnet Configuration Settings • • • • Telnet Interface Bitmask: To allow management of the AP using the CLI over a Telnet connection, set this parameter to Ethernet (the default setting). You can also select Disabled to prevent Telnet access. Telnet Port: The default port number for Telnet applications is 23.
Network Parameters • • • Serial Data Bits: This is a read-only field and displays the number of data bits used in serial communication (8 data bits by default). Serial Parity: This is a read-only field and displays the number of parity bits used in serial communication (no parity bits by default). Serial Stop Bits: This is a read-only field that displays the number of stop bits used in serial communication (1 stop bit by default). NOTE The serial port bit configuration is commonly referred to as 8N1.
Network Parameters • To edit or delete an entry, click Edit and change the information, or select Enable, Disable, or Delete from the Status drop-down menu. • An entry’s status must be enabled in order for the protocol to be subject to the filter. The default filters are all disabled by default. 2. Select the interfaces or interfaces that will implement the filter from the Ethernet Protocol Filtering drop-down menu.
Network Parameters • Examples: — If you set the Wired MAC Address to 00:03:8F:00:00:00 and you want to block all cards that begin with 00:03:8F, enter FF:FF:FF:00:00:00 as the Wired Mask. This will block any cards whose MAC address begins with those digits, ranging from 00:03:8F:00:00:00 to 00:03:8F:FF:FF:FF. — If you set the Wired MAC Address to a single MAC address (e.g., 00:03:8F:43:23:12), enter FF:FF:FF:FF:FF:FF as the Wired Mask. The filter will block only the specified address.
Network Parameters Alarms This category has two sub-categories. – – Groups Alarm Host Table Groups There are seven alarm groups that can be enabled or disabled: • • • • • • • Enable Configuration Alarms Enable Security Alarms Enable Wireless Alarms Enable Operational Alarms Enable Flash Memory Alarms Enable TFTP Alarms Enable Image Alarms Place a check mark in the box provided to enable a specific group. Remove the check mark from the box to disable the alarms.
Network Parameters Bridge A traditional access point operates as a transparent bridge between your wired and wireless networking devices. The AP-2500 takes this a step further and provides Public Space features that facilitate hotspot operation (see Public Space Features and Public Space Parameters for details). You can disable these Public Space features by enabling the AP’s Bridge Mode.
Network Parameters 9. Select an Operation Type from the drop-down menu. This determines how the stations identified in the MAC Access Control Table are filtered. • If set to Passthru, only the addresses listed in the Control Table will pass through the AP. • If set to Block, the AP will block traffic to or from the addresses listed in the Control Table. 10. Click OK to save your changes. 11. Reboot the AP for your changes to take effect. To edit or delete an entry, click Edit.
Network Parameters RADIUS • • • • RADIUS Overview Unique AP-2500 RADIUS Client Features RADIUS Messages and RADIUS Attributes Sample RADIUS Transmissions • RADIUS Configuration Parameters RADIUS Overview RADIUS is a proven carrier-class protocol to perform accurate time and volume-based billing. The RADIUS protocols are defined in RFCs 2865 (Authentication) and 2866 (Accounting). These RFCs are available at http://www.rfc-editor.org/.
Network Parameters Data Volume Information Transmission (bytes sent/received) The AP’s RADIUS client implementation allows a hotspot operator to accurately track the exact number of bytes sent and received by a subscriber based on: • • User Name IP address (Framed IP) • MAC address of the user (Calling Station ID) As shown in the Sample RADIUS Transmissions, the byte counts are sent in the Accounting “Alive” and Accounting “Stop” messages.
Network Parameters Access-Accept Parsing – – – – – – – Reply-Message • Used for challenge/response authentication; since the AP uses the Password Authentication Protocol (PAP) for authentication purposes, this attribute is not currently in use. State • Used for challenge/response authentication; since the AP uses the Password Authentication Protocol (PAP) for authentication purposes, this attribute is not currently in use. Class • This is a customizable attribute for accounting purposes.
Network Parameters Acct-Request – – Username Called-Station-Id – – – – Calling-Station-Id Acct-Status-Type (Start/Stop/Alive) Acct-Session-ID Acct-Output-Octets • Number of octets (bytes) sent by subscriber. – Acct-Input-Octets • Number of octets (bytes) received by subscriber. Acct-Output-Packets • Number of packets sent by subscriber. Acct-Input-Packets • Number of packets received by subscriber.
Network Parameters Sample RADIUS Transmissions These are actual accounting logs from a Lucent Navis RADIUS server with all VSAs enabled. Accounting Start Message Thu Aug 29 12:45:32 2002 User-Name = “testflo” NAS-IP-Address = 64.209.75.102 NAS-Port = 0 Acct-Status-Type = Start Acct-Session-Id = “98000004” Called-Station-Id = “00-20-A6-00-12-3E” Calling-Station-Id = “00-04-AC-25-EB-2D” NAS-Identifier = “Location ABC” NAS-Port-Type = 19 Framed-IP-Address = 56.57.58.
Network Parameters Accounting Alive Message Caused by Explicit Service Plan Change Thu Aug 29 12:49:20 2002 User-Name = “testflo” NAS-IP-Address = 64.209.75.
Network Parameters RADIUS Configuration Parameters You can configure the AP to communicate with up to four different RADIUS servers: • • • • Primary Authentication Server Back-up Authentication Server Primary Accounting Server Back-up Accounting Server NOTE You must configure the settings for at least one Authentication server before configuring the settings for an Accounting server.
Network Parameters • • Server IP Address: The IP address of the RADIUS server (separate fields for Authentication and Accounting). Server DNS Name: The DNS Name of the RADIUS server (separate fields for Authentication and Accounting). NOTE Enter either the Server IP Address or the Server DNS Name, but not both. • • Server Port: The port on which the RADIUS server operates. – This port must match the RADIUS Authentication or Accounting port supported by your RADIUS program.
Network Parameters • Enable RADIUS Profile Caching: When enabled, the AP maintains the user’s information in the Current Subscribers Table (State: Pending) after a user logs out or times out. If the user attempts to re-connect, he can access the service again without being prompted to re-enter his user name and password. NOTE This option uses the subscriber card’s MAC address to re-validate the user. For security reasons, you may not want to enable this option.
Network Parameters Encryption The IEEE 802.11 standards specify an optional encryption feature, known as Wired Equivalent Privacy or WEP, that is designed to provide a wireless LAN with a security level equal to what is found on a wired Ethernet network. WEP encrypts the data portion of each packet exchanged on an 802.11 network using an Encryption Key (also known as a WEP Key). When Encryption is enabled, two 802.
Network Parameters Special Considerations Regarding VPN Support The most common VPN protocol is IPSec. When a subscriber who has a private IP address (assigned via NAT) attempts to create a VPN session, the AP-2500 performs a mapping between the subscriber’s private IP address and the AP’s public IP address. This is also known as IPSec Traversal. However, your subscribers may encounter a problem establishing VPN sessions when using private IP addresses.
ORiNOCO AP-2500 User Guide Public Space Parameters 5 In this Chapter This chapter describes all of the Public Space operating parameters that can be configured using the Access Point’s Web browser interface (that is, the parameters accessible after clicking the PublicSpace or Subscriber button). NOTE If this is your first time configuring the AP-2500, be sure to read AP-2500 Authentication Methods for information on the available AAA techniques and for step-by-step configuration instructions.
Public Space Parameters Home Page Redirection (HPR) This tab is used to redirect the subscriber’s browser to a specified home page following successful authentication. To redirect subscribers to a specified page before authentication, use the Portal Page feature with internal authentication (see Portal Page) or use external authentication (see External Authentication).
Public Space Parameters Figure 5-1 Home Page Redirection Configuration Authentication, Authorization, and Accounting (AAA) The AP-2500 uses AAA services to authenticate, authorize, and subsequently bill subscribers for their use of the customer’s network. This section describes the parameters that can be configured from the AAA tab. See AP-2500 Authentication Methods for detailed information on the available authentication methods.
Public Space Parameters • • • • Enable AAA Services: Enable this option to support any of the authentication methods described in AP-2500 Authentication Methods. When disabled, wireless users will have access to the Internet without authentication; this is the default setting. Enable XML Interface: Enable this option to configure the AP to support XML (Extensible Markup Language) commands received from the XML Sender IP Address.
Public Space Parameters AAA Services with the Internal Web Server (IWS) This screen lets you set the configuration options when authorizing subscribers using the IWS (that is, when PublicSpace > AAA> Basic > Authentication Method is set to Internal). The IWS is “flashed” into the system’s memory and the subscriber’s login page is served directly from the AP-2500. NOTE See Internal Authentication for information on the internal authentication process and for step-by-step configuration instructions.
Public Space Parameters Creating SSL Keys You need to download three keys to the AP-2500 before enabling SSL. You must create two of these keys yourself: a Private Key file (cakey.pem) and a Public Key file (server.pem). Proxim provides the third key (cacert.pem), on the AP’s CD in the SSL_KEY folder (it is also included with software updates posted on Proxim’s Web site). To create cakey.pem and server.pem, you must contact a Certification Authority (CA). Many companies offer certification services.
Public Space Parameters 8. When prompted, follow the on-screen instructions and enter the information requested (such as your company’s name and address). • You will be prompted to enter a Common Name. The Common Name is typically composed of the Host name and Domain Name (taking the form of “www.company.com” or “ssl.company.com”). SSL certificates from a CA are specific to the Common Name to which they have been issued at the Host level. You will configure the AP to use this same Common Name. 9.
Public Space Parameters 14. Click OK. • Result: The TFTP operation begins. A new TFTP Operation Status window opens. 15. Click Close after the TFTP operation is complete. 16. Enter server.pem in the File Name field. 17. Leave File Type set to Generic. 18. Set File Operation to Download & Reboot. 19. Click OK. • Result: The TFTP operation begins. A new TFTP Operation Status window opens. 20. Click Close after the TFTP operation is complete. The AP will reboot automatically. 21.
Public Space Parameters Figure 5-5 Internal Authentication with Portal Page The following sections provide basic instructions for using a Portal Page. Setting up a Web Server (Microsoft IIS) If you have a Windows 2000 Server, follow these basic steps to setup the IIS Web server. NOTE For detailed information, refer to Windows 2000’s on-line Help documentation. If you want to use a different Web server program, follow the installation instructions provided with the program. 1.
Public Space Parameters Designing a Portal Page A Portal Page is a Web page; you can design it using whatever Web design tools you have available. The Portal Page does not have to be very complicated. At its most basic, the Portal Page needs a link to the AP’s Login page. The AP’s standard Internal Login page is located at: http://APIPADDR:1111/usg/login?OS=http://www.anyWebSite.
Public Space Parameters Deciding which sample is right for your hotspot depends on the customer experience you want to provide. The sections below describe how the customer interacts with the AP-2500 under the following scenarios: – – – No Portal Page HTML Portal Page ASP Portal Pages No Portal Page 1. Customer enters the hotspot and turns on his Wi-Fi enabled computer. 2. The customer’s computer connects to the AP wirelessly. 3. The customer launches a Web browser. 4.
Public Space Parameters 7. Following successful authentication, the customer is redirected to the page he originally requested or to the page you specified in the Home Page Redirection URL field (if enabled; see Home Page Redirection (HPR)). • You can use the confirm.asp sample page to display a second custom screen that can provide additional information to your subscribers following successful authentication.
Public Space Parameters Figure 5-6 Portal Page Configuration 6. Click the Passthrough tab. 7. Place a check mark in the Enable Passthrough Address box, if necessary. 8. Add the DNS names for the Web sites in your walled garden to the Passthrough DNS Table. • Click Add. • Enter the DNS name in the field provided. • Click OK. • Continue entering DNS names and clicking OK until you have entered all of the Web sites in your walled garden. • Click the back arrow button to return to the previous screen. 9.
Public Space Parameters Figure 5-7 Sample Passthrough Tables 10. Click OK. 11. Click the HPR tab. 12. Place a check mark in the Enable Home Page Redirection box. 13. Enter the Web site to which you want to direct customers following successful authentication in the Redirection URL field (for example, http://www.yahoo.com/). 14. Click OK. 15. Click Commands > Reboot. 16. Click OK to reboot the AP so your changes will take effect. 17.
Public Space Parameters Figure 5-8 Portal Page Configuration 6. Click the Passthrough tab. 7. Place a check mark in the Enable Passthrough Address box, if necessary. 8. Add the DNS names for the Web sites in your walled garden to the Passthrough DNS Table. • Click Add. • Enter the DNS name in the field provided. • Click OK. • Continue entering DNS names and clicking OK until you have entered all of the Web sites in your walled garden. • Click the back arrow button to return to the previous screen. 9.
Public Space Parameters Figure 5-9 Sample Passthrough Tables 10. Click OK. NOTE If you disable Home Page Redirection, your subscribers will be automatically redirected to the page they originally requested (following successful authentication). The instructions below describe how to enable Home Page Redirection; when used in conjunction with the confirm.
Public Space Parameters Figure 5-10 HPR (with Parameter Passing) 15. Click OK. 16. Click Commands > Reboot. 17. Click OK to reboot the AP so your changes will take effect. 18. Test the Portal Page feature by turning on a wireless computer and launching its Web browser. Note that the computer must not be a current or active subscriber (that is, the wireless card’s MAC address cannot appear in the Authorized Subscribers Table or the Current Subscribers Table) for this test to work properly.
Public Space Parameters Figure 5-11 AP Communicating with Hotspot Aggregator The following steps describe how you should configure the AP-2500 if you are partnered with a hotspot aggregator: 1. Follow the installation steps described in Internal Authentication and Internal Authentication with RADIUS. • Configure the RADIUS Authentication and Accounting settings as required by your hotspot aggregator.
Public Space Parameters Figure 5-12 AAA Internal Settings if Enabling Smart Client 3. Click OK to save the settings. 4. Reboot the AP. User Name & New Subscribers The User Name and New Subscribers options work in conjunction to determine who can connect to the Internet and what credentials the AP uses to authenticate users.
Public Space Parameters Figure 5-13 Sample Login Screen Presented to Subscribers Sample scenarios include: • • • If you are renting cards to customers, disable User Name and New Subscribers. Only cards whose MAC addresses are entered in the Authorized Subscriber Table will have access to the Internet. If you are manually entering user names and passwords into the Authorized Subscribers Table, enable User Name but disable New Subscribers.
Public Space Parameters 13. AP adds customer to its Authorized Subscribers Table for the period of time purchased by the customer; the AP also adds the customer to the Current Subscribers Table. 14. AP redirects customer to home page or to page specified by the Home Page Redirection feature. 15. Customer accesses the Internet. If the customer leaves the hotspot and comes back before the time period elapses, the customer can regain access by entering his user name and password when prompted. 16.
Public Space Parameters NOTE If you want the AP to send copies of credit card transactions to a mirroring server, see Credit Card Mirroring for instructions. Credit Card Mirroring The AP-2500 can send copies of credit card transaction billing records to external servers that are defined in the Subscriber > Billing > Mirroring screen.
Public Space Parameters Enabling Bill Mirroring Follow these steps the enable bill mirroring: 1. Login to the AP’s Web browser interface. 2. Click Subscriber > Billing > Mirroring. Figure 5-14 Credit Card Mirroring Screen 3. Place a check mark in the Enable Mirroring box. 4. Enter a Property Identification code in the Property ID field. • You can define this field as necessary to identify the location of the AP. 5. Enter an AP-2500 Identification code in the Access Point ID field.
Public Space Parameters 9. Enter the following settings for the primary server, secondary server (if any), and carbon copy server that will receive billing records from the AP: • IP: Enter the server’s IP address in the field provided. • URL: This field is optional. If a URL is not specified, the AP sends an XML packet to the server’s IP address on the selected port.
Public Space Parameters Example of a Positive Acknowledgment: OK 205.23.43.12 1 Example of a Negative Acknowledgment: ERROR 205.23.43.12 5 Format for each field: RESULT_VALUE: OK or ERROR IP: standard IP format ERROR_CODE: 1 for OK, or any other number for an error.
Public Space Parameters Configuration Instructions Follow these steps to enable the AP’s syslog features: 1. 2. 3. 4. Login to the AP’s Web browser interface. Click PublicSpace > Logging. Place a check mark in the System Log box to enable the logging of system message. Place a check mark in the AAA Log box to enable the logging of AAA events. NOTE You can enable either or both of these log types. 5. Select a System Log Number (if you enabled System Log). • The default value is 2 (LOG_CRIT and higher).
Public Space Parameters Sample Logging Events • • • • AAA Messages – Credit Card AAA Messages – Internal Web Server – User Name Login AAA Messages – RADIUS AAA Messages – XML • • • • • Bill Mirror DHCP DNS Home Page Redirect Other AAA Messages • Reboot Requests AAA Messages – Credit Card Message Meaning USG_AAA: 4505 AAA_AuthProcess Credit_card:successful 00:50:04:29:37:56 Exp_time:24 hrs 0 min Successful Credit Card purchase USG_AAA: 4503 AAA_AuthProcess_Authentication Unsuccessful__Not_approved_
Public Space Parameters AAA Messages – XML Message Meaning USG_AAA: 4007 AAA_Interface added_by_administrator 00:50:04:29:37:56 Exp_time:24 hrs 0 min User added USG_AAA: 4800 AAA_XML Memory_updated__State_valid 00:50:04:29:37:56 Update Cache executed USG_AAA: 4006 AAA_Interface Removed_by_administrator a User Delete issued for user a Bill Mirror Message Meaning RMTLOG: rmtlogXmlTcpSend: Connect error Bill Mirror enabled, but the server does not respond RMTLOG: rmtlogXmlTcpSend: transmission Ok
Public Space Parameters DNS Message Meaning USG_DNS:ndxDNSRedirectionTable::processFromNetwork(): could not get subid This syslog suggests that the AP could not get the subscriber associated with a particular DNS redirection request. USG_DNS: ndxDNSRedirectionTable::processFromSubscriber(): dnsIsQueryA() failed The AP has received a DNS packet that was not a valid DNS query and is not processed.
Public Space Parameters Other AAA Messages Message Meaning AAA: 4121 AAA_lookup Tried to add blacklisted IP 210.155.227.244 or MAC 00:50:E8:00:07:99 Attempting to add a blacklisted IP to subscriber table. IP is 'blacklisted' when its one of the IPs known to not belong to a subscriber (i.e. Network/Subscriber IP of the AP, etc.).
Public Space Parameters URL Filtering The AP-2500 can restrict access to specified web sites based on URLs. URL filtering will block access to these list of sites and/or domains. You can restrict access to specific Web sites based on IP address, DNS name (for example www.yahoo.com) or DNS Domain name (for example, *.yahoo.com, meaning all sites under the yahoo.com hierarchy, such as finance.yahoo.com). There is one filtering table for IP addresses and a second for DNS names.
Public Space Parameters URL Filtering by IP Address 1. 2. 3. 4. Login to the AP’s Web browser interface. Click PublicSpace > URLFilter. Place a check mark in the Enable URL Filtering box. Click the Add button above the URL Filtering by IP Address heading. 5. Enter the IP address to block in the IP Address field and click OK. 6. Enter a second IP address to block (if applicable) and click OK. Continue until you have entered all of the IP address that you want to block. 7.
Public Space Parameters ICC Appearance The ICC screen contains the following items: • • • • • • • • Title Bar — Appears at the top of the screen near the Web browser name. Ad Banner — You can specify up to 5 different banners that share this space. ISP Button — Appears in the center of the ICC. — You can customize this button to display your own logo. 8 Ad Buttons — The bottom row of buttons of the ICC. Text Bar — Located at the bottom of the ICC.
Public Space Parameters Billing Plans Figure 5-19 Count-down Timer ICC Screen -- Credit Card Authenticated by RADIUS If a subscriber has been authenticated by a RADIUS server (if using Internal authentication with RADIUS), the ICC includes a Logout button so customers can end their session. The ICC also displays the subscriber’s current billing plan in the Dynamic Billing Plan Selection field.
Public Space Parameters Figure 5-21 ICC Setup Screen 9. Place a check mark in the Enable ICC box. 10. Enter the Title for the ICC. • This is the name that appears at the top of the ICC next to the Web browser name. 11. Configure the ICC on subscriber session close option. • When set to Redisplay, the ICC reappears approximately 5 minutes after a subscriber closes it but only in response to a new URL request from the user.
Public Space Parameters 12. Configure the ISP Logo Button settings. • Enter the Name or Title of the ISP Button in the ISP Logo Button’s Name/Text field. — This is the text that will appear in the text bar at the bottom of the ICC when a subscriber rolls over the icon with his/her mouse cursor. • • In the Target URL field, enter the Web address to which a subscriber will be redirected upon clicking the ISP Logo Button. Enter the name of the ISP Logo button image file in the Image Name field.
Public Space Parameters • Configure the optional banner Start Time and Stop Time. — The Start Time is in hh:mm AM/PM format and determines when the banner will be displayed on the ICC. After the start time elapses, the banner appears in the ICC for the specified Banner Duration along with the other enabled banners.The banner is disabled before the start time. — The Stop Time is in hh:mm AM/PM format and determines when the banner stops appearing on the ICC.
Public Space Parameters Follow these steps to enable SMTP Redirection: 1. Login to the AP’s Web browser interface. 2. Click PublicSpace > SMTP. 3. If you want all outgoing mail traffic redirected to the specified server, enable both the Misconfigured and Properly Configured options. If you want properly configured subscribers to send mail without being redirected, enable only the Misconfigured option.
Public Space Parameters The DNS and IP Address tables can hold up to 50 entries each. The AAA port option supports only passthrough port. • • • Passthrough DNS Table Passthrough IP Table Passthrough AAA Port Figure 5-24 IP/DNS Passthrough Table Passthrough DNS Table 1. Login to the AP’s Web browser interface. 2. Click PublicSpace > Passthrough > IP/DNS. 3. Place a check mark in the Enable Passthrough Address box. 4. Click the Add button below the Passthrough DNS Table heading. 5.
Public Space Parameters Passthrough IP Table 1. 2. 3. 4. Login to the AP’s Web browser interface. Click PublicSpace > Passthrough > IP/DNS. Place a check mark in the Enable Passthrough Address box. Click the Add button below the Passthrough IP Table heading. 5. Enter the IP address to passthrough in the IP Address field and click OK. 6. Enter a second IP address (if applicable) and click OK. Continue until you have entered all of the IP addresses that you want to passthrough. 7.
Public Space Parameters 4. Enter the speed of the connection between the AP and the Ethernet network in the Bandwidth uplink (to network) speed field (in Kbps). 5. Enter the speed of the connection between the AP and the wireless clients in the Bandwidth downlink (to subscribers) speed field (in Kbps). 6. Click OK. 7. Reboot the AP.
Public Space Parameters Billing Options for Subscribers The Web browser interface’s Subscriber button links to three screens that allow you to configure Subscriber billing plans (Billing tab), login and error messages (Messages tab), and the Authorized Subscribers database (Authorized tab). NOTE The Billing and Messages options are used in conjunction with the Internal Web Server. You do not need to configure these options if using an External Web Server.
Public Space Parameters Figure 5-27 • • • Default New User Screen that Appears to Subscribers Edit the Introduction Message. — The default Introduction Message is “Please Choose from the following plans.” Edit the Offer Message. — The default Offer Message is “How many days of Internet access would you like to purchase?” Edit Policy Message. — The default Policy Message is “Contact your service provider with questions.
Public Space Parameters 7. Click OK. 8. Click the Plan 0 tab. 9. Configure the settings for billing plan 0. • Place a check mark in the Enable Plan box to make the plan active. It will appear as an option in the New User screen presented to subscribers. • Enter a name for the plan in the Plan Label field. • Enter a description for this billing option in the Description of Service field (140 characters maximum).
Public Space Parameters Creating a Free Billing Plan Under some circumstances you may want to offer free Internet access to your subscribers. For example, you might offer a low bandwidth connection for free but charge for faster connections. Follow these steps to make one of your six billing plans a free billing plan: 1. Login to the AP’s Web browser interface. 2. 3. 4. 5. 6. 7. 8. 9. Click Subscriber > Billing > Plan x (select a Plan number between 0 and 5).
Public Space Parameters Figure 5-30 Subscribers Can Select a Plan that Offers Free Internet Access Subscriber Messages The Web browser interface’s Subscriber button links to three screens that allow you to configure Subscriber billing plans (Billing tab), login and error messages (Messages tab), and the Authorized Subscribers database (Authorized tab). NOTE The Billing and Messages options are used in conjunction with the Internal Web Server.
Public Space Parameters Figure 5-31 Subscriber Login Messages 3. Edit the login messages as necessary. • Service Selection Message • Existing User Name Message — Appears on the main login screen when the User Name option is enabled in PublicSpace > AAA > Internal. — Default is “Please enter your user ID and password”. • New User Name Message — Appears on the New User screen when the User Name and New Subscribers options are enabled in PublicSpace > AAA > Internal.
Public Space Parameters Figure 5-32 Sample Login Screen Presented to Subscribers 4. JavaScript support on the AP’s internal Web pages are enabled by default. Remove the check mark from the Enable JavaScript to disable this feature. 5. Configure the “Remember Me” cookie options. See Enabling Cookie Support for details. 6. Define the currency label for the billing plans (for example, $) in the Currency field. 7. Enter a numeric value for the Number of decimals for amount.
Public Space Parameters Figure 5-33 Subscriber Messages Screen 12. Click the Sub Msgs 2 tab. 13. Edit the subscriber messages as necessary.
Public Space Parameters 16. Edit the subscriber messages as necessary. • Thank you for your business • We are verifying your account. Please wait — This message appears if RADIUS is enabled. The AP displays this page while it wait for an authentication response from the RADIUS server. • You will be purchasing Internet access with these options — This message appears on the final credit card purchase screen before the customer is directed to the credit card service provider.
Public Space Parameters 4. Edit the Remember Me Message. • This message appears on the login screen to let the user know that his/her user name and password can be stored for future login attempts. • The default message is “Remember my username and password.” 5. Enter the number of days for which the cookie will be valid in the Remember for how many days field. 6. Click OK. Changing the Login Screen Logos By default, two images appear on the AP’s internal login screen.
Public Space Parameters Figure 5-35 Login Screen with Custom Logo Follow these steps to add your own partner image and logo to the AP: 1. Create the image files that you want to add to the login pages. Keep in mind the following: • The file should in JPG or a GIF format. • The file name cannot exceed 8 characters (DOS 8+3 format). • The logo image (that is, the logo that appears on each login screen) should not be too large. The recommended size is approximately 125 pixels wide by 40 pixels high.
Public Space Parameters Authorized Subscribers The AP-2500 stores information about subscribers in the Authorized Subscribers Table. You can view the table by clicking Subscriber > Authorized within the Web browser interface. Figure 5-36 Authorized Subscribers Table The table is the AP’s internal database of authorized users; it can hold up to 50 entries. The list is populated by one of three methods: 1. Automatically following a successful credit card transaction. 2.
Public Space Parameters • • • Custom fields for internal use (User Alias 1 or User Alias 2) Upstream and Downstream bandwidth settings Status — Should be Active at all times. — Change to Destroy to delete an entry. — The other options are not applicable when using the Web browser interface. Authorized Subscribers Table and the Current Subscribers Table The Authorized Subscribers Table differs from the Current Subscribers Table, found in the Monitor > Subscribers screen.
Public Space Parameters 5. If authorizing a user based on MAC address (in other words, the PublicSpace > AAA > Internal > Enable User Name option is disabled), enter the MAC address of the subscriber’s wireless card in the field provided. • If you have chosen to manage this subscriber by user name only, you do not need to enter a MAC address (however, you will need to enter a user name). 6. Enter an IP Address for the subscriber or leave the field blank.
ORiNOCO AP-2500 User Guide Monitor Information 6 In This Chapter This chapter describes the statistics that can be viewed using the Access Point’s Web browser interface (that is, the options accessible after clicking the Status or Monitor button). • • • • • • • • • System Status: Displays basic information about the Access Point’s operating status. Version: Provides version information for the Access Point’s system components.
Monitor Information System Status System Status is the first screen to appear each time you connect to the Web browser interface. You can also return to this screen by clicking the Status button. Figure 6-1 System Status Screen Each section of the System Status screen provides the following information: • • System Status: This area provides system level information, including the unit’s IP address and contact information. See System for information on these settings.
Monitor Information Version From the Web browser interface, click the Monitor button and select the Version tab. The list displayed provides you with information that may be pertinent when calling Technical Support. With this information, your Technical Support representative can verify compatibility issues and make sure the latest software are loaded. This screen displays the following information for each Access Point component: • • • Serial Number: The component’s serial number, if applicable.
Monitor Information ICMP This tab provides statistical information for both received and transmitted messages directed to the Access Point. For example, if you ping the AP from another computer, the AP reports the ping requests (Echos) and replies (Echo Reply) on this screen (as shown in the example below). Not all ICMP traffic on the network is counted in the ICMP (Internet Control Message Protocol) statistics. NOTE To update the statistics, click the Refresh Figure 6-3 button.
Monitor Information IP/ARP Table This tab provides information based on the Address Resolution Protocol (ARP), which maps IP Addresses to MAC Addresses. The AP adds an entry to this list for each station with which the AP directly communicates. This includes devices that manage the AP, ping the AP, and/or receive traps from the AP. The AP does not create an entry for every station it detects on the network.
Monitor Information Learn Table This tab displays information relating to network bridging. It reports the MAC address for each node that the AP has learned is on the network and the interface on which the node was detected. There can be up to 2,000 entries in the Learn Table. Click the Refresh button if you want to update the table. For this screen, Port 1 is Ethernet interface. Port 2 is the Slot A interface. Ports 3 through 8 are WDS ports for Slot A (if applicable). Port 9 is the Slot B interface.
Monitor Information Current Subscribers Table This table lists all of the active subscribers that are communicating with the AP. (See Authorized Subscribers Table and the Current Subscribers Table for an explanation of how this table differs from the Authorized Subscribers Table.) This table can hold up to 50 entries. Users who are associated with the AP wirelessly but are unauthenticated appear in the table with State set to Pending.
Monitor Information A subscriber is removed from the Current Subscribers Table under the following circumstances: • • • • The network administrator changes the subscriber’s Status from Active to Destroy. The subscriber has logged out (applicable to RADIUS-authenticated users and RADIUS Profile Caching is disabled). The amount of access time purchased by the subscriber has expired. — Users authenticated by the Authorized Subscribers Table whose expiration time expires are reset to State: Pending.
Monitor Information Interfaces This tab displays statistics for the Ethernet and wireless interfaces. The Operational Status can be up, down, or testing.
Monitor Information Link Test (802.11b Only) This tab displays information on the quality of the wireless link to clients and other 802.11b APs in the Wireless Distribution System. During a Link Test, the Access Point and the selected device exchange a series of packets to test the strength of the connection. The devices start by exchanging packets at the 11 Mbits/sec rate but fall back to the slower rates if necessary. NOTE The Remote Link Test feature is only available for 2.4 GHz (802.11b) clients.
Monitor Information • • • • • Noise (dBm): The strength of the noise detected at the receiver reported in dBm (decibels referenced to 1 milliwatt). The displayed value is the running average since the start of the test and is reported as a negative number. Noise can interfere with the received signal so a smaller noise value corresponds to a stronger link. For example, a noise level of -95 dBm is more desirable than a noise level of -89 dBm.
ORiNOCO AP-2500 User Guide Commands 7 In This Chapter This chapter describes the commands that can be issued using the Access Point’s Web browser interface (that is, the options accessible after clicking the Commands button). • • • • • Download: Download files from a TFTP server to the Access Point. Upload: Upload files from the Access Point to a TFTP server. Reboot: Reboot the Access Point in the specified number of seconds.
Commands File Type Overview For Downloads, the File Type parameter supports four options: Config, Img, BspBl, and Generic. For Uploads, File Type supports two options: Config and Generic. • Config: This refers to a file that contains the AP’s network configuration settings (that is the parameters that correspond to the ORiNOCO MIB; see SNMP Management for details).
Commands Upload Use the Upload tab to upload Configuration and image files from the AP-2500 to the TFTP server. NOTE The Download and Upload commands are from the AP’s perspective. In other words, to send files to the AP, use the Download command; to obtain files from the AP, use the Upload command. The TFTP server must be running and configured to point to the directory to which you want to copy the uploaded file.
Commands Reboot Use the Reboot tab to save configuration changes (if any) and reset the AP-2500. Entering a value of 0 (zero) causes an immediate reboot. Note that Reset, described below, does not save configuration changes. ! CAUTION Rebooting the AP-2500 will cause all users who are currently connected to lose their connection to the network until the AP-2500 has completed the restart process and resumed operation.
Commands Figure 7-4 Reset to Factory Defaults Command Screen Help Link To open Help, click the Help button on any display screen. During initialization, the Access Point’s on-line help files are downloaded to the default location: C:\Program Files\ORiNOCO\AP2500\HTML\index.htm. If you want to place these files on a shared drive, copy the Help Folder to the new location, and then specify the new path in the Help Link box.
ORiNOCO AP-2500 User Guide Troubleshooting 8 In This Chapter • • • • • • Troubleshooting Concepts Symptoms and Solutions • Connectivity Issues • AP-2500 Unit Will Not Boot - No LED Activity • Serial Link Does Not Work • Ethernet Link Does Not Work • Basic Software Setup and Configuration Problems • Lost AP-2500, Telnet, or SNMP Password • Client Computer Cannot Connect • AP-2500 Has Incorrect IP Address • HTTP (browser) or Telnet Interface Does Not Work • HTML Help Files Do Not Appear • Telnet CLI D
Troubleshooting NOTE This section helps you locate problems related to the AP-2500 device setup. For details about RADIUS, TFTP, Serial communications program (such as HyperTerminal), Telnet applications or web browsers, please refer to their respective documentation. Troubleshooting Concepts The following list identifies important troubleshooting concepts and topics. The most common initialization and installation problems relate to IP Addressing.
Troubleshooting Ethernet Link Does Not Work 1. Double-check the physical network connections. Use a known-good unit to make sure the network connection is present. Once you have the AP-2500 IP Address, you can use the “Ping” command over Ethernet to test the IP Address. If the AP-2500 responds to the Ping, then the Ethernet Interface is working properly. 2. Perform network infrastructure troubleshooting (check switches, routers, etc.).
Troubleshooting HTML Help Files Do Not Appear 1. Verify that the HTML Help files are installed in the default directory listed in the Help Link screen. 2. If the Help files are not located in this folder, contact your network administrator to find out where the Help files are located on your server. 3. Perform the following steps to verify or enter the pathname for the Help files: a. Click Commands > Help Link. b. Enter the path name where the Help files are located. c. Click OK when finished.
Troubleshooting VLAN Operation Issues Verifying Proper Operation of the VLAN Feature The correct VLAN configuration can be verified by “pinging” both wired and wireless hosts from both sides of the AP-2500 device and the network switch. Traffic can be “sniffed” on both the wired (Ethernet) and wireless (WDS) backbones (if configured). Bridge frames generated by wireless clients and viewed on one of the backbones should contain IEEE 802.1Q compliant VLAN headers or tags.
Troubleshooting Recovery Procedures The most common installation problems relate to IP Addressing. For example, without the TFTP server IP address, you will not be able to download an AP Image to the AP-2500. IP Address management is fundamental. We suggest you create a chart to document and validate the IP addresses for your system. If the password is lost or forgotten, you will need to reset the AP-2500 to default values.
Troubleshooting Download Procedure Follow these steps to use ScanTool to download a software image to an Access Point with a missing image: 1. 2. 3. 4. 5. Download the latest software from http://www.proxim.com/. Copy the latest software updates to your TFTP server. Launch ScanTool. Highlight the entry for the AP you want to update and click Change. Set IP Address Type to Static.
Troubleshooting 4. Open your terminal emulation program (like HyperTerminal) and set the following connection properties: • Com Port: • Baud rate: 9600 • Data Bits: 8 • Stop bits: 1 • Flow Control: None • Parity: None 5. Under File -> Properties -> Settings -> ASCII Setup, enable the Send line ends with line feeds option. Result: HyperTerminal sends a line return at the end of each line of code. 6. Press the RESET button on the AP.
Troubleshooting Setting IP Address using Serial Port and Normal CLI Use the following procedure to set an IP Address over the serial port using the normal CLI. The network administrator typically provides the AP-2500 IP Address. Hardware and Software Requirements • • Standard serial data (RS-232) cable with a female DB-9 connector at each end (for newer models) or a standard serial cable and the Mini-DIN8 to DB-9 adapter included in your kit (for older models).
Troubleshooting 6. Change the IP Address and other network values using set and reboot CLI commands, similar to the example dialog below (use your own IP Address and IP Mask). Result: After each entry the CLI reminds you to reboot; however wait to reboot until all commands have been entered. [Device name]> set ipaddrtype static [Device name]> set ipaddr [Device name]> set ipsubmask [Device name]> set ipgw [Device name]> reboot 0 7.
Troubleshooting Image Alarms oriTrapZeroSizeImage Zero size image has been downloaded to device oriTrapInvalidImage Invalid image has been downloaded to device oriTrapImageTooLarge Image downloaded to device is too big oriTrapIncompatibleImage Incompatible image has been downloaded to device Standard MIB-II (RFC 1213) Alarms coldStart Device has been cold started warmStart Device has been warm started linkUp Device Link is up (Ethernet interface is up) linkDown Device Link is down (Ethernet i
Troubleshooting LED Indicators POWER ETHERNET PC CARD A PC CARD B INIDICATION Green Green flash with data activity Green flash with data activity Green flash with data activity Normal Operation Amber n/a (not applicable) Amber Amber Rebooting Amber n/a n/a n/a Missing or bad AP Image if amber after reboot Red Red n/a n/a Power On Self Test (POST) running n/a n/a Red Red PC Card incompatible on indicated interface n/a n/a Red Red PC Card failure on indicated interface Gree
ORiNOCO AP-2500 User Guide Using the Command Line Interface A In This Chapter This section provides details for the Command Line (CLI) Interface used to manage an AP-2500 device. CLI commands can be used to initialize, configure, and manage network operation of the Access Point. • • CLI commands may be entered in real time through a keyboard, or submitted with CLI scripts. The CLI is available through both the Serial Port Interface and the Ethernet Interface.
Using the Command Line Interface Prerequisite Skills and Knowledge To use this document effectively, you should have a working knowledge of Local Area Networking (LAN) concepts, network access infrastructures, and client-server relationships. In addition, you should be familiar with software setup procedures for typical network operating systems and servers. Notation Conventions • • • • Computer prompts are shown in courier font.
Using the Command Line Interface CLI Error Messages The following table describes the error messages associated with improper inputs or expected CLI behavior. Error Message Description % Syntax error Invalid syntax entered at the command prompt. % Invalid command A non-existent command has been entered at the command prompt. % Invalid parameter name An invalid parameter name has been entered at the command prompt.
Using the Command Line Interface The following lists display the results of using the help and show commands in the Bootloader CLI: [DeviceName]>help Figure A-1 Results of “help” bootloader CLI command [DeviceName]>show sysname ipaddrtype ipaddr ipsubmask ipgw tftpipaddr tftpfilename CLI Command Types This guide divides CLI Commands into two categories: O
Using the Command Line Interface ? (List Commands) This command has varied uses to display commands and parameters, depending on the operation in which it is used. The following table lists each operation and provides a basic example. Following the table are detailed examples and display results for each operation.
Using the Command Line Interface Figure A-4 Result of “set ?” CLI command Example 3b. Display parameters based on letter sequence This example shows entries for parameters that start with the letter “i”. The more letters you enter, the fewer the results returned. Notice that there is no space between the letters and the question mark. [Device Name]> show ipa? Figure A-5 Result of “show ipa?” CLI command [Device Name]> show iparp? Figure A-6 Result of “show iparp?” CLI command Example 4.
Using the Command Line Interface After entering one parameter, you may add another "?" to the new CLI line see the next parameter prompt, and so on until you enter all parameters. The following example shows how this is used for the "download" Command. The last part of the example shows the completed download Command ready for execution. [Device Name]> download ? [Device Name]> download 10.0.0.2 ? [Device Name]> download 10.0.0.
Using the Command Line Interface Figure A-7 Results of “help” CLI command 2. Complete command description and command usage can be provided by: [Device Name]>help [Device Name]> help history Shows content of Command History Buffer. The Command History Buffer stores command statements entered in the current session.
Using the Command Line Interface search Lists the members of the specified table. This list corresponds to the table information displayed in the HTTP Interface. In this example, the CLI returns the same table items that are displayed in the HTTP Interface’s IP Access Table. [Device Name]> search ? [Device Name]> search mgmtipaccesstbl Figure A-8 Results of “search” and “search mgmtipaccesstbl” CLI command upload Uploads the specified file from AP-2500 to TFTP Server directory.
Using the Command Line Interface Parameter Control Commands The following sections cover each CLI Command, and include several tables showing parameter properties. The two Parameter Control Commands are show and set. These allow you to view (show) all parameters and statistics, and to change (set) parameters. • • show - To see any Parameter or Statistic values, you specify a single parameter, a Group, or a Table. Fore more details, refer to "set and show command examples" later in this guide.
Using the Command Line Interface NOTE Some tables use a different syntax. See Working with Tables for details. Example 4 - Enable, Disable, or Delete a table entry or row In this example you would like to manage the second table row/entry.
Using the Command Line Interface Example 6 - Show Individual and Table Parameters 1. View a single parameter Syntax: [Device Name]>show Example: [Device Name]> show ipaddr Result: Displays the Access Point IP Address. Figure A-10 Result of “show ipaddr” CLI Command 2. View all parameters in a table Syntax: [Device Name]> show Example: [Device Name]> show mgmtipaccesstbl Result: Displays the IP Access Table and its entries.Using the Command Line Interface • Deletion – The table name is required. – The table index is required – for table deletion the index should be the index of the entry to be deleted. – The reserved word delete or destroy is required. There are some differences between table entry add and delete operations among the available tables.
Using the Command Line Interface Configuring Objects that Require Reboot Certain objects supported by the AP require the device to be rebooted in order for the changes to take effect. In order to inform the end-user of this behavior, the CLI shall provide informational messages when the user has configured an object or object(s) that requires the device to be rebooted. The following message shall be displayed as a result of the configuring such object or objects.
Using the Command Line Interface Configuring the AP-2500 Unit using CLI commands Log Into the AP-2500 Unit using HyperTerminal 1. 2. 3. Launch HyperTerminal from the Start > Programs menu. Open an existing connection or create a new one with the following settings: • Com Port: • Baud rate: 9600 • Data Bits: 8 • Stop bits: 1 • Flow Control: None • Parity: None Enable the “ASCII Setup” settings by selecting “Send line ends with line feeds”.
Using the Command Line Interface Figure A-11 Result of “show system” CLI Command Set Static IP Address for the AP-2500 device [Device [Device [Device [Device [Device Name]>set ipaddrtype static Name]>set ipaddr Name]>set ipsubmask Name]>set ipgw Name]>show network NOTE The IP Mask of the AP-2500 unit needs to match the IP Mask of your network.
Using the Command Line Interface Figure A-12 Results of “show wif” CLI command Set WEP Encryption for each Wireless Interface – – 3 = wireless card in Slot A 4 = wireless card in Slot B ! CAUTION Client stations must have the same encryption key to be able to communicate with the AP-2500 device. Each Wireless Interface can only support one Key Length (so each of the configured keys must have the same length). The available key sizes vary based on card type. See Encryption for more information.
Using the Command Line Interface For the wireless card in Slot B You can set up to four encryption keys. This example describes setting encryption Key 2 on the wireless card in Slot B.
Using the Command Line Interface Change your Wireless Interface Settings Enable/Disable Interference Robustness – – 3 = wireless card in Slot A 4 = wireless card in Slot B [Device Name]>set wif <3 or 4> interrobust This feature is only available for 802.11b wireless cards.
Using the Command Line Interface NOTE The distance between APs should not be approximated. It is calculated by means of a manual Site Survey, in which an AP-2500 unit is set up and clients are tested throughout the area to determine signal strength and coverage, and local limits such as physical interference are investigated. From these measurements the appropriate cell size and density is determined, and the optimum distance between APs is calculated to suit your particular business requirements.
Using the Command Line Interface Configure Management Ports [Device Name]>set snmpifbitmask <0, 1, 4, 8, 15 (see below)> [Device Name]>set httpifbitmask <0, 1, 4, 8, 15 (see below)> [Device Name]>set telifbitmask <0, 1, 4, 8, 15 (see below)> Choose from the following values: Interface bitmask Description 0 = disable (all interfaces) All management channels disabled 1 = ethernet if Ethernet only enabled 4 = pcCardA if Wireless A only enabled 8 = pcCardB if Wireless B only enabled 15 = allInterfaces
Using the Command Line Interface Parameter Tables Objects contain groups that contain both parameters and parameter tables. Use the following Tables to configure the Access Point. The Access Point CLI is under development as this document is being prepared; therefore, some table cells are blank where a feature has not yet been implemented or information needs validation.
Using the Command Line Interface • • • Passthrough Parameters - Specify free content or walled garden sites for unauthenticated users • Passthrough IP Table • Passthrough DNS Table • AAA Passthrough Port Bandwidth Management Parameters - Enable bandwidth management control for subscribers Billing Parameters - Configure billing plans and bill mirroring for internal authentication • • • • Billing Mirroring Parameters • Billing Plans Configuration Subscriber Messages Parameters - Configure the user interfa
Using the Command Line Interface Inventory Management Information Name Type Values System Inventory Management Subgroup N/A Access R CLI Parameter sysinvmgmt Component Table Subgroup N/A R sysinvmgmtcmptbl Component Interface Table Subgroup N/A R sysinvmgmtcmpiftbl NOTE The inventory management commands display advanced information about the AP’s installed components. You may be asked to report this information to a technical representative if you contact customer support.
Using the Command Line Interface DHCP Server Parameters Name Type Values Access CLI Parameter DHCP Group N/A DHCP Service Integer disable (0) enable (1) RW/Reboot dhcpDisable DHCP IP Upsell Service Integer disable (0) enable (1) RW/Reboot dhcpIpUpsell DHCP Server Service Integer disable (0) enable (1) RW/Reboot dhcpServerEnable DHCP IP Pool Public Integer private (0) public (1) RW/Reboot dhcpServerPublic DHCP Server IP IpAddress User Defined RW/Reboot dhcpServerIP DHCP Serve
Using the Command Line Interface VLAN Parameters Name Type Values VLAN Group N/A Access Status Integer enable disable (default) R CLI Parameter vlan RW vlanstatus VLAN ID Table Name Type Values VLAN ID Table Table N/A Access R vlanidtbl Index Integer32 1 (Wireless A) 2 (Wireless B) R index Identifier (ID) VlanId 0 (disable) or 1 – 4094 RW CLI Parameter id Interface Parameters Since the AP-2500 devices support two PC Card slots, we differentiate the two wireless interfaces by
Using the Command Line Interface Name Type Values Medium Distribution Integer enable (default) disable Access CLI Parameter RW meddendistrib MAC Address PhyAddress 12 hex digits R macaddr Supported Data Rates Octet String Reported in 500 Kb/sec intervals: 2 (1 Mbit/sec) 4 (2 Mbit/sec) (default) 11 (5.5 Mbit/sec) 22 (11 Mbit/sec) R suppdatarates Transmit Rate Integer32 Reported in 500 Kb/sec intervals: 0 (auto fallback) 2 (1 Mbit/sec) 4 (2 Mbit/sec) (default) 11 (5.
Using the Command Line Interface Wireless 802.11a Parameters Name Type Values Wireless Interfaces Group N/A Access Network Name DisplayString 2 – 31 characters My Wireless Network A (default) My Wireless Network B (default) RW netname Auto Channel Select (ACS) Integer enable (default) disable RW autochannel DTIM Period Integer 1 – 65535 (1 = default) RW dtimperiod Operating Frequency Channel Integer 36 - 5.180 GHz 40 - 5.200 GHz 44 - 5.220 GHz 48 - 5.240 GHz 52 - 5.
Using the Command Line Interface Ethernet Interface Parameters Name Type Values Ethernet Interface Group N/A Speed Integer 10halfduplex 10fullduplex 10autoduplex 100halfduplex 100fullduplex autohalfduplex autoautoduplex (default) MAC Address PhyAddress N/A Access R CLI Parameter ethernet RW R etherspeed ethermacaddr Management Parameters IP Access Table Parameters When creating table entries, you may either specify the argument name followed by argument value or simply entering the argumen
Using the Command Line Interface SNMP Parameters Name Type Values SNMP Group N/A SNMP Management Interface Bitmask Interface Bitmask 0 - no interfaces (disable) 1 - Ethernet 4 - Wireless A 8- Wireless B 15 - all interfaces Read Password DisplayString Read/Write Password SNMP Trap Host Table Access R CLI Parameter snmp RW snmpifbitmask User Defined public (default) max 63 characters W snmprpasswd DisplayString User Defined public (default) max 63 characters W snmprwpasswd N/A N/A R
Using the Command Line Interface Serial Port Parameters Name Type Values Serial Group N/A Access Baud Rate Integer 2400, 4800, 9600 (default), 19200, 38400, 57600 Data Bits Integer Parity Integer Stop Bits Integer 1 R serstopbits Flow Control Value none (default) xon/xoff RW serflowctrl R CLI Parameter serial RW serbaudrate 8 R serdatabits none R serparity HTTP (web browser) Parameters Name Type Values HTTP Group N/A Access HTTP Management Interface Bitmask Interfac
Using the Command Line Interface NTP Parameters Name Type Values Access SNTP Group N/A SNTP On Integer enable (1) disable (2) RW oriSNTPStatus Primary SNTP Server IP DisplayString User Defined RW oriSNTPPrimaryServerNameOrIPAddress Secondary SNTP Server IP DisplayString User Defined RW oriSNTPSecondaryServerNameOrIPAddress Time Zone Setup Integer dateline (1) samoa (2) hawaii (3) alaska (4) pacific-us (5) mountain-us (6) arizona (7) central-us (8) mexico-city (9) eastern-us (10) indi
Using the Command Line Interface Day Integer32 (1..31) User Defined RW oriSNTPDay Hour Integer32 (0..23) User Defined RW oriSNTPHour Minutes Integer32 (0..59) User Defined RW oriSNTPMinutes Seconds Integer32 (0..59) User Defined RW oriSNTPSeconds Security Parameters NOTE The Security group is not currently implemented in the AP-2500.
Using the Command Line Interface Primary RADIUS Acct Server Secret Key DisplayString Size(0..130) User Defined RW aaaRadiusAcctSrv1Sec Primary RADIUS Acct Server DNS Name DisplayString Size(0..240) User Defined RW aaaRadiusAcctSrv1Dns Secondary RADIUS Accounting Server IP IpAddress User Defined RW aaaRadiusAcctSrv2Ip Secondary RADIUS Acct Server Port Integer User Defined RW aaaRadiusAcctSrv2Port Secondary RADIUS Acct Server Secret Key DisplayString Size(0..
Using the Command Line Interface Encryption Parameters The following table details the WEP encryption parameters for the AP-2500. This information applies to both the 802.11a and the 802.11b wireless interfaces.
Using the Command Line Interface AAA Parameters The Authentication, Authorization and Accounting (AAA) module enables solution provider to provision, track, and bill new or returning subscribers. These parameters are shown in the following tables.
Using the Command Line Interface AAA Internal Authorization Parameters Name Type Values Access CLI Parameter AAA Internal Authorization Group N/A R aaaInternalAuth SSL Support Integer disable (0) enable (1) SSL Host Name DisplayString Size(0..31) User Defined RW aaaSslHostName SSL Portal Page Redirection Integer disable (0) enable (1) RW aaaPortalPageOn SSL Portal Page URL DisplayString Size(0..
Using the Command Line Interface URL Filtering Parameters Name Type Values URL Filtering Group N/A URL Filtering On Integer disable (0) enable (1) Access R RW CLI Parameter urlFiltering urlFilteringOn URL Filtering IP Table Name Type Values Access CLI Parameter URL Filtering IP Table Table N/A R urlFilteringIPTable URL Filtering IP Table Index Integer N/A R urlFilteringIPTableIndex URL Filtering IP Table Address DisplayString Size(1..
Using the Command Line Interface ICC (Information Control Console) Parameters Name Type Values Access ICC Group N/A ICC On Integer disable (0) enable (1) RW iccOn Title to display on ICC Console DisplayString Size(0..
Using the Command Line Interface ICC Banner Configuration The following table is for ICC Banner 1. The same parameters apply to banners 2 through 5 (simply change the 1 in each command to a different button number). Name Type Values Access CLI Parameter ICC Banner 1 Name DisplayString Size(0..16) User Defined RW iccBannerName1 ICC Banner 1 URL DisplayString Size(0..238) User Defined RW iccBannerURL1 ICC Banner 1 Image Name DisplayString Size(0..
Using the Command Line Interface Passthrough IP Table Name Type Values Access CLI Parameter Passthru IP Table Table N/A R passthroughIPTable Passthru IP Table Index Integer N/A R passthroughIPTableIndex Passthru IP Table Address IpAddress User Defined RW passthroughIPTableAddress Passthru IP Table Status RowStatus active (1), notInService (2), notReady (3), createAndGo (4), createAndWait (5), destroy (6) RW passthroughIPTableStatus Passthrough DNS Table Name Type Values Access C
Using the Command Line Interface Billing Parameters Name Type Values Access CLI Parameter AAA Billing Option Group N/A R aaaBillingOption Intro Message DisplayString Size(0..140) User Defined RW aaaBilloptIntroMsg Offer Message DisplayString Size(0..140) User Defined RW aaaBilloptOfferMsg Policy Message DisplayString Size(0..
Using the Command Line Interface Carbon Copy Server URL One DisplayString Size(1..238) User Defined RW brmServerCCUrlOne Carbon Copy Server Secret Key One DisplayString Size(0..32) User Defined RW brmServerCCSecretOne Carbon Copy Server Port One Integer User Defined RW brmServerCCPortOne Carbon Copy Server IP Two IpAddress User Defined RW brmServerCCIpTwo Carbon Copy Server URL Two DisplayString Size(1..
Using the Command Line Interface Rate per Month DisplayString Size(0..32) User Defined RW aaaBillingPlanMonth0 Uplink Bandwidth Integer 0..1500 RW aaaBillingPlanBandwidthUp0 Downlink Bandwidth Integer 0..1500 RW aaaBillingPlanBandwidthDown0 DHCP Pool Integer private (0) public (1) RW aaaBillingPlanDHCPPool0 Subscriber Messages Parameters Name Type Values Access CLI Parameter AAA Subscriber Login UI Group N/A R aaaSubLoginUI Service Selection Message DisplayString Size(0..
Using the Command Line Interface ISP Challenge DisplayString Size(0..218) User Defined RW aaaErrorISPChallenge Value Out of Range DisplayString Size(0..218) User Defined RW aaaErrorMinMaxValues No Billing Options DisplayString Size(0..218) User Defined RW aaaErrorNoBillingOpts Internet Service Not Available DisplayString Size(0..218) User Defined RW aaaErrorNotAvailable Password Unmatched DisplayString Size(0..
Using the Command Line Interface RADIUS Create Message DisplayString Size(0..218) User Defined RW aaaMessageRadiusCreate RADIUS Login Message DisplayString Size(0..218) User Defined RW aaaMessageRadiusLogin Request Failed Message DisplayString Size(0..218) User Defined RW aaaMessageRequestFailed Request Granted Message DisplayString Size(0..218) User Defined RW aaaMessageRequestGranted Thank You Message DisplayString Size(0..
Using the Command Line Interface Subscriber Download Bandwidth Integer User Defined Credit Card Confirmation Number DisplayString N/A Subscriber Status RowStatus active (1), notInService (2), notReady (3), createAndGo (4), createAndWait (5), destroy (6) RW R RW authSubBwDown authSubConfirmation authSubStatus Current Subscribers Table Name Type Values Access CLI Parameter AAA Current Subscriber Table Table N/A R aaaSubCurrTable Subscriber Index Integer N/A R subIndex Subscriber MAC
Using the Command Line Interface Miscellaneous Parameters Name Type Values Access Miscellaneous Group N/A Partner Image Splash Screen Integer disable (0) enable (1) RW/Reboot partnerImageOn Partner Image Filename DisplayString Size(1..
ORiNOCO AP-2500 User Guide XML Interface Specification B This specification describes the AP-2500’s XML Interface. Before reviewing this specification, note the following: • This specification refers to sample HTML files written in JavaScript that illustrate the XML commands (they build an XML object that is sent to the AP). These files are included on the installation CD in the Docs/samples/ folder.
XML Interface Specification URL GET A network device can send commands to the AP via a query string appended to a URL line (GET method). The query string is the string of characters following the question mark (?) at the end of the URL. For example, consider the following example illustrating a “user successful login” command: http://(AP_IP_ADDR)/userok.htm?UI=(AP_ID)&AC=1&MA=(USER_MAC_ADDR)&ET=(EXP_TIME)&F1= (USER_NAME)&F2=(USER_PW)&CN=(AUTH_CONF_NUM)&SC=(SECURITY_CODE) userok.
XML Interface Specification XML Response Form Format In response to a command, the AP returns an XML form in the following format: [(error number)] [(error description)] <(tag_n) [tag_n_attr = "tag_n_attr_data"]>(data_n) where: (RESULTCODE) is either "OK" or "ERROR". (UI) is the AP ID. (AP_IP_ADDR) is the AP's IP address. (tag_n) is a data name tag.
XML Interface Specification AP Command Reference Add/Update User Sample file name: UserAdd.htm The specified user has been authorized for access and will be added to the AP’s Authorized Subscribers Table.
XML Interface Specification Bandwidth Up Set the bandwidth up for an authorized user. Command: "SET_BANDWIDTH_UP" Command attr: "SUBSCRIBER" Command attr_data: User MAC address (string) tag_1: "BANDWIDTH_UP" data_1: (number measured in Kbps (i.e. for 128,000 bit per second, enter 128)) Returns: Standard response form Bandwidth Down Set the bandwidth down for an authorized user.
XML Interface Specification Query User Sample file name: UserQuery.htm The current User data is returned.
XML Interface Specification Commands For Reference Only The following commands are included for reference purposes only. They are not currently supported by the AP-2500. Set Room Access The specified room access mode is set. Command: "ROOM_SET_ACCESS" Command attr: "ROOM_NUMBER" Command attr_data: Room number (8 char. max string) tag_1: "ACCESS_MODE" data_1: "ROOM_OPEN", "ROOM_CHARGE", or "ROOM_BLOCK" Returns: Standard response form Query Room Status The specified room access mode is returned.
XML Interface Specification User Payment User's authorization and payment is requested. PMS is not supported by the AP at this time.
XML Interface Specification External Authentication Procedure (Detailed) Whenever a subscriber tries to access the Internet, it must pass through the AP. The AP tracks all packets flowing through it by the source MAC address of the packet, which uniquely identifies the wireless card that the subscriber is using. If the MAC address is already in the AP’s Authorized Subscribers Table, the AP will check the expiration time to see if the user is able to access the Internet.
XML Interface Specification Sample XML Communications with the AP The following is an example of the commands to set access for a new subscriber with the following attributes: User Name: johndoe MAC address: 0050da554787 NOTE The following examples contain CRLFs and spacing for display clarity only. A query string must not contain any formatting or line-break characters. It also must be URL encoded. 1.
ORiNOCO AP-2500 User Guide Credit Card Interface Specification C A key payment feature of the AP-2500 is direct Credit Card billing. The AP supports several credit card service companies by default (see Credit Card Services). However, if your particular credit card service provider or clearinghouse is not supported by default, you can provide the following specification to your clearinghouse.
Credit Card Interface Specification 8. Merchant ID 9. Amount 10. URL to post silent reply 11. This field must be in the form and set to a value of TRUE to tell the system that it will be doing an ADC Relay Response transaction. 12. Sending this field guarantees that the default Payment Form will show up for the user. Should be VALUE="PAYMENT_FORM" to show default. 13.
ORiNOCO AP-2500 User Guide D ASCII Character Chart You can configure WEP Encryption Keys in either Hexadecimal or ASCII format. Hexadecimal digits are 0-9 and A-F (not case sensitive). ASCII characters are 0-9, A-F, a-f (case sensitive), and punctuation marks. Each ASCII character corresponds to two hexadecimal digits. The table below lists the ASCII characters that you can use to configure WEP Encryption Keys. It also lists the Hexadecimal equivalent for each ASCII character.
ORiNOCO AP-2500 User Guide Specifications E In This Chapter • • Hardware Specifications Radio Specifications – 802.11b Channel Frequencies – 802.11a Channel Frequencies – Wireless Communication Range Hardware Specifications Physical Specifications AP-2500 Unit Dimensions (H x W x L) = 6.5 x 18.5 x 26 cm (2.5 x 7.25 x 10.25 in.) Weight = 1.75 kg (3.5 lb.) 802.11a Antenna Adapter Dimensions (H x W x L) = 11.3 x 2.10 x 26.2 cm (4.5 x 0.83 x 10.3in.) Weight = 0.18 kg (0.4 lb.
Specifications Ethernet Interface 10/100 Base-T, RJ-45 female socket PCMCIA Interface PC Card Slot (A & B) = Standard PC Card slot for PC Card Serial Port Interface Connector Type = DB9, male Serial Cable = Standard RS-232C serial data cable, with a female DB-9 connector at each end Active Ethernet Interface Category 5, foiled, twisted pair cables must be used to ensure compliance with FCC Part 15, subpart B, Class B requirements Standard 802.
Specifications Radio Specifications 802.11a radio certification is not available in all countries. Contact your sales representative for details. 802.11b radio certification is available in the US/Canada (FCC), Japan (VCCI), Europe (ETSI), and France. 802.11b Channel Frequencies The following table shows the channel allocations that vary from country to country. Values listed in bold font indicate default channels and frequencies.
Specifications Wireless Communication Range The range of the wireless signal is related to the composition of objects in the radio wave path, and the transmit rate of the wireless communication. Communications at a lower transmit range may travel longer distances. NOTE The range values listed in the Communications Range Chart are typical distances as measured at the development laboratories.
ORiNOCO AP-2500 User Guide Technical Support F If you are having a problem using an AP-2500 and cannot resolve it with the information in Troubleshooting, gather the following information and contact your local authorized reseller.
Technical Support For the Caribbean and Latin America: Phone: 1-866-ORiNOCO (1-866-674-6626) 1-661-367-2230 E-mail: CALAsupport@orinocowireless.com For Asia Pacific: Phone: +1 661-367-2230 E-mail: APACsupport@orinocowireless.com For Europe, the Middle East, and Africa (EMEA): Your local supplier in the EMEA region is trained to give you the support you require. Local suppliers have direct access to the ORiNOCO Technical Support Center and will help you in every way they can.
