Access Point User Guide

ManualsBrandsProxim ManualsNetwork RouterORiNOCO AP-700

ORiNOCO AP-700 Access Point

User Guide

Summary of content (221 pages)

PAGE 1
ORiNOCO AP-700 Access Point User Guide
PAGE 2
AP-700 User Guide Copyright © 2005 Proxim Corporation. All rights reserved. Covered by one or more of the following U.S. patents: 5,231,634; 5,875,179; 6,006,090; 5,809,060; 6,075,812; 5,077,753. This user’s guide and the software described in it are copyrighted with all rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form by any means without the written permission of Proxim Corporation.
PAGE 3
AP-700 User Guide Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Introduction to Wireless Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Guidelines for Roaming . . . . .
PAGE 4
Contents AP-700 User Guide IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 DHCP Relay Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
Contents AP-700 User Guide Management VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Security Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 MAC Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
Contents AP-700 User Guide Forced Reload Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Setting IP Address using Serial Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Related Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
Contents AP-700 User Guide CLI Batch File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Auto Configuration and the CLI Batch File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 CLI Batch File Format and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 8
AP-700 User Guide Caution: Exposure to Radio Frequency Radiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 Modifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 Industry Canada (IC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 European Union . . . .
PAGE 9
AP-700 User Guide Introduction 1 This chapter contains information on the following: • Document Conventions • Introduction to Wireless Networking • Guidelines for Roaming • IEEE 802.11 Specifications • Management and Monitoring Capabilities Document Conventions • AP refers to an AP-700 Access Point. • 802.11 is used to describe features that apply to the 802.11a, 802.11b, and 802.11g wireless standards. • Blue underlined text indicates a link to a topic or Web address.
PAGE 10
Introduction Guidelines for Roaming AP-700 User Guide Figure 1-1 Typical Wireless Network Access Infrastructure Guidelines for Roaming • Typical voice network cell coverages vary based on environment. Proxim recommends having a site survey done professionally to ensure optimal performance. For professional site surveyors, Ekahau™ Site Survey software is included in the Xtras folder of the Installation CD. • An AP can only communicate with client devices that support its wireless standard.
PAGE 11
Introduction Management and Monitoring Capabilities AP-700 User Guide 802.11 direct sequence devices (that operate at 1 or 2 Mbits/sec). Available Frequency Channels vary by regulatory domain and/or country. See Available Channels for details. Also in 1999, the IEEE modified the 802.11 standard to support devices operating in the 5 GHz frequency band. This standard is referred to as 802.11a. 802.11a devices are not compatible with 2.4 GHz 802.11 or 802.11b devices. 802.
PAGE 12
Introduction Management and Monitoring Capabilities AP-700 User Guide SNMP Management In addition to the HTTP and the CLI interfaces, you can also manage and configure an AP using the Simple Network Management Protocol (SNMP). Note that this requires an SNMP manager program, like HP Openview or Castlerock’s SNMPc.
PAGE 13
Introduction Management and Monitoring Capabilities AP-700 User Guide The SSH server (AP) has host keys - a pair of asymmetric keys - a private key that resides on the AP and a public key that is distributed to clients that need to connect to the AP. As the client has knowledge of the server host keys, the client can verify that it is communicating with the correct SSH server. NOTE: The remainder of this guide describes how to configure an AP using the HTTP Web interface or the CLI interface.
PAGE 14
AP-700 User Guide Installation and Initialization 2 This chapter contains information on the following: • AP-700 Hardware Description – Overview – Antennas – Active Ethernet – LED Indicators • Prerequisites • Product Package • System Requirements • Hardware Installation • Initialization • – Using ScanTool – Logging In – Using the Setup Wizard – Installing the Software Related Topics AP-700 Hardware Description Overview The AP-700 is a tri-mode AP that supports 802.11b, 802.
PAGE 15
Installation and Initialization AP-700 Hardware Description AP-700 User Guide Figure 2-1 Rear Panel The AP-700 has been designed to rest horizontally on a flat surface, but can be wall- or ceiling- mounted with the long axis vertical. The unit includes screw slots in the bottom plastic for mounting to a flat wall or ceiling.
PAGE 16
Installation and Initialization AP-700 Hardware Description AP-700 User Guide vertically polarized internal antenna, and connector 2 corresponds to the horizontally polarized internal antenna. Plugging an external antenna in to the antenna connector disables the corresponding internal antenna. The AP continues to support antenna diversity with external antennas connected.
PAGE 17
Installation and Initialization Prerequisites AP-700 User Guide The LED indicators exhibit the following behavior: Indication Power Solid Green AP image running. Blinking Green n/a Solid Amber The Bootloader is loading the application software. The AP is reloading. Blinking Amber Solid Red Blinking Red Power On Self Test (POST) running. Rebooting. Wireless Interface (802.11a/b/g radio) Wireless interface is preparing for use. Wireless interface is transmitting or receiving wireless packets.
PAGE 18
Installation and Initialization Prerequisites AP-700 User Guide Client IP Address Pool Allocation Scheme The Access Point can automatically provide IP addresses to clients as they sign on. The network administrator typically provides the IP Pool range. DNS Server IP Address The network administrator typically provides this IP Address. Gateway IP Address and Subnet Mask The gateway IP address and subnet mask of the network environment where the Access Point is deployed.
PAGE 19
Installation and Initialization Product Package AP-700 User Guide Product Package Each AP-700 comes with the following: • AP-700 unit (with integrated 802.
PAGE 20
Installation and Initialization Hardware Installation AP-700 User Guide Hardware Installation NOTE: Before installing and using this product, see the Regulatory Compliance section. NOTE: Avant l’installation et l’utilisation de ce produit, veuillez vous référer à la partie « Regulatory Compliance » (conformité aux réglementations). NOTA: Prima di installare ed utilizzare questo prodotto, fare riferimento alla sezione relativa alla “Regulatory Compliance” (conformità alle norme).
PAGE 21
Installation and Initialization Hardware Installation AP-700 User Guide 2. Attach one end of an Ethernet cable to the AP's LAN port (the center port, labeled “LAN”) and the other end to a network hub or switch. 3. Optionally, connect an RS-232 cable to the RS-232 console port (the right port, labeled “RS-232”). NOTE: You cannot install the security cover to the AP-700 if an RS-232 cable is connected. Figure 2-4 Cabling the AP-700 4. Verify LED Status 5.
PAGE 22
Installation and Initialization Hardware Installation AP-700 User Guide Figure 2-5 AP-700 Mounting Plate Mounting the AP-700 to a Wall 1. Put the mounting plate up to the wall. 2. Screw through the mounting plate. 3. Place the AP up against the mounting plate. Orient the AP with the long access vertical, with the connectors facing to the left. Installing External Antennas You can optionally install external antennas on the AP-700. For information on the AP’s antenna functionality, see Antennas.
PAGE 23
Installation and Initialization Hardware Installation AP-700 User Guide Figure 2-6 Opening the Antenna Compartment 2. There are two antenna connectors in the AP-700, labeled 1 and 2. Connect the antenna cable to connector 1 (the connector closer to the LED panel in the compartment). Figure 2-7 AP-700 Antenna Connectors 3. If installing a second external antenna (not recommended), connect the antenna cable to connector 2. 4. Close the external antenna access compartment. 5.
PAGE 24
Installation and Initialization Initialization AP-700 User Guide Initialization The following sections detail how to initialize the AP using ScanTool, log in to the HTTP interface, perform an initial configuration of the AP using the Setup Wizard, and download the required AP software. • Using ScanTool • Logging In • Using the Setup Wizard • Installing the Software Using ScanTool ScanTool is a software utility that is included on the installation CD-ROM.
PAGE 25
Installation and Initialization Initialization AP-700 User Guide change your adapter setting at any time by clicking the Select Adapter button on the Scan List screen. Note that the ScanTool Network Adapter Selection screen will not appear if your computer only has one network adapter installed. Figure 2-8 Scan List 7. Locate the MAC address of the AP you want to initialize within the Scan List. NOTE: If your Access Point does not show up in the Scan List, click the Rescan button to update the display.
PAGE 26
Installation and Initialization Initialization AP-700 User Guide d. Enter a static IP Address for the AP in the field provided. You must assign the unit a unique address that is valid on your IP subnet. Contact your network administrator if you need assistance selecting an IP address for the unit. e. Enter your network’s Subnet Mask in the field provided. f. Enter your network’s Gateway IP Address in the field provided. g.
PAGE 27
Installation and Initialization Initialization AP-700 User Guide 4. Enter the HTTP password in the Password field. Leave the User Name field blank. For new units, the default HTTP password is public. If you are logging on for the first time the Setup Wizard will launch automatically. NOTE: To prevent the Setup Wizard from launching upon log in, click on Management > Services and choose Disable from the Setup Wizard drop down menu. 5.
PAGE 28
Installation and Initialization Initialization AP-700 User Guide Figure 2-12 Setup Wizard Setup Wizard Instructions 1. Click Setup Wizard to begin. The Setup Wizard supports the following navigation options: • Save & Next Button: Each Setup Wizard screen has a Save & Next button. Click this button to submit any changes you made to the unit’s parameters and continue to the next page. The instructions below describe how to navigate the Setup Wizard using the Save & Next buttons.
PAGE 29
Installation and Initialization Initialization AP-700 User Guide — 802.11g-wifi: 802.11g-wifi has been defined for Wi-Fi testing purporses. It is not recommended for use in your wireless network environment. NOTE: In countries in which 802.11a (5 GHz) is not available for use, the AirSPEED AP541 provides dual-band (802.11b and 802.11g) support only. 802.11a functionality covered in this User Guide is not supported. In general, you should use either 802.11g only mode (if you want to support 802.
PAGE 30
Installation and Initialization Initialization AP-700 User Guide Download the Software 1. In your web browser, go to http://support.proxim.com. 2. If prompted, create an account to gain access. NOTE: The Knowledgebase is available to all website visitors. First-time users will be asked to create an account to gain access. 3. Click Search Knowledgebase. 4. In the Search Knowledgebase field, enter 1686. 5. From the Search By drop-down menu, select Answer ID. 6. Click Search. 7.
PAGE 31
Installation and Initialization Initialization AP-700 User Guide Figure 2-14 Warning Message 5. Click OK to continue with the operation or Cancel to abort the operation. 6. If the operation is unsuccessful, you will receive an error message. If this occurs, see the Troubleshooting chapter or attempt installing the software with a TFTP server, as described in the next section. 7. If the operation is successful, you will receive a confirmation message.
PAGE 32
Installation and Initialization Related Topics AP-700 User Guide Install Updates from your TFTP Server using the CLI 1. Download the latest software to http://support.proxim.com (Knowledgebase Answer ID 1686). See Download the Software for instructions). 1. Copy the latest software updates to your TFTP server. 2. Open the CLI interface via Telnet or a serial connection. 3. Enter the CLI password when prompted. 4.
PAGE 33
AP-700 User Guide System Status 3 The first screen displayed after Logging In is the System Status screen. You can always return to this screen by clicking the Status button. Figure 3-1 System Status Screen The System Status screen provides the following information: • System Status: This area provides system-level information, including the unit’s IP address and contact information. See System for information on these settings. • System Alarms: System traps (if any) appear in this area.
PAGE 34
AP-700 User Guide Advanced Configuration 4 This chapter contains information on configuring settings in the following categories: • System: Configure specific system information such as system name and contact information. • Network: Configure IP, DNS client, DHCP server, DHCP Relay Agent, DHCP Relay Servers, Link Integrity, and SNTP settings. • Interfaces: Configure the Access Point’s interfaces: Wireless and Ethernet settings.
PAGE 35
Advanced Configuration AP-700 User Guide Figure 4-1 Configure Main Screen 2. Click the tab that corresponds to the parameter you want to configure. For example, click Network to configure the Access Point’s TCP/IP settings. Each Configure tab is described in the remainder of this chapter.
PAGE 36
Advanced Configuration System AP-700 User Guide System You can configure and view the following parameters within the System Configuration screen: • Name: The name assigned to the AP. See the Dynamic DNS Support and Access Point System Naming Convention sections for rules on naming the AP. • Location: The location where the AP is installed. • Contact Name: The name of the person responsible for the AP. • Contact Email: The email address of the person responsible for the AP.
PAGE 37
Advanced Configuration System AP-700 User Guide Access Point System Naming Convention The Access Point's system name is used as its host name. In order to prevent Access Points with default configurations from registering similar host names in DNS, the default system name of the Access Point is uniquely generated. Access Points generate unique system names by appending the last 3 bytes of the Access Point's MAC address to the default system name.
PAGE 38
Advanced Configuration Network AP-700 User Guide Network The Network tab contains the following sub-tabs: • IP Configuration • DHCP Server • DHCP Relay Agent • Link Integrity • SNTP (Simple Network Time Protocol) IP Configuration This tab is used to configure the internet (TCP/IP) settings for the access point. These settings can be either entered manually (static IP address, subnet mask, and gateway IP address) or obtained automatically (dynamic).
PAGE 39
Advanced Configuration Network AP-700 User Guide Basic IP Parameters • IP Address Assignment Type: Set this parameter to Dynamic to configure the Access Point as a Dynamic Host Configuration Protocol (DHCP) client; the Access Point will obtain IP settings from a network DHCP server automatically during boot-up. If you do not have a DHCP server or if you want to manually configure the Access Point’s IP settings, set this parameter to Static. • IP Address: The Access Point’s IP address.
PAGE 40
Advanced Configuration Network AP-700 User Guide Figure 4-4 DHCP Server Configuration Screen You can configure and view the following parameters within the DHCP Server Configuration screen: NOTE: You must reboot the Access Point before changes to any of these DHCP server parameters take effect. • Enable DHCP Server: Place a check mark in the box provided to enable DHCP Server functionality. NOTE: You cannot enable the DHCP Server functionality unless there is at least one IP Pool Table Entry configured.
PAGE 41
Advanced Configuration Network – AP-700 User Guide Status: IP Pools are enabled upon entry in the table. You can also disable or delete entries by changing this field’s value. NOTE: You must reboot the Access Point before changes to any of these DHCP server parameters take effect. DHCP Relay Agent When enabled, the DHCP relay agent forwards DHCP requests to the set DHCP server. Click the Configure > Network > DHCP R A to configure DHCP relay agent servers and enable the DHCP relay agent.
PAGE 42
Advanced Configuration Network AP-700 User Guide Figure 4-6 DHCP Server IP Address Table - Edit Entries To add an entry, enter the IP Address of the DHCP Server and a comment (optional), and click OK. To edit an entry, make changes to the appropriate entry. Enable or disable the entry by choosing Enable or Disable from the Status drop-down menu, and click OK. Link Integrity The Link Integrity feature checks the link between the AP and the nodes on the Ethernet backbone.
PAGE 43
Advanced Configuration Network AP-700 User Guide Figure 4-7 Link Integrity Configuration Screen SNTP (Simple Network Time Protocol) SNTP allows a network entity to communicate with time servers in the network/internet to retrieve and synchronize time of day information. When this feature is enabled, the AP will attempt to retrieve the time of day information from the configured time servers (primary or secondary), and, if successful, will update the relevant time objects in the AP.
PAGE 44
Advanced Configuration Network AP-700 User Guide Figure 4-8 SNTP Configuration Screen You can configure and view the following parameters within the SNTP screen: • SNTP Status: Select Enable or Disable from the drop-down menu. The selected status will determine which of the parameters on the SNTP screen are configurable. NOTE: When SNTP is enabled, it will take some time for the AP to retrieve the time of day from the configured time servers and update the relevant date and time parameters.
PAGE 45
Advanced Configuration Network – Year: Enter the current year. – Month: Enter the month in digits (1-12). – Day: Enter the day in digits (1-31). – Hour: Enter the hour in digits (0-23). – Minutes: Enter the minutes in digits (0-59). – Seconds: Enter the seconds in digits (0-59).
PAGE 46
Advanced Configuration Interfaces AP-700 User Guide Interfaces From the Interfaces tab, you configure the Access Point’s operational mode settings, power control settings, wireless interface settings and Ethernet settings. You may also configure a Wireless Distribution System for AP-to-AP communications. The Interfaces tab contains the following sub-tabs: • Operational Mode • Wireless (802.
PAGE 47
Advanced Configuration Interfaces • AP-700 User Guide 802.11g-wifi mode: The 802.11g-wifi mode has been defined for Wi-Fi testing purporses. It is not recommended for use in your wireless network environment. NOTE: In countries in which 802.11a (5 GHz) is not available for use, the AP-700 provides dual-band (802.11b and 802.11g) support only. 802.11a functionality covered in this User Guide is not supported. In general, you should use either 802.11g only mode (if you want to support 802.
PAGE 48
Advanced Configuration Interfaces AP-700 User Guide 3. Select the Country Code from the ISO/IEC 3166-1 CountryCode drop-down menu. 4. Click OK. 5. Configure Transmit Power Control and transmit power level if required. TX Power Control/Transmit Power Level Transmit Power Control uses standard 802.11d frames to control transmit power within an infrastructure BSS. This method of power control is considered to be an interim way of controlling the transmit power of 802.
PAGE 49
Advanced Configuration Interfaces AP-700 User Guide Wireless (802.
PAGE 50
Advanced Configuration Interfaces AP-700 User Guide You can view and configure the following parameters for the Wireless interface: NOTE: You must reboot the Access Point before any changes to these parameters take effect. • Physical Interface Type: Depending on the Operational Mode, this field reports: – For 802.11a mode: “802.11a (OFDM 5 GHz).” NOTE: In countries in which 802.11a (5 GHz) is not available for use, the AP-700 provides dual-band (802.11b and 802.11g) support only. 802.
PAGE 51
Advanced Configuration Interfaces AP-700 User Guide NOTE: Turbo mode is supported in 802.11a and 802.11g mode. If turbo mode is enabled, then this is displayed in the web UI and the transmit speeds and channels pull-down menus are updated with the valid values. • DTIM Period: The Deferred Traffic Indicator Map (DTIM) Period determines when to transmit broadcast and multicast packets to all clients. If any clients are in power save mode, packets are sent at the end of the DTIM period.
PAGE 52
Advanced Configuration Interfaces – – – – Estonia Finland France Germany AP-700 User Guide – – – – Lithuania Luxembourg Malta Netherlands – Sweden – Switzerland – UK RTS/CTS Medium Reservation The 802.11 standard supports optional RTS/CTS communication based on packet size. Without RTS/CTS, a sending radio listens to see if another radio is already using the medium before transmitting a data packet. If the medium is free, the sending radio transmits its packet.
PAGE 53
Advanced Configuration Interfaces AP-700 User Guide Traps Generated During Wireless Service Shutdown (and Resume) The following traps are generated during wireless service shutdown and resume, and are also sent to any configured Syslog server. When the wireless service is shut down on a wireless interface, the AP generates a trap called oriTrapWirelessServiceShutdown. When the wireless service is resumed on a wireless interface, the AP generate a trap called oriTrapWirelessServiceResumed.
PAGE 54
Advanced Configuration Interfaces AP-700 User Guide Figure 4-12 Channel Blacklist Table - Edit Screen Wireless Distribution System (WDS) A Wireless Distribution System (WDS) creates a link between two 802.11a, 802.11b, or 802.11b/g APs over their radio interfaces. This link relays traffic from one AP that does not have Ethernet connectivity to a second AP that has Ethernet connectivity. WDS allows you to configure up to six (6) ports per radio.
PAGE 55
Advanced Configuration Interfaces AP-700 User Guide • There are separate security settings for clients and WDS links. The same WDS link security mode must be configured (currently we only support none or WEP) on each Access Point in the WDS and the same WEP key must be configured. • The WDS link shares the communication bandwidth with the clients. Therefore, while the maximum data rate for the Access Point's cell is 54 Mbits/second (802.11a, 802.11g only, or 802.b/g modes) or 11 Mbits/second (802.
PAGE 56
Advanced Configuration Interfaces AP-700 User Guide Figure 4-15 Adding WDS Links 6. Select whether to use encryption in the WDS by checking the Enable WDS Security Mode checkbox. 7. If you enabled WDS Security Mode, enter the Encryption Key 0 used for encryption between the WDS links. 8. Enter the MAC Address that you wrote down in Step 2 in one of the Partner MAC Address field of the Wireless Distribution Setup window. 9. Set the Status of the device to Enable. 10.Click OK. 11. Reboot the AP.
PAGE 57
Advanced Configuration Interfaces AP-700 User Guide Figure 4-16 Ethernet Sub-tab For best results, Proxim recommends that you configure the Ethernet setting to match the speed and transmission mode of the device the Access Point is connected to (such as a hub or switch). If in doubt, leave this setting at its default, auto-speed-auto-duplex.
PAGE 58
Advanced Configuration Management AP-700 User Guide Management The Management tab contains the following sub-tabs: • Passwords • IP Access Table • Services • Automatic Configuration (AutoConfig) • Hardware Configuration Reset (CHRD) Passwords You can configure the following passwords: • SNMP Read Community Password: The password for read access to the AP using SNMP. Enter a password in both the Password field and the Confirm field. This password must be between 6 and 32 characters.
PAGE 59
Advanced Configuration Management AP-700 User Guide IP Access Table The Management IP Access table limits in-band management access to the IP addresses or range of IP addresses specified in the table. This feature applies to all management services (SNMP, HTTP, and CLI) except for CLI management over the serial port. To configure this table, click Add and set the following parameters: • IP Address: Enter the IP Address for the management station.
PAGE 60
Advanced Configuration Management • AP-700 User Guide Secure Management Status: Enables the further configuration of HTTPS Access, SNMPv3, and Secure Shell (SSH). After enabling Secure Management, you can choose to configure HTTPS (SSL) and Secure Shell access on the Services tab, and to configure SNMPv3 passwords on the Passwords tab. SNMP Settings • SNMP Interface Bitmask: Configure the interface or interfaces (Ethernet, Wireless, All Interfaces) from which you will manage the AP via SNMP.
PAGE 61
Advanced Configuration Management AP-700 User Guide Figure 4-17 Management Services Configuration Screen 61
PAGE 62
Advanced Configuration Management AP-700 User Guide Telnet Configuration Settings • Telnet Interface Bitmask: Select the interface (Ethernet, Wireless, All Interfaces) from which you can manage the AP via telnet. This parameter can also be used to Disable telnet management. • Telnet Port Number: The default port number for Telnet applications is 23.
PAGE 63
Advanced Configuration Management AP-700 User Guide NOTE: When Secure Management is enabled on the AP, SSH will be enabled by default and cannot be disabled. Host keys must either be generated externally and uploaded to the AP (see Uploading Externally Generated Host Keys), generated manually, or auto-generated at the time of SSH initialization if SSH is enabled and no host keys are present. There is no key present in an AP that is in a factory default state.
PAGE 64
Advanced Configuration Management AP-700 User Guide Serial Configuration Settings The serial port interface on the AP is enabled at all times. See Setting IP Address using Serial Port for information on how to access the CLI interface via the serial port. You can configure and view the following parameters: • Serial Baud Rate: Select the serial port speed (bits per second). Choose between 2400, 4800, 9600, 19200, 38400, or 57600; the default Baud Rate is 9600.
PAGE 65
Advanced Configuration Management AP-700 User Guide • RADIUS Profile for Management Access Control: Specifies the RADIUS Profile to be used for RADIUS Based Management Access. • Local User Status: Enables or disables the local user when RADIUS Based Management is enabled. The default local user ID is root. • Local User Password and Confirm Password: The default local user password is public.
PAGE 66
Advanced Configuration Management AP-700 User Guide Figure 4-19 Automatic Configuration Screen Set up Automatic Configuration for Dynamic IP Perform the following procedure to enable and set up Automatic Configuration when you have a dynamic IP address for the TFTP server via DHCP. The Configuration filename and the TFTP server IP address are contained in the DHCP response when the AP gets its IP address dynamically from the DHCP server.
PAGE 67
Advanced Configuration Management AP-700 User Guide Figure 4-20 DHCP Options: Setting the Boot Server Host Name 4. Add the Boot Server Hostname and Boot Filename parameters to the Active Options list. 5. Set the value of the Boot Server Hostname Parameter to the hostname or IP Address of the TFTP server. For example: 11.0.0.7. Figure 4-21 DHCP Options: Setting the Bootfile Name 6. Set the value of the Bootfile Name parameter to the Configuration filename. For example: AP-Config 7.
PAGE 68
Advanced Configuration Management AP-700 User Guide AP is not protected, an unauthorized person could reset the AP to factory defaults and thus gain control of the AP. The user can disable the hardware configuration reset functionality to prevent unauthorized access.
PAGE 69
Advanced Configuration Management AP-700 User Guide 2. Check (enable) or uncheck (disable) the Enable Hardware Configuration Reset checkbox. 3. Change the default Configuration Reset Password in the “Configuration Reset Password” and “Confirm” fields. 4. Click OK. 5. Reboot the AP. NOTE: It is important to safely store the configuration reset password.
PAGE 70
Advanced Configuration Filtering AP-700 User Guide Filtering The Access Point’s Packet Filtering features help control the amount of traffic exchanged between the wired and wireless networks. There are four sub-tabs under the Filtering heading: • Ethernet Protocol • Static MAC • Advanced • TCP/UDP Port Ethernet Protocol The Ethernet Protocol Filter blocks or forwards packets based on the Ethernet protocols they support. Follow these steps to configure the Ethernet Protocol Filter: 1.
PAGE 71
Advanced Configuration Filtering AP-700 User Guide Each MAC Address or Mask is comprised of 12 hexadecimal digits (0-9, A-F) that correspond to a 48-bit identifier. (Each hexadecimal digit represents 4 bits (0 or 1).) Taken together, a MAC Address/Mask pair specifies an address or a range of MAC addresses that the AP will look for when examining packets. The AP uses Boolean logic to perform an “AND” operation between the MAC Address and the Mask at the bit level.
PAGE 72
Advanced Configuration Filtering • Wireless Client 2: 00:02:2D:51:32:12 • Wireless Client 3: 00:20:A6:12:4E:38 AP-700 User Guide Prevent Two Specific Devices from Communicating Configure the following settings to prevent the Wired Server and Wireless Client 1 from communicating: • Wired MAC Address: 00:40:F4:1C:DB:6A • Wired Mask: FF:FF:FF:FF:FF:FF • Wireless MAC Address: 00:02:2D:51:94:E4 • Wireless Mask: FF:FF:FF:FF:FF:FF Result: Traffic between the Wired Server and Wireless Client 1 is block
PAGE 73
Advanced Configuration Filtering AP-700 User Guide • Wired MAC Address: 01:00:5E:00:32:4B • Wired Mask: FF:FF:FF:FF:FF:FF • Wireless MAC Address: 00:00:00:00:00:00 • Wireless Mask: 00:00:00:00:00:00 Result: The Access Point does not forward any packets that have a destination address of 01:00:5E:00:32:4B to the wireless network.
PAGE 74
Advanced Configuration Filtering AP-700 User Guide 4. Set the destination Port Number (a value between 1 and 65535) to filter. See the IANA Web site at http://www.iana.org/assignments/port-numbers for a list of assigned port numbers and their descriptions. 5. Set the Port Type for the protocol: TCP, UDP, or both (TCP/UDP). 6. Set the Interface to filter: • Only Ethernet • Only Wireless • All interfaces 7. Click OK. Editing TCP/UDP Port Filters 1.
PAGE 75
Advanced Configuration Alarms AP-700 User Guide Alarms The Alarms tab has the following sub-tabs: • Groups • Alarm Host Table • Syslog • Rogue Scan Groups Alarm groups can be enabled or disabled via the Web interface. Place a check mark in the box provided to enable a specific group. Remove the check mark from the box to disable the alarms. Alarm severity levels are as follows: • Critical alarms will often result in severe disruption in network activity or an automatic reboot of the AP.
PAGE 76
Advanced Configuration Alarms AP-700 User Guide Security Trap Group Trap Name Description Severity Level oriTrapInvalidEncryptionKey Invalid encryption key has been detected. Critical oriTrapAuthenticationFailure Client authentication failure has occurred. Authentication failures can range from: Major • MAC Access Control table • RADIUS MAC authentication • 802.
PAGE 77
Advanced Configuration Alarms Trap Name AP-700 User Guide Description Severity Level oriTrapDHCPFailed Response to the DHCP client request not received; device not dynamically assigned an IP address Major oriTrapDNSClientLookupFailure DNS client attempts to resolve a specified hostname (DNS lookup) and a failure occurs because either the DNS server is unreachable or there is an error for the hostname lookup. Trap specifies the hostname that was being resolved.
PAGE 78
Advanced Configuration Alarms AP-700 User Guide TFTP Trap Group Trap Name Description Severity Level oriTrapTFTPFailedOperation TFTP operation failed Major oriTrapTFTPOperationInitiated TFTP operation Initiated Informational oriTrapTFTPOperationCompleted TFTP operation completed Informational Image Trap Group Trap Name Description Severity Level oriTrapZeroSizeImage Zero size image loaded onto device Major oriTrapInvalidImage Invalid image loaded onto device Major oriTrapImageTooLarge
PAGE 79
Advanced Configuration Alarms AP-700 User Guide NOTE: Up to 10 entries are possible in the Alarm Host table. • IP Address: Enter the Trap Host IP Address. • Password: Enter the password in the Password field and the Confirm field. • Comment: Enter an optional comment, such as the alarm (trap) host station name. To edit or delete an entry, click Edit. Edit the information, or select Enable, Disable, or Delete from the Status drop-down menu.
PAGE 80
Advanced Configuration Alarms AP-700 User Guide Syslog The Syslog messaging system enables the AP to transmit event messages to a central server for monitoring and troubleshooting. The access point logs “Session Start (Log-in)” and “Session Stop (Log-out)” events for each wireless client as an alternative to RADIUS accounting. See RFC 3164 at http://www.rfc-editor.org for more information on the Syslog standard.
PAGE 81
Advanced Configuration Alarms AP-700 User Guide • Syslog Lowest Priority Logged: The AP will send event messages to the Syslog server that correspond to the selected priority number and any priority numbers below it. For example, if set to 6, the AP will transmit event messages labeled priority 0 to 6 to the Syslog server. This parameter supports a range between 0 and 7; 6 is the default.
PAGE 82
Advanced Configuration Alarms AP-700 User Guide Syslog Message Name Client Login Authentication Status Priority 6 Severity Informational Description Client logs in/authenticates. Message includes: • Client MAC Address • Authentication Type = None, ACL, RADIUS MAC, 802.
PAGE 83
Advanced Configuration Alarms AP-700 User Guide Syslog Message Name Priority Severity Description CLI Configuration File Execution Errors 4 Minor There is an error in execution of the CLI configuration file. The message specifies the filename, line number, and error reason.
PAGE 84
Advanced Configuration Alarms AP-700 User Guide The figure above shows Client 1 connected to a Trusted AP and Client 2 connected to a Rogue AP. The Trusted AP scans the networks, detects Client 2, and notifies the Network Manager. The Network Manager uses SNMP/CLI to query the wired switch to find the inbound switch port of Client 2’s packets. The Network Manager verifies that this switch/router and port does not have a valid Access Point as per the administrator’s database.
PAGE 85
Advanced Configuration Alarms • Channel: the working channel of the detected station • SNR: the SNR value of the last frame from the station as received by the AP • BSSID: the BSSID field stores the: AP-700 User Guide – MAC address of the associated Access Point in the case of a client.
PAGE 86
Advanced Configuration Alarms AP-700 User Guide Figure 4-26 Rogue Scan Screen 86
PAGE 87
Advanced Configuration Bridge AP-700 User Guide Bridge The AP is a bridge between your wired and wireless networking devices. As a bridge, the functions performed by the AP include: • MAC address learning • Forward and filtering decision making • Spanning Tree protocol used for loop avoidance Once the AP is connected to your network, it learns which devices are connected to it and records their MAC addresses in the Learn Table. The table can hold up to 10,000 entries.
PAGE 88
Advanced Configuration Bridge AP-700 User Guide Figure 4-27 Spanning Tree Sub-Tab Storm Threshold Storm Threshold is an advanced Bridge setup option that you can use to protect the network against data overload by: • Specifying a maximum number of frames per second as received from a single network device (identified by its MAC address). • Specifying an absolute maximum number of messages per interface.
PAGE 89
Advanced Configuration Bridge • AP-700 User Guide Wireless Threshold: Enter the maximum allowed number of packets per second. Intra BSS The wireless clients (or subscribers) that associate with a certain AP form the Basic Service Set (BSS) of a network infrastructure. By default, wireless subscribers in the same BSS can communicate with each other.
PAGE 90
Advanced Configuration QoS AP-700 User Guide QoS Wireless Multimedia Extensions (WME)/Quality of Service (QoS) The AP supports Wireless Multimedia Enhancements which defines an intermediate solution for QoS functionality until the IEEE 802.11e specification is formally approved. WME is based on a subset of the 802.11e standard, and defines enhancements to the MAC for wireless LAN applications with Quality of Service requirements, which include transport of voice traffic over IEEE 802.11 wireless LANs.
PAGE 91
Advanced Configuration QoS AP-700 User Guide 4. To add a QoS Policy, click the Add button in the “QoS Policies Table” box. The Add Entries box appears. Figure 4-29 Add QoS Policy 5. Enter the Policy Name. 6.
PAGE 92
Advanced Configuration QoS AP-700 User Guide Priority Mapping Use this page to configure QoS 802.1p to 802.1d priority mappings (for layer 2 policies) and IP DSCP to 802.1d priority mappings (for layer 3 policies). The first entry in each table contains the recommended priority mappings. Custom entries can be added to each table with different priority mappings. 1. Click Configure > QoS > Priority Mapping. Figure 4-30 Priority Mapping 2. Click Add in the 802.1p and 802.1d priority mapping table.
PAGE 93
Advanced Configuration QoS AP-700 User Guide Figure 4-31 Add Priority Mapping Entry 3. Select the 802.1p Priority (from 0-7) for 802.1d Priorities 0-7. 4. Click OK. 5. Click Add in the IP Precedence/DSCP ranges and 802.1d Priority table. 6. Select the IP DSCP Range for each 802.1d Priority. 7. Click OK. NOTE: Changes to Priority Mapping require a reboot of the AP to take effect.
PAGE 94
Advanced Configuration QoS AP-700 User Guide 1. Click Configure > QoS > EDCA. Figure 4-32 EDCA Tables 2. Click Edit and configure the following parameters in each table: NOTE: Changes to EDCA parameters require a reboot of the AP to take effect. • Index: read-only. Indicates the index of the Access Category (1-4) being defined. • CWMin: minimum Contention Window. Configurable range is 0 to 255. • CWMax: maximum Contention Window. Configurable range is 0 to 65535.
PAGE 95
Advanced Configuration QoS AP-700 User Guide • Tx OP Limit: The Transmission Opportunity Limit. The Tx OP is an interval of time during which a particular QoS enhanced client has the right to initiate a frame exchange sequence onto the wireless medium. The Tx OP Limit defines the upper limit placed on the value of Tx OP a wireless entity can obtain for a particular access category. Configurable range is 0 to 65535.
PAGE 96
Advanced Configuration Radius Profiles AP-700 User Guide Radius Profiles Configuring Radius Profiles on the AP allows the administrator to define a profile for RADIUS Servers used by the system or by a VLAN. The network administrator can define RADIUS Servers per Authentication Mode and per VLAN. The AP communicates with the RADIUS server defined in a profile to provide the following features: • MAC Access Control Via RADIUS Authentication • 802.
PAGE 97
Advanced Configuration Radius Profiles AP-700 User Guide Figure 4-33 RADIUS Servers per VLAN This figure shows a network with separate authentication servers for each authentication type and for each VLAN. The clients in VLAN 1 are authenticated using the authentication servers configured for VLAN 1. The type of authentication server used depends on whether the authentication is done for an 802.1x client or a non-802.1x client.
PAGE 98
Advanced Configuration Radius Profiles AP-700 User Guide Figure 4-34 RADIUS Server Profiles Adding or Modifying a RADIUS Server Profile Perform the following procedure to add a RADIUS server profile and to configure its parameters. 1. Click Add to create a new profile. To Modify an existing profile, select the profile and click Edit. To delete an existing profile, select the profile and click Delete. You cannot delete a RADIUS server profile if it is applied to an SSID. 2.
PAGE 99
Advanced Configuration Radius Profiles AP-700 User Guide Figure 4-35 Add RADIUS Server Profile • Server Profile Name: the profile name. This is the name used to associated a VLAN to the profile. See Configuring Security Profiles. The Server Profile Name is also used in the Configure > Management > Services page to specify the RADIUS profile to be used for RADIUS Based Management Access.
PAGE 100
Advanced Configuration Radius Profiles AP-700 User Guide • Destination Port: Enter the port number which the AP and the server will use to communicate. By default, RADIUS servers communicate on port 1812. • Server VLAN ID: Indicates the VLAN that uses this RADIUS server profile. If VLAN is disabled, this field will be grayed out. • Shared Secret and Confirm Shared Secret: Enter the password shared by the RADIUS server and the AP. The same password must also be configured on the RADIUS server.
PAGE 101
Advanced Configuration Radius Profiles AP-700 User Guide NOTE: This feature requires RADIUS authentication using MAC Access Control or 802.1x. Wireless clients configured in the Access Point’s static MAC Access Control list are not tracked. Authentication and Accounting Attributes Additionally, the AP supports a number of Authentication and Accounting Attributes defined in RFC2865, RFC2866, RFC2869, and RFC3580.
PAGE 102
Advanced Configuration Radius Profiles – Number of octets (bytes) received by subscriber. • Acct-Output-Octets • Acct-Input-Packets – – Number of octets (bytes) sent by subscriber. Number of packets received by subscriber. • Acct-Output-Packets • Acct-Terminate Cause – – • AP-700 User Guide Number of packets sent by subscriber. Indicates how the session was terminated.
PAGE 103
Advanced Configuration SSID/VLAN/Security AP-700 User Guide SSID/VLAN/Security The AP provides several security features to protect your network from unauthorized access. This section gives an overview of VLANs and then discusses the SSID/VLAN/Security configuration options in the AP: • VLAN Overview • Management VLAN • Security Profile • MAC Access • Wireless The AP also provides Broadcast SSID/Closed System and Rogue Scan to protect your network from unauthorized access.
PAGE 104
Advanced Configuration SSID/VLAN/Security AP-700 User Guide Figure 4-36 Components of a Typical VLAN VLAN Workgroups and Traffic Management Access Points that are not VLAN-capable typically transmit broadcast and multicast traffic to all wireless Network Interface Cards (NICs). This process wastes wireless bandwidth and degrades throughput performance. In comparison, a VLAN-capable AP is designed to efficiently manage delivery of broadcast, multicast, and unicast traffic to wireless clients.
PAGE 105
Advanced Configuration SSID/VLAN/Security AP-700 User Guide Typical User VLAN Configurations VLANs segment network traffic into workgroups, which enable you to limit broadcast and multicast traffic. Workgroups enable clients from different VLANs to access different resources using the same network infrastructure. Clients using the same physical network are limited to those resources available to their workgroup.
PAGE 106
Advanced Configuration SSID/VLAN/Security AP-700 User Guide 3. Place a check mark in the Enable VLAN Tagging box. Provide Access to a Wireless Host in the Same Workgroup The VLAN feature can allow wireless clients to manage the AP. If the VLAN Management ID matches a VLAN User ID, then those wireless clients who are members of that VLAN will have AP management access.
PAGE 107
Advanced Configuration SSID/VLAN/Security AP-700 User Guide • EAP-Tunneled Transport Layer Security (TTLS): Certificate-based authentication (a certificate is required on the server; a client’s username/password is tunneled to the server over a secure connection); supports automatic key distribution • PEAP - Protected EAP with MS-CHAP: Secure username/password-based authentication; supports automatic key distribution Different servers support different EAP types and each EAP type provides different fe
PAGE 108
Advanced Configuration SSID/VLAN/Security AP-700 User Guide WPA is a replacement for Wired Equivalent Privacy (WEP), the encryption technique specified by the original 802.11 standard. WEP has several vulnerabilities that have been widely publicized. WPA addresses these weaknesses and provides a stronger security system to protect wireless networks.
PAGE 109
Advanced Configuration SSID/VLAN/Security AP-700 User Guide VLANs and Security Profiles The AP-700 allows you to segment wireless networks into multiple sub-networks based on Network Name (SSID) and VLAN membership. A Network Name (SSID) identifies a wireless network. Clients associate with Access Points that share an SSID. During installation, the Setup Wizard prompts you to configure a Primary Network Name for each wireless interface.
PAGE 110
Advanced Configuration SSID/VLAN/Security AP-700 User Guide 3. Configure one or more types of wireless stations (security modes) that are allowed access to the AP under the security profile. The WEP/PSK parameters are separately configurable for each security mode. To enable a security mode in the profile (Non Secure Station, WEP Station, 802.1x Station, WPA Station, WPA-PSK Station, 802.11i (WPA2) Station, 802.11i-PSK Station), check the box next to the mode. See Figure 4-40 on page 112.
PAGE 111
Advanced Configuration SSID/VLAN/Security AP-700 User Guide • Cipher: CCMP based on AES • PSK Passphrase: an 8-63 character user-defined phrase. It is recommended a passphrase of at least 13 characters, including both letters and numbers, and upper and lower case characters, to ensure that the generated key cannot be easily deciphered by network infiltrators. 5. When finished configuring all parameters, click OK. 6. If you selected a Security Mode of 802.1x Station, WPA Station, or 802.
PAGE 112
Advanced Configuration SSID/VLAN/Security AP-700 User Guide Figure 4-40 Security Profile Table - Add Entries 112
PAGE 113
Advanced Configuration SSID/VLAN/Security AP-700 User Guide MAC Access The MAC Access sub-tab allows you to build a list of stations, identified by their MAC addresses, authorized to access the network through the AP. The list is stored inside each AP within your network. Note that you must reboot the AP for any changes to the MAC Access Control Table to take effect. Up to 1000 entries can be made in the table.
PAGE 114
Advanced Configuration SSID/VLAN/Security AP-700 User Guide the same system separated per VLAN. See the Security Profile section for more information. Each SSID can support a unique VLANs. In order for the AP to support multiple SSID/VLANs, VLAN Tagging must be enabled. These parameters are configurable on the Wireless sub-tab. Configuring an SSID/VLAN with VLAN Tagging Disabled With VLAN tagging disabled (from the SSID/VLAN/Security > Mgmt VLAN tab), only one SSID can be configured.
PAGE 115
Advanced Configuration SSID/VLAN/Security AP-700 User Guide 6. Enter the Security Profile used by the VLAN in the Security Profile field. See the Security Profile section for more information. 7. Define the RADIUS Server Profile Configuration for the VLAN/SSID: • RADIUS MAC Authentication Profile • RADIUS EAP Authentication Profile • RADIUS Accounting Profile If 802.1x, WPA, or 802.11i security mode is used, the RADIUS EAP Authentication Profile must have a value.
PAGE 116
Advanced Configuration SSID/VLAN/Security AP-700 User Guide 11. Specify a QoS profile. See the Enabling QoS and Adding QoS policies section for more information. 12.If editing an entry, enable or disable the parameters on this page by electing Enable or Disable from the Status drop-down menu. If adding a new entry, this drop-down menu will not appear. 13.Click OK to return to Wireless Security Configuration Screen. 14.Reboot the AP.
PAGE 117
Advanced Configuration SSID/VLAN/Security AP-700 User Guide Figure 4-45 SSID/VLAN Edit Entries Screen (VLAN Tagging Enabled) 4. Enter a unique Network Name (SSID) between 1 and 32 characters. This parameter is mandatory. NOTE: Do not use quotation marks (single or double) in the Network Name; this will cause the AP to misinterpret the name. 5. Enter a unique VLAN ID. This parameter is mandatory. • A VLAN ID is a number from -1 to 4094. A value of -1 means that an entry is “untagged.
PAGE 118
Advanced Configuration SSID/VLAN/Security AP-700 User Guide 7. Enable or disable RADIUS accounting on the VLAN/SSID under the Accounting Status drop-down menu. 8. Enable or disable RADIUS MAC authentication status on the VLAN/SSID under the RADIUS Authentication Status drop-down menu. 9. Enable or disable MAC Access Control List status on the VLAN/SSID under the MAC ACL Status drop-down menu. 10.Enter the Rekeying Interval in seconds. The default interval is 900 seconds. 11.
PAGE 119
AP-700 User Guide 5 Monitoring This chapter discusses the following monitoring options: • Version: Provides version information for the Access Point’s system components. • ICMP: Displays statistics for Internet Control Message Protocol packets sent and received by the AP. • IP/ARP Table: Displays the AP’s IP Address Resolution table. • Learn Table: Displays the list of nodes that the AP has learned are on the network.
PAGE 120
Monitoring Version AP-700 User Guide Version From the HTTP interface, click the Monitor button and select the Version tab. The list displayed provides you with information that may be pertinent when calling Technical Support. With this information, your Technical Support representative can verify compatibility issues and make sure the latest software are loaded. This screen displays the following information for each Access Point component: • Serial Number: The component’s serial number, if applicable.
PAGE 121
Monitoring ICMP AP-700 User Guide ICMP This tab provides statistical information for both received and transmitted messages directed to the AP. Not all ICMP traffic on the network is counted in the ICMP (Internet Control Message Protocol) statistics. Figure 5-3 ICMP Monitoring Tab IP/ARP Table This tab provides information based on the Address Resolution Protocol (ARP), which relates MAC Address and IP Addresses.
PAGE 122
Monitoring Learn Table AP-700 User Guide Learn Table This tab displays information relating to network bridging. It reports the MAC address for each node that the device has learned is on the network and the interface on which the node was detected. There can be up 10,000 entries in the Learn Table. Figure 5-5 Learn Table Monitoring Tab IAPP This tab displays statistics relating to client handovers and communications between ORiNOCO Access Points.
PAGE 123
Monitoring RADIUS AP-700 User Guide RADIUS This tab provides RADIUS authentication, EAP/802.1x authentication, and accounting information for both the Primary and Backup RADIUS servers for each RADIUS Server Profile. NOTE: Separate RADIUS servers can be configured for each RADIUS Server Profile. Select the RADIUS Server Profile to view statistics on from the Select Server Profile drop-down menu.
PAGE 124
Monitoring Interfaces AP-700 User Guide Interfaces This tab displays statistics for the Ethernet and wireless interfaces.
PAGE 125
Monitoring Interfaces AP-700 User Guide • Duplicate Frame Count (Wireless): The number of duplicate frames received. • Ethernet Chipset (Ethernet): Identifies the chipset used to realize the interface. • Excessive Collisions (Ethernet): The number of frames for which transmission fails due to excessive collisions. • Failed ACK Count (Wireless): The number of of times an acknowledgment (or ACK) is not received when expected.
PAGE 126
Monitoring Interfaces AP-700 User Guide • Out Discards (Ethernet/Wireless): The number of error-free outbound packets chosen to be discarded to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space. • Out Errors (Ethernet/Wireless): The number of outbound packets that could not be transmitted because of errors.
PAGE 127
Monitoring Station Statistics AP-700 User Guide Station Statistics This tab displays information on wireless clients attached to the AP and on Wireless Distribution System links. Enable the Monitoring Station Statistics feature (Station Statistics are disabled by default) by checking Enable Monitoring Station Statistics and click OK. You do not need to reboot the AP for the changes to take effect.
PAGE 128
Monitoring Station Statistics • AP-700 User Guide Number of Clients: The number of stations and WDS links monitored. The following stations statistics are available through SNMP: • Octets Received: The number of octets received from the associated wireless station (or WDS link partner) by the AP. • Unicast Frames Received: The number of Unicast frames received from the associated wireless station (or WDS link partner) by the AP.
PAGE 129
AP-700 User Guide Commands 6 This chapter contains information on the following Command functions: • Introduction to File Transfer via TFTP or HTTP: Describes the available file transfer methods. • Update AP via TFTP: Download files from a TFTP server to the AP. • Update AP via HTTP: Download files to the AP from HTTP. • Retrieve File: Upload configuration files from the AP to a TFTP server. • Retrieve File via HTTP: Upload configuration files from the AP via HTTP.
PAGE 130
Commands Introduction to File Transfer via TFTP or HTTP • AP-700 User Guide Uploading files (Configuration, CLI Batch File) from the AP is called “Retrieving Files.” TFTP File Transfer Guidelines A TFTP server must be running and configured to point to the directory containing the file. If you do not have a TFTP server installed on your system, install the TFTP server from the ORiNOCO CD. HTTP File Transfer Guidelines HTTP file transfer can be performed either with or without SSL enabled.
PAGE 131
Commands Update AP AP-700 User Guide Update AP Update AP via TFTP Use the Update AP via TFTP tab to download Configuration, AP Image, Bootloader files, Certificate and Private Key files, and CLI Batch File to the AP. A TFTP server must be running and configured to point to the directory containing the file. Figure 6-2 Update AP via TFTP Command Screen If you do not have a TFTP server installed on your system, install the TFTP server from the ORiNOCO CD.
PAGE 132
Commands Update AP via HTTP – • AP-700 User Guide CLI Batch File: a CLI Batch file that contains CLI commands to configure the AP. This file will be executed by the AP immediately after being uploaded. See CLI Batch File for more information. File Operation: Select either Update AP or Update AP & Reboot. You should reboot the AP after downloading files.
PAGE 133
Commands Retrieve File AP-700 User Guide A warning message gets displayed that advises the user that a reboot of the device will be required for changes to take effect. Figure 6-4 Warning Message 4. Click OK to continue with the operation or Cancel to abort the operation. NOTE: An HTTP file transfer using SSL may take extra time. If the operation completes successfully the following screen appears.
PAGE 134
Commands Retrieve File – AP-700 User Guide Double-click the TFTP server icon on your desktop and locate the IP address assigned to the TFTP server. • File Name: Enter the name of the file to be uploaded. • File Type: Select the type of file to be uploaded: Config file, CLI Batch File, or CLI Batch (Error) Log. Use the following procedure to retrieve a file from an AP to a TFTP server: 1. If retrieving a Config file, configure all the required parameters in their respective tabs. Reboot the device. 2.
PAGE 135
Commands Retrieve File AP-700 User Guide Click on the Retrieve File button to initiate the operation. Figure 6-8 Retrieve File via HTTP Command Screen A confirmation message is displayed, asking if the user wants to proceed with retrieving the file. Figure 6-9 Retrieve File Confirmation Dialog Click OK to continue with the operation or Cancel to abort the operation. On clicking OK, the File Download window appears.
PAGE 136
Commands Reboot AP-700 User Guide On clicking the Save button the Save As window displays, where the user is prompted to choose the filename and location where the file is to be downloaded. Select an appropriate filename and location and click OK. Reboot Use the Reboot tab to save configuration changes (if any) and reset the AP. Enter a value between 0 and 65535 seconds; entering a value of 0 (zero) seconds causes an immediate reboot. Note that Reset, described below, does not save configuration changes.
PAGE 137
Commands Help Link AP-700 User Guide Help Link Use the Help tab to configure the location of the AP Help files. During initialization, the AP on-line help files are downloaded to the default location: C:/Program Files/ORiNOCO/AP700/HTML/index.htm. To enable the Help button on each page of the Web interface to access the help files, however, copy the entire Help folder to a web server, then specify the new HTTP path in the Help Link box.
PAGE 138
AP-700 User Guide Troubleshooting 7 This chapter provides information on the following: • Troubleshooting Concepts • Symptoms and Solutions • Recovery Procedures • Related Applications NOTE: This section helps you locate problems related to the AP device setup. For details about RADIUS, TFTP, serial communication programs (such as HyperTerminal), Telnet applications, or web browsers, please see the documentation that came with the respective application for assistance.
PAGE 139
Troubleshooting Symptoms and Solutions AP-700 User Guide Serial Link Does Not Work 1. Make sure you are using a standard, straight-through, 9-pin serial cable. 2. Double-check the physical network connections. 3. Make sure your PC terminal program (such as HyperTerminal) is active and configured to the following values: – Com Port: (COM1, COM2, etc.
PAGE 140
Troubleshooting Symptoms and Solutions AP-700 User Guide 6. Perform the Reset to Factory Default Procedure in this guide. This will reset the unit to “DHCP” mode. If there is a DHCP Server on the network, the DHCP Server will assign an IP Address to the AP. HTTP Interface or Telnet Interface Does Not Work 1. Make sure you are using a compatible browser: – Microsoft Internet Explorer 6 with Service Pack 1 or later – Netscape 7.1 or later 2. Make sure you have the proper IP address.
PAGE 141
Troubleshooting Symptoms and Solutions AP-700 User Guide Client PC Card Does Not Work 1. Make sure you are using the latest PC Card driver software. 2. Download and install the latest ORiNOCO client software from http://support.proxim.com. Intermittent Loss of Connection 1. Make sure you are within range of an active AP. 2. You can check the signal strength using the signal strength gauge on your client software. Client Does Not Receive an IP Address - Cannot Connect to Internet 1.
PAGE 142
Troubleshooting Recovery Procedures AP-700 User Guide 4. Try using a different Ethernet cable – if it works, there is probably a faulty connection over the long cable, or a bad RJ-45 connection. 5. Check power plug and hub. 6. If the Ethernet link goes down, check the cable, cable type, switch, and hub. There Is No Data Link 1. Verify that the indicator for the port is “on.” 2. Verify that the AE hub is connected to the Ethernet network with a good connection. 3.
PAGE 143
Troubleshooting Recovery Procedures AP-700 User Guide 1. While the unit is running, press the RESET button. NOTE: You need to use a pin or the end of a paperclip to press a button. The AP reboots and the indicators begin to flash. CAUTION: By completing Step 2, the firmware in the AP will be erased. You will need an Ethernet connection, a TFTP server, and a serial cable (if using the Bootloader CLI) to reload firmware. 2.
PAGE 144
Troubleshooting Recovery Procedures AP-700 User Guide 11. Click OK when prompted that the device has been updated successfully to return to the Scan List screen. 12.Click Cancel to close the ScanTool. 13.When the download process is complete, configure the AP as described in Installation and Initialization and Advanced Configuration. Download a New Image Using the Bootloader CLI To download the AP Image, you will need an Ethernet connection to the computer on which the TFTP server resides.
PAGE 145
Troubleshooting Recovery Procedures AP-700 User Guide [Device name]> show [Device name]> set ipaddrtype static [Device name]> set ipaddr 10.0.0.12 [Device name]> set ipsubmask 255.255.255.0 [Device name]> set tftpipaddr 10.0.0.20 [Device name]> set tftpfilename MyImage.bin [Device name]> set ipgw 10.0.0.30 [Device name]> show [Device name]> reboot The AP will reboot and then download the image file. You should see downloading activity begin after a few seconds within the TFTP server’s status screen. 8.
PAGE 146
Troubleshooting Related Applications AP-700 User Guide [Device name]> Please enter password: 4. Enter the CLI password (default is public). The terminal displays a welcome message and then the CLI Prompt: [Device name]> 5. Enter show ip. Network parameters appear: Figure 7-1 Result of “show ip” CLI Command 6. Change the IP address and other network values using set and reboot CLI commands, similar to the example below (use your own IP address and subnet mask).
PAGE 147
Troubleshooting Related Applications AP-700 User Guide If a TFTP server is not configured and running, you will not be able to download and upload images and configuration files to/from the AP. Remember that the TFTP server does not have to be local, so long as you have a valid TFTP IP address. Note that you do not need a TFTP server running unless you want to transfer files to or from the AP.
PAGE 148
AP-700 User Guide Command Line Interface (CLI) A This section discusses the following: • General Notes • Command Line Interface (CLI) Variations • CLI Command Types • Using Tables and Strings • Configuring the AP using CLI commands • Set Basic Configuration Parameters using CLI Commands • Other Network Settings • CLI Monitoring Parameters • Parameter Tables • CLI Batch File CLI commands can be used to initialize, configure, and manage the Access Point.
PAGE 149
Command Line Interface (CLI) General Notes AP-700 User Guide • Download vs. Upload - Downloads transfer files to the Access Point. Uploads transfer files from the Access Point. The TFTP server performs file transfers in both directions. • Group - A logical collection of network parameter information. For example, the System Group is composed of several related parameters. Groups can also contain Tables. All items for a given Group can be displayed with a show CLI Command.
PAGE 150
Command Line Interface (CLI) Command Line Interface (CLI) Variations AP-700 User Guide Command Line Interface (CLI) Variations Administrators use the CLI to control Access Point operation and monitor network statistics. The AP supports two types of CLI: the Bootloader CLI and the normal CLI. The Bootloader CLI provides a limited command set, and is used when the current AP Image is bad or missing. The Bootloader CLI allows you to assign an IP Address and download a new image.
PAGE 151
Command Line Interface (CLI) CLI Command Types AP-700 User Guide Figure A-2 Results of “show” bootloader CLI command CLI Command Types This guide divides CLI Commands into two categories: Operational and Parameter Controls. Operational CLI Commands These commands affect Access Point behavior, such as downloading, rebooting, and so on. After entering commands (and parameters, if any) press the Enter key to execute the Command Line.
PAGE 152
Command Line Interface (CLI) CLI Command Types AP-700 User Guide [Device-Name]>? Figure A-3 Result of “?” CLI command Example 2. Display specific Commands To show all commands that start with specified letters, enter one or more letters, then ? with no space between letters and ?. [Device-Name]>s? Figure A-4 Result of “s?” CLI command Example 3. Display parameters for set and show Example 3a allows you to see every possible parameter for the set (or show) commands.
PAGE 153
Command Line Interface (CLI) CLI Command Types AP-700 User Guide Example 3b. Display parameters based on letter sequence This example shows entries for parameters that start with the letter “i”. The more letters you enter, the fewer the results returned. Notice that there is no space between the letters and the question mark. [Device-Name]> show ipa? Figure A-6 Result of “show ipa?” CLI command [Device-Name]> show iparp? Figure A-7 Result of “show iparp?” CLI command Example 4.
PAGE 154
Command Line Interface (CLI) CLI Command Types AP-700 User Guide Example: [Device-Name]>download 192.168.1.100 APImage2 img 2. Syntax to display help and usage information: [Device-Name]>download 3. Syntax to execute the download Command using previously set (stored) TFTP Parameters: [Device-Name]>download * help Displays instructions on using control-key sequences for navigating a Command Line and displays command information and examples. 1.
PAGE 155
Command Line Interface (CLI) CLI Command Types AP-700 User Guide reboot Reboots Access Point after specified number of seconds. Specify a value of 0 (zero) for immediate reboot. [Device-Name]> reboot 0 [Device-Name]> reboot 30 search Lists the parameters supported by the specified table. This list corresponds to the table information displayed in the HTTP interface. In this example, the CLI returns the list of parameters that make up an entry in the IP Access Table.

PAGE 156

Command Line Interface (CLI) CLI Command Types AP-700 User Guide Syntax: [Device-Name]>show [Device-Name]>show [Device-Name]>show

Examples: [Device-Name]>show ipaddr [Device-Name]>show network [Device-Name]>show mgmtipaccesstbl “set” CLI Command Sets (modifies) the value of the specified parameter. To see a definition and syntax example, type only set and then press the Enter key.

PAGE 157

Command Line Interface (CLI) CLI Command Types AP-700 User Guide Example 1 - Set the Access Point IP Address Parameter Syntax: [Device-Name]>set Example: [Device-Name]> set ipaddr 10.0.0.12 IP Address will be changed when you reboot the Access Point. The CLI reminds you when rebooting is required for a change to take effect. To reboot immediately, enter reboot 0 (zero) at the CLI prompt.

PAGE 158

Command Line Interface (CLI) CLI Command Types AP-700 User Guide Example 5 - Show the Group Parameters This example illustrates how to view all elements of a group or table. Syntax: [Device-Name]> show Example: [Device-Name]>show network The CLI displays network group parameters. Note show network and show ip return the same data. Figure A-10 Results of “show network” and “show ip” CLI Commands Example 6 - Show Individual and Table Parameters 1. View a single parameter.

PAGE 159

Command Line Interface (CLI) Using Tables and Strings AP-700 User Guide Using Tables and Strings Working with Tables Each table element (or parameter) must be specified, as in the example below. [Device-Name]>set mgmtipaccesstbl 0 ipaddr 10.0.0.10 ipmask 255.255.0.0 Below are the rules for creating, modifying, enabling/disabling, and deleting table entries. • • • • Creation – The table name is required. – The table index is required – for table entry/instance creation the index is always zero (0).

PAGE 160

Command Line Interface (CLI) Configuring the AP using CLI commands AP-700 User Guide The string delimiter does not have to be used for every string object. The single quote or double quote only has to be used for string objects that contain blank space characters. If the string object being used does not contain blank spaces, then the string delimiters, single or double quotes, mentioned in this section are not required. Configuring the AP using CLI commands Log into the AP using HyperTerminal 1.

PAGE 161

Command Line Interface (CLI) Set Basic Configuration Parameters using CLI Commands • Download an AP Configuration File from your TFTP Server • Backup your AP Configuration File AP-700 User Guide Set System Name, Location and Contact Information [Device-Name]>set sysname sysloc [Device-Name]>set sysctname [Device-Name]>set sysctphone sysctemail [Device-Name]>show system Figure A-

PAGE 162

Command Line Interface (CLI) Set Basic Configuration Parameters using CLI Commands AP-700 User Guide Figure A-13 Results of “show wif” CLI command for an AP Enable 802.11d Support and Set the Country Code Perform the following command to enable 802.11d IEEE 802.11d support for additional regulatory domains.

PAGE 163

Command Line Interface (CLI) Set Basic Configuration Parameters using CLI Commands Country Code Country AP-700 User Guide Code Country Code China CN Kuwait KW Spain ES Colombia CO Latvia LV Sweden SE Costa Rica CR Lebanon LB Switzerland CH Croatia HR Liechtenstein LI Syria SY Cyprus CY Lithuania LT Taiwan TW Czech Republic CZ Luxembourg LU Thailand TH Denmark DK Macau MO Turkey TR Dominican Republic DO Macedonia MK Ukraine UA Ecuador EC Malaysia MY

PAGE 164

Command Line Interface (CLI) Other Network Settings AP-700 User Guide Example: [Device-Name]>set wifssidtbl 3.1 ssid accesspt1 vlanid 22 ssidauth enable acctstatus enable secprofile 1 radmacprofile "MAC Authentication" radeapprofile "EAP Authentication" radacctprofile "Accounting" radmacauthstatus enable aclstatus enable Download an AP Configuration File from your TFTP Server Begin by starting your TFTP program. It must be running and configured to transmit and receive.

PAGE 165

Command Line Interface (CLI) Other Network Settings • Configure the AP as a DHCP Server • Configure the DNS Client • Configure DHCP Relay and Configure DHCP Relay Servers • Maintain Client Connections using Link Integrity • Change your Wireless Interface Settings • Set Ethernet Speed and Transmission Mode • Set Interface Management Services • Configure Wireless Distribution System • Configure MAC Access Control • Set RADIUS Parameters • Set Rogue Scan Parameters • Set Hardware Configu

PAGE 166

Command Line Interface (CLI) Other Network Settings AP-700 User Guide Configure DHCP Relay Perform the following command to enable or disable DHCP Relay Agent Status. NOTE: You must have at least one entry in the DHCP Relay Server Table before you can set the DHCP Relay Status to Enable. [Device-Name]>set dhcprelaystatus enable Configure DHCP Relay Servers Perform the following command to configure and enable a DHCP Relay Server.

PAGE 167

Command Line Interface (CLI) Other Network Settings AP-700 User Guide Shutdown/Resume Wireless Service [Device-Name]>set wif wssstatus <1 (resume)/2 (shutdown)> Set Load Balancing Maximum Number of Clients [Device-Name]>set wif lbmaxclients <1–63> Set the Multicast Rate (802.11a) [Device-Name]>set wif 3 multrate <6, 12, 24 (Mbits/sec)> Set the Multicast Rate (802.11b/g) [Device-Name]>set wif 4 multrate <1,2,5.5,11 (Mbits/sec)> Enable/Disable Super Mode (802.

PAGE 168

Command Line Interface (CLI) Other Network Settings Value AP-700 User Guide Distance Between APs 1 Large 2 Medium 3 Small 4 Mini 5 Micro Set Ethernet Speed and Transmission Mode [Device-Name]>set etherspeed (see below) [Device-Name]>reboot 0 Ethernet Speed and Transmission Mode 10 Mbits/sec - half duplex 10 Mbits/sec - full duplex 10 Mbits/sec - auto duplex 100 Mbits/sec - half duplex 100 Mbits/sec - full duplex Auto Speed - half duplex Auto Speed - auto duplex Value 10halfduplex 10fu

PAGE 169

Command Line Interface (CLI) Other Network Settings AP-700 User Guide Configure Secure Socket Layer (HTTPS) Enabling SSL and configuring a passphrase allows encrypted Secure Socket Layer communications to the AP through the HTTPS interface. [Device-Name]>set sslstatus The user must change the SSL passphrase when uploading a new certificate/private key pair, which will have a corresponding passphrase.

PAGE 170

Command Line Interface (CLI) Other Network Settings AP-700 User Guide Configure Intra BSS [Device-Name]>set intrabssoptype Configure Wireless Distribution System Create/Enable WDS [Device-Name]>set wdstbl partnermacaddr status enable Enable/Disable WDS [Device-Name]>set wdstbl status NOTE: is 3.1–3.6. To determine the index, type show wdstbl at the prompt.

PAGE 171

Command Line Interface (CLI) Other Network Settings AP-700 User Guide [Device-Name]set radiustbl 1.2 profname "MAC Authentication" seraddrfmt 1 sernameorip 20.0.0.

PAGE 172

Command Line Interface (CLI) Other Network Settings AP-700 User Guide Set Rogue Scan Parameters Perform the following command to enable or disable Rogue Scan on a wireless interface and configure the scanning parameters. The cycletime parameter is only configured for background scanning mode.

PAGE 173

Command Line Interface (CLI) CLI Monitoring Parameters AP-700 User Guide Set Security Profile Parameters Configure a Security Profile with Non Secure Security Mode [Device-Name]>set secprofiletbl secmode nonsecure status enable Example: [Device-Name]>set secprofiletbl 2 secmode nonsecure status enable Configure a Security Profile with WEP Security Mode [Device-Name]>set secprofiletbl secmode wep encryptkey0 encryptkeylength encryptkeytx status enable Example: [Devic

PAGE 174

Command Line Interface (CLI) Parameter Tables • statiapp: Displays the IAPP statistics. • statradius: Displays the RADIUS Authentication statistics. • statif: Displays information and statistics about the Ethernet and wireless interfaces. • stat802.11: Displays additional statistics for the wireless interfaces. • statethernet: Displays additional statistics for the Ethernet interface. • statmss: Displays station statistics and Wireless Distribution System links.

PAGE 175

Command Line Interface (CLI) Parameter Tables • • • • – IP Access Table Parameters - Configure range of IP addresses that can access the AP – Auto Configuration Parameters - Configure the Auto Configuration feature which allows an AP to be automatically configured by downloading a configuration file from a TFTP server during boot up.

PAGE 176

Command Line Interface (CLI) Parameter Tables AP-700 User Guide System Parameters Name Type System Name Location Contact Name Contact E-mail Contact Phone Group DisplayString DisplayString DisplayString DisplayString DisplayString FLASH Backup Interval Flash Update Integer System OID Descriptor DisplayString DisplayString Up Time Integer Emergency Restore to defaults Value N/A User Defined User Defined User Defined User Defined User Defined max 254 characters 0 - 65535 seconds 0 1 N/A System Na

PAGE 177

Command Line Interface (CLI) Parameter Tables AP-700 User Guide Network Parameters IP Configuration Parameters Name Type Value Access Network IP Configuration Group Group N/A N/A R R IP Address IP Mask Default Router IP Address Default TTL IpAddress IpAddress IpAddress User Defined User Defined User Defined RW RW RW CLI Parameter network ip (Note: The network and ip parameters display the same information) ipaddr ipmask ipgw Integer RW ipttl Address Type Integer User Defined (seconds) 0

PAGE 178

Command Line Interface (CLI) Parameter Tables AP-700 User Guide DHCP Server table for IP pools Name DHCP Server IP Address Pool Table Table Index Start IP Address End IP Address Width Default Lease Time (optional) Maximum Lease Time (optional) Comment (optional) Status (optional) Table Type N/A R CLI Parameter dhcpippooltbl Integer IpAddress IpAddress Integer Integer32 User Defined User Defined User Defined User Defined >0 86400 sec (default) >0 86400 sec (default) User Defined enable (1) disable (2

PAGE 179

Command Line Interface (CLI) Parameter Tables AP-700 User Guide SNTP Parameters Name SNTP Group SNTP Status Type Group Integer Primary Server Name or DisplayString IP Address Secondary Server Name DisplayString or IP Address Time Zone Integer Daylight Savings Time Integer Year Month Day Hour Minutes Seconds Addressing Format Integer32 Integer32 Integer32 Integer32 Integer32 Integer32 Integer Value N/A enable disable 0 - 255 characters Access R RW CLI Parameter sntp sntpstatus RW sntpprisvr 0 -

PAGE 180

Command Line Interface (CLI) Parameter Tables AP-700 User Guide Interface Parameters Wireless Interface Parameters The wireless interface group parameter is wif. For Single-radio APs, the wireless interface uses table index 3. Common Parameters to 802.

PAGE 181

Command Line Interface (CLI) Parameter Tables AP-700 User Guide 802.11a Only Parameters * Name Operating Frequency Channel Integer Type Supported Data Rates Octet String Transmit Rate Integer32 Physical Layer Type Integer Super Mode Integer Turbo Mode* Integer Value Varies by regulatory domain and country.

PAGE 182

Command Line Interface (CLI) Parameter Tables AP-700 User Guide 802.11b Only Parameters Name Operating Frequency Channel Integer Type Multicast Rate Integer Closed Wireless System Integer MAC Address Supported Data Rates PhyAddress Octet String Transmit Rate Integer32 Physical Layer Type Integer Regulatory Domain List DisplayString Value 1 - 14; available channels vary by regulatory domain/country; see Available Channels 1 Mbits/sec (1) 2 Mbits/sec (2) (default) 5.

PAGE 183

Command Line Interface (CLI) Parameter Tables Name Transmit Rate Type Integer32 AP-700 User Guide Value Access RW For 802.11b-only mode: 0 (auto fallback; default) 1 Mbits/sec 2 Mbits/sec 5.5 Mbits/sec 11 Mbits/sec CLI Parameter txrate For 802.11g-only mode:* 0 (auto fallback; default) 6 Mbits/sec 9 Mbits/sec 12 Mbits/sec 18 Mbits/sec 24 Mbits/sec 36 Mbits/sec 48 Mbits/sec 54 Mbits/sec * Physical Layer Type Integer Super Mode Integer Turbo Mode † Integer For 802.

PAGE 184

Command Line Interface (CLI) Parameter Tables AP-700 User Guide Channel Blacklist Parameters Name Wireless Interface Channel Blacklist Table Interface Index Channel Number Type Integer Integer Radar Detected TruthValue Elapsed Time (minutes) Blacklist Status Gauge32 ObjStatus Table Value wifchblklisttbl 3 Depends on regulatory domain True False 0 - 32 enable disable Access CLI Parameter R wdstbl R R ifindex channel R radardetected R RW elapsetime status Access R R RW RW CLI Parameter w

PAGE 185

Command Line Interface (CLI) Parameter Tables RADIUS MAC Profile RADIUS EAP Profile RADIUS Accounting Profile QoS Policy AP-700 User Guide DisplayString DisplayString DisplayString User defined User defined User defined RW RW RW radmacprofile radeapprofile radacctprofile Integer32 User defined RW qospolicy Wireless Distribution System (WDS) Security Table Parameters The WDS Security Table manages WDS related security objects.

PAGE 186

Command Line Interface (CLI) Parameter Tables Read/Write Password DisplayString SNMPv3 Authentication Password DisplayString SNMPv3 Privacy Password DisplayString AP-700 User Guide User Defined public (default) 6 - 32 characters User Defined public (default) 6 - 32 characters User Defined public (default) 6 - 32 characters W snmprwpasswd W snmpv3authpasswd W snmpv3privpasswd 186

PAGE 187

Command Line Interface (CLI) Parameter Tables AP-700 User Guide HTTP Parameters * Name HTTP HTTP Management Interface Bitmask Type Group Interface Bitmask HTTP Password DisplayString HTTP Port Integer Help Link* SSL Status SSL Certificate Passphrase DisplayString Integer DisplayString Value N/A 0 or 2 = No interfaces (disable) 1 or 3 = Ethernet 4 or 6 = Wireless 5 or 7 = All interfaces (default is 7) User Defined (6 - 32 characters) User Defined Default = 80 User Defined enable/disable User Defi

PAGE 188

Command Line Interface (CLI) Parameter Tables AP-700 User Guide Serial Port Parameters Name Serial Baud Rate Group Integer Type Data Bits Parity Stop Bits Flow Control Integer Integer Integer Value Value N/A 2400, 4800,9600 (default), 19200, 38400, 57600 8 none 1 none (default) xonxoff Access R RW CLI Parameter serial serbaudrate R R R RW serdatabits serparity serstopbits serflowctrl RADIUS Based Management Access Parameters The RADIUS Based Management Access parameters allow you to enable HTTP

PAGE 189

Command Line Interface (CLI) Parameter Tables AP-700 User Guide Auto Configuration Parameters These parameters relate to the Auto Configuration feature which allows an AP to be automatically configured by downloading a specific configuration file from a TFTP server during the boot up process.

PAGE 190

Command Line Interface (CLI) Parameter Tables AP-700 User Guide Filtering Parameters Ethernet Protocol Filtering Parameters Name Ethernet Filtering Filtering Interface Bitmask Type Group Interface Bitmask Operation Type Value N/A 0 or 2 = No interfaces (disable) 1 or 3 = Ethernet 4 or 6 = Wireless 5 or 7 = All interfaces (default is 7) passthru block Access R RW CLI Parameter etherflt etherfltifbitmask RW etherfltoptype Ethernet Filtering Table Identify the different filters by using the table ind

PAGE 191

Command Line Interface (CLI) Parameter Tables AP-700 User Guide Proxy ARP Parameters Name Proxy ARP Status Type Value N/A enable disable (default) Access R RW CLI Parameter parp parpstatus Type Value N/A enable disable (default) User Defined User Defined Access R RW CLI Parameter iparp iparpfltstatus RW RW iparpfltipaddr iparpfltsubmask Value N/A 1-5 N/A ethertowireless wirelesstoether both (default) enable disable (default) Access R N/A R RW CLI Parameter broadcastflttbl index protoname dire

PAGE 192

Command Line Interface (CLI) Parameter Tables AP-700 User Guide Name Port Number Type Octet String Protocol Name DisplayString Interface Bitmask Integer32 Status (optional) Integer Value User Defined (there are also 4 pre-defined protocols: Index 1: NetBios Name Service - 137, Index 2: NetBios Datagram Service - 138, Index 3: NetBios Session Service - 139, Index 4: SNMP Service - 161) User Defined (there are also 4 pre-defined protocols, see Port Number above) 0 or 2 = No interfaces (disable) 1 or

PAGE 193

Command Line Interface (CLI) Parameter Tables AP-700 User Guide Syslog Status Integer Syslog Port Syslog Lowest Priority Logged Octet String Integer Heartbeat Status Integer Heartbeat Interval (seconds) Integer enable disable (default) 514 1-7 1 = LOG_ALERT 2 = LOG_CRIT 3 = LOG_ERR 4 = LOG_WARNING 5 = LOG_NOTICE 6 = LOG_INFO (default) 7 = LOG_DEBUG enable (1) disable (2) (default) 1 - 604800 seconds; 900 sec.

PAGE 194

Command Line Interface (CLI) Parameter Tables AP-700 User Guide Bridge Parameters Spanning Tree Parameters Name Spanning Tree Spanning Tree Status Type Group Integer Bridge Priority Integer Maximum Age Integer Hello Time Integer Forward Delay Integer Value N/A enable (default) disable 0 - 65535 32768 (default) 600 - 4000 (in 0.01 sec intervals; i.e., 6 to 40 seconds) 2000 (default) 100 - 1000 (1/100 second; i.e., 1 to 10 seconds); enter values in increments of 100 200 (default) 400 - 3000 (in 0.

PAGE 195

Command Line Interface (CLI) Parameter Tables AP-700 User Guide Storm Threshold Table Name Storm Threshold Table Table Index Table Integer Type Broadcast Threshold Integer Multicast Threshold Integer Value N/A 1 = Ethernet 3 = Wireless 0 - 255 packets/sec (default is 0) 0 - 255 packets/sec (default is 0) Access R R CLI Parameter stmthrestbl index RW bcast RW mcast Intra BSS Subscriber Blocking The following parameters control the Intra BSS traffic feature, which prevent wireless clients that

PAGE 196

Command Line Interface (CLI) Parameter Tables AP-700 User Guide RADIUS Parameters General RADIUS Parameters Name RADIUS Client Invalid Server Address Type Group Counter32 Value N/A N/A Access R R CLI Parameter radius radcliinvsvradd RADIUS Server Configuration Parameters NOTE: Use a server name only if you have enabled the DNS Client functionality. See DNS Client for RADIUS Name Resolution.

PAGE 197

Command Line Interface (CLI) Parameter Tables AP-700 User Guide Security Parameters MAC Access Control Parameters Name MAC Address Control Status Type Group Integer Operation Type Integer Value N/A enable disable (default) passthru (default) block Access R RW RW CLI Parameter macacl aclstatus macacloptype MAC Access Control Table Name MAC Address Control Table Table Index MAC Address Comment (optional) Status (optional) Type Value Table N/A N/A PhysAddress DisplayString N/A User Defined User

PAGE 198

Command Line Interface (CLI) Parameter Tables Name Hardware Configuration Reset Status Configuration Reset Password AP-700 User Guide Type Access R DisplayString Value enable (1) disable (2) User Defined Type Value Access Integer RW CLI Parameter hwconfigresetstatus configresetpasswd VLAN/SSID Parameters Name VLAN Status Group Integer Management ID VlanId N/A enable disable (default) -1 (untagged) or 1 - 4094 CLI Parameter R RW vlan vlanstatus RW vlanmgmtid Security Profile Table The S

PAGE 199

Command Line Interface (CLI) Parameter Tables AP-700 User Guide Other Parameters IAPP Parameters Name Type IAPP IAPP Status Group Integer Periodic Announce Interval (seconds) Integer Announce Response Time Handover Time-out Integer Integer Max.

PAGE 200

Command Line Interface (CLI) Parameter Tables * AP-700 User Guide Name Policy Type Integer Type Priority Mapping Index† Apply QoS Marking Integer Object Status Table Row Status Row Status Value inlayer2, inlayer3, outlayer2, outlayer3, spectralink* See Note †. enable disable enable disable delete Access RW CLI Parameter type RW RW mapindex markstatus RW status QoS must be enabled on the wireless interface before spectralink can be enabled.

PAGE 201

Command Line Interface (CLI) CLI Batch File AP-700 User Guide QoS Enhanced Distributed Channel Access (EDCA) Parameters The following commands configure the client (STA) and AP Enhanced Distributed Channel Access (EDCA) parameters. The EDCA parameter set provides information needed by the client stations for proper QoS operation during the wireless contention period.

PAGE 202

Command Line Interface (CLI) CLI Batch File AP-700 User Guide executes the CLI commands. Commands that do not require a reboot take effect immediately, while commands that require a reboot (typically commands affecting a wireless interface) will take effect after reboot. Auto Configuration and the CLI Batch File The Auto Configuration feature allows download of the LTV format configuration file or the CLI Batch file. The AP detects whether the file uploaded is LTV format or a CLI Batch file.

PAGE 203

Command Line Interface (CLI) CLI Batch File • AP-700 User Guide Upload and reboot (this option is to be used for a CLI Batch file containing the configuration parameters that require a reboot) CLI Batch File Error Log If there is any error during the execution of the CLI Batch file, the AP will stop executing the file.

PAGE 204

AP-700 User Guide B ASCII Character Chart You can configure WEP Encryption Keys in either Hexadecimal or ASCII format. Hexadecimal digits are 0-9 and A-F (not case sensitive). ASCII characters are 0-9, A-F, a-f (case sensitive), and punctuation marks. Each ASCII character corresponds to two hexadecimal digits. The table below lists the ASCII characters that you can use to configure WEP Encryption Keys. It also lists the Hexadecimal equivalent for each ASCII character.

PAGE 205

AP-700 User Guide C Specifications • Software Features • Hardware Specifications • Available Channels • RF Performance Software Features The tables below list the software features available on the AP-700. • Number of Stations per BSS • Management Functions • Advanced Bridging Functions • Medium Access Control (MAC) Functions • Security Functions • Network Functions Number of Stations per BSS Feature Without encryption With WEP encryption With 802.1x Authentication With WPA With 802.

PAGE 206

Specifications Software Features AP-700 User Guide Advanced Bridging Functions Feature IEEE 802.1d Bridging WDS Relay Roaming Protocol Filtering Multicast/Broadcast Storm Filtering Proxy ARP TCP/UDP Port Filtering Blocking Intra BSS Clients Packet Forwarding Supported by AP-700 3 3 3 3 3 3 3 3 3 Medium Access Control (MAC) Functions Feature Automatic Channel Selection (ACS) Dynamic Frequency Selection (DFS)* Closed System Feature Wireless Service Shutdown 802.

PAGE 207

Specifications Software Features AP-700 User Guide ‡ Support is provided for a primary and backup RADIUS authentication server for both MAC-based authentication and 802.1x authentication per VLAN. § Use in conjunction with WPA or 802.1x Authentication.

PAGE 208

Specifications Hardware Specifications AP-700 User Guide Hardware Specifications Physical Specifications Dimensions (H x W x L) = 6.5 x 18.5 x 26 cm (2.5 x 7.25 x 10.25 in.) Weight = 1.75 Kg (3.5 lb.) Electrical Specifications Voltage = 100 to 240 VAC (50-60 Hz) Current = 0.

PAGE 209

Specifications Available Channels AP-700 User Guide Available Channels Available channels vary based on operational mode and country. To verify which channels are available for your product: 1. Locate the product SKU on the underside of your AP unit or on the unit’s box. 2. Note the alphanumeric code following the number 8675. (e.g., 8675-EU) 3. See the following table. NOTE: Country restrictions may apply. Please see Regulatory Compliance. Mode Frequency Channel Band 802.

PAGE 210

Specifications RF Performance AP-700 User Guide RF Performance The following tables show typical AP-700 RF performance values. 802.11a RF Performance Tx Power (dBm)* Receiver Sensitivity (dBm) Antenna Gain (dBi) * 802.11a Data Rates (Mbps) 54 48 36 24 18 12 16 17 18 18 18 18 -70 -73 -78 -82 -84 -85 0 (integrated diversity antennas; 5.15-5.85 GHz) 9 18 -86 6 18 -87 Values are for FCC-certified products. They may differ for products certified in other regulatory domains. 802.11b/g RF Performance 802.

PAGE 211

AP-700 User Guide Technical Support D If you are having a problem using an AP and cannot resolve it with the information in Troubleshooting, gather the following information and contact your local reseller: • • • List of ORiNOCO products installed on your network; include the following: – Product names and quantity – Part numbers (P/N) – Serial numbers (S/N) List of ORiNOCO software versions installed – Check the HTTP interface’s Version tab (click on Monitor > Version).

PAGE 212

Technical Support Telephone Support AP-700 User Guide Submit a Knowledgebase question or open an issue at: . Our technical support staff will reply to you by email. NOTE: The Knowledgebase is available to all website visitors. First-time users will be asked to create an account to gain access. Telephone Support Contact technical support by phone 24 hours a day, seven days a week.

PAGE 213

AP-700 User Guide Statement of Warranty E Warranty Coverage Proxim Corporation warrants that its Products are manufactured solely from new parts, conform substantially to specifications, and will be free of defects in material and workmanship for a Warranty Period of 1 year from the date of purchase.

PAGE 214

Statement of Warranty Other Information AP-700 User Guide Calls to the Customer Service Center for reasons other than Product failure will not be accepted unless Buyer has purchased a Proxim Service Contract or the call is made within the first thirty (30) days of the Product’s invoice date. Calls that are outside of the 30-day free support time will be charged a fee of $25.00 (US Dollars) per Support Call.

PAGE 215

AP-700 User Guide F Regulatory Compliance NOTE: Please read this section before installing and using your product, and save these instructions. Visit http://support.proxim.com for the latest regulatory compliance information.

PAGE 216

Regulatory Compliance Safety Information (USA, Canada, & European Union) AP-700 User Guide Safety Information (USA, Canada, & European Union) This product has been evaluated to, and complies with, the Safety requirements of UL60950:2000, and IEC60950:1999; the Standards for the Safety of Information Technology Equipment.

PAGE 217

Regulatory Compliance Federal Communications Commission (FCC) AP-700 User Guide Federal Communications Commission (FCC) 217

PAGE 218

Regulatory Compliance Federal Communications Commission (FCC) AP-700 User Guide Warnings This equipment generates, uses, and can radiate radio frequency energy; and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.

PAGE 219

Regulatory Compliance Industry Canada (IC) AP-700 User Guide Industry Canada (IC) 219

PAGE 220

Regulatory Compliance European Union AP-700 User Guide European Union NOTE: European Union includes the following countries: Austria, Belgium, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom; DoC also applies to Iceland, Liechtenstein, Norway, and Switzerland.

PAGE 221

Regulatory Compliance Regulatory Compliance Certifications Summary AP-700 User Guide Regulatory Compliance Certifications Summary Country Australia & New Zealand Brazil Canada China European Union* India Japan Mexico Saudi Arabia Singapore South Korea Taiwan United Arab Emirates USA Certification/Reference No. N11394 ANATEL Cert. No.: 0090-05-1641 IC Cert. No.: 4110A-APAGAT01 Safety: UL File No. E177793 CMII ID: 2004DJ0339 CE1313! Safety: CB Lic. No. DK-7318 Pending Radio Cert. Nos.