Page 1 ORiNOCO AP-700 Access Point User Guide...
Page 2 Copyright © 2005 Proxim Corporation. All rights reserved. Covered by one or more of the following U.S. patents: 5,231,634; 5,875,179; 6,006,090; 5,809,060; 6,075,812; 5,077,753. This user’s guide and the software described in it are copyrighted with all rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form by any means without the written permission of Proxim Corporation.
Page 3: Table Of Contents
Contents Introduction ..............9 Document Conventions .
Page 4 Contents IP Configuration ................38 DHCP Server .
Page 5 Contents Management VLAN ............... 105 Security Profile .
Page 6 Contents Forced Reload Procedure ..............142 Setting IP Address using Serial Port .
Page 7 Contents CLI Batch File ..............201 Auto Configuration and the CLI Batch File .
Page 8 Caution: Exposure to Radio Frequency Radiation ..........218 Modifications .
Page 9: Introduction
Introduction This chapter contains information on the following: • Document Conventions • Introduction to Wireless Networking • Guidelines for Roaming • IEEE 802.11 Specifications • Management and Monitoring Capabilities Document Conventions • AP refers to an AP-700 Access Point. • 802.11 is used to describe features that apply to the 802.11a, 802.11b, and 802.11g wireless standards.
Page 10: Guidelines For Roaming
Guidelines for Roaming • Typical voice network cell coverages vary based on environment. Proxim recommends having a site survey done professionally to ensure optimal performance. For professional site surveyors, Ekahau™ Site Survey software is included in the Xtras folder of the Installation CD.
Page 11: Management And Monitoring Capabilities
Introduction Management and Monitoring Capabilities 802.11 direct sequence devices (that operate at 1 or 2 Mbits/sec). Available Frequency Channels vary by regulatory domain and/or country. See Available Channels Also in 1999, the IEEE modified the 802.11 standard to support devices operating in the 5 GHz frequency band. This standard is referred to as 802.11a.
Page 12: Snmp Management
ORiNOCO Enterprise MIB Proxim provides these MIB files on the CD-ROM included with each Access Point. You need to compile one or more of the above MIBs into your SNMP program’s database before you can manage an Access Point using SNMP. See the documentation that came with your SNMP manager for instructions on how to compile MIBs.
Page 13 Introduction Management and Monitoring Capabilities The SSH server (AP) has host keys - a pair of asymmetric keys - a private key that resides on the AP and a public key that is distributed to clients that need to connect to the AP. As the client has knowledge of the server host keys, the client can verify that it is communicating with the correct SSH server.
Page 14: Installation And Initialization
Installation and Initialization This chapter contains information on the following: • AP-700 Hardware Description – Overview – Antennas – Active Ethernet – LED Indicators • Prerequisites • Product Package • System Requirements • Hardware Installation • Initialization – Using ScanTool –...
Page 15: Antennas
When transmitting, the AP chooses the antenna with the highest success rate, and broadcasts are transmitted on alternating antennas. Antenna diversity is enabled by default (set to “auto”). When using the internal antennas, Proxim recommends leaving antenna diversity disabled. However, you may disable antenna diversity by manually selecting which antenna to use through the Command Line Interface.
Page 16: Active Ethernet
Command Line Interface. See Antenna Diversity for information. NOTE: Using two external antennas is not recommended. For a list of recommended antennas, see http://www.proxim.com/products/wifi/accessories. For installation instructions, Installing External Antennas. Active Ethernet The AP-700 is equipped with an 802.3af-compliant Active Ethernet module.
Page 17: Prerequisites
Installation and Initialization Prerequisites The LED indicators exhibit the following behavior: Indication Solid Green AP image running. Blinking Green Solid Amber The Bootloader is loading the application software. Blinking Amber The AP is reloading. Solid Red Power On Self Test (POST) running.
Page 18 Installation and Initialization Prerequisites Client IP Address Pool Allocation Scheme DNS Server IP Address Gateway IP Address and Subnet Mask The Access Point can automatically provide IP addresses to clients as they sign on. The network administrator typically provides the IP Pool range. The network administrator typically provides this IP Address.
Page 19: Product Package
Installation and Initialization Product Package Product Package Each AP-700 comes with the following: • AP-700 unit (with integrated 802.11a/b/g radio and Active Ethernet) • Power adapter • One ceiling or wall mounting plate • Security cover • One Installation CD-ROM that contains the following: –...
Page 20: Hardware Installation
Installation and Initialization Hardware Installation Hardware Installation NOTE: Before installing and using this product, see the NOTE: Avant l’installation et l’utilisation de ce produit, veuillez vous référer à la partie « Compliance » (conformité aux réglementations). NOTA: Prima di installare ed utilizzare questo prodotto, fare riferimento alla sezione relativa alla Compliance”...
Page 21: Installing The Security Cover
AP-700. Mounting the AP-700 Proxim recommends that you have a site survey professionally conducted to determine the best location for the AP. For professional site surveyors, Ekahau Site Survey software is included in the Xtras folder on the Installation CD-ROM.
Page 22: Installing External Antennas
Installation and Initialization Hardware Installation Figure 2-5 AP-700 Mounting Plate Mounting the AP-700 to a Wall 1. Put the mounting plate up to the wall. 2. Screw through the mounting plate. 3. Place the AP up against the mounting plate. Orient the AP with the long access vertical, with the connectors facing to the left.
Page 23: Installing The Ap In A Plenum
Installation and Initialization Hardware Installation Figure 2-6 Opening the Antenna Compartment 2. There are two antenna connectors in the AP-700, labeled 1 and 2. Connect the antenna cable to connector 1 (the connector closer to the LED panel in the compartment). Figure 2-7 AP-700 Antenna Connectors 3.
Page 24: Initialization
Installation and Initialization Initialization Initialization The following sections detail how to initialize the AP using ScanTool, log in to the HTTP interface, perform an initial configuration of the AP using the Setup Wizard, and download the required AP software. • Using ScanTool •...
Page 25 Installation and Initialization Initialization change your adapter setting at any time by clicking the Select Adapter button on the Scan List screen. Note that the ScanTool Network Adapter Selection screen will not appear if your computer only has one network adapter installed.
Page 26: Logging In
Installation and Initialization Initialization d. Enter a static IP Address for the AP in the field provided. You must assign the unit a unique address that is valid on your IP subnet. Contact your network administrator if you need assistance selecting an IP address for the unit.
Page 27: Using The Setup Wizard
Installation and Initialization Initialization 4. Enter the HTTP password in the Password field. Leave the User Name field blank. For new units, the default HTTP password is public. If you are logging on for the first time the Setup Wizard will launch automatically. NOTE: To prevent the Setup Wizard from launching upon log in, click on Management >...
Page 28 Installation and Initialization Initialization Figure 2-12 Setup Wizard Setup Wizard Instructions 1. Click Setup Wizard to begin. The Setup Wizard supports the following navigation options: • Save & Next Button: Each Setup Wizard screen has a Save & Next button. Click this button to submit any changes you made to the unit’s parameters and continue to the next page.
Page 29: Installing The Software
Installing the Software Proxim periodically releases updated software for the AP on its Web site, Answer ID 1686). Proxim recommends that you check the Web site for the latest updates after you have installed and initialized the unit. Advanced Configuration...
Page 30 3. Use the Browse button to locate or manually type in the name of the file (including the file extension) the file you downloaded from the Proxim Knowledgebase. If typing the file name, you must include the full path and the file extension in the file name text box.
Page 31 6. Select the File Type from the drop-down menu (use Img for software updates). 7. Select Download & Reboot from the File Operation drop-down menu. 8. Click OK. The Access Point will reboot automatically when the download is complete. HTTP. http://support.proxim.com (Knowledgebase Answer ID 1686). See AP-700 User Guide Troubleshooting...
Page 32: Related Topics
Troubleshooting for troubleshooting suggestions. • Command Line Interface (CLI) http://support.proxim.com (Knowledgebase Answer ID 1686). See for more information. for information on configuration options that are available within the Access Point’s for information on the CLI interface and for a list of CLI commands.
Page 33: System Status
System Status The first screen displayed after the Status button. Figure 3-1 System Status Screen The System Status screen provides the following information: • System Status: This area provides system-level information, including the unit’s IP address and contact information. System for information on these settings.
Page 34: Advanced Configuration
Advanced Configuration This chapter contains information on configuring settings in the following categories: • System: Configure specific system information such as system name and contact information. • Network: Configure IP, DNS client, DHCP server, DHCP Relay Agent, DHCP Relay Servers, Link Integrity, and SNTP settings.
Page 35 Advanced Configuration AP-700 User Guide Figure 4-1 Configure Main Screen 2. Click the tab that corresponds to the parameter you want to configure. For example, click Network to configure the Access Point’s TCP/IP settings. Each Configure tab is described in the remainder of this chapter.
Page 36: System
Advanced Configuration System System You can configure and view the following parameters within the System Configuration screen: • Name: The name assigned to the AP. See the sections for rules on naming the AP. • Location: The location where the AP is installed. •...
Page 37 Advanced Configuration System Access Point System Naming Convention The Access Point's system name is used as its host name. In order to prevent Access Points with default configurations from registering similar host names in DNS, the default system name of the Access Point is uniquely generated. Access Points generate unique system names by appending the last 3 bytes of the Access Point's MAC address to the default system name.
Page 38: Network
Advanced Configuration Network Network The Network tab contains the following sub-tabs: • IP Configuration • DHCP Server • DHCP Relay Agent • Link Integrity • SNTP (Simple Network Time Protocol) IP Configuration This tab is used to configure the internet (TCP/IP) settings for the access point. These settings can be either entered manually (static IP address, subnet mask, and gateway IP address) or obtained automatically (dynamic).The DNS Client functionality can also be configured, so that host names used for configuring the access point can be resolved to their IP addresses.
Page 39: Dhcp Server
• DNS Client Default Domain Name: The default domain name for the Access Point’s network (for example, “proxim.com”). Contact your network administrator if you need assistance setting this parameter. Advanced •...
Page 40 Advanced Configuration Network Figure 4-4 DHCP Server Configuration Screen You can configure and view the following parameters within the DHCP Server Configuration screen: NOTE: You must reboot the Access Point before changes to any of these DHCP server parameters take effect. •...
Page 41: Dhcp Relay Agent
Advanced Configuration Network – Status: IP Pools are enabled upon entry in the table. You can also disable or delete entries by changing this field’s value. NOTE: You must reboot the Access Point before changes to any of these DHCP server parameters take effect. DHCP Relay Agent When enabled, the DHCP relay agent forwards DHCP requests to the set DHCP server.
Page 42: Link Integrity
Advanced Configuration Network Figure 4-6 DHCP Server IP Address Table - Edit Entries To add an entry, enter the IP Address of the DHCP Server and a comment (optional), and click OK. To edit an entry, make changes to the appropriate entry. Enable or disable the entry by choosing Enable or Disable from the Status drop-down menu, and click OK.
Page 43: Sntp (Simple Network Time Protocol)
Advanced Configuration Network Figure 4-7 Link Integrity Configuration Screen SNTP (Simple Network Time Protocol) SNTP allows a network entity to communicate with time servers in the network/internet to retrieve and synchronize time of day information. When this feature is enabled, the AP will attempt to retrieve the time of day information from the configured time servers (primary or secondary), and, if successful, will update the relevant time objects in the AP.
Page 44 Advanced Configuration Network Figure 4-8 SNTP Configuration Screen You can configure and view the following parameters within the SNTP screen: • SNTP Status: Select Enable or Disable from the drop-down menu. The selected status will determine which of the parameters on the SNTP screen are configurable. NOTE: When SNTP is enabled, it will take some time for the AP to retrieve the time of day from the configured time servers and update the relevant date and time parameters.
Page 45 Advanced Configuration Network – Year: Enter the current year. – Month: Enter the month in digits (1-12). – Day: Enter the day in digits (1-31). – Hour: Enter the hour in digits (0-23). – Minutes: Enter the minutes in digits (0-59). –...
Page 46: Interfaces
Advanced Configuration Interfaces Interfaces From the Interfaces tab, you configure the Access Point’s operational mode settings, power control settings, wireless interface settings and Ethernet settings. You may also configure a Wireless Distribution System for AP-to-AP communications. The Interfaces tab contains the following sub-tabs: •...
Page 47 Advanced Configuration Interfaces • 802.11g-wifi mode: The 802.11g-wifi mode has been defined for Wi-Fi testing purporses. It is not recommended for use in your wireless network environment. NOTE: In countries in which 802.11a (5 GHz) is not available for use, the AP-700 provides dual-band (802.11b and 802.11g) support only.
Page 48 Advanced Configuration Interfaces 3. Select the Country Code from the ISO/IEC 3166-1 CountryCode drop-down menu. 4. Click OK. 5. Configure Transmit Power Control and transmit power level if required. TX Power Control/Transmit Power Level Transmit Power Control uses standard 802.11d frames to control transmit power within an infrastructure BSS. This method of power control is considered to be an interim way of controlling the transmit power of 802.11d enabled clients in lieu of implementation of 802.11h.
Page 49: Wireless (802.11A/B/G Radio)
Advanced Configuration AP-700 User Guide Interfaces Wireless (802.11a/b/g Radio) Figure 4-10 Wireless Interface...
Page 50 Advanced Configuration Interfaces You can view and configure the following parameters for the Wireless interface: NOTE: You must reboot the Access Point before any changes to these parameters take effect. • Physical Interface Type: Depending on the Operational Mode, this field reports: –...
Page 51 Advanced Configuration Interfaces NOTE: Turbo mode is supported in 802.11a and 802.11g mode. If turbo mode is enabled, then this is displayed in the web UI and the transmit speeds and channels pull-down menus are updated with the valid values. •...
Page 52 Advanced Configuration Interfaces – Estonia – Finland – France – Germany RTS/CTS Medium Reservation The 802.11 standard supports optional RTS/CTS communication based on packet size. Without RTS/CTS, a sending radio listens to see if another radio is already using the medium before transmitting a data packet. If the medium is free, the sending radio transmits its packet.
Page 53 Advanced Configuration Interfaces Traps Generated During Wireless Service Shutdown (and Resume) The following traps are generated during wireless service shutdown and resume, and are also sent to any configured Syslog server. When the wireless service is shut down on a wireless interface, the AP generates a trap called oriTrapWirelessServiceShutdown.
Page 54 Advanced Configuration Interfaces Figure 4-12 Channel Blacklist Table - Edit Screen Wireless Distribution System (WDS) A Wireless Distribution System (WDS) creates a link between two 802.11a, 802.11b, or 802.11b/g APs over their radio interfaces. This link relays traffic from one AP that does not have Ethernet connectivity to a second AP that has Ethernet connectivity.
Page 55 Advanced Configuration Interfaces • There are separate security settings for clients and WDS links. The same WDS link security mode must be configured (currently we only support none or WEP) on each Access Point in the WDS and the same WEP key must be configured.
Page 56: Ethernet
Advanced Configuration Interfaces Figure 4-15 Adding WDS Links 6. Select whether to use encryption in the WDS by checking the Enable WDS Security Mode checkbox. 7. If you enabled WDS Security Mode, enter the Encryption Key 0 used for encryption between the WDS links. 8.
Page 57 Figure 4-16 Ethernet Sub-tab For best results, Proxim recommends that you configure the Ethernet setting to match the speed and transmission mode of the device the Access Point is connected to (such as a hub or switch). If in doubt, leave this setting at its default, auto-speed-auto-duplex.
Page 58: Management
Confirm field. This password must be between 6 and 32 characters. The default password is “public”. NOTE: For security purposes Proxim recommends changing ALL PASSWORDS from the default “public” immediately, to restrict access to your network devices to authorized personnel. If you lose or forget your password settings, you...
Page 59: Ip Access Table
Advanced Configuration Management IP Access Table The Management IP Access table limits in-band management access to the IP addresses or range of IP addresses specified in the table. This feature applies to all management services (SNMP, HTTP, and CLI) except for CLI management over the serial port.
Page 60 • SSL Certificate Passphrase: After enabling SSL, the only configurable parameter is the SSL passphrase. The default SSL passphrase is proxim. The AP supports SSLv3 with a 128-bit encryption certificate maintained by the AP for secure communications between the AP and the HTTP client. All communications are encrypted using the server and the client-side certificate.
Page 61 Advanced Configuration AP-700 User Guide Management Figure 4-17 Management Services Configuration Screen...
Page 62 Advanced Configuration Management Telnet Configuration Settings • Telnet Interface Bitmask: Select the interface (Ethernet, Wireless, All Interfaces) from which you can manage the AP via telnet. This parameter can also be used to Disable telnet management. • Telnet Port Number: The default port number for Telnet applications is 23. However, you can use this field if you want to change the Telnet port for security reasons (but your Telnet application also must support the new port number you select).
Page 63 Advanced Configuration Management NOTE: When Secure Management is enabled on the AP, SSH will be enabled by default and cannot be disabled. Host keys must either be generated externally and uploaded to the AP (see generated manually, or auto-generated at the time of SSH initialization if SSH is enabled and no host keys are present. There is no key present in an AP that is in a factory default state.
Page 64 Serial Flow Control: Select either None (default) or Xon/Xoff (software controlled) data flow control. NOTE: To avoid potential problems when communicating with the AP through the serial port, Proxim recommends that you leave the Flow Control setting at None (the default value).
Page 65: Automatic Configuration (Autoconfig)
Advanced Configuration Management • RADIUS Profile for Management Access Control: Specifies the RADIUS Profile to be used for RADIUS Based Management Access. • Local User Status: Enables or disables the local user when RADIUS Based Management is enabled. The default local user ID is root.
Page 66 Advanced Configuration Management Figure 4-19 Automatic Configuration Screen Set up Automatic Configuration for Dynamic IP Perform the following procedure to enable and set up Automatic Configuration when you have a dynamic IP address for the TFTP server via DHCP. The Configuration filename and the TFTP server IP address are contained in the DHCP response when the AP gets its IP address dynamically from the DHCP server.
Page 67: Hardware Configuration Reset (Chrd)
Advanced Configuration Management Figure 4-20 DHCP Options: Setting the Boot Server Host Name 4. Add the Boot Server Hostname and Boot Filename parameters to the Active Options list. 5. Set the value of the Boot Server Hostname Parameter to the hostname or IP Address of the TFTP server. For example: 11.0.0.7.
Page 68 Advanced Configuration Management AP is not protected, an unauthorized person could reset the AP to factory defaults and thus gain control of the AP. The user can disable the hardware configuration reset functionality to prevent unauthorized access. The hardware configuration reset feature operates as follows: •...
Page 69 Advanced Configuration Management 2. Check (enable) or uncheck (disable) the Enable Hardware Configuration Reset checkbox. 3. Change the default Configuration Reset Password in the “Configuration Reset Password” and “Confirm” fields. 4. Click OK. 5. Reboot the AP. NOTE: It is important to safely store the configuration reset password. If a user forgets the configuration reset password, the user will be unable to reset the AP to factory default configuration if the AP becomes inaccessible and the hardware configuration reset functionality is disable.
Page 70: Filtering
Advanced Configuration Filtering Filtering The Access Point’s Packet Filtering features help control the amount of traffic exchanged between the wired and wireless networks. There are four sub-tabs under the Filtering heading: • Ethernet Protocol • Static MAC • Advanced • TCP/UDP Port Ethernet Protocol The Ethernet Protocol Filter blocks or forwards packets based on the Ethernet protocols they support.
Page 71 Advanced Configuration Filtering Each MAC Address or Mask is comprised of 12 hexadecimal digits (0-9, A-F) that correspond to a 48-bit identifier. (Each hexadecimal digit represents 4 bits (0 or 1).) Taken together, a MAC Address/Mask pair specifies an address or a range of MAC addresses that the AP will look for when examining packets.
Page 72 Advanced Configuration Filtering • Wireless Client 2: 00:02:2D:51:32:12 • Wireless Client 3: 00:20:A6:12:4E:38 Prevent Two Specific Devices from Communicating Configure the following settings to prevent the Wired Server and Wireless Client 1 from communicating: • Wired MAC Address: 00:40:F4:1C:DB:6A • Wired Mask: FF:FF:FF:FF:FF:FF •...
Page 73: Advanced
Advanced Configuration Filtering • Wired MAC Address: 01:00:5E:00:32:4B • Wired Mask: FF:FF:FF:FF:FF:FF • Wireless MAC Address: 00:00:00:00:00:00 • Wireless Mask: 00:00:00:00:00:00 Result: The Access Point does not forward any packets that have a destination address of 01:00:5E:00:32:4B to the wireless network. Advanced You can configure the following advanced filtering options: •...
Page 74 Advanced Configuration Filtering 4. Set the destination Port Number (a value between 1 and 65535) to filter. See the IANA Web site at http://www.iana.org/assignments/port-numbers 5. Set the Port Type for the protocol: TCP, UDP, or both (TCP/UDP). 6. Set the Interface to filter: •...
Page 75: Alarms
Advanced Configuration Alarms Alarms The Alarms tab has the following sub-tabs: • Groups • Alarm Host Table • Syslog • Rogue Scan Groups Alarm groups can be enabled or disabled via the Web interface. Place a check mark in the box provided to enable a specific group.
Page 76 Advanced Configuration Alarms Security Trap Group Trap Name oriTrapInvalidEncryptionKey oriTrapAuthenticationFailure oriTrapUnauthorizedManagerDetected oriTrapRADScanComplete oriTrapRADScanResults oriTrapRogueScanStationDetected oriTrapRogueScanCycleComplete Wireless Interface/Card Trap Group Trap Name oriTrapWLCFailure oriTrapWLCRadarInterferenceDetected MIC Attack Detected MIC Attack Report Detected Operational Trap Group Trap Name oriTrapUnrecoverableSoftwareErrorDetected oriTrapRADIUSServerNotResponding oriTrapModuleNotInitialized oriTrapDeviceRebooting oriTrapTaskSuspended oriTrapBootPFailed Description Invalid encryption key has been detected.
Page 77 Advanced Configuration Alarms Trap Name oriTrapDHCPFailed oriTrapDNSClientLookupFailure oriTrapSSLInitializationFailure oriTrapWirelessServiceShutdown oriTrapWirelessServiceResumed oriTrapSSHInitializationStatus oriTrapVLANIDUserAssignment oriTrapDHCPLeaseRenewal Flash Memory Trap Group Trap Name oriTrapFlashMemoryEmpty Flash Memory Corrupted oriTrapFlashMemoryRestoringLastKnownGoo dConfiguration Description Response to the DHCP client request not received; device not dynamically assigned an IP address DNS client attempts to resolve a specified hostname (DNS lookup) and a failure occurs...
Page 78 Advanced Configuration Alarms TFTP Trap Group Trap Name oriTrapTFTPFailedOperation oriTrapTFTPOperationInitiated oriTrapTFTPOperationCompleted Image Trap Group Trap Name oriTrapZeroSizeImage oriTrapInvalidImage oriTrapImageTooLarge oriTrapIncompatibleImage oriTrapInvalidImageDigitalSignature SNTP Trap Group Trap Name oriTrapSNTPFailure oriTrapSNTPFailure In addition, the AP supports these standard traps, which are always enabled: RFC 1215-Trap Trap Name coldStart...
Page 79 Advanced Configuration Alarms NOTE: Up to 10 entries are possible in the Alarm Host table. • IP Address: Enter the Trap Host IP Address. • Password: Enter the password in the Password field and the Confirm field. • Comment: Enter an optional comment, such as the alarm (trap) host station name. To edit or delete an entry, click Edit.
Page 80: Syslog
Advanced Configuration Alarms Syslog The Syslog messaging system enables the AP to transmit event messages to a central server for monitoring and troubleshooting. The access point logs “Session Start (Log-in)” and “Session Stop (Log-out)” events for each wireless client as an alternative to RADIUS accounting. See RFC 3164 at http://www.rfc-editor.org Figure 4-24 Syslog Configuration Screen...
Page 81 Advanced Configuration Alarms • Syslog Lowest Priority Logged: The AP will send event messages to the Syslog server that correspond to the selected priority number and any priority numbers below it. For example, if set to 6, the AP will transmit event messages labeled priority 0 to 6 to the Syslog server.
Page 82 Advanced Configuration Alarms Syslog Message Name Client Login Authentication Status Client De-Authentication Status RADIUS Accounting Start and Stop Messages CLI Configuration File Start Execution CLI Configuration File End Execution Priority Severity Informational Client logs in/authenticates. Message includes: • • • •...
Page 83: Rogue Scan
Advanced Configuration Alarms Syslog Message Name CLI Configuration File Execution Errors SSH Initialization Failure SSH Key Generation Successful Wireless Service Shutdown Wireless Service Resume First MIC Report Attack Second MIC Report Attack MIC Attack from Wireless Station 4 SNTP Time Retrieval Failure SNTP Time Sync-Up Failure Rogue Scan The Rogue Scan feature provides an additional security level for wireless LAN deployments.
Page 84 Advanced Configuration Alarms The figure above shows Client 1 connected to a Trusted AP and Client 2 connected to a Rogue AP. The Trusted AP scans the networks, detects Client 2, and notifies the Network Manager. The Network Manager uses SNMP/CLI to query the wired switch to find the inbound switch port of Client 2’s packets.
Page 85 Advanced Configuration Alarms • Channel: the working channel of the detected station • SNR: the SNR value of the last frame from the station as received by the AP • BSSID: the BSSID field stores the: – MAC address of the associated Access Point in the case of a client. –...
Page 86 Advanced Configuration AP-700 User Guide Alarms Figure 4-26 Rogue Scan Screen...
Page 87: Bridge
For more information on Spanning Tree protocol, please see Section 8.0 of the IEEE 802.1d standard. The Spanning Tree configuration options are advanced settings. Proxim recommends that you leave these parameters at their default values unless you are familiar with the Spanning Tree protocol.
Page 88: Storm Threshold
Advanced Configuration Bridge Figure 4-27 Spanning Tree Sub-Tab Storm Threshold Storm Threshold is an advanced Bridge setup option that you can use to protect the network against data overload by: • Specifying a maximum number of frames per second as received from a single network device (identified by its MAC address).
Page 89: Intra Bss
Advanced Configuration Bridge • Wireless Threshold: Enter the maximum allowed number of packets per second. Intra BSS The wireless clients (or subscribers) that associate with a certain AP form the Basic Service Set (BSS) of a network infrastructure. By default, wireless subscribers in the same BSS can communicate with each other. However, some administrators (such as wireless public spaces) may wish to block traffic between wireless subscribers that are associated with the same AP to prevent unauthorized communication and to conserve bandwidth.
Page 90: Qos
WME supports Enhanced Distributed Channel Access (EDCA) for prioritized QoS services. The WME/QoS feature can be enabled or disabled. For more information on QoS, see “Technical Bulletin 69504 Revision 2” at <http://keygen.proxim.com/support/orinoco/tb/tb69504_3wmm.pdf>. Enabling QoS and Adding QoS policies Perform the following procedure to enable QoS and add QoS policies: 1.
Page 91 Advanced Configuration 4. To add a QoS Policy, click the Add button in the “QoS Policies Table” box. The Add Entries box appears. Figure 4-29 Add QoS Policy 5. Enter the Policy Name. 6. Select the Policy Type: • inlayer2: inbound traffic direction, Layer 2 traffic type •...
Page 92: Priority Mapping
Advanced Configuration Priority Mapping Use this page to configure QoS 802.1p to 802.1d priority mappings (for layer 2 policies) and IP DSCP to 802.1d priority mappings (for layer 3 policies). The first entry in each table contains the recommended priority mappings. Custom entries can be added to each table with different priority mappings.
Page 93: Enhanced Distributed Channel Access (Edca)
NOTE: Default recommended values for EDCA parameters have been defined; Proxim recommends not modifying EDCA parameters unless strictly necessary. Perform the following procedure to configure the Station and AP EDCA tables.
Page 94 Advanced Configuration 1. Click Configure > QoS > EDCA. Figure 4-32 EDCA Tables 2. Click Edit and configure the following parameters in each table: NOTE: Changes to EDCA parameters require a reboot of the AP to take effect. • Index: read-only. Indicates the index of the Access Category (1-4) being defined. •...
Page 95 Advanced Configuration • Tx OP Limit: The Transmission Opportunity Limit. The Tx OP is an interval of time during which a particular QoS enhanced client has the right to initiate a frame exchange sequence onto the wireless medium. The Tx OP Limit defines the upper limit placed on the value of Tx OP a wireless entity can obtain for a particular access category.
Page 96: Radius Profiles
Advanced Configuration Radius Profiles Radius Profiles Configuring Radius Profiles on the AP allows the administrator to define a profile for RADIUS Servers used by the system or by a VLAN. The network administrator can define The AP communicates with the RADIUS server defined in a profile to provide the following features: •...
Page 97: Configuring Radius Profiles
Advanced Configuration Radius Profiles Figure 4-33 RADIUS Servers per VLAN This figure shows a network with separate authentication servers for each authentication type and for each VLAN. The clients in VLAN 1 are authenticated using the authentication servers configured for VLAN 1. The type of authentication server used depends on whether the authentication is done for an 802.1x client or a non-802.1x client.
Page 98 Advanced Configuration Radius Profiles Figure 4-34 RADIUS Server Profiles Adding or Modifying a RADIUS Server Profile Perform the following procedure to add a RADIUS server profile and to configure its parameters. 1. Click Add to create a new profile. To Modify an existing profile, select the profile and click Edit. To delete an existing profile, select the profile and click Delete.
Page 99 Advanced Configuration Radius Profiles Figure 4-35 Add RADIUS Server Profile • Server Profile Name: the profile name. This is the name used to associated a VLAN to the profile. See Configuring Security Profiles. The Server Profile Name is also used in the Configure > Management > Services page to specify the RADIUS profile to be used for RADIUS Based Management Access.
Page 100: Mac Access Control Via Radius Authentication
Advanced Configuration Radius Profiles • Destination Port: Enter the port number which the AP and the server will use to communicate. By default, RADIUS servers communicate on port 1812. • Server VLAN ID: Indicates the VLAN that uses this RADIUS server profile. If VLAN is disabled, this field will be grayed out.
Page 101: Authentication And Accounting Attributes
Advanced Configuration Radius Profiles NOTE: This feature requires RADIUS authentication using MAC Access Control or 802.1x. Wireless clients configured in the Access Point’s static MAC Access Control list are not tracked. Authentication and Accounting Attributes Additionally, the AP supports a number of Authentication and Accounting Attributes defined in RFC2865, RFC2866, RFC2869, and RFC3580.
Page 102 Advanced Configuration Radius Profiles – Number of octets (bytes) received by subscriber. • Acct-Output-Octets – Number of octets (bytes) sent by subscriber. • Acct-Input-Packets – Number of packets received by subscriber. • Acct-Output-Packets – Number of packets sent by subscriber. •...
Page 103: Ssid/Vlan/Security
Advanced Configuration SSID/VLAN/Security SSID/VLAN/Security The AP provides several security features to protect your network from unauthorized access. This section gives an overview of VLANs and then discusses the SSID/VLAN/Security configuration options in the AP: • VLAN Overview • Management VLAN •...
Page 104 Advanced Configuration SSID/VLAN/Security Figure 4-36 Components of a Typical VLAN VLAN Workgroups and Traffic Management Access Points that are not VLAN-capable typically transmit broadcast and multicast traffic to all wireless Network Interface Cards (NICs). This process wastes wireless bandwidth and degrades throughput performance. In comparison, a VLAN-capable AP is designed to efficiently manage delivery of broadcast, multicast, and unicast traffic to wireless clients.
Page 105: Management Vlan
Advanced Configuration SSID/VLAN/Security Typical User VLAN Configurations VLANs segment network traffic into workgroups, which enable you to limit broadcast and multicast traffic. Workgroups enable clients from different VLANs to access different resources using the same network infrastructure. Clients using the same physical network are limited to those resources available to their workgroup.
Page 106: Security Profile
Advanced Configuration SSID/VLAN/Security 3. Place a check mark in the Enable VLAN Tagging box. Provide Access to a Wireless Host in the Same Workgroup The VLAN feature can allow wireless clients to manage the AP. If the VLAN Management ID matches a VLAN User ID, then those wireless clients who are members of that VLAN will have AP management access.
Page 107 Advanced Configuration SSID/VLAN/Security • EAP-Tunneled Transport Layer Security (TTLS): Certificate-based authentication (a certificate is required on the server; a client’s username/password is tunneled to the server over a secure connection); supports automatic key distribution • PEAP - Protected EAP with MS-CHAP: Secure username/password-based authentication; supports automatic key distribution Different servers support different EAP types and each EAP type provides different features.
Page 108: Authentication Protocol Hierarchy
Advanced Configuration SSID/VLAN/Security WPA is a replacement for Wired Equivalent Privacy (WEP), the encryption technique specified by the original 802.11 standard. WEP has several vulnerabilities that have been widely publicized. WPA addresses these weaknesses and provides a stronger security system to protect wireless networks. WPA provides the following new security measures not available with WEP: •...
Page 109: Configuring Security Profiles
Advanced Configuration SSID/VLAN/Security VLANs and Security Profiles The AP-700 allows you to segment wireless networks into multiple sub-networks based on Network Name (SSID) and VLAN membership. A Network Name (SSID) identifies a wireless network. Clients associate with Access Points that share an SSID.
Page 110 Advanced Configuration SSID/VLAN/Security 3. Configure one or more types of wireless stations (security modes) that are allowed access to the AP under the security profile. The WEP/PSK parameters are separately configurable for each security mode. To enable a security mode in the profile (Non Secure Station, WEP Station, 802.1x Station, WPA Station, WPA-PSK Station, 802.11i (WPA2) Station, 802.11i-PSK Station), check the box next to the mode.
Page 111 Advanced Configuration SSID/VLAN/Security • Cipher: CCMP based on AES • PSK Passphrase: an 8-63 character user-defined phrase. It is recommended a passphrase of at least 13 characters, including both letters and numbers, and upper and lower case characters, to ensure that the generated key cannot be easily deciphered by network infiltrators.
Page 112 Advanced Configuration AP-700 User Guide SSID/VLAN/Security Figure 4-40 Security Profile Table - Add Entries...
Page 113: Mac Access
Advanced Configuration SSID/VLAN/Security MAC Access The MAC Access sub-tab allows you to build a list of stations, identified by their MAC addresses, authorized to access the network through the AP. The list is stored inside each AP within your network. Note that you must reboot the AP for any changes to the MAC Access Control Table to take effect.
Page 114 Advanced Configuration SSID/VLAN/Security the same system separated per VLAN. See the unique VLANs. In order for the AP to support multiple SSID/VLANs, VLAN Tagging must be enabled. These parameters are configurable on the Wireless sub-tab. Configuring an SSID/VLAN with VLAN Tagging Disabled With VLAN tagging disabled (from the SSID/VLAN/Security >...
Page 115 Advanced Configuration SSID/VLAN/Security 6. Enter the Security Profile used by the VLAN in the Security Profile field. See the information. 7. Define the RADIUS Server Profile Configuration for the VLAN/SSID: • RADIUS MAC Authentication Profile • RADIUS EAP Authentication Profile •...
Page 116 Advanced Configuration SSID/VLAN/Security 11. Specify a QoS profile. See the 12.If editing an entry, enable or disable the parameters on this page by electing Enable or Disable from the Status drop-down menu. If adding a new entry, this drop-down menu will not appear. 13.Click OK to return to Wireless Security Configuration Screen.
Page 117 Advanced Configuration SSID/VLAN/Security Figure 4-45 SSID/VLAN Edit Entries Screen (VLAN Tagging Enabled) 4. Enter a unique Network Name (SSID) between 1 and 32 characters. This parameter is mandatory. NOTE: Do not use quotation marks (single or double) in the Network Name; this will cause the AP to misinterpret the name.
Page 118: Broadcast Ssid And Closed System
SSID, the AP will respond with a null SSID. If disabled, the AP will respond with each configured SSID, whether or not an SSID has been specified in the probe request. This option is disabled by default. For more information, on Broadcast SSID and Closed System, see Knoweldgebase Answer ID 1698 at http://support.proxim.com. Enabling QoS and Adding QoS policies AP-700 User Guide...
Page 119: Monitoring
Monitoring This chapter discusses the following monitoring options: • Version: Provides version information for the Access Point’s system components. • ICMP: Displays statistics for Internet Control Message Protocol packets sent and received by the AP. • IP/ARP Table: Displays the AP’s IP Address Resolution table. •...
Page 120: Version
Monitoring Version Version From the HTTP interface, click the Monitor button and select the Version tab. The list displayed provides you with information that may be pertinent when calling Technical Support. With this information, your Technical Support representative can verify compatibility issues and make sure the latest software are loaded. This screen displays the following information for each Access Point component: •...
Page 121: Icmp
Monitoring ICMP ICMP This tab provides statistical information for both received and transmitted messages directed to the AP. Not all ICMP traffic on the network is counted in the ICMP (Internet Control Message Protocol) statistics. Figure 5-3 ICMP Monitoring Tab IP/ARP Table This tab provides information based on the Address Resolution Protocol (ARP), which relates MAC Address and IP Addresses.
Page 122: Learn Table
Monitoring Learn Table Learn Table This tab displays information relating to network bridging. It reports the MAC address for each node that the device has learned is on the network and the interface on which the node was detected. There can be up 10,000 entries in the Learn Table.
Page 123: Radius
Monitoring RADIUS RADIUS This tab provides RADIUS authentication, EAP/802.1x authentication, and accounting information for both the Primary and Backup RADIUS servers for each RADIUS Server Profile. NOTE: Separate RADIUS servers can be configured for each RADIUS Server Profile. Select the RADIUS Server Profile to view statistics on from the Select Server Profile drop-down menu. Figure 5-7 RADIUS Monitoring Tab AP-700 User Guide...
Page 124: Monitoring Interfaces
Monitoring Interfaces Interfaces This tab displays statistics for the Ethernet and wireless interfaces. Figure 5-8 Interface Monitoring Tab (Ethernet) Description of Interface Statistics The following statistics are displayed for the Ethernet interface only, the wireless interface only, or for both the Ethernet and wireless interfaces: •...
Page 125 Monitoring Interfaces • Duplicate Frame Count (Wireless): The number of duplicate frames received. • Ethernet Chipset (Ethernet): Identifies the chipset used to realize the interface. • Excessive Collisions (Ethernet): The number of frames for which transmission fails due to excessive collisions. •...
Page 126 Monitoring Interfaces • Out Discards (Ethernet/Wireless): The number of error-free outbound packets chosen to be discarded to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space. • Out Errors (Ethernet/Wireless): The number of outbound packets that could not be transmitted because of errors. •...
Page 127: Station Statistics
Monitoring Station Statistics Station Statistics This tab displays information on wireless clients attached to the AP and on Wireless Distribution System links. Enable the Monitoring Station Statistics feature (Station Statistics are disabled by default) by checking Enable Monitoring Station Statistics and click OK. You do not need to reboot the AP for the changes to take effect.
Page 128 Monitoring Station Statistics • Number of Clients: The number of stations and WDS links monitored. The following stations statistics are available through SNMP: • Octets Received: The number of octets received from the associated wireless station (or WDS link partner) by the •...
Page 129: Commands
Commands This chapter contains information on the following Command functions: • Introduction to File Transfer via TFTP or • Update AP via TFTP: Download files from a TFTP server to the AP. • Update AP via HTTP: Download files to the AP from HTTP. •...
Page 130: Tftp File Transfer Guidelines
Commands Introduction to File Transfer via TFTP or HTTP • Uploading files (Configuration, CLI Batch File) from the AP is called “Retrieving Files.” TFTP File Transfer Guidelines A TFTP server must be running and configured to point to the directory containing the file. If you do not have a TFTP server installed on your system, install the TFTP server from the ORiNOCO CD.
Page 131: Update Ap
Commands Update AP Update AP Update AP via TFTP Use the Update AP via TFTP tab to download Configuration, AP Image, Bootloader files, Certificate and Private Key files, and CLI Batch File to the AP. A TFTP server must be running and configured to point to the directory containing the file. Figure 6-2 Update AP via TFTP Command Screen If you do not have a TFTP server installed on your system, install the TFTP server from the ORiNOCO CD.
Page 132: Update Ap Via Http
Commands Update AP via HTTP – CLI Batch File: a CLI Batch file that contains CLI commands to configure the AP. This file will be executed by the AP immediately after being uploaded. See • File Operation: Select either Update AP or Update AP & Reboot. You should reboot the AP after downloading files. Update AP via HTTP Use the Update AP via HTTP tab to download Configuration, AP Image, Bootloader files, and Certificate and Private Key files to the AP.
Page 133: Retrieve File
Commands Retrieve File A warning message gets displayed that advises the user that a reboot of the device will be required for changes to take effect. Figure 6-4 Warning Message 4. Click OK to continue with the operation or Cancel to abort the operation. NOTE: An HTTP file transfer using SSL may take extra time.
Page 134: Retrieve File Via Http
Commands Retrieve File – Double-click the TFTP server icon on your desktop and locate the IP address assigned to the TFTP server. • File Name: Enter the name of the file to be uploaded. • File Type: Select the type of file to be uploaded: Config file, CLI Batch File, or CLI Batch (Error) Log. Use the following procedure to retrieve a file from an AP to a TFTP server: 1.
Page 135 Commands Retrieve File Click on the Retrieve File button to initiate the operation. Figure 6-8 Retrieve File via HTTP Command Screen A confirmation message is displayed, asking if the user wants to proceed with retrieving the file. Figure 6-9 Retrieve File Confirmation Dialog Click OK to continue with the operation or Cancel to abort the operation.
Page 136: Reboot
Commands Reboot On clicking the Save button the Save As window displays, where the user is prompted to choose the filename and location where the file is to be downloaded. Select an appropriate filename and location and click OK. Reboot Use the Reboot tab to save configuration changes (if any) and reset the AP.
Page 137: Help Link
Commands Help Link Help Link Use the Help tab to configure the location of the AP Help files. During initialization, the AP on-line help files are downloaded to the default location: C:/Program Files/ORiNOCO/AP700/HTML/index.htm. To enable the Help button on each page of the Web interface to access the help files, however, copy the entire Help folder to a web server, then specify the new HTTP path in the Help Link box.
Page 138: Troubleshooting
Troubleshooting This chapter provides information on the following: • Troubleshooting Concepts • Symptoms and Solutions • Recovery Procedures • Related Applications NOTE: This section helps you locate problems related to the AP device setup. For details about RADIUS, TFTP, serial communication programs (such as HyperTerminal), Telnet applications, or web browsers, please see the documentation that came with the respective application for assistance.
Page 139: Troubleshooting Symptoms And Solutions
Troubleshooting Symptoms and Solutions Serial Link Does Not Work 1. Make sure you are using a standard, straight-through, 9-pin serial cable. 2. Double-check the physical network connections. 3. Make sure your PC terminal program (such as HyperTerminal) is active and configured to the following values: –...
Page 140: Client Connection Problems
Troubleshooting Symptoms and Solutions 6. Perform the Reset to Factory Default Procedure DHCP Server on the network, the DHCP Server will assign an IP Address to the AP. HTTP Interface or Telnet Interface Does Not Work 1. Make sure you are using a compatible browser: –...
Page 141: Vlan Operation Issues
Client PC Card Does Not Work 1. Make sure you are using the latest PC Card driver software. 2. Download and install the latest ORiNOCO client software from http://support.proxim.com. Intermittent Loss of Connection 1. Make sure you are within range of an active AP.
Page 142: Recovery Procedures
Troubleshooting Recovery Procedures 4. Try using a different Ethernet cable – if it works, there is probably a faulty connection over the long cable, or a bad RJ-45 connection. 5. Check power plug and hub. 6. If the Ethernet link goes down, check the cable, cable type, switch, and hub. There Is No Data Link 1.
Page 143 TFTP directory, you need enter only the file name. 10.Click OK. The Access Point will reboot and the download will begin automatically. You should see downloading activity begin after a few seconds within the TFTP server’s status screen. http://support.proxim.com (Knowledgebase Answer ID 1686). AP-700 User Guide...
Page 144 [Device name]> set tftpfilename <AP Image File Name, including file extension> [Device name]> set ipgw <Gateway IP Address> [Device name]> show (to confirm your new settings) [Device name]> reboot Example: http://support.proxim.com (Knowledgebase Answer ID 1686). AP-700 User Guide Installation and Initialization Advanced...
Page 145: Setting Ip Address Using Serial Port
Troubleshooting Recovery Procedures [Device name]> show [Device name]> set ipaddrtype static [Device name]> set ipaddr 10.0.0.12 [Device name]> set ipsubmask 255.255.255.0 [Device name]> set tftpipaddr 10.0.0.20 [Device name]> set tftpfilename MyImage.bin [Device name]> set ipgw 10.0.0.30 [Device name]> show [Device name]> reboot The AP will reboot and then download the image file.
Page 146: Related Applications
Troubleshooting Related Applications [Device name]> Please enter password: 4. Enter the CLI password (default is public). The terminal displays a welcome message and then the CLI Prompt: [Device name]> 5. Enter show ip. Network parameters appear: Figure 7-1 Result of “show ip” CLI Command 6.
Page 147 Troubleshooting Related Applications If a TFTP server is not configured and running, you will not be able to download and upload images and configuration files to/from the AP. Remember that the TFTP server does not have to be local, so long as you have a valid TFTP IP address.
Page 148: Command Line Interface (Cli)
Command Line Interface (CLI) This section discusses the following: • General Notes • Command Line Interface (CLI) Variations • CLI Command Types • Using Tables and Strings • Configuring the AP using CLI commands • Set Basic Configuration Parameters using CLI Commands •...
Page 149: Navigation And Special Keys
Command Line Interface (CLI) General Notes • Download vs. Upload - Downloads transfer files to the Access Point. Uploads transfer files from the Access Point. The TFTP server performs file transfers in both directions. • Group - A logical collection of network parameter information. For example, the System Group is composed of several related parameters.
Page 150: Command Line Interface (Cli) Variations
Command Line Interface (CLI) Command Line Interface (CLI) Variations Command Line Interface (CLI) Variations Administrators use the CLI to control Access Point operation and monitor network statistics. The AP supports two types of CLI: the Bootloader CLI and the normal CLI. The Bootloader CLI provides a limited command set, and is used when the current AP Image is bad or missing.
Page 151: Cli Command Types
Command Line Interface (CLI) CLI Command Types Figure A-2 Results of “show” bootloader CLI command CLI Command Types This guide divides CLI Commands into two categories: Operational and Parameter Controls. Operational CLI Commands These commands affect Access Point behavior, such as downloading, rebooting, and so on. After entering commands (and parameters, if any) press the Enter key to execute the Command Line.
Page 152 Command Line Interface (CLI) CLI Command Types [Device-Name]>? Figure A-3 Result of “?” CLI command Example 2. Display specific Commands To show all commands that start with specified letters, enter one or more letters, then ? with no space between letters and ?.
Page 153 Command Line Interface (CLI) CLI Command Types Example 3b. Display parameters based on letter sequence This example shows entries for parameters that start with the letter “i”. The more letters you enter, the fewer the results returned. Notice that there is no space between the letters and the question mark. [Device-Name]>...
Page 154 Command Line Interface (CLI) CLI Command Types Example: [Device-Name]>download 192.168.1.100 APImage2 img 2. Syntax to display help and usage information: [Device-Name]>download 3. Syntax to execute the download Command using previously set (stored) TFTP Parameters: [Device-Name]>download * help Displays instructions on using control-key sequences for navigating a Command Line and displays command information and examples.
Page 155: Parameter Control Commands
Command Line Interface (CLI) CLI Command Types reboot Reboots Access Point after specified number of seconds. Specify a value of 0 (zero) for immediate reboot. [Device-Name]> reboot 0 [Device-Name]> reboot 30 search Lists the parameters supported by the specified table. This list corresponds to the table information displayed in the HTTP interface.
Page 156 Command Line Interface (CLI) CLI Command Types Syntax: [Device-Name]>show <parameter> [Device-Name]>show <group> [Device-Name]>show <table> Examples: [Device-Name]>show ipaddr [Device-Name]>show network [Device-Name]>show mgmtipaccesstbl “set” CLI Command Sets (modifies) the value of the specified parameter. To see a definition and syntax example, type only set and then press the Enter key.
Page 157 Command Line Interface (CLI) CLI Command Types Example 1 - Set the Access Point IP Address Parameter Syntax: [Device-Name]>set <parameter name> <parameter value> Example: [Device-Name]> set ipaddr 10.0.0.12 IP Address will be changed when you reboot the Access Point. The CLI reminds you when rebooting is required for a change to take effect.
Page 158 Command Line Interface (CLI) CLI Command Types Example 5 - Show the Group Parameters This example illustrates how to view all elements of a group or table. Syntax: [Device-Name]> show <group name> Example: [Device-Name]>show network The CLI displays network group parameters. Note show network and show ip return the same data. Figure A-10 Results of “show network”...
Page 159: Using Tables And Strings
Command Line Interface (CLI) Using Tables and Strings Using Tables and Strings Working with Tables Each table element (or parameter) must be specified, as in the example below. [Device-Name]>set mgmtipaccesstbl 0 ipaddr 10.0.0.10 ipmask 255.255.0.0 Below are the rules for creating, modifying, enabling/disabling, and deleting table entries. •...
Page 160: Configuring The Ap Using Cli Commands
2. Under File > Properties > Settings > ASCII Setup, enable the Send line ends with line feeds option. HyperTerminal sends a line return at the end of each line of code. 3. Enter the CLI password (default is public). NOTE: Proxim recommends changing your default passwords immediately. To perform this operation using CLI commands, see Change Log into the AP using Telnet The CLI commands can be used to access, configure, and manage the AP using Telnet.
Page 161 [Device-Name]>set snmpv3privpasswd <New Password> (SNMPv3 privacy password) [Device-Name]>reboot 0 CAUTION: Proxim strongly urges you to change the default passwords to restrict access to your network devices to authorized personnel. If you lose or forget your password settings, you can always perform the Factory Default Procedure.
Page 162 Command Line Interface (CLI) Set Basic Configuration Parameters using CLI Commands Figure A-13 Results of “show wif” CLI command for an AP Enable 802.11d Support and Set the Country Code Perform the following command to enable 802.11d IEEE 802.11d support for additional regulatory domains. [Device-Name]>set wif 3 dot11dstatus <enable/disable>...
Page 163 Command Line Interface (CLI) Set Basic Configuration Parameters using CLI Commands Country Code China Colombia Costa Rica Croatia Cyprus Czech Republic Denmark Dominican Republic Ecuador Egypt El Salvador Estonia Finland France Georgia Germany Greece Guam Guatemala Enable and Configure TX Power Control for the Wireless Interface(s) The TX Power Control feature lets the user configure the transmit power level of the card in the AP at one of four levels: •...
Page 164: Other Network Settings
Command Line Interface (CLI) Other Network Settings Example: [Device-Name]>set wifssidtbl 3.1 ssid accesspt1 vlanid 22 ssidauth enable acctstatus enable secprofile 1 radmacprofile "MAC Authentication" radeapprofile "EAP Authentication" radacctprofile "Accounting" radmacauthstatus enable aclstatus enable Download an AP Configuration File from your TFTP Server Begin by starting your TFTP program.
Page 165 Command Line Interface (CLI) Other Network Settings • Configure the AP as a DHCP Server • Configure the DNS Client • Configure DHCP Relay • Maintain Client Connections using Link Integrity • Change your Wireless Interface Settings • Set Ethernet Speed and Transmission Mode •...
Page 166 Command Line Interface (CLI) Other Network Settings Configure DHCP Relay Perform the following command to enable or disable DHCP Relay Agent Status. NOTE: You must have at least one entry in the DHCP Relay Server Table before you can set the DHCP Relay Status to Enable.
Page 167 Command Line Interface (CLI) Other Network Settings Shutdown/Resume Wireless Service [Device-Name]>set wif <index> wssstatus <1 (resume)/2 (shutdown)> Set Load Balancing Maximum Number of Clients [Device-Name]>set wif <index> lbmaxclients <1–63> Set the Multicast Rate (802.11a) [Device-Name]>set wif 3 multrate <6, 12, 24 Set the Multicast Rate (802.11b/g) [Device-Name]>set wif 4 multrate <1,2,5.5,11 Enable/Disable Super Mode (802.11a/g only)
Page 168 Command Line Interface (CLI) Other Network Settings Value Distance Between APs Large Medium Small Mini Micro Set Ethernet Speed and Transmission Mode [Device-Name]>set etherspeed <value> (see below) [Device-Name]>reboot 0 Ethernet Speed and Transmission Mode 10 Mbits/sec - half duplex 10 Mbits/sec - full duplex 10 Mbits/sec - auto duplex 100 Mbits/sec - half duplex 100 Mbits/sec - full duplex...
Page 169 Command Line Interface (CLI) Other Network Settings Configure Secure Socket Layer (HTTPS) Enabling SSL and configuring a passphrase allows encrypted Secure Socket Layer communications to the AP through the HTTPS interface. [Device-Name]>set sslstatus <enable/disable> The user must change the SSL passphrase when uploading a new certificate/private key pair, which will have a corresponding passphrase.
Page 170 Command Line Interface (CLI) Other Network Settings Configure Intra BSS [Device-Name]>set intrabssoptype <passthru (default)/block)> Configure Wireless Distribution System Create/Enable WDS [Device-Name]>set wdstbl <Index> partnermacaddr <MAC Address> status enable Enable/Disable WDS [Device-Name]>set wdstbl <Index> status <enable/disable> NOTE: <Index> is 3.1–3.6. To determine the index, type show wdstbl at the prompt. Configure MAC Access Control Setup MAC (Address) Access Control [Device-Name]>set wifssidtbl <index>...
Page 171 Command Line Interface (CLI) Other Network Settings [Device-Name]set radiustbl 1.2 profname "MAC Authentication" seraddrfmt 1 sernameorip 20.0.0.30 port 1812 ssecret public responsetm 3 maxretx 3 acctupdtintrvl 0 macaddrfmt 1 authlifetm 900 radaccinactivetmr 5 vlanid 33 status enable [Device-Name]>show radiustbl Index Primary/Backup Profile Name Server Status...
Page 172 Command Line Interface (CLI) Other Network Settings Set Rogue Scan Parameters Perform the following command to enable or disable Rogue Scan on a wireless interface and configure the scanning parameters. The cycletime parameter is only configured for background scanning mode. [Device-Name]>set rscantbl <3, 4>...
Page 173: Cli Monitoring Parameters
Command Line Interface (CLI) CLI Monitoring Parameters Set Security Profile Parameters Configure a Security Profile with Non Secure Security Mode [Device-Name]>set secprofiletbl <index> secmode nonsecure status enable Example: [Device-Name]>set secprofiletbl 2 secmode nonsecure status enable Configure a Security Profile with WEP Security Mode [Device-Name]>set secprofiletbl <index>...
Page 174: Parameter Tables
Command Line Interface (CLI) Parameter Tables • statiapp: Displays the IAPP statistics. • statradius: Displays the RADIUS Authentication statistics. • statif: Displays information and statistics about the Ethernet and wireless interfaces. • stat802.11: Displays additional statistics for the wireless interfaces. •...
Page 175 Command Line Interface (CLI) Parameter Tables – IP Access Table Parameters – Auto Configuration Parameters configured by downloading a configuration file from a TFTP server during boot up. • Filtering Parameters – Ethernet Protocol Filtering Parameters – Static MAC Address Filter Table –...
Page 176: System Parameters
Command Line Interface (CLI) Parameter Tables System Parameters Name System Name Location Contact Name Contact E-mail Contact Phone FLASH Backup Interval Flash Update System OID Descriptor Up Time Emergency Restore to defaults Inventory Management Information Name System Inventory Management Component Table Component Interface Table NOTE: The inventory management commands display advanced information about the AP’s installed components.
Page 177: Network Parameters
Command Line Interface (CLI) Parameter Tables Network Parameters IP Configuration Parameters Name Network IP Configuration IP Address IP Mask Default Router IP Address Default TTL Address Type NOTE: The IP Address Assignment Type (ipaddrtype) must be set to static before the IP Address (ipaddr), IP Mask (ipmask) or Default Gateway IP Address (ipgw) values can be entered.
Page 178 Command Line Interface (CLI) Parameter Tables DHCP Server table for IP pools Name DHCP Server IP Address Pool Table Table Index Start IP Address End IP Address Width Default Lease Time (optional) Maximum Lease Time (optional) Comment (optional) Status (optional) NOTE: Set either End IP Address or Width (but not both) when creating an IP address pool.
Page 179 Command Line Interface (CLI) Parameter Tables SNTP Parameters Name SNTP Group SNTP Status Primary Server Name or IP Address Secondary Server Name or IP Address Time Zone Daylight Savings Time Year Month Hour Minutes Seconds Addressing Format Link Integrity Parameters Name Link Integrity* Link Integrity Status*...
Page 180: Interface Parameters
Command Line Interface (CLI) Parameter Tables Interface Parameters Wireless Interface Parameters The wireless interface group parameter is wif. For Single-radio APs, the wireless interface uses table index 3. Common Parameters to 802.11a/b/g Name Wireless Interfaces Table Index Network Name Auto Channel Select (ACS)* Integer DTIM Period RTS/CTS Medium Reservation...
Page 181 Command Line Interface (CLI) Parameter Tables 802.11a Only Parameters Name Operating Frequency Channel Supported Data Rates Transmit Rate Physical Layer Type Super Mode Turbo Mode* Super mode must be enabled on the wireless interface before Turbo mode can be enabled. Type Value Integer...
Page 182 Command Line Interface (CLI) Parameter Tables 802.11b Only Parameters Name Operating Frequency Channel Multicast Rate Closed Wireless System Integer MAC Address Supported Data Rates Transmit Rate Physical Layer Type Regulatory Domain List 802.11b/g Only Parameters Name Wireless Operational Mode Operating Frequency Channel Supported Data Rates Type...
Page 183 Command Line Interface (CLI) Parameter Tables Name Transmit Rate Physical Layer Type Super Mode † Turbo Mode Also for 802.11g-wifi mode. 802.11g-wifi has been defined for Wi-Fi testing purposes; it is not recommended for use in your wireless network environment. †...
Page 184 Command Line Interface (CLI) Parameter Tables Channel Blacklist Parameters Name Wireless Interface Channel Blacklist Table Interface Index Channel Number Radar Detected Elapsed Time (minutes) Blacklist Status Wireless Distribution System (WDS) Parameters Name WDS Table Port Index Status Partner MAC Address Wireless Interface SSID/VLAN/Profile Parameters The Wireless Interface SSID table manages the SSIDs, VLANs, Security Profiles, and RADIUS Profiles associated to each SSID.
Page 185: Management Parameters
Command Line Interface (CLI) Parameter Tables RADIUS MAC Profile RADIUS EAP Profile RADIUS Accounting Profile QoS Policy Wireless Distribution System (WDS) Security Table Parameters The WDS Security Table manages WDS related security objects. Name WDS Security Table Table Index Security Mode Encryption Key 0 Ethernet Interface Parameters Name...
Page 186 Command Line Interface (CLI) Parameter Tables Read/Write Password SNMPv3 Authentication Password SNMPv3 Privacy Password DisplayString User Defined public (default) 6 - 32 characters DisplayString User Defined public (default) 6 - 32 characters DisplayString User Defined public (default) 6 - 32 characters AP-700 User Guide snmprwpasswd snmpv3authpasswd...
Page 187 Command Line Interface (CLI) Parameter Tables HTTP Parameters Name HTTP HTTP Management Interface Bitmask HTTP Password HTTP Port Help Link* SSL Status SSL Certificate Passphrase The help link must be set to an HTTP address. Use the forward slash character ("/") rather than the backslash character ("\") when configur- ing the Help Link location.
Page 188 Command Line Interface (CLI) Parameter Tables Serial Port Parameters Name Serial Baud Rate Data Bits Parity Stop Bits Flow Control RADIUS Based Management Access Parameters The RADIUS Based Management Access parameters allow you to enable HTTP or Telnet Radius Management Access, enable or disable local user access, and configure the local user password.
Page 189 Command Line Interface (CLI) Parameter Tables Auto Configuration Parameters These parameters relate to the Auto Configuration feature which allows an AP to be automatically configured by downloading a specific configuration file from a TFTP server during the boot up process. Name Auto Configuration Auto Configuration Status Integer...
Page 190: Filtering Parameters
Command Line Interface (CLI) Parameter Tables Filtering Parameters Ethernet Protocol Filtering Parameters Name Ethernet Filtering Filtering Interface Bitmask Operation Type Ethernet Filtering Table Identify the different filters by using the table index. Name Ethernet Filtering Table Table Index Protocol Number Protocol Name (optional) DisplayString Status (optional) NOTE: The filter Operation Type (passthru or block) applies only to the protocol filters that are enabled in this table.
Page 191 Command Line Interface (CLI) Parameter Tables Proxy ARP Parameters Name Proxy ARP Status IP ARP Filtering Parameters Name IP ARP Filtering Status IP Address Subnet Mask Broadcast Filtering Table Name Broadcast Filtering Table Table Index Protocol Name Direction Status TCP/UDP Port Filtering The following parameters are used to enable/disable the Port filter feature.
Page 192: Alarms Parameters
Command Line Interface (CLI) Parameter Tables Name Port Number Protocol Name Interface Bitmask Status (optional) Alarms Parameters SNMP Table Host Table Parameters When creating table entries, you may either specifying the argument name followed by argument value. CLI applies default values to the omitted arguments. Due to the nature of the information, the only argument that can be omitted is the “comment”...
Page 193 Command Line Interface (CLI) Parameter Tables Syslog Status Syslog Port Syslog Lowest Priority Logged Heartbeat Status Heartbeat Interval (seconds) NOTE: When Heartbeat is enabled, the AP periodically sends a message to the Syslog server to indicate that it is active. The frequency with which the heartbeat message is sent depends upon the setting of the Heartbeat Interval.
Page 194: Bridge Parameters
Command Line Interface (CLI) Parameter Tables Bridge Parameters Spanning Tree Parameters Name Spanning Tree Spanning Tree Status Bridge Priority Maximum Age Hello Time Forward Delay Spanning Tree Priority and Path Cost Table Name Spanning Tree Table Table Index (Port) Priority Path Cost State Status...
Page 195 Command Line Interface (CLI) Parameter Tables Storm Threshold Table Name Storm Threshold Table Table Index Broadcast Threshold Multicast Threshold Intra BSS Subscriber Blocking The following parameters control the Intra BSS traffic feature, which prevent wireless clients that are associated with the same AP from communicating with each other: Name Intra BSS Traffic...
Page 196: Radius Parameters
Command Line Interface (CLI) Parameter Tables RADIUS Parameters General RADIUS Parameters Name RADIUS Client Invalid Server Address RADIUS Server Configuration Parameters NOTE: Use a server name only if you have enabled the DNS Client functionality. See Resolution. Name RADIUS Authentication Table Index (Profile Index) Primary/Secondary Index Integer...
Page 197: Security Parameters
Command Line Interface (CLI) Parameter Tables Security Parameters MAC Access Control Parameters Name MAC Address Control Status Operation Type MAC Access Control Table Name MAC Address Control Table Table Index MAC Address Comment (optional) Status (optional) Rogue Scan Configuration Table The Rogue Scan Configuration Table allows you to enable or disable Rogue Scan and configure the scanning parameters.
Page 198: Vlan/Ssid Parameters
Command Line Interface (CLI) Parameter Tables Name Hardware Configuration Reset Status Configuration Reset Password VLAN/SSID Parameters Name VLAN Status Management ID Security Profile Table The Security Profile Table allows you to configure security profiles. A maximum of 16 security profiles are supported per wireless interface.
Page 199: Other Parameters
Command Line Interface (CLI) Parameter Tables Other Parameters IAPP Parameters Name IAPP IAPP Status Periodic Announce Interval (seconds) Announce Response Time Handover Time-out Max. Handover Retransmissions Send Announce Request on Startup NOTE: These parameters configure the Inter Access Point Protocol (IAPP) for roaming. Leave these settings at their default value unless a technical representative asks you to change them.
Page 200 Command Line Interface (CLI) Parameter Tables Name Policy Type † Priority Mapping Index Apply QoS Marking Table Row Status QoS must be enabled on the wireless interface before spectralink can be enabled. † A priority mapping needs to be specified for a QoS Policy. The priority mapping depends on the type of policy configured. For Layer 2 policy types (inbound or outbound) a mapping index from the 802.1p to 802.1D table should be specified.
Page 201: Cli Batch File
Command Line Interface (CLI) CLI Batch File QoS Enhanced Distributed Channel Access (EDCA) Parameters The following commands configure the client (STA) and AP Enhanced Distributed Channel Access (EDCA) parameters. The EDCA parameter set provides information needed by the client stations for proper QoS operation during the wireless contention period.
Page 202: Auto Configuration And The Cli Batch File
Command Line Interface (CLI) CLI Batch File executes the CLI commands. Commands that do not require a reboot take effect immediately, while commands that require a reboot (typically commands affecting a wireless interface) will take effect after reboot. Auto Configuration and the CLI Batch File The Auto Configuration feature allows download of the LTV format configuration file or the CLI Batch file.
Page 203 Command Line Interface (CLI) CLI Batch File • Upload and reboot (this option is to be used for a CLI Batch file containing the configuration parameters that require a reboot) CLI Batch File Error Log If there is any error during the execution of the CLI Batch file, the AP will stop executing the file. The AP generates traps for all errors and each trap contains the following information: •...
Page 204: Ascii Character Chart
ASCII Character Chart You can configure WEP Encryption Keys in either Hexadecimal or ASCII format. Hexadecimal digits are 0-9 and A-F (not case sensitive). ASCII characters are 0-9, A-F, a-f (case sensitive), and punctuation marks. Each ASCII character corresponds to two hexadecimal digits. The table below lists the ASCII characters that you can use to configure WEP Encryption Keys.
Page 205: Specifications
Specifications • Software Features • Hardware Specifications • Available Channels • RF Performance Software Features The tables below list the software features available on the AP-700. • Number of Stations per BSS • Management Functions • Advanced Bridging Functions • Medium Access Control (MAC) Functions •...
Page 206: Advanced Bridging Functions
Specifications Software Features Advanced Bridging Functions IEEE 802.1d Bridging WDS Relay Roaming Protocol Filtering Multicast/Broadcast Storm Filtering Proxy ARP TCP/UDP Port Filtering Blocking Intra BSS Clients Packet Forwarding Medium Access Control (MAC) Functions Automatic Channel Selection (ACS) Dynamic Frequency Selection (DFS)* Closed System Feature Wireless Service Shutdown 802.11d Support...
Page 207: Network Functions
Specifications Software Features ‡ Support is provided for a primary and backup RADIUS authentication server for both MAC-based authentication and 802.1x authentication per VLAN. § Use in conjunction with WPA or 802.1x Authentication. Network Functions DHCP Client DHCP Server DHCP Relay Agent and IP Lease Renewal Inter Access Point Protocol (IAPP) Link Integrity System Logging (Syslog)
Page 208: Hardware Specifications
Specifications Hardware Specifications Hardware Specifications Physical Specifications Dimensions (H x W x L) = 6.5 x 18.5 x 26 cm (2.5 x 7.25 x 10.25 in.) Weight = 1.75 Kg (3.5 lb.) Electrical Specifications Voltage = 100 to 240 VAC (50-60 Hz) Current = 0.2 amp Power Consumption = <9 Watts (power supply) Environmental Specifications...
Page 209: Available Channels
Specifications Available Channels Available Channels Available channels vary based on operational mode and country. To verify which channels are available for your product: 1. Locate the product SKU on the underside of your AP unit or on the unit’s box. 2.
Page 210: Rf Performance
Specifications RF Performance RF Performance The following tables show typical AP-700 RF performance values. 802.11a RF Performance Tx Power (dBm)* Receiver Sensitivity (dBm) Antenna Gain (dBi) 0 (integrated diversity antennas; 5.15-5.85 GHz) Values are for FCC-certified products. They may differ for products certified in other regulatory domains. 802.11b/g RF Performance Tx Power (dBm)* Receiver Sensitivity (dBm)
Page 211: D Technical Support
• List of ORiNOCO software versions installed – Check the HTTP interface’s – Include the source of the software version (e.g., pre-loaded on unit, installed from CD, downloaded from Proxim Web site, etc.) • Information about your network – Network operating system (e.g., Microsoft Networking); include version information –...
Page 212: Telephone Support
Technical Support Telephone Support Submit a Knowledgebase question or open an issue at: <http://support.proxim.com/cgi-bin/proxim.cfg/php/enduser/ask.php>. email. NOTE: The Knowledgebase is available to all website visitors. First-time users will be asked to create an account to gain access. Telephone Support Contact technical support by phone 24 hours a day, seven days a week.
Page 213: E Statement Of Warranty
The express warranties set forth in this Agreement will not apply to defects in a Product caused; (i) through no fault of Proxim during shipment to or from Buyer, (ii) by the use of software other than that provided with or installed in the...
Page 214: Other Information
Calls to the Customer Service Center for reasons other than Product failure will not be accepted unless Buyer has purchased a Proxim Service Contract or the call is made within the first thirty (30) days of the Product’s invoice date.
Page 215: Regulatory Compliance
Regulatory Compliance NOTE: Please read this section before installing and using your product, and save these instructions. Visit http://support.proxim.com This section contains important regulatory compliance information and details for the following products: Product ORiNOCO Access Point AP-700 Please see the following sections for more information: •...
Page 216: Safety Information (Usa, Canada, & European Union)
Regulatory Compliance Safety Information (USA, Canada, & European Union) Safety Information (USA, Canada, & European Union) This product has been evaluated to, and complies with, the Safety requirements of UL60950:2000, and IEC60950:1999; the Standards for the Safety of Information Technology Equipment. When using this device, basic safety precautions should always be followed to reduce the risk of fire, electric shock and injury to persons, including the following: •...
Page 217: Federal Communications Commission (Fcc)
Regulatory Compliance AP-700 User Guide Federal Communications Commission (FCC) Federal Communications Commission (FCC)
Page 218: Warnings
Regulatory Compliance Federal Communications Commission (FCC) Warnings This equipment generates, uses, and can radiate radio frequency energy; and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.
Page 219: Industry Canada (Ic)
Regulatory Compliance AP-700 User Guide Industry Canada (IC) Industry Canada (IC)
Page 220: European Union
Regulatory Compliance European Union European Union NOTE: European Union includes the following countries: Austria, Belgium, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom; DoC also applies to Iceland, Liechtenstein, Norway, and Switzerland.
Page 221: Regulatory Compliance Certifications Summary
Regulatory Compliance Regulatory Compliance Certifications Summary Regulatory Compliance Certifications Summary Country Australia & New Zealand Brazil Canada China European Union* India Japan Mexico Saudi Arabia Singapore South Korea Taiwan United Arab Emirates European Union includes the following countries: Austria, Belgium, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom;...

Proxim ORiNOCO AP-700 User Manual

1 Introduction

2 Installation and Initialization

3 System Status

4 Advanced Configuration

5 Monitoring

6 Commands

7 Troubleshooting

A Command Line Interface (CLI)

B ASCII Character Chart

C Specifications

D Technical Support

E Statement of Warranty

F Regulatory Compliance

Quick Links

Troubleshooting

Need help?

Questions and answers

Related Manuals for Proxim ORiNOCO AP-700

Summary of Contents for Proxim ORiNOCO AP-700

Table of Contents