Proxim ORiNOCO AP-700 User's Manual
Contents
1. Name Type Value Access CLI Parameter Wireless Interface Table wifchblklisttbl R wdstbl Channel Blacklist Table Interface Index Integer 3 R ifindex Channel Number Integer Depends on regulatory R channel domain Radar Detected TruthValue True R radardetected False Elapsed Time minutes Gauge32 0 32 R elapsetime Blacklist Status ObjStatus enable RW status disable Wireless Distribution System WDS Parameters Name Type Value Access CLI Parameter WDS Table Table N A R wdstbl Port Index Integer 3 1 3 6 Wireless R portindex Status Integer enable disable RW status Partner MAC Address PhysAddress User Defined RW partnermacaddr Wireless Interface SSID VLAN Profile Parameters The Wireless Interface SSID table manages the SSIDs VLANs Security Profiles and RADIUS Profiles associated to each SSID For configuration examples see Configure SSIDs Network Names VLANs and Profiles Name Type Value Access CLI Parameter Wireless Interface SSID Table N A R wifssidtbl Table Table Index Integer Wireless interface 3 R index Table Index Integer32 1 16 SSID index R ssidindex SSID DisplayString 2 32 characters RW ssid Broadcast SSID Integer enable R W bcastbeaconssid disable Closed System Integer enable R W denybcastprobereq disable VLAN ID Vlanld 1 4094 or untagged RW vlanid Rekeying Interval Integer32 0 disabled R W reykeyint 300 65535 Table2. RW turbo Super mode must be enabled on the wireless interface before Turbo mode can be enabled 181 Command Line Interface CLI Parameter Tables AP 700 User Guide 802 11b Only Parameters Name Operating Frequency Channel Type Integer Value 1 14 available channels vary by regulatory domain country see Available Channels Access RW CLI Parameter channel Multicast Rate Integer 1 Mbits sec 1 2 Mbits sec 2 default 5 5 Mbits sec 3 11 Mbits sec 4 RW multrate Closed Wireless System MAC Address Integer PhyAddress enable disable default 12 hex digits RW closedsys macaddr Supported Data Rates Octet String 1 Mbits sec 2 Mbits sec 5 5 Mbits sec 11 Mbits sec suppdatarates Transmit Rate Integer32 0 auto fallback default 1 Mbits sec 2 Mbits sec 5 5 Mbits sec 11 Mbits sec RW txrate Physical Layer Type Integer dsss direct sequence spread spectrum for 802 11b phytype Regulatory Domain List DisplayString U S Canada FCC Europe ETSI Japan TELEC regdomain 802 11b g Only Parameters Name Type Value Access CLI Parameter Wireless Operational Mode Integer dot11b only dot11g only dot11bg default RW mode Operating Frequency Channel Integer 1 14 available channels vary by regulatory domain country see Available C
3. Disable the associated BSS ports on that interface Disable the transmission and reception of frames on that interface e Indicate the wireless service shutdown status of the wireless interface through LED and traps Enable Ethernet interface so that it can receive a wireless service resume command through CLI HTTP SNMP interface NOTE WSS disables BSS ports NOTE The wireless service cannot be shutdown on an interface where Rogue Scan is enabled In shutdown state AP will not transmit and receive frames from the wireless interface and will stop transmitting periodic beacons Moreover none of the frames received from the Ethernet interface will be forwarded to that wireless interface Wireless service on a wireless interface of the AP can be resumed through CLI HTTP SNMP management interface When wireless service on a wireless interface is resumed the AP will Enable the transmission and reception of frames on that wireless interface Enable the associated BSS port on that interface e Start the AP services to wireless clients e Indicate the wireless service resume status of the wireless interface through LED and traps After wireless service resumes the AP resumes beaconing transmitting and receiving frames to from the wireless interface and bridging the frames between the Ethernet and the wireless interface 52 Advanced Configuration AP 700 User Guide Interfaces Traps Generated During Wireless Service Shutdown a
4. gt Display commands that start with specified letters Example 2 Device Name gt s Display parameters for set and show Commands Examples 3a and 3b Device Name Device Name gt set gt show ipa Prompt to enter successive parameters for Commands Example 4 Device Name gt download Example 1 Display Command list To display the Command List enter 151 Command Line Interface CLI CLI Command Types AP 700 User Guide Device Name gt Device Name 1 gt show set download upload reboot passwd help quit done exit history search Device Namel gt _ Figure A 3 Result of CLI command Example 2 Display specific Commands To show all commands that start with specified letters enter one or more letters then with no space between letters and Device Name gt s Device Namel gt s show set search Figure A 4 Result of s CLI command Example 3 Display parameters for set and show Example 3a allows you to see every possible parameter for the set or show commands Notice from example 3a that the list is very long Example 3b shows how to display a subset of the parameters based on initial parameter letters Example 3a Display every parameter that can be changed Device Name gt set Device Namel gt set Command Description The set command modifies the value of a given scalar pa
5. 1 Click Commands gt Update AP gt via HTTP Update AP A Remeve File A Reboot A Reset A Help Link A via TFTP via HTTP 1 This page is used to update software images and configuration files in the Access Point using HTTP file transter Check on the browse button to search for the file or enter the path in the text box Select the file type and click the Update AP button to start the file transfer Note if you are updating the AP with a configuration file an image or CLI batch file the access point will require a reboot in order for the changes to take effect System Information Sofware Version Boot Loader Version File Type Image File Name Browse Update AP Cancel Figure 2 13 Update AP via HTTP Command Screen 2 From the File Type drop down menu select Image Use the Browse button to locate or manually type in the name of the file including the file extension the file you downloaded from the Proxim Knowledgebase If typing the file name you must include the full path and the file extension in the file name text box To initiate the HTTP Update operation click the Update AP button A warning message is displayed that advises the user that a reboot of the device will be required for changes to take effect 30 Installation and Initialization AP 700 User Guide Initialization Microsoft Internet Explorer o x You are updating Image file to the AP You will need to reboot the de
6. Encryption keys change periodically based on the Re keying Interval parameter WPA uses 128 bit encryption keys Dynamic Key distribution The AP generates and maintains the keys for its clients The AP securely delivers the appropriate keys to its clients Client server mutual authentication 802 1x Pre shared key for networks that do not have an 802 1x solution implemented The AP supports the following WPA security modes WPA The AP uses 802 1x to authenticate clients and TKIP for encryption You should only use an EAP that supports mutual authentication and session key generation such as EAP TLS EAP TTLS and PEAP See 802 1x Authentication for details WPA PSK Pre Shared Key For networks that do not have 802 1x implemented you can configure the AP to authenticate clients based on a Pre Shared Key This is a shared secret that is manually configured on the AP and each of its clients The Pre Shared Key must be 256 bits long which is either 64 hexadecimal digits or 32 alphanumeric characters The AP also supports a PSK Pass Phrase option to facilitate the creation of the TKIP Pre Shared Key so a user can enter an easy to remember phrase rather than a string of characters 802 11i also known as WPA2 The AP provides security to clients according to the 802 11i draft standard using 802 1x authentication a CCMP cipher based on AES and re keying 802 11i PSK also known as WPA2 PSK The AP uses a CCMP ciphe
7. complete the show command Device Name 1 gt Figure A 8 Results of help CLI command 2 Complete command description and command usage can be provided by Device Name gt help lt command name gt Device Name gt lt command name gt help history Shows content of Command History Buffer The Command History Buffer stores command statements entered in the current session To avoid re entering long command statements use the keyboard up arrow Ctrl P and down arrow Ctrl N keys to recall previous statements from the Command History Buffer When the desired statement reappears press the Enter key to execute or you may edit the statement before executing it Device Name gt history passwd Changes the CLI Password Device Name gt passwd oldpassword newpassword newpassword 154 Command Line Interface CLI AP 700 User Guide CLI Command Types reboot Reboots Access Point after specified number of seconds Specify a value of 0 zero for immediate reboot Device Name gt reboot 0 Device Name gt reboot 30 search Lists the parameters supported by the specified table This list corresponds to the table information displayed in the HTTP interface In this example the CLI returns the list of parameters that make up an entry in the IP Access Table Device Name gt search mgmtipaccesstbl Device Name gt search mgmtipaccesstbl The supported elements are index ipaddr
8. 164 Command Line Interface CLI Other Network Settings AP 700 User Guide NOTE See Advanced Configuration for more information on these settings Configure the AP as a DHCP Server Configure the DNS Client Configure DHCP Relay and Configure DHCP Relay Servers Maintain Client Connections using Link Integrity Change your Wireless Interface Settings Set Ethernet Speed and Transmission Mode Set Interface Management Services Configure Wireless Distribution System Configure MAC Access Control Set RADIUS Parameters Set Rogue Scan Parameters Set Hardware Configuration Reset Parameters Set VLAN SSID Parameters Set Security Profile Parameters Configure the AP as a DHCP Server NOTE You must have at least one entry in the DHCP Server IP Address Pool Table before you can set the DHCP Server Status to Enable Device Name gt set dhcpstatus disable Device Nam Device Nam Device Nam Device Nam Device Name gt set dhcpippooltbl 0 startipaddr lt start ip address gt endipaddr lt end ip address gt gt set dhcpgw lt gateway ip address gt gt set dhcpstatus enable gt reboot 0 e e gt set dhcppridnsipaddr lt primary dns ip address gt Device Name gt set dhcpsecdnsipaddr lt secondary dns ip address gt e e CAUTION Before enabling this feature confirm that the IP address pools you have configured are valid addresses on the network and do not overlap the addresses assigned by any o
9. QoS Profile 1 Status enacts z OK Cancel D Figure 4 45 SSID VLAN Edit Entries Screen VLAN Tagging Enabled 4 Enter a unique Network Name SSID between 1 and 32 characters This parameter is mandatory NOTE Do not use quotation marks single or double in the Network Name this will cause the AP to misinterpret the name 5 Enter a unique VLAN ID This parameter is mandatory e AVLAN ID is a number from 1 to 4094 A value of 1 means that an entry is untagged e You can set the VLAN ID to 1 or untagged if you do not want clients that are using a specific SSID to be members of a VLAN workgroup Only one untagged VLAN ID is allowed per interface The VLAN ID must match an ID used by your network contact your network administrator if you need assistance defining the VLAN IDs 6 Enable or disable the SSID Authorization status from the drop down menu SSID Authorization is the RADIUS based authorization of the SSID for a particular client The authorized SSIDs are sent as the tunnel attributes 117 Advanced Configuration AP 700 User Guide SSID VLAN Security 7 Enable or disable RADIUS accounting on the VLAN SSID under the Accounting Status drop down menu 8 Enable or disable RADIUS MAC authentication status on the VLAN SSID under the RADIUS Authentication Status drop down menu 9 Enable or disable MAC Access Control List status on the VLAN SSID under the MAC ACL Status drop down menu 10
10. Syntax Device Name gt set lt parameter name gt lt parameter value gt Example Device Name gt set ipaddr 10 0 0 12 IP Address will be changed when you reboot the Access Point The CLI reminds you when rebooting is required for a change to take effect To reboot immediately enter reboot 0 zero at the CLI prompt Example 2 Create a table entry or row Use 0 zero as the index to a table when creating an entry When creating a table row only the mandatory table elements are required comment is usually an optional table element For optional table elements the default value is generally applied if you do not specify a value Syntax Device Name gt set lt table name gt lt table index gt lt element 1 gt lt value 1 gt lt element n gt lt value n gt Example Device Name gt set mgmtipaccesstbl 0 ipaddr 10 0 0 10 ipmask 255 255 0 0 A new table entry is created for IP address 10 0 0 10 with a 255 255 0 0 subnet mask Example 3 Modify a table entry or row Use the index to be modified and the table elements you would like to modify For example suppose the IP Access Table has one entry and you wanted to modify the IP address Device Name gt set mgmtipaccesstbl 1 ipaddr 10 0 0 11 You can also modify several elements in the table entry Enter the index number and specific table elements you would like to modify Hint Use the search Command to see the elements that belong to the table Device Name
11. ORINOCO AP 700 Access Point User Guide lt EEA pro gt lt im WIRELESS NETWORKS AP 700 User Guide Copyright 2005 Proxim Corporation All rights reserved Covered by one or more of the following U S patents 5 231 634 5 875 179 6 006 090 5 809 060 6 075 812 5 077 753 This user s guide and the software described in it are copyrighted with all rights reserved No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language in any form by any means without the written permission of Proxim Corporation Trademarks ORiNOCO is a registered trademark and Proxim and the Proxim logo are trademarks of Proxim Corporation Acrobat Reader is a registered trademark of Adobe Systems Incorporated Ekahau is a trademark of Ekahau Inc HyperTerminal is a registered trademark of HilGraeve Incorporated Microsoft and Windows are a registered trademarks of Microsoft Corporation Netscape is a registered trademark of Netscape Communications Corporation SolarWinds is a registered trademark of SolarWinds net All other trademarks mentioned herein are the property of their respective owners OpenSSL License Note This product contains software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org and that is subject to the following copyright and conditions Copyright c 1998 2002 The OpenSSL Project All rig
12. Syslog Status Integer enable RW syslogstatus disable default Syslog Port Octet String 514 R syslogport Syslog Lowest Priority Integer 1 7 RW syslogpritolog Logged 1 LOG_ALERT 2 LOG_CRIT 3 LOG_ERR 4 LOG_WARNING 5 LOG_NOTICE 6 LOG_INFO default 7 LOG_DEBUG Heartbeat Status Integer enable 1 RW sysloghbstatus disable 2 default Heartbeat Interval Integer 1 604800 seconds RW sysloghbinterval seconds 900 sec default NOTE When Heartbeat is enabled the AP periodically sends a message to the Syslog server to indicate that it is active The frequency with which the heartbeat message is sent depends upon the setting of the Heartbeat Interval Syslog Host Table The table described below configures the Syslog hosts that will receive message from the AP You can configure up to ten Syslog hosts Name Type Value Access CLI Parameter Syslog Host Table Table N A R sysloghosttbl Table Index Integer 1 10 N A index IP Address IpAddress User Defined RW ipaddr Comment optional DisplayString User Defined RW cmt Status optional Integer enable RW status disable delete 193 Command Line Interface CLI Parameter Tables AP 700 User Guide Bridge Parameters Spanning Tree Parameters Name Type Value Access CLI Parameter Spanning Tree Group N A R stp Spanning Tree Status Integer
13. Telnet Login Idie Timeout seconds Telnet Session Idle Timeout seconds SSH Secure Shell Status SSH Host Key Status SSH Host Key FingerPrint Serial Baud Rale Serial Flow Control Serial Dala Bits Serial Parity Serial Stop Bils HTTP RADIUS Access Control Status Telnet RADIUS Access Control Status Racius Profile for Management Access Control Local User Status Local User Password 6 32 characters Confirm Password Figure 4 17 Management Services Configuration Screen 61 Advanced Configuration AP 700 User Guide Management Telnet Configuration Settings Telnet Interface Bitmask Select the interface Ethernet Wireless All Interfaces from which you can manage the AP via telnet This parameter can also be used to Disable telnet management Telnet Port Number The default port number for Telnet applications is 23 However you can use this field if you want to change the Telnet port for security reasons but your Telnet application also must support the new port number you select You must reboot the Access Point if you change the Telnet Port Telnet Login Idle Timeout seconds Enter the number of seconds the system will wait for a login attempt The AP terminates the session when it times out The range is 30 to 300 seconds the default is 60 seconds Telnet Session Idle Timeout seconds Enter the number of seconds the system will wait during a session while there is no activity The AP will te
14. This tab is used to reset the access point configuration to factory default values Warning Resetting the access point to its factory default configuration will cause all changes that have Deon made to the unit to bo permanently fost The access point will reboot once this function is executed Reset to Factory Default Figure 6 12 Reset to Factory Defaults Command Screen NOTE The AP may also be reset from the RESET button located on the side of the unit However this action will not reset the unit to factory default settings 136 Commands AP 700 User Guide Help Link Help Link Use the Help tab to configure the location of the AP Help files During initialization the AP on line help files are downloaded to the default location C Program Files ORINOCO AP700 HTML index htm To enable the Help button on each page of the Web interface to access the help files however copy the entire Help folder to a web server then specify the new HTTP path in the Help Link box NOTE The configured Help Link must point to an HTTP address in order to enable the Help button on each page of the Web interface NOTE Use the forward slash character rather than the backslash character when configuring the Help Link location NOTE Add the AP s management IP address into the Internet Explorer list of Trusted Sites Update AP Retrieve File Reboot Reset Help Link This tab is used to configure the location of access point
15. extending the network over a larger area 103 Advanced Configuration AP 700 User Guide SSID VLAN Security DCHP A AP Management Wired Host SNMP HTTP CU VLAN Aware Switch IEEE 802 10 Uplink Figure 4 36 Components of a Typical VLAN VLAN Workgroups and Traffic Management Access Points that are not VLAN capable typically transmit broadcast and multicast traffic to all wireless Network Interface Cards NICs This process wastes wireless bandwidth and degrades throughput performance In comparison a VLAN capable AP is designed to efficiently manage delivery of broadcast multicast and unicast traffic to wireless clients The AP assigns clients to a VLAN based on a Network Name SSID The AP can support up to 16 SSIDs with a unique VLAN configurable per SSID The AP matches packets transmitted or received to a network name with the associated VLAN Traffic received by a VLAN is only sent on the wireless interface associated with that same VLAN This eliminates unnecessary traffic on the wireless LAN conserving bandwidth and maximizing throughput In addition to enhancing wireless traffic management the VLAN capable AP supports easy assignment of wireless users to workgroups In a typical scenario each user VLAN represents a workgroup for example one VLAN could be used for an EMPLOYEE workgroup and the other for a GUEST workgroup In this scenario the AP would assign every packet it accepted to
16. stat802 11 Displays additional statistics for the wireless interfaces statethernet Displays additional statistics for the Ethernet interface statmss Displays station statistics and Wireless Distribution System links Parameter Tables Objects contain groups that contain both parameters and parameter tables Use the following Tables to configure the Access Point Columns used on the tables include Name Parameter Group or Table Name Type Data type Value Value range and default value if any Access access type R Read Only show RW Read Write can be set W Write Only CLI Parameter Parameter name as used in the Access Point Access Point network objects are associated with Groups The network objects are listed below and associated parameters are described in the following Parameter Tables System Parameters Access Point system information Inventory Management Information Hardware firmware and software version information Network Parameters IP and Network Settings IP Configuration Parameters Configure the Access Point s IP settings DNS Client for RADIUS Name Resolution Configure the Access Point as a DNS client DHCP Server Parameters Enable or disable dynamic host configuration SNTP Parameters Configure Link Integrity Parameters Monitor link status Interface Parameters Configure Wireless and Ethernet settings Wireless Interface Parameters Channel Blackli
17. 17 18 18 18 18 18 18 18 20 20 20 20 Receiver Sensitivity dBm 70 73 79 82 85 88 90 91 89 91 92 93 Antenna Gain dBi 1 integrated diversity antenna module 2 4 2 5 GHz Values are for FCC certified products They may differ for products certified in other regulatory domains 210 AP 700 User Guide Technical Support If you are having a problem using an AP and cannot resolve it with the information in Troubleshooting gather the following information and contact your local reseller List of ORINOCO products installed on your network include the following Product names and quantity Part numbers P N Serial numbers S N List of ORINOCO software versions installed Check the HTTP interface s Version tab click on Monitor gt Version Include the source of the software version e g pre loaded on unit installed from CD downloaded from Proxim Web site etc Information about your network Network operating system e g Microsoft Networking include version information Protocols used by network e g TCP IP NetBEUI IPX SPX AppleTalk Ethernet frame type e g 802 3 Ethernet II if known IP addressing scheme include address range and whether static or DHCP Network speed and duplex 10 or 100 Mbits sec full or half duplex Type of Ethernet device that the Access Points are connected to e g A
18. 3 Select a Packet Forwarding Interface Port from the drop down menu You can redirect traffic to Ethernet A WDS connection see Wireless Distribution System WDS for details Any traffic is redirected to a port based on the bridge learning process 4 Click OK to save your changes 89 Advanced Configuration AP 700 User Guide Qos QoS Wireless Multimedia Extensions WME Quality of Service QoS The AP supports Wireless Multimedia Enhancements which defines an intermediate solution for QoS functionality until the IEEE 802 11e specification is formally approved WME is based on a subset of the 802 11e standard and defines enhancements to the MAC for wireless LAN applications with Quality of Service requirements which include transport of voice traffic over IEEE 802 11 wireless LANs The enhancement are in the form of changes in protocol frame formats addition of new fields and information elements addition of new messages definition of new protocol actions channel access mechanisms differentiated control of access to medium and network elements Q0S WME aware APs STAs and configuration management WME supports Enhanced Distributed Channel Access EDCA for prioritized QoS services The WME QoS feature can be enabled or disabled For more information on QoS see Technical Bulletin 69504 Revision 2 at lt http keygen proxim com support orinoco tb tb69504_3wmm pdf gt Enabling QoS and Adding QoS polic
19. AP and proceeds to prevent the Rogue AP attack by blocking this switch s port Multi Band Scanning Rogue Scan detects Rogue stations in all bands i e 2 4 GHz and 5 GHz for interfaces that support 802 11a g multi band operation During Rogue Scan the AP scans every channel in its configured regulatory domain the AP scans both the 2 4 GHz and 5 GHz bands for wireless interfaces supporting 802 11a g multi band operation APs can be detected either by active scanning using 802 11 probe request frames or passively by detecting periodic beacons or both Wireless clients are detected by monitoring 802 11 connection establishment messages such as association authentication messages or data traffic to or from the wireless clients There are two scanning modes available per wireless interface continuous scanning mode and background scanning mode Continuous Scanning Mode The continuous scanning mode is a dedicated scanning mode where the wireless interface performs scanning alone and does not perform the normal AP operation of servicing client traffic In continuous scanning mode the AP scans each channel for a channel scan time of one second and then moves to the next channel in the scan channel list With a channel scan time of one second the scan cycle time will take less than a minute one second per channel Once the entire scan channel list has been scanned the AP restarts scanning from the beginning of the scan channel list Backgroun
20. Ethernet The number of frames for which reception fails due to an internal MAC sublayer transmit error A frame is only counted if it is not counted by the Frames Too Long Alignment Error or FCS Error counters Internal MAC Transmit Errors Ethernet The number of frames for which transmission fails due to an internal MAC sublayer transmit error A frame is only counted if it is not counted by Late Collission Excession Collision or Carrier Sense Error counters Last Change Ethernet Wireless The value of the sysUpTime object at the time the interface entered its current operational state Late Collisions Ethernet The number of times that a collision is detected on a particular interface later than 512 bit times into the transmission of a packet MAC Address Wireless The station s assigned unique MAC address Maximum Packet Size Ethernet Wireless The size in octets of the largest datagram which can be sent received MIB Specific Definition Ethernet Wireless A reference to MIB definitions specific to the particular media being used to realize the interface For example if the interface is an Ethernet interface then this field refers to a document defining objects specific to ethernet Multicast Received Frame Count Wireless The number of multicast packets received Multicast Transmitted Frame Count Wireless The number of multicast packets transmitted Multiple Collision Frames Ethernet The number of successfully transmi
21. For professional site surveyors Ekahau Site Survey software is included in the Xtras folder of the Installation CD An AP can only communicate with client devices that support its wireless standard All Access Points must have the same Network Name to support client roaming All workstations with an 802 11 client adapter installed must use either a Network Name of any or the same Network Name as the Access Points that they will roam between If an AP has Closed System enabled a client must have the same Network Name as the Access Point to communicate see Broadcast SSID and Closed System All Access Points and clients must have matching security settings to communicate The Access Points cells should overlap to ensure that there are no gaps in coverage and to ensure that the roaming client will always have a connection available To ensure optimal AP placement Proxim recommends having a professional site survey done To facilitate the automation of this placement site surveyors may use the Ekahau Site Survey software included in the Xtras folder of the Installation CD An 802 11a or 802 11b g AP operates at faster data rates than the 802 11b AP 802 11a and 802 11g products operate at speeds of up to 54 Mbits sec 802 11b products operate at speeds of up to 11 Mbits sec All Access Points in the same vicinity should use a unique independent channel By default the AP automatically scans for available channels during boot up but yo
22. Perform the following command to enable 802 11d IEEE 802 11d support for additional regulatory domains Device Name gt set wif 3 dotlldstatus lt enable disable gt Perform the following command to set a country code Device Name gt set syscountrycode lt country code gt Select a country code from the following table Note that not all countries are available for all products This table is derived from ISO 3166 Country Code Country Code Country Code Algeria DZ Honduras HN Panama PA Albania AL Hong Kong HK Papua New Guinea PG Argentina AR Hungary HU Peru PE Armenia AM Iceland IS Philippines PH Australia AU India IN Poland PL Austria AT Indonesia ID Portugal PT Azerbaijan AZ Ireland 5 8 GHz 11 Puerto Rico PR Bahrain BH Israel IL Qatar QA Belarus BY Italy IT Romania RO Belgium BE Jamaica JM Russia RU Belize BZ Japan JP Samoa WS Bolivia BO Japan2 J2 Saudi Arabia SA Brazil BR Jordan JO Singapore SG Brunei Darussalam BN Kazakhstan KZ Slovak Republic SK Bulgaria BG North Korea KP Slovenia SI Canada CA Korea Republic KR South Africa ZA Chile CL Korea Republic2 K2 South Korea KR 162 Command Line Interface CLI AP 700 User Guide Set Basic Configuration Parameters using CLI Commands Country Code Country Code Country Code China CN Kuwait KW Spain ES Colombia CO Latvia LV Sweden SE Costa Rica CR Leba
23. The Automatic Configuration Screen appears 2 Check Enable Auto Configuration When the AP is Configured with Dynamic IP the DHCP server should be configured with the TFTP Server IP address Boot Server Host Name option 66 and Configuration file Bootfile name option 67 as follows note that this example uses a Windows 2000 server 3 Select DHCP Server gt DHCP Option gt Scope The DHCP Options Scope Screen appears 66 Advanced Configuration AP 700 User Guide Management Scope Options 064 NIS Domain Name The name of 065 NIS Servers A list of IP ac O 067 Bootfile Name Figure 4 20 DHCP Options Setting the Boot Server Host Name 4 Add the Boot Server Hostname and Boot Filename parameters to the Active Options list 5 Set the value of the Boot Server Hostname Parameter to the hostname or IP Address of the TFTP server For example 11 0 0 7 Scope Options O 064 NIS Domain Name The name of O 065 NIS Servers A list of IP ac O 066 Boot Server Host Name Figure 4 21 DHCP Options Setting the Bootfile Name 6 Set the value of the Bootfile Name parameter to the Configuration filename For example AP Config 7 If using Syslog set the Log server IP address option 7 Log Servers 8 Reboot the AP When the AP reboots it receives the new configuration information and must reboot one additional time If a Syslog server was configured the following messages can be observed on the
24. This method of power control is considered to be an interim way of controlling the transmit power of 802 11d enabled clients in lieu of implementation of 802 11h The Transmit Power Control feature lets the user configure the transmit power level of the wireless interface at one of four levels e 100 of the maximum transmit power level defined by the regulatory domain e 50 e 25 e 12 5 When Transmit Power Control is enabled the transmit power level of the card in the AP is set to the configured transmit power level The power level is advertised in Beacon and Probe Response frames as the 802 11d maximum transmit power level When an 802 11d enabled client learns the regulatory domain related information from Beacon and Probe Response frames it learns the power level advertised in Beacon and Probe response frames as the maximum transmit power of the regulatory domain and configures itself to operate with that power level As a result the transmit power level of the BSS is configured to the power level set in the AP assuming that the BSS has only 802 11d enabled clients and an 802 11d enabled AP Configuring TX Power Control 1 Click Configure gt Interfaces gt Operational Mode Select Enable Transmit Power Control 2 3 Select the transmit power level for the wireless interface from the Wireless A Transmit Power Level drop down menu 4 Click OK 48 Advanced Configuration AP 700 User Guide Interfaces Wireles
25. When a client enters a regulatory domain it passively scans to learn at least one valid channel i e a channel upon which it detects IEEE Standard 802 11 frames The beacon frame contains information on the country code the maximum allowable transmit power and the channels to be used for the regulatory domain The same information is transmitted in probe response frames in response to a client s probe requests Once the client has acquired the information required to meet the transmit requirements of the regulatory domain it configures itself for operation in the regulatory domain The Wireless NIC determines the regulatory domain the AP is operating in If the AP has dual Wireless NICs the NIC in Slot A determines the regulatory domain Depending on the regulatory domain a default country code is chosen that is transmitted in the beacon and probe response frames Configuring 802 11d Support Perform the following procedure to enable 802 11d support and select the country code 1 Click Configure gt Interfaces gt Operational Mode 2 Select Enable 802 11d 47 Advanced Configuration AP 700 User Guide Interfaces 3 Select the Country Code from the ISO IEC 3166 1 CountryCode drop down menu 4 Click OK 5 Configure Transmit Power Control and transmit power level if required TX Power Control Transmit Power Level Transmit Power Control uses standard 802 11d frames to control transmit power within an infrastructure BSS
26. Wired Mask FF FF FF FF FF FF Wireless MAC Address 00 00 00 00 00 00 Wireless Mask 00 00 00 00 00 00 Result The Access Point does not forward any packets that have a destination address of 01 00 5E 00 32 4B to the wireless network Advanced You can configure the following advanced filtering options Enable Proxy ARP Place a check mark in the box provided to allow the Access Point to respond to Address Resolution Protocol ARP requests for wireless clients When enabled the AP answers ARP requests for wireless stations without actually forwarding them to the wireless network If disabled the Access Point will bridge ARP requests for wireless clients to the wireless LAN Enable IP ARP Filtering Place a check mark in the box provided to allow IP ARP filtering based on the IP ARP Filtering Address and IP Mask Leave the box unchecked to prevent filtering If enabled you should also configure the IP ARP Filtering Address and IP ARP IP Mask IP ARP Filtering Address Enter the Network filtering IP Address IP ARP IP Mask Enter the Network Mask IP Address The following protocols are listed in the Advanced Filter Table Deny IPX RIP Deny IPX SAP Deny IPX LSP Deny IP Broadcasts Deny IP Multicasts The AP can filter these protocols in the wireless to Ethernet direction the Ethernet to wireless direction or in both directions Click Edit and use the Status field to Enable or Disable the filter TCP UDP Port Port bas
27. and the website of the client Clients Version Website OpenSSH V3 4 2 http www openssh com Putty Rel 0 53b http www chiark greenend org uk Zoc 5 00 http www emtec com Axessh V2 5 http www labf com For key generation OpenSSH client has been verified Configuring SSH Perform the following procedure to set the SSH host key and enable or disable SSH 1 Click Configure gt Management gt Services 2 Select the SSH Host Key Status from the drop down menu NOTE SSH Host Key Status can not be changed if SSH status or Secure Management is enabled 3 To enable disable SSH select Enable Disable from the SSH Secure Shell Status drop down menu 62 Advanced Configuration AP 700 User Guide Management NOTE When Secure Management is enabled on the AP SSH will be enabled by default and cannot be disabled Host keys must either be generated externally and uploaded to the AP see Uploading Externally Generated Host Keys generated manually or auto generated at the time of SSH initialization if SSH is enabled and no host keys are present There is no key present in an AP that is in a factory default state To manually generate or delete host keys on the AP CAUTION SSH Host key creation may take 3 to 4 minutes during which time the AP may not respond Select Create to generate a new pair of host keys Select Delete to remove the host keys from the AP If no host keys are present the AP
28. gt set mgmtipaccesstbl 1 ipaddr 10 0 0 12 ipmask 255 255 255 248 cmt First Row Example 4 Enable Disable or Delete a table entry or row The following example illustrates how to manage the second entry in a table Syntax Device Name gt set lt Table gt index status lt enable disable delete gt Device Name gt set lt Table gt index status lt l enable 2 disable 3 delete gt Example Device Nam Device Nam Device Nam Device Nam gt set mgmtipaccesstbl 2 status enable gt set mgmtipaccesstbl 2 status disable gt set mgmtipaccesstbl 2 status delete gt set mgmtipaccesstbl 2 status 2 NOTE You may need to enable a disabled table entry before you can change the entry s elements 157 Command Line Interface CLI CLI Command Types AP 700 User Guide Example 5 Show the Group Parameters This example illustrates how to view all elements of a group or table Syntax Device Name gt show lt group name gt Example Device Name gt show network The CLI displays network group parameters Note show network and show ip return the same data Device Namel gt show network IP Network Group Parameters ipaddr 18 0 0 1 ipsubmask 255 0 0 0 ipgw 10 6 B 1 ipttl 64 ipaddrt ype static Device Name 1 gt show ip IP Network Group Parameters ipaddr 16 6 6 1 ipsubmask s 255 0 0 0 ipgw 5 10 0 B 1 ipttl 64 ipaddrt ype static Device Namel gt _ Figur
29. press the Ok button 802 10 Priority 802 1p Pnonty 0 UI l OF i Cancel i Figure 4 31 Add Priority Mapping Entry Select the 802 1p Priority from 0 7 for 802 1d Priorities 0 7 Click OK Click Add in the IP Precedence DSCP ranges and 802 1d Priority table Select the IP DSCP Range for each 802 1d Priority Click OK NOTE Changes to Priority Mapping require a reboot of the AP to take effect NO BW Enhanced Distributed Channel Access EDCA WME uses Enhanced Distributed Channel Access a prioritized CSMA CA access mechanism used by WME enabled clients AP in a WME enabled BSS to realize different classes of differentiated Channel Access Awireless Entity is defined as all wireless clients and APs in the wireless medium contending for the common wireless medium EDCA uses a separate channel access function for each of the Access Categories Index within a wireless entity Each channel access function in a wireless entity that contends for the wireless medium as if it were a separate client contending for the wireless medium Different channel access functions in a given Wireless Entity contend among themselves for access to the wireless medium in addition to contending with other clients STA EDCA Table and AP EDCA Table This page is used to configure the client STA and AP Enhanced Distributed Channel Access EDCA parameters The EDCA parameter set provides information needed by the client stations for p
30. vlanid lt 1 to 1094 gt ssidauth lt enable disable gt acctstatus lt enable disable gt secprofile lt Security Profile Nmuber gt radmacprofile lt MAC Authentication Profile Name gt radeapprofile lt EAP Authentication Profile Name gt radacctprofile lt Accounting Profile Name gt radmacauthstatus lt enable disable gt aclstatus lt enable disable gt 163 Command Line Interface CLI AP 700 User Guide Other Network Settings Example Device Name gt set wifssidtbl 3 1 ssid accessptl vlanid 22 ssidauth enable acctstatus enable secprofile 1 radmacprofile MAC Authentication radeapprofile EAP Authentication radacctprofile Accounting radmacauthstatus enable aclstatus enable Download an AP Configuration File from your TFTP Server Begin by starting your TFTP program It must be running and configured to transmit and receive Device Name gt set tftpfilename lt file name gt tftpfiletype config tftpipaddr lt IP address of your TFTP server gt Device Name gt show tftp to ensure the filename file type and the IP address are correct Device Name gt download Device Name gt reboot 0 After following the complete process above once you can download a file of the same name so long as all the other parameters are the same with the following command Device Name gt download Backup your AP Configuration File Begin by starting your TFTP program It must be running and configured to transmit and receive
31. 8675 US2 Model Numbers Please see the following sections for more information Safety Information USA Canada amp European Union Federal Communications Commission FCC Industry Canada IC European Union Regulatory Compliance Certifications Summary 215 Regulatory Compliance AP 700 User Guide Safety Information USA Canada amp European Union Safety Information USA Canada amp European Union CE This product has been evaluated to and complies with the Safety requirements of UL60950 2000 and IEC60950 1999 the Standards for the Safety of Information Technology Equipment When using this device basic safety precautions should always be followed to reduce the risk of fire electric shock and injury to persons including the following This product is for indoor use only Operate and install this product as described in this manual This device must be installed and used in strict accordance with the manufacturer s instructions This product is suitable for installation in air handling spaces plenum Use only the AC DC power supply adapter provided For replacement contact your local supplier or distributor To avoid the risk of electric shock from lightning do not use this product during an electrical storm Installation of this product must conform to local regulations and codes When using this product with an external antenna see the installation documentation provided with the an
32. AP is mounted on a wall connector 1 corresponds to the horizontally polarized internal antenna providing a coverage pattern parallel to the wall connector 2 corresponds to the vertically polarized internal antenna providing a coverage pattern parallel to the ceiling floor When the AP is mounted to a ceiling connector 1 corresponds to the 15 Installation and Initialization AP 700 User Guide AP 700 Hardware Description vertically polarized internal antenna and connector 2 corresponds to the horizontally polarized internal antenna Plugging an external antenna in to the antenna connector disables the corresponding internal antenna The AP continues to support antenna diversity with external antennas connected With one external antenna connected to one of the two antenna connectors one internal antenna and one external antenna are used for antenna diversity With two external antennas connected both external antennas are used for antenna diversity and both internal antennas are disabled With external antennas connected you may wish to manually select a particular antenna for use To do so disable antenna diversity by manually selecting which antenna to use through the Command Line Interface See Configure Antenna Diversity for information NOTE Using two external antennas is not recommended For a list of recommended antennas see http www proxim com products wifi accessories For installation instructions see Installing Ext
33. After initial setup and once VLAN is enabled the AP can be configured to support up to 16 SSIDs per wireless interface to segment wireless networks based on VLAN membership Each VLAN can associated to a Security Profile and RADIUS Server Profiles A Security Profile defines the allowed wireless clients and authentication and encryption types See the following sections for configuration details Configuring Security Profiles Security policies can be configured and applied on the AP as a whole or on a per VLAN basis When VLAN is disabled on the AP the user can configure a security profile for each interface of the AP When VLANs are enabled and Security per SSID is enabled the user can configure a security profile for each VLAN The user defines a security policy by specifying one or more values for the following parameters e Wireless STA types WPA station 802 111 WPA2 station 802 1x station WEP station WPA PSK and 802 11i PSK that can associate to the AP Authentication mechanisms 802 1x RADIUS MAC authentication that are used to authenticate clients for each type of station e Cipher Suites CCMP TKIP WEP None used for encapsulating the wireless data for each type of station Up to 16 security profiles can be configured 1 Click Configure gt SSID VLAN Security gt Security Profile System 1 Network 1 imerfaces 1 Management Fiering Y Alarms Bridge QoS RADIUS Profiles SSID VLAN Secutity 1 Mgmt VLAN Security P
34. Device Name gt upload lt TFTP Server IP address gt lt tftpfilename such as config sys gt config Device Name gt show tftp to ensure the filename file type and the IP address are correct After setting the TFTP parameters you can backup your current file so long as all the other parameters are the same with the following command Device Name gt upload Set up Auto Configuration The Auto Configuration feature which allows an AP to be automatically configured by downloading a specific configuration file from a TFTP server during the boot up process Perform the following commands to enable and set up automatic configuration NOTE The configuration filename and TFTP server IP address are configured only when the AP is configured for Static IP If the AP is configured for Dynamic IP these parameters are not used and obtained from DHCP The default filename is config The default TFTP IP address is 169 254 128 133 Device Name gt set autoconfigstatus lt enable disable gt Device Name gt set autoconfigfilename lt filename gt Enter the filename of the configuration file that is used if the AP is configured for Static IP Device Name gt set autoconfigTFTPaddr lt IP address gt Enter the TFTP server address that is used if the AP is configured for Static IP Other Network Settings There are other configuration settings that you may want to set for the AP Some of them are listed below
35. Distribution System WDS WOS can be used to estab sh point to point i e wireless backhaul connections with other access points This table is used to configure WOS partner access points ed Partner MAC Address 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Figure 4 10 Wireless Interface 49 Advanced Configuration AP 700 User Guide Interfaces You can view and configure the following parameters for the Wireless interface NOTE You must reboot the Access Point before any changes to these parameters take effect Physical Interface Type Depending on the Operational Mode this field reports For 802 11a mode 802 11a OFDM 5 GHz NOTE In countries in which 802 11a 5 GHz is not available for use the AP 700 provides dual band 802 11b and 802 11g support only 802 11a functionality covered in this User Guide is not supported For 802 11b mode only 802 11b DSSS 2 4 GHz For 802 11g mode 802 11g OFDM DSSS 2 4 GHz For 802 11b g mode 802 11g OFDM DSSS 2 4 GHz For 802 11g wifi mode 802 11g OFDM DSSS 2 4 GHz NOTE 802 11g wifi has been defined for Wi Fi testing purposes It is not recommended for use in your wireless network environment OFDM stands for Orthogonal Frequency Division Multiplexing this is the name for the radio technology used by 802 11a devices DSSS stands for Direct Sequence Spread Spectrum
36. Enter the Rekeying Interval in seconds The default interval is 900 seconds 11 Enter the Security Profile used by the VLAN in the Security Profile field NOTE If you have two or more SSIDs per interface using a Security Profile with a security mode of Non Secure be aware that security being applied in the VLAN is not being applied in the wireless network 12 Define the RADIUS Server Profile Configuration for the VLAN SSID RADIUS MAC Authentication Profile RADIUS EAP Authentication Profile RADIUS Accounting Profile If 802 1x WPA or 802 11i security mode is used the RADIUS EAP Authentication Profile must have a value A RADIUS Server Profile for authentication for each VLAN shall be configured as part of the configuration options for that VLAN RADIUS profiles are independent of VLANs The user can define any profile to be the default and associate all VLANs to that profile Four profiles are created by default MAC Authentication EAP Authentication Accounting and Management 13 Specify a QoS Profile See the Enabling QoS and Adding QoS policies section for more information 14 If editing an entry enable or disable the parameters on this page using Status drop down menu If adding a new entry this drop down menu will not appear 15 Reboot the AP Broadcast SSID and Closed System Broadcast SSID allows the broadcast of a single SSID when the AP is configured for multiple SSIDs Broadcast SSID may only be e
37. Ethernet interface using Telnet NOTE All CLI commands and parameters are case sensitive General Notes Prerequisite Skills and Knowledge To use this document effectively you should have a working knowledge of Local Area Networking LAN concepts network access infrastructures and client server relationships In addition you should be familiar with software setup procedures for typical network operating systems and servers Notation Conventions Computer prompts are shown as constant width type For example Device Name gt Information that you input as shown is displayed in bold constant width type For example Device name gt set ipaddr 10 0 0 12 The names of keyboard keys software buttons and field names are displayed in bold type For example Click the Configure button Screen names are displayed in bold italics For example the System Status screen Important Terminology Configuration Files Database files containing the current Access Point configuration Configuration items include the IP Address and other network specific values Config files may be downloaded to the Access Point or uploaded for backup or troubleshooting 148 Command Line Interface CLI AP 700 User Guide General Notes Download vs Upload Downloads transfer files to the Access Point Uploads transfer files from the Access Point The TFTP server performs file transfers in both directions Group A logical collection of network
38. IP ARP Table This tab provides information based on the Address Resolution Protocol ARP which relates MAC Address and IP Addresses e A TA Version IP ARP Table Learn Table This tab provides details on the IP Address Resolution Protocol ARP table This table displays IP to MAC addross resolution D MAC Address IP Address Media Type 00 0F 1F0D1A0 50 169 254 35 242 Dynamic Figure 5 4 IP ARP Table Monitoring Tab 121 Monitoring AP 700 User Guide Learn Table Learn Table This tab displays information relating to network bridging It reports the MAC address for each node that the device has learned is on the network and the interface on which the node was detected There can be up 10 000 entries in the Learn Table Station Statistics IP ARP Table Learn Table This tab displays the bridge learn table that contains MAC addresses and port numbers on which wired hosts and wireless clients reside 0 MAC Address Port 00 0F 1F D1 A0 5D t 00 20 A6 49 94 C7 t Figure 5 5 Learn Table Monitoring Tab IAPP This tab displays statistics relating to client handovers and communications between ORINOCO Access Points IP ARP Table Leam Table Station Statistics This tab displays inter Access Point Protocol IAPP statistics Statistics include LAPP packets received and transmitted by the access point as well as the number of roaming wireless clients Handover Response Received Announce Request
39. IP address Ifthe AP has not been assigned an IP address in other words the unit is using its default IP address 169 254 128 132 follow these steps to assign it a static IP address that is valid on your network a Highlight the entry for the AP you want to configure b Click the Change button The Change screen appears Device Name IP Address Type Stace Dynamic IP Address E Subrat Mask s 000 Gateway IP Address food TFTP Server IP Address 192 Image Fie Name Figure 2 9 Scan Tool Change Screen c SetIP Address Type to Static 25 Installation and Initialization AP 700 User Guide Initialization d Enter a static IP Address for the AP in the field provided You must assign the unit a unique address that is valid on your IP subnet Contact your network administrator if you need assistance selecting an IP address for the unit e Enter your network s Subnet Mask in the field provided f Enter your network s Gateway IP Address in the field provided g Enter the SNMP Read Write password in the Read Write Password field for new units the default SNMP Read Write password is public NOTE The TFTP Server IP Address and Image File Name fields are only available if ScanTool detects that the AP does not have a valid software image installed See Client Connection Problems h Click OK to save your changes i The Access Point will reboot automatically and any changes you made wil
40. LAN administrators use it to conserve wireless bandwidth by limiting communication between wireless clients For example this feature prevents peer to peer file sharing or gaming over the wireless network To block Intra BSS traffic set Intra BSS Traffic Operation to Block To allow Intra BSS traffic set Intra BSS Traffic Operation to Passthru Packet Forwarding The Packet Forwarding feature enables you to redirect traffic generated by wireless clients that are all associated to the same AP to a single MAC address This filters wireless traffic without burdening the AP and provides additional security by limiting potential destinations or by routing the traffic directly to a firewall You can redirect to a specific port Ethernet or WDS or allow the bridge s learning process and the forwarding table entry for the selected MAC address to determine the optimal port NOTE The gateway to which traffic will be redirected should be node on the Ethernet network It should not be a wireless client Configuring Interfaces for Packet Forwarding Configure your AP to forward packets by specifying port s to which packets are redirected and a destination MAC address 1 Within the Packet Forwarding Configuration screen check the box labeled Enable Packet Forwarding 2 Specify a destination Packet Forwarding MAC Address The AP will redirect all unicast multicast and broadcast packets received from wireless clients to the address you specify
41. Main Screen 2 Click the tab that corresponds to the parameter you want to configure For example click Network to configure the Access Point s TCP IP settings Each Configure tab is described in the remainder of this chapter 35 Advanced Configuration AP 700 User Guide System System You can configure and view the following parameters within the System Configuration screen Name The name assigned to the AP See the Dynamic DNS Support and Access Point System Naming Convention sections for rules on naming the AP e Location The location where the AP is installed e Contact Name The name of the person responsible for the AP Contact Email The email address of the person responsible for the AP Contact Phone The telephone number of the person responsible for the AP e Object ID This is a read only field that displays the Access Point s system object identification number this information is useful if you are managing the AP using SNMP Ethernet MAC Address This is a read only field that displays the unique MAC Media Access Control address for the Access Point s Ethernet interface The MAC address is assigned at the factory Descriptor This is a read only field that reports the Access Point s name serial number current image software version and current bootloader software version Up Time This is a read only field that displays how long the Access Point has been running since its last reboot Alarm
42. Make sure the TFTP server is running and configured to point to the folder containing the image to be Download the latest software from http support proxim com Knowledgebase Answer ID 1686 Copy the latest software updates to your TFTP server s default directory Use a straight through serial cable to connect the Access Point s serial port to your computer s serial port Open your terminal emulation program like HyperTerminal and set the following connection properties Com Port lt COM1 COM2 etc depending on your computer gt Under File gt Properties gt Settings gt ASCII Setup enable the Send line ends with line feeds option HyperTerminal sends a line return at the end of each line of code Press the RESET button on the AP The terminal display shows Power On Self Tests POST activity After approximately 30 seconds a message indicates Sending Traps to SNMP manager periodically After this message appears press the ENTER key repeatedly until the following prompt appears downloaded Download Procedure 1 2 3 4 Baud rate 9600 Data Bits 8 Stop bits 1 Flow Control None e Parity None 5 6 Device name gt 7 Enter only the fol Device nam Example Device name Device name Device name Device name Device name Device name e e e Device name e e e e Device name lowing statements gt show to view configuration parameters
43. Management and Monitoring Capabilities aaa aaa aaaea 11 AITP A TIPS Internacie ponat aai aes Siete aot td s sinh ans eat arias fee ata Ob pants Sa 11 Command Line Interface o 11 SNMP Management icein et tae a de beet A oa daca ade a dasa need a 12 SSH Secure Shell Management 12 2 Installation and Initialization 0 0 00 0 ee 14 AP 700 Hardware Description 0 0000 cee eee ee 14 OVERVIEWS sash ere A bap weet Ay A hc Maudie A ath Cd kad Ole DAEs 14 Antennas us base s ore ana en ee aac de A e aaa gaa A ise 15 Active Ethernet oi A A A A A a dnd Secale aol aca cai Deegan hea ia 16 LED INGICAatOrs a2 feet ee ta Rob ah A Se See Mee ete Bh A chil a com tate Mal a ou a dees Bg id alton 16 Preregtlisite Sanma cate Riess 4a AA A deed wae ede hated ee wre hans 17 PIOGUCUPACKAUC sopa Dama Pela ea ae ys O el 19 System REGUE MEN A E a A SA ON Sera AE a RE etd Be ee ok ds 19 Hardware Installation i000 eae a a lee ede Ge von 20 Required Material Saer A Vanes Pa ae eee ete ke Panne edd a hae tee 20 Cabling the AP TOO i euk veda a a ae Ba odtiaw a se a Rem sudo bala ears 20 Installing the Security Gover c 23 6 a SE i ee Need SS ee ied oe 21 Mounting the AP 700 icon e a ce Pete Peco ca Sie ee eee tite eee dale eens 21 Installing External Antennas 02 20 440004 ra AAA oa pede ted eed a da ed Daag 22 Installing the AP ina Plenum cerae rete iacet eiA i ee teeta 23 INIT ANIZALIONS tar Gehan SA AO BOG O EA dat WG
44. RADIUS server can be used to enforce VLAN access control in two ways e Authorize the SSID the client uses to connect to the AP The SSID determines the VLAN that the client gets assigned to Assigning the user to a VLAN by specifying the VLAN membership information of the user Configuring Radius Profiles A RADIUS server Profile consists of a Primary and a Secondary RADIUS server that get assigned to act as either MAC Authentication servers 802 1x EAP Authentication servers or Accounting Servers in the VLAN Configuration See Configuring Security Profiles The RADIUS Profiles Sub tab allows you to add new RADIUS profiles or modify or delete existing profiles 97 Advanced Configuration AP 700 User Guide Radius Profiles System Network Interfaces Management Filtering Alarms Bridge Qos RADIUS Profiles SSID VLAN Secunity This page is used to configure the RADIUS Server Profiles A RADIUS server Profile consists of a Primary and a Secondary RADIUS server The RADIUS server profiles created on this page will be assigned to act as MAC authentication EAP authentication Accounting server in the SSID configuration Click on ADD to create a new profile To Modify an exisiting profile select the profile and click Edit To Delete an existing profile select the profile and click Delete Note Changes to the RADIUS Server Profiles will not require a reboot of the device Add Edit Delete D index ProfileName Pri
45. Reset Disable or enable hardware configuration reset and configure a configuration reset password VLAN SSID Parameters Enable the configuration of multiple subnetworks based on VLAN ID and SSID pairs Security Profile Table Configure Security Profiles that define allowed security modes wireless clients and encryption and authentication mechanisms Other Parameters IAPP Parameters Enable or disable the Inter Access Point Protocol Wireless Multimedia Enhancements WME Quality of Service QoS parameters Enable and configure Wireless Multimedia Enhancement Quality of Service parameters QoS policies mapping priorities and EDCA parameters Apply a configured QoS policy to a particular SSID 175 Command Line Interface CLI Parameter Tables AP 700 User Guide System Parameters Name Type Value Access CLI Parameter System Group N A R system Name DisplayString User Defined RW sysname Location DisplayString User Defined RW sysloc Contact Name DisplayString User Defined RW sysctname Contact E mail DisplayString User Defined RW sysctemail Contact Phone DisplayString User Defined RW sysctphone max 254 characters FLASH Backup Interval Integer 0 65535 seconds RW sysflashbckint Flash Update 0 RW sysflashupdate 1 System OID DisplayString N A R sysoid Descriptor DisplayString System Name flash R sysdescr version S N bootloader version Up Ti
46. Row Status RowStatus enable RW status disable delete SSID Authorization Integer enable RW ssidauth Status per VLAN disable RADIUS Accounting Integer enable RW acctstatus Status per VLAN disable MAC ACL Status per Integer enable RW aclstatus VLAN disable Security Profile Integer32 User defined RW secprofile 184 Command Line Interface CLI Parameter Tables AP 700 User Guide RADIUS MAC Profile DisplayString User defined RW radmacprofile RADIUS EAP Profile DisplayString User defined RW radeapprofile RADIUS Accounting DisplayString User defined RW radacctprofile Profile QoS Policy Integer32 User defined RW qospolicy Wireless Distribution System WDS Security Table Parameters The WDS Security Table manages WDS related security objects Name Type Value Access CLI Parameter WDS Security Table Table N A R wdssectbl Table Index Integer 3 R index Security Mode Integer 1 none RW secmode 2 wep Encryption Key 0 WEPKeyType N A WO encryptkey0 Ethernet Interface Parameters Name Type Value Access CLI Parameter Ethernet Interface Group N A R ethernet Speed Integer 1 10halfduplex RW etherspeed 2 10fullduplex 3 10autoduplex 4 100halfduplex 5 100fullduplex 6 autohalfduplex 7 autoautoduplex default MAC Address PhyAddress N A R ethermacaddr Management Parameters Secure Management Paramete
47. Say aE o dd tao aa 24 USING SCAN TOON orita tarot at dr 24 A II RR angel he NE ae 26 Using the Setup Wizard oors cereri tak as dd ed eee ee eee E R 27 Installing ihe Softwares sh 0 A A AAA 29 Related Topics ie eden wae A or OS A a Se Bit aS ee gaa he te 32 3 System Stats 655 44 ee a ea ee eS a ele ee ree 33 4 Advanced Configuration 0222 0 423 eee tess e eed See Peek e 34 Systemie hea i anat S24 eve tetas hata eee es tae ARAN 36 Dynamic DNS Supports srne aie aa AA he eae Ded aoa ut AAA td A Oe 36 Network y A E RA AA gta alae asa A ati 38 Contents AP 700 User Guide IP GONTIQUIATION ics ase cee cue rata e A ia aide Wty oh A gaia neal WG 38 DHCP Seme cet A a ae Ne ae ee ate NR ce et Sond hide ce es a baleen tN afa 39 DRIGP Relay Agent rmi onian oe ade Melee ala te aa eed A a bale Mele ea A dase 41 LET lt a e 18 2d A A At Rr AS lA ta 42 SNTP Simple Network Time Protocol oooooooooo 43 Interfaces ios Atos co a Ma a e o O A a a A A A Me 46 OperationaliMode 4x0 A A AAA Ri a 46 Wireless 802 11a b g RadiO ooooooooco eee eae 49 Ethernet sra dro a ei 56 Managements 3 00 ches Set Trata e DOGS OE tees Ea awe ah eas e da 58 Passwords 0032 7 A A Pe SUL eb Sr eee we ees eed SE RPI 58 IPsAccess Table 2 254 548 Ds ad A a ds citado Ba 59 Services A A A pen Ribas Mae al dos 59 Automatic Configuration AutoConfig ooooooooo ete ee 65 Hardware Configuration Reset CHRD 0 00 0 c
48. UDP Port Filters 1 Click Edit under the TCP UDP Port Filter Table heading 2 Make any changes to the Protocol Name or Port Number for a specific entry if necessary 3 4 Select OK In the row that defines the port set the Status to Enable Disable or Delete as appropriate 74 Advanced Configuration Alarms AP 700 User Guide Alarms The Alarms tab has the following sub tabs Groups Alarm Host Table Syslog e Rogue Scan Groups Alarm groups can be enabled or disabled via the Web interface Place a check mark in the box provided to enable a specific group Remove the check mark from the box to disable the alarms Alarm severity levels are as follows e Critical alarms will often result in severe disruption in network activity or an automatic reboot of the AP e Major alarms are usually activated due to a breach in the security of the system Clients cannot be authenticated because an attempt at unauthorized access into the AP has been detected Informational alarms provide the network administrator with some general information about the activities the AP is performing Configuration Trap Group Trap Name Description Severity Level oriTrapDNSIPNotConfigured DNS IP address not configured Major oriTrapRADIUSAuthenticationNotConfigured RADIUS Authentication not configured Major oriTrapRADIUSAccountingNotConfigured RADIUS Accounting not configured Major oriTrap
49. US2 802 11b g 1 Y Y Y Y Y Y Y Y Y Y Y 2 Y Y Y Y Y Y Y Y Y Y Y 3 v Y Y ov ve oe we Y YY 4 Y Y Y Y Y Y Y Y Y Y Y 5 Y Y Y Y Y Y Y Y Y Y Y 6 Y Y Y Y Y Y Y Y Y Y Y 7 Y Y Y Y Y Y Y Y Y Y Y 8 Y Y Y Y Y Y Y Y Y Y Y 9 Y Y Y Y Y Y Y Y Y Y Y 10 Y Y Y Y Y Y Y Y Y Y Y 11 Y Y Y Y Y Y Y Y Y Y Y 12 Y Y Y Y 13 Y Y Y Y 14 vt 802 11a Lower 34 36 Y Y Y J Y 38 Y 40 Y Y Y Y Y Y Y 42 Y 44 Y Y Y Y Y Y Y 46 Y 48 Y Y Y Y Y Y Y Middle 52 v ly Y Y v vw 56 Y Y Y YY Y Y 58 60 Y Y Y Y Y Y Y 64 Y Y Y Y Y Y Y Upper 149 Y Y Y v Y YY Y Y 153 Y Y Y Y Y Y Y Y Y Y 157 Y Y Y Y Y Y Y Y Y Y 161 Y Y Y Y Y Y Y Y Y Y ISM Band 165 Y Y Y Y Y Y Y Default channel Available for use only in 802 11b mode 209 Specifications RF Performance AP 700 User Guide RF Performance The following tables show typical AP 700 RF performance values 802 11a RF Performance 802 11a Data Rates Mbps 54 48 36 24 18 12 9 6 Tx Power dBm 16 17 18 18 18 18 18 18 Receiver Sensitivity dBm 70 73 78 82 84 85 86 87 Antenna Gain dBi 0 integrated diversity antennas 5 15 5 85 GHz Values are for FCC certified products They may differ for products certified in other regulatory domains 802 11b g RF Performance 802 11b g Data Rates Mbps G only Rates B only Rates 54 48 36 24 18 12 9 6 11 5 5 2 1 Tx Power dBm
50. User Guide Station Statistics Station Statistics This tab displays information on wireless clients attached to the AP and on Wireless Distribution System links Enable the Monitoring Station Statistics feature Station Statistics are disabled by default by checking Enable Monitoring Station Statistics and click OK You do not need to reboot the AP for the changes to take effect If clients are connected to the device or WDS links are configured for the device the statistics will now be shown on the screen Click on the Refresh button in the browser window to view the latest statistics If any new clients associate to the AP you can see the statistics of the new clients after you click the refresh button Version ICMP 1 IP ARP Table i Learn Table 1 LAPP RADIUS Interfaces Station Statistics This screen displays the statistics related to associated stations and WDS links The following information is displayed MAC Address MAC address of associated station or partner MAC address of WOS link IP Address IP Address of associated station or 0 0 0 0 for WDS links Interface interface on which the station is associated or the WOS link ts configured Type STA Station or WDS Protocol 802 118 802 11b or 802 119 SNR Signal to Noise Ratio TSLF Time since last frame was received from the associated station or WDS link partner A station will no longer be displayed in the list if the client is inactive or has been de a
51. a SSL intelligent browser to access the AP through the HTTPS interface After configuring SSL access the AP using https followed by the AP s management IP address 60 Advanced Configuration AP 700 User Guide Management Passwords IP Access Table Services This tab is used to configure Secure Management SNMP Telnet CLI and HTTP web parameters Secure Management option allows the use of encrypted and authenticated communication protocols such as SNMPv3 and Secure Socket Link SSL to manage the Access Point When Secure Management is turned on the scope and access for the traditional non secure means to manage the Access Point is automatically curtailed Note Changes to the parameters in this page except Radius Based Management Access Parametors and Secure Shel parameters SSH Enablo Disablo and SSH Key Status require access point reboot in order to take effect Warning Generation of SSH keys may take up to 3 4 minutes and the Access Point may not respond during that time SSH keys can be generated by setting the SSH Host Key Status to create or by enabling SSH when no keys are present if Secure Management is enabled when SSH is not enabled the key generation will happen after the next reboot Secure Management Status Dissi SNNP Interface Blimask HTTP Interface Bitmask HTTP Post HTTP Wizard Status HTTPS Secure Web Status SSL Certificate Passphrase Telnet Interface Bilmask Telnet Port Number
52. a VLAN Each packet would then be identified as EMPLOYEE or GUEST depending on which wireless NIC received it The AP would insert VLAN headers or tags with identifiers into the packets transmitted on the wired backbone to a network switch Finally the switch would be configured to route packets from the EMPLOYEE workgroup to the appropriate corporate resources such as printers and servers Packets from the GUEST workgroup could be restricted to a gateway that allowed access to only the Internet A member of the GUEST workgroup could send and receive e mail and access the Internet but would be prevented from accessing servers or hosts on the local corporate network 104 Advanced Configuration AP 700 User Guide SSID VLAN Security Typical User VLAN Configurations VLANs segment network traffic into workgroups which enable you to limit broadcast and multicast traffic Workgroups enable clients from different VLANs to access different resources using the same network infrastructure Clients using the same physical network are limited to those resources available to their workgroup The AP can segment users into a maximum of 16 different workgroups per radio based on an SSID VLAN grouping also referred as a VLAN Workgroup or a Sub network The primary scenarios for using VLAN workgroups are as follows 1 VLAN disabled Your network does not use VLANs and you cannot configure the AP to use multiple SSIDs 2 VLAN enabled each V
53. address gt lt path and filename gt lt file type gt 153 Command Line Interface CLI AP 700 User Guide CLI Command Types Example Device Name gt download 192 168 1 100 APImage2 img 2 Syntax to display help and usage information Device Name gt download 3 Syntax to execute the download Command using previously set stored TFTP Parameters Device Name gt download help Displays instructions on using control key sequences for navigating a Command Line and displays command information and examples 1 Using help as the only argument Device Name gt help Device Namel gt help Type at the command prompt for a command list Complete command description and command usage can be provided by help lt command name gt lt CR gt lt command name gt help lt CR gt Special keys supported Arrow Keys delete previous character go to beginning of line go to end of line go forward one character go backward one character delete current character delete to beginning of line delete to end of line delete previous word transpose previous character go to previous line in history buffer go to next line in history buffer Will attempt command completion Comment Character 2 Will provide command listing Examples 12 list all the supported commands sh list all commands that start with sh show list all arguments to the show command sh lt TAB gt
54. all checks pass successfully the AP deletes the old image and retains the downloaded image These checks are to ensure that the AP does not enter an invalid image state The storage of the two images is only temporary to ensure the proper verification the two images will not be stored in the AP permanently Image error checking functions automatically in the background No user configuration is required 130 Commands AP 700 User Guide Update AP Update AP Update AP via TFTP Use the Update AP via TFTP tab to download Configuration AP Image Bootloader files Certificate and Private Key files and CLI Batch File to the AP A TFTP server must be running and configured to point to the directory containing the file Update AP Retrieve File A Reboot A Reset A Help Link A via TFTP via HTTP A This page is used to update software images and configuration Me in the Access Point using TFTP Note If you are updating the AP with a configuration file an image or CU batch fila the access point will require a reboot in order for the changes to take effect System Information Software Versior Boot Loader Version 37 0 TFTP Information Server IP Address 109 284 148 280 File Name AP wei File Type mege File Operation Upcate AP Update AP Y Cancel 4 Figure 6 2 Update AP via TFTP Command Screen If you do not have a TFTP server installed on your system install the TFTP server from the ORINOCO CD You can either in
55. channel that channel will be blacklisted for 30 minutes A channel can also be blacklisted by the administrator in case that channel is not to be used when ACS is enabled Se Channel Radar Detected Elapsed Time Minutes Blacklist Status 1 FALSE 0 Disable 2 FALSE 0 Disable 3 FALSE 0 Disable 4 FALSE 0 Disable 5 FALSE 0 Disable 6 FALSE 0 Disable 7 FALSE 0 Disable 8 FALSE 0 Disable 9 FALSE 0 Disable 10 FALSE 0 Disable 1 FALSE 0 Disable 12 FALS 0 Disable 13 FALSE 0 Disable Figure 4 11 Channel Blacklist Table 3 Click Edit in the Channel Blacklist Table 4 Set Blacklist Status to Enable 53 Advanced Configuration AP 700 User Guide Interfaces Channel Blacklist Table This page is used to configure blacklisted channels You can blacklist a channel by setting the Blacklist Status to Enable Channel 1 Blacklist Status Enable Channel 2 Blacklist Status Disable Channel 3 Blacklist Status Enable Figure 4 12 Channel Blacklist Table Edit Screen Wireless Distribution System WDS A Wireless Distribution System WDS creates a link between two 802 11a 802 11b or 802 11b g APs over their radio interfaces This link relays traffic from one AP that does not have Ethernet connectivity to a second AP that has Ethernet connectivity WDS allows you to configure up to six 6 ports per radio In the WDS example below AP 1 and AP 2 communicate over a WDS link represented by the blue
56. default is 0 Multicast Threshold Integer 0 255 packets sec RW mcast default is 0 Intra BSS Subscriber Blocking The following parameters control the Intra BSS traffic feature which prevent wireless clients that are associated with the same AP from communicating with each other Name Type Value Access CLI Parameter Intra BSS Traffic Group N A R intrabss Intra BSS Traffic Integer passthru default RW intrabssoptype Operation block Packet Forwarding Parameters The following parameters control the Packet Forwarding feature which redirects wireless traffic to a specific MAC address Name Type Value Access CLI Parameter Packet Forwarding MAC Group N A R pktfwd Address Packet Forwarding MAC MacAddress User Defined RW pktfwdmacaddr Address Packet Forwarding Status Integer enable RW pktfwdstatus disable default Packet Forwarding Integer 0 any default RW pktfwdif Interface Port 1 Ethernet 2 WDS 1 3 WDS 2 4 WDS 3 5 WDS 4 6 WDS 5 7 WDS 6 195 Command Line Interface CLI AP 700 User Guide Parameter Tables RADIUS Parameters General RADIUS Parameters Name Type Value Access CLI Parameter RADIUS Group N A R radius Client Invalid Server Counter32 N A R radcliinvsvradd Address RADIUS Server Configuration Parameters NOTE Use a server name only if you have enabled the DNS Client functionality See DN
57. entry to be modified Only the table objects that are to be modified need to be specified Not all the table objects are required If multiple table objects are to be modified the order in which they are entered is not important Ifthe entire table entry is to be modified all the table objects have to be specified Enabling Disabling The table name is required The table index is required for table enabling disabling the index should be the index of the entry to be enabled disabled The entry s new state either enable or disable is required e Deletion The table name is required The table index is required for table deletion the index should be the index of the entry to be deleted The word delete is required Using Strings Since there are several string objects supported by the AP a string delimiter is required for the strings to be interpreted correctly by the command line parser For this CLI implementation the single quote or double quote character can be used at the beginning and at the end of the string For example Device Name gt set sysname Lobby Does not need quote marks Device Name gt set sysname Front Lobby Requires quote marks The scenarios supported by this CLI are My Desk in the office Double Quotes My Desk in the office Single Quotes My Desk in the office Single Quotes within Double Quotes My Desk in
58. equipment will continue to comply with the Federal Communications Commission s requirements hut VA ahd March 1 2004 Signtture Date Dave Koherstein VP Product Marketino 217 Regulatory Compliance AP 700 User Guide Federal Communications Commission FCC Warnings This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try and correct the interference by one or more of the following measures Reorient or relocate the receiving antenna e Increase the distance between the equipment and the receiver Connect the equipment to an AC outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help In some situations or environments the use of wireless devices may be restricted by the proprietor of the building or responsible representatives of the organization These situations may for example include the use of wireless equipment on board airplanes or in any other environment where the risk of interference to other devices or services is percei
59. fails to synchronize the time with the SNTP server it was communicating with Also included in message IP Address of SNTP server Rogue Scan The Rogue Scan feature provides an additional security level for wireless LAN deployments Rogue Scan uses the selected wireless interface s for scanning its coverage area for Access Points and clients A centralized Network Manager receives MAC address information from the AP on all wireless clients detected by the AP The Network Manager then queries all wired switches to find out the inbound switch port of these wireless clients If the switch port does not have a valid Access Point connected to it as per a pre configured database the Network Manager proceeds to block that switch port and prevent the Rogue AP from connecting to the wired network Switch xX Trusted AP Rogue AP Network Manager Figure 4 25 Preventing Rogue AP Attacks 83 Advanced Configuration AP 700 User Guide Alarms The figure above shows Client 1 connected to a Trusted AP and Client 2 connected to a Rogue AP The Trusted AP scans the networks detects Client 2 and notifies the Network Manager The Network Manager uses SNMP CLI to query the wired switch to find the inbound switch port of Client 2 s packets The Network Manager verifies that this switch router and port does not have a valid Access Point as per the administrator s database Thus it labels Client 2 s AP as a Rogue
60. hwconfigresetstatus Reset Status disable 2 Configuration Reset DisplayString User Defined RW configresetpasswd Password VLAN SSID Parameters Name Type Value Access CLI Parameter VLAN Group N A R vlan Status Integer enable RW vlanstatus disable default Management ID Vlanld 1 untagged RW vlanmgmtid Security Profile Table The Security Profile Table allows you to configure security profiles A maximum of 16 security profiles are supported per wireless interface Each security profile can be enable and configure one or more security modes None Secure Station WEP Station 802 1x Station WPA Station WPA PSK Station The WEP PSK parameters are separately configurable for each security mode See the command examples below for more information Name Type Value Access CLI Parameter Security Profile Table Table N A R secprofiletbl Table Index Integer 1 1 to 32 5 R index Security Mode Integer nonsecsta R secmode wepsta 802 1xsta wpasta wpapsksta Authentication Mode Integer none R authmode 802 1x psk Cipher Integer none R ciphersuite wep tkip aes Encryption Key 0 Integer User defined W encryptionkeyO Encryption Key 1 Integer User defined W encryptionkey1 Encryption Key 2 Integer User defined W encryptionkey2 Encryption Key 3 Integer User defined W encryptionkey3 Encryption Transmit Key Integer 0 3 RW encryptkeytx Encryption Key Length Integer 64 128 or 152 RW encrypt
61. ipaddr IP Mask ipmask or Default Gateway IP Address ipgw values can be entered DNS Client for RADIUS Name Resolution Name Type Value Access CLI Parameter DNS Client Group N A R dns DNS Client status Integer enable RW dnsstatus disable default Primary DNS Server IP IpAddress User Defined RW dnspridnsipaddr Address Secondary DNS Server lpAddress User Defined RW dnssecdnsipaddr IP Address Default Domain Name Integer32 User Defined up to 254 RW dnsdomainname characters DHCP Server Parameters Name Type Value Access CLI Parameter DHCP Server Group N A R dhcp DHCP Server Status Integer enable 1 default RW dhcpstatus disable 2 delete 3 Gateway IP Address IpAddress User Defined RW dhcpgw Primary DNS IP Address IpAddress User Defined RW dhcppridnsipaddr Secondary DNS IP IpAddress User Defined RW dhcpsecdnsipaddr Address Number of IP Pool Table Integer32 N A R dhcpippooltblent Entries NOTE The DHCP Server dhcpstatus can only be enabled after a DHCP IP Pool table entry has been created 177 Command Line Interface CLI Parameter Tables AP 700 User Guide DHCP Server table for IP pools Name Type Value Access CLI Parameter DHCP Server IP Address Table N A R dhcpippooltbl Pool Table Table Index Integer User Defined N A index Start IP Address IpAddress User Defined RW startipaddr End IP
62. ipmask emt status Figure A 9 Results of search mgmtipaccesstbl CLI command upload Uploads a text based configuration file from the AP to the TFTP Server Executing upload with the asterisk character will make use of the previously set stored TFTP parameters Executing upload without parameters will display command help and usage information 1 Syntax to upload a file Device Name gt upload lt tftp server address gt lt path and filename gt lt filetype gt Example Device Name gt upload 192 168 1 100 APconfig sys config 2 Syntax to display help and usage information Device Name gt help upload 3 Syntax to execute the upload command using previously set stored TFTP Parameters Device Name gt upload Parameter Control Commands The following sections cover the two Parameter Control Commands show and set and include several tables showing parameter properties These commands allow you to view show all parameters and statistics and to change set parameters show To see any Parameter or Statistic value you can specify a single parameter a Group or a Table set Use this CLI Command to change parameter values You can use a single CLI statement to modify Tables or you can modify each parameter separately show CLI Command Displays the value of the specified parameter or displays all parameter values of a specified group parameter table Groups contain Parameter
63. lt system name gt sysloc lt Unit Location gt gt set sysctname lt Contact Name person responsible for system gt gt set sysctphone lt Contact Phone Number gt sysctemail lt Contact E mail address gt gt show system Device Namel gt show system System Parameters sysname g Device Name sysloc 5 System Location sysctname 5 Contact Name sysctemail name 0rganization com sysctphone E Contact Phone Number sysuptime lt DD HH MM SS gt 11 6 46 sysoid 1 3 6 1 4 1 11898 2 4 6 sysdescr AP v2 5 6 SN B82UT165700B4 v2 5 0 sysservices z 2 sysf lashupdate 5 B sysf lashbckint s 126 sysresettodefaults 6 Device Namel gt _ Figure A 12 Result of show system CLI Command Set Static IP Address for the AP NOTE The IP Subnet Mask of the AP must match your network s Subnet Mask Device Name gt set ipaddrtype static Device Name gt set ipaddr lt fixed IP address of unit gt Device Name gt set ipsubmask lt IP Mask gt Device Name gt set ipgw lt gateway IP address gt Device Name gt show network Change Passwords gt passwd lt Old Password gt lt New Password gt lt Confirm Password gt CLI password gt set httppasswd lt New Password gt HTTP interface password gt set snmprpasswd lt New Password gt SNMP read password gt set snmprwpasswd lt New Password gt SNMP read write gt set snmpv3authpasswd lt New Password gt SNMPv3 authentication password gt set snmpv3privpa
64. manually configure the Access Point s IP settings set this parameter to Static IP Address The Access Point s IP address When IP Address Assignment Type is set to Dynamic this field is read only and reports the unit s current IP address The Access Point will default to 169 254 128 132 if it cannot obtain an address from a DHCP server Subnet Mask The Access Point s subnet mask When IP Address Assignment Type is set to Dynamic this field is read only and reports the unit s current subnet mask The subnet mask will default to 255 255 0 0 if the unit cannot obtain one from a DHCP server Gateway IP Address The IP address of the Access Point s gateway When IP Address Assignment Type is set to Dynamic this field is read only and reports the IP address of the unit s gateway The gateway IP address will default to 169 254 128 133 if the unit cannot obtain an address from a DHCP server DNS Client If you prefer to use host names to identify network servers rather than IP addresses you can configure the AP to act as a Domain Name Service DNS client When this feature is enabled the Access Point contacts the network s DNS server to translate a host name to the appropriate network IP address You can use this DNS Client functionality to identify RADIUS servers by host name Enable DNS Client Place a check mark in the box provided to enable DNS client functionality Note that this option must be enabled before you can confi
65. memory corrupted Current original configuration data file is found to be corrupted and the device loads the last known good configuration file Critical Informational 77 Advanced Configuration Alarms AP 700 User Guide TFTP Trap Group Poo TrapName Descriptinm J Severity Level oriTrap TFTPFailedOperation TFTP operation failed Major oriTrapTFTPOperationinitiated TFTP operation Initiated Informational oriTrapTFTPOperationCompleted TFTP operation completed Informational Image Trap Group device Trap Name Description Severity Level oriTrapZeroSizelmage Zero size image loaded onto device Major oriTrapInvalidimage Invalid image loaded onto device Major oriTraplmageTooLarge Image loaded on the device exceeds the size Major limitation of flash oriTrapIncompatiblelmage Incompatible image loaded onto device Major oriTrapinvalidlmageDigitalSignature Image with invalid digital signature is loaded onto Major SNTP Trap Group Trap Name Description Severity Level oriTrapSNTPFailure SNTP time retrieval failure Minor oriTrapSNTPFailure SNTP sync up failure Minor In addition the AP supports these standard traps which are always enabled RFC 1215 Trap Bridge MIB RFC 1493 Alarms Trap Name Description Severity Level coldStart AP is on or rebooted Informational linkUp AP s Ethernet interface link is up
66. mode is configured then the appropriate key size must be configured The access point supports 64 128 and 152 bit encryption keys The following table provides information on how to configure encryption keys using MEX or ASCH values Configuration in Hex Configuration in ASCH 64 bit encryption key 10 characters 0 F 5 alphanumeric characters 128 bit encryption key 26 characters 0 F 13 alphanumeric characters 152 bit encryption key 32 characters 0 F 16 alphanumeric characters Hf the WPA PSK or 302 11WPSK security mode is configured then the appropriate PSK pass phrase must be configured The PSK pass phrase consists of a alpha numeric string from amp to 63 characters 802 1x WPA or 802 111 security mode can be configured only if an EAP RADIUS server profile is configured and enabled Certain security modes and their combinations may not be available depending on the security capabilities of the wireless interface Note Changes to these parameters require access point reboot in order to take effect I Non Secure Station Authentication Mode None Cipher None T WEP Station Authentication Mode None Cipher WEP Encryption Key 0 Encrypton Key 1 Encryption Key 2 Encrypton Key 3 Encrypton Transmit Key Fey o I 802 1x Station Authentication Mode 802 1x Cipher WEP Encrypton Key Length Biss IF WPA Station Authentication Mode 802 1x Cipher TKIP TO WPA PSK Station Authentication Mode PSK Cipher TKI
67. or more IP address pools from which to assign addresses to network devices 39 Advanced Configuration Network AP 700 User Guide Alarms Bridge 1 QoS 1 RADIUS Profiles 1 SSIDVLANSecurity A System Network Interfaces Management Filtering A P Configuration DHCP Server DHCP RA 1 Link integrity SNTP A The DHCP server in the access point allows for dynamic IP address assignment to both wireless chents and wired hosts Note The DHCP server can only be enabled after at loast one entry has been added to the DHCP server IP pool table Changes to these parameters require access point reboot in order to take effect Enable DHCP Server r Subnet Mask 255 255 0 0 Gateway IP Address Primary DNS IP Address Secondary ONS IP Address Number of IP Pool Table Entries Ol i Cancel i IP Pool Table Add i Edt i Start iP EndiP Default Lease Maximum Lease Comment Status Figure 4 4 DHCP Server Configuration Screen You can configure and view the following parameters within the DHCP Server Configuration screen NOTE You must reboot the Access Point before changes to any of these DHCP server parameters take effect Enable DHCP Server Place a check mark in the box provided to enable DHCP Server functionality NOTE You cannot enable the DHCP Server functionality unless there is at least one IP Pool Table Entry configured Subnet Mask This field is read only and reports the Access Point s current subnet mask DHCP cli
68. parameter information For example the System Group is composed of several related parameters Groups can also contain Tables All items for a given Group can be displayed with a show lt Group gt CLI Command Image File The Access Point software executed from RAM To update an Access Point you typically download a new Image File This file is often referred to as the AP Image Parameter A fundamental network value that can be displayed and may be changeable For example the Access Point must have a unique IP Address and the Wireless interface must be assigned an SSID Change parameters with the CLI set Command and view them with the CLI show Command Table Tables hold parameters for several related items For example you can add several potential managers to the SNMP Table All items for a given Table can be displayed with a show lt Table gt CLI Command TFTP Refers to the TFTP Server used for file transfers Navigation and Special Keys This CLI supports the following navigation and special key functions to move the cursor along the prompt line Key Combination Operation Delete or Backspace Delete previous character Ctri A Move cursor to beginning of line Ctrl E Move cursor to end of line Ctrl F Move cursor forward one character Ctrl B Move cursor back one character Ctrl D Delete the character the cursor is on Ctrl U Delete all text to left of cursor Ctrl P Go to the previous line i
69. show wifssidtb1 to review your settings Device Name gt reboot 0 Disable VLAN Management Device Name gt set vlanstatus disable or Device Name gt set vlanmgmtid 1 Device Name gt reboot 0 Add a Entry to the WIFSSID Table Device Name gt set wifssidtbl lt index gt ssid lt Network Name gt vlanid lt 1 untagged or 1 4094 gt status enable 172 Command Line Interface CLI AP 700 User Guide CLI Monitoring Parameters Set Security Profile Parameters Configure a Security Profile with Non Secure Security Mode Device Name gt set secprofiletbl lt index gt secmode nonsecure status enable Example Device Name gt set secprofiletbl 2 secmode nonsecure status enable Configure a Security Profile with WEP Security Mode Device Name gt set secprofiletbl lt index gt secmode wep encryptkey0 lt value gt encryptkeylength lt vakue gt encryptkeytx lt value gt status enable Example Device Name gt set secprofiletbl 3 secmode wep encryptkey0 12345 encryptkeylength 1 encryptkeytx 0 status enable Configure a Security Profile with 802 1x Security Mode Device Name gt set secprofiletbl lt index gt secmode 802 1x rekeyint 900 status enable Example Device Name gt set secprofiletbl 4 secmode 802 1x rekeyint 900 status enable Configure a Security Profile with WPA Security Mode Device Name gt set secprofiletbl lt index gt secmode wpa rekeyint 900 status enable Example Device Name
70. that are members of the same VLAN Ensure your management platform or host is a member of the same VLAN before attempting to manage the AP 1 Click Configure gt SSID VLAN Security gt Mgmt VLAN 2 Set the VLAN Management ID to a value of between 1 and 4094 A value of 1 disables VLAN Tagging 105 Advanced Configuration AP 700 User Guide SSID VLAN Security 3 Place a check mark in the Enable VLAN Tagging box Provide Access to a Wireless Host in the Same Workgroup The VLAN feature can allow wireless clients to manage the AP If the VLAN Management ID matches a VLAN User ID then those wireless clients who are members of that VLAN will have AP management access CAUTION Once a VLAN Management ID is configured and is equivalent to one of the VLAN User IDs on the AP all members of that User VLAN will have management access to the AP Be careful to restrict VLAN membership to those with legitimate access to the AP 1 Click Configure gt SSID VLAN Security gt Mgmt VLAN 2 Set the VLAN Management ID to use the same VLAN ID as one of the configured SSIDs 3 Place a check mark in the Enable VLAN Tagging box Disable VLAN Tagging 1 Click Configure gt SSID VLAN Security gt Mgmt VLAN 2 Remove the check mark from the Enable VLAN Tagging box to disable all VLAN functionality or set the VLAN Management ID to 1 to disable VLAN Tagging only NOTE If you disable VLAN Tagging you will be unable to configure securit
71. the AP sends a trap disassociates all clients blacklists the channel and reboots After it reboots ACS re scans and selects a better channel that is free of interference If ACS is disabled only channels in the lower frequency band are available for use e 36 5 18 GHz default e 40 5 200 GHz 44 5 220 GHz e 48 5 240 GHz Affected Countries The following countries are certified in the ETSI regulatory domain for operation in the 5 GHz band Austria Greece Norway Belgium Iceland Poland Brazil Ireland Portugal Cyprus Italy Saudi Arabia Denmark Latvia Spain 51 Advanced Configuration AP 700 User Guide Interfaces Estonia Lithuania Sweden Finland Luxembourg Switzerland France Malta UK Germany Netherlands RTS CTS Medium Reservation The 802 11 standard supports optional RTS CTS communication based on packet size Without RTS CTS a sending radio listens to see if another radio is already using the medium before transmitting a data packet If the medium is free the sending radio transmits its packet However there is no guarantee that another radio is not transmitting a packet at the same time causing a collision This typically occurs when there are hidden nodes clients that can communicate with the Access Point but are out of range of each other in very large cells When RTS CTS occurs the sending radio fir
72. the file extension The following lists display the results of using the help command in the Bootloader CLI Device name gt help Command List Description Set system parameters Show running system information Description of commands command usage and parameters reboot reboot the target Command Usage set lt parameter name gt lt parameter value gt lt cr gt show lt cr gt help lt cr gt reboot lt cr gt Parameter List Description sysname System Name ipaddr System IP Address foe System Subnet Mask System Default Gateway IP Address tf epipaddr TFTP Server IP Addre tftpfilename Image or Binary File name ipaddrt ype Susten IP Address Type STATIC or DYNAMIC Device name 1 gt Figure A 1 Results of help bootloader CLI command The following lists display the results of using the show command in the Bootloader CLI 150 Command Line Interface CLI CLI Command Types AP 700 User Guide Device namel gt show sysname Device name System Name ipaddr 180 0 0 1 System IP Address ipsubmask B B System Subnet Mask ipgw 16 0 0 System Default Gateway IP Address ipaddrt ype IP Address type tftpipaddr B TFTP Server IP Address tftpfilename Image or Binary File Name Device name 1 gt Figure A 2 Results of show bootloader CLI command CLI Command Types This guide divides CLI Commands into two categories Operational and Parameter Controls Operational CLI Commands These comma
73. the following Syslog settings from the HTTP interface Enable Syslog Place a check mark in the box provided to enable system logging Syslog Port Number This field is read only and displays the port number 514 assigned for system logging 80 Advanced Configuration Alarms AP 700 User Guide e Syslog Lowest Priority Logged The AP will send event messages to the Syslog server that correspond to the selected priority number and any priority numbers below it For example if set to 6 the AP will transmit event messages labeled priority 0 to 6 to the Syslog server This parameter supports a range between 0 and 7 6 is the default Syslog Heartbeat Status When Heartbeat is enabled the AP periodically sends a message to the Syslog server to indicate that it is active Syslog Heartbeat Interval If Syslog Heartbeat Status is enabled this field provides the interval for the heartbeat in seconds between 1 and 604800 The default is 900 seconds Syslog Host Table This table specifies the IP addresses of a network servers that the AP will send Syslog messages gt o Click Add to create a new entry Click Edit to change an existing entry Each entry contains the following field IP Address Enter the IP Address for the management host Comment Enter an optional comment such as the host name Status The entry is enabled automatically when saved so the Status field is only visible when editing an e
74. this is the name for the radio technology used by 802 11b devices MAC Address This is a read only field that displays the unique MAC Media Access Control address for the Access Point s wireless interface The MAC address is assigned at the factory Regulatory Domain Reports the regulatory domain for which the AP is certified Not all features or channels are available in all countries Network Name SSID Enter a Network Name between 1 and 32 characters long for the primary wireless network You must configure each wireless client using this network to use this name as well Additional SSIDs and VLANs may be configured under Configure gt SSID VLAN Security Up to 16 SSID VLANs may be configured NOTE Do not use quotation marks single or double in the Network Name this will cause the AP to misinterpret the name Auto Channel Select The AP scans the area for other Access Points and selects a free or relatively unused communication channel This helps prevent interference problems and increases network performance By default this feature is enabled See Dynamic Frequency Selection Radar Detection DFS RD for more information and Available Channels for a list of available channels Frequency Channel When Auto Channel Select is enabled this field is read only and displays the Access Point s current operating Channel When Auto Channel Select is disabled you can specify the Access Point s operating channel If you decide to manu
75. up server is optional NOTE Each VLAN can be configured to use a separate RADIUS server and backup server for 802 1x authentication 802 1x authentication EAP authentication can be separately enabled for each VLAN RADIUS Accounting Using an external RADIUS server the AP can track and record the length of client sessions on the access point by sending RADIUS accounting messages per RFC2866 When a wireless client is successfully authenticated RADIUS accounting is initiated by sending an Accounting Start request to the RADIUS server When the wireless client session ends an Accounting Stop request is sent to the RADIUS server NOTE Each VLAN can be configured to use a separate RADIUS accounting server and backup accounting server Session Length Accounting sessions continue when a client reauthenticates to the same AP Sessions are terminated when e A client disassociates e A client does not transmit any data to the AP for a fixed amount of time e A client is detected on a different interface e Idle Timeout or Session Timeout attributes are configured in the Radius server If the client roams from one AP to another one session is terminated and a new session is begun 100 Advanced Configuration AP 700 User Guide Radius Profiles NOTE This feature requires RADIUS authentication using MAC Access Control or 802 1x Wireless clients configured in the Access Point s static MAC Access Control lis
76. user has both limited user and super user filter ids configured in the Radius server the user has limited user privileges When RADIUS Based Management is enabled a local user can be configured to provide Telnet SSH and HTTP S access to the AP when RADIUS servers fail The local user has super user capabilities When secure management is enabled the local user can only login using secure means i e SSH or SSL When the local user option is disabled the only access to the AP when RADIUS servers are down will be through serial CLI or SNMP The Radius Based Management Access parameters allows you to enable HTTP or Telnet Radius Management Access to configure a RADIUS Profile for management access control and to enable or disable local user access and configure the local user password You can configure and view the following parameters HTTP RADIUS Access Control Status Enable RADIUS management of HTTP HTTPS users Telnet RADIUS Access Control Status Enable RADIUS management of Telnet SSH users 64 Advanced Configuration AP 700 User Guide Management RADIUS Profile for Management Access Control Specifies the RADIUS Profile to be used for RADIUS Based Management Access Local User Status Enables or disables the local user when RADIUS Based Management is enabled The default local user ID is root Local User Password and Confirm Password The default local user password is public Root cannot be
77. when expected Failed Count Wireless The number of packets not transmitted successfully due to too many transmit attempts Failed RTS Count Wireless The number of times a Clear to Send CTS is not received in response to a Request to Send RTS FCS Error Wireless The number of Frame Check Sequence errors detected in received MAC Protocol Data Units MPDUs FCS Errors Ethernet The number of frames received that are an integral number of octets in length but do not pass the Frame Check Sequence check Frames Too Long Ethernet The number of frames received that exceed the maximum permitted frame size In Discards Ethernet Wireless The number of error free inbound packets that were chosen to be discarded to prevent their being deliverable to a higher layer protocol One possible reason for discarding such a packet could be to free up buffer space In Errors Ethernet Wireless The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol In Non unicast Packets Ethernet Wireless The number of non unicast i e subnetwork broadcast or subnetwork multicast packets delivered to a higher layer protocol In Octets bytes Ethernet Wireless The total number of octets received on the interface including framing characters In Unicast Packets Ethernet Wireless The number of subnetwork unicast packets delivered to a higher layer protocol Internal MAC Recieve Errors
78. working Informational linkDown AP s Ethernet interface link is down not working Informational same transition Trap Name Description Severity Level New Root AP has become the new root in the Spanning Informational Tree network topologyChange Trap is not sent if a newRoot trap is sent for the Informational All these alarm groups correspond to System Alarms that are displayed in the System Status Screen including the traps that are sent by the AP to the SNMP managers specified in the Alarm Host Table Alarm Host Table To add an entry and enable the AP to send SNMP trap messages to a Trap Host click Add and then specify the IP Address and Password for the Trap Host 78 Advanced Configuration AP 700 User Guide Alarms NOTE Up to 10 entries are possible in the Alarm Host table IP Address Enter the Trap Host IP Address e Password Enter the password in the Password field and the Confirm field Comment Enter an optional comment such as the alarm trap host station name To edit or delete an entry click Edit Edit the information or select Enable Disable or Delete from the Status drop down menu 79 Advanced Configuration AP 700 User Guide Alarms Syslog The Syslog messaging system enables the AP to transmit event messages to a central server for monitoring and troubleshooting The access point logs Session Start Log in and Session Stop Log out e
79. 0 40 F4 1C DB 6A e Wireless Client 1 00 02 2D 51 94 E4 71 Advanced Configuration AP 700 User Guide Filtering e Wireless Client 2 00 02 2D 51 32 12 e Wireless Client 3 00 20 A6 12 4E 38 Prevent Two Specific Devices from Communicating Configure the following settings to prevent the Wired Server and Wireless Client 1 from communicating Wired MAC Address 00 40 F4 1C DB 6A Wired Mask FF FF FF FF FF FF Wireless MAC Address 00 02 2D 51 94 E4 Wireless Mask FF FF FF FF FF FF Result Traffic between the Wired Server and Wireless Client 1 is blocked Wireless Clients 2 and 3 can still communicate with the Wired Server Prevent Multiple Wireless Devices from Communicating with a Single Wired Device Configure the following settings to prevent Wireless Clients 1 and 2 from communicating with the Wired Server Wired MAC Address 00 40 F4 1C DB 6A e Wired Mask FF FF FF FF FF FF Wireless MAC Address 00 02 2D 51 94 E4 e Wireless Mask FF FF FF 00 00 00 Result When a logical AND is performed on the Wireless MAC Address and Wireless Mask the result corresponds to any MAC address beginning with the 00 20 2D prefix Since Wireless Client 1 and Wireless Client 2 share the same prefix 00 02 2D traffic between the Wired Server and Wireless Clients 1 and 2 is blocked Wireless Client 3 can still communicate with the Wired Server since it has a different prefix 00 20 A6 Prevent All Wireless Devices from Communi
80. 00 User Guide Recovery Procedures 4 Try using a different Ethernet cable if it works there is probably a faulty connection over the long cable or a bad RJ 45 connection 5 Check power plug and hub 6 If the Ethernet link goes down check the cable cable type switch and hub There Is No Data Link 1 Verify that the indicator for the port is on 2 Verify that the AE hub is connected to the Ethernet network with a good connection 3 Verify that the Ethernet cable is Category 5 or better and is less than 100 meters approximately 325 feet in length from the Ethernet source to the AP 4 Try to connect a different device to the same port on the AE hub if it works and a link is established there is probably a faulty data link in the AP 5 Try to re connect the AP to a different output port remember to move the input port accordingly if it works there is probably a faulty output or input port in the AE hub or a bad RJ 45 connection Overload Indications 1 Verify that you are not using a cross over cable between the AE output port and the AP 2 Verify that there is no short over any of the twisted pair cables 3 Move the device into a different output port remember to move the input port accordingly if it works there is probably a faulty port or bad RJ 45 connection Recovery Procedures The most common installation problems relate to IP addressing For example without the TFTP server IP Addres
81. 1 Advanced Configuration Alarms AP 700 User Guide Syslog Message Name Priority Severity Description Client Login Authentication 6 Informational Client logs in authenticates Message includes Status Client MAC Address Authentication Type None ACL RADIUS MAC 802 1X e Cipher Type None WEP TKIP AES Status Allow Deny SSID to which client is connecting Sample Message lt client mac address gt Status lt value gt SSID lt value gt Auth Type lt value gt Cipher Type lt value gt Client De Authentication Status 6 Informational Client de authenticates Message includes e Client MAC Address Cipher Type None WEP TKIP AES e Status De authentication reason which can be any of the following Unknown reason Stale authentication information Authenticated STA leaving BSS Inactivity Association error Class 2 frame received from non authenticated STA Class 3 frame received from non associated STA Associated STA leaving BSS STA requesting information but not yet authenticated Enhanced security RSN required Enhanced security RSN used inconsistently Invalid Information Element MIC Failure WPA module de auth SSID to which client was connected Sample Message lt client mac address gt Status lt value gt SSID lt value gt Cipher Type lt value gt RADIUS Accounting Start and 6 Inform
82. 1 63 gt Set the Multicast Rate 802 11a Device Name gt set wif 3 multrate lt 6 12 24 Mbits sec gt Set the Multicast Rate 802 11b g Device Name gt set wif 4 multrate lt 1 2 5 5 11 Mbits sec gt Enable Disable Super Mode 802 11a g only Device Name gt set wif 3 supermode lt enable disable gt Enable Disable Turbo Mode 802 11a g only Device Name gt set wif 3 turbo lt enable disable gt NOTE Super mode must be enabled on the interface before Turbo mode can be enabled Configure Antenna Diversity Device Name gt set wif 3 atdiversity lt 1 2 5 auto gt see below Device Name gt reboot Value Corresponding Antenna Enabled 1 802 11a b g connector 1 2 802 11a b g connector 2 5 auto Both antennas NOTE See Antennas for more information on internal and external antenna ports Set the Distance Between APs Device Name gt set wif lt index gt distaps lt 1 5 gt see below Device Name gt reboot 0 167 Command Line Interface CLI Other Network Settings AP 700 User Guide Value Distance Betwee n APs Large Medium Small Mini Micro oy A j N gt Set Ethernet Speed and Transmission Mode Device Name gt set etherspeed lt value gt see below Device Name gt reboot 0 Ethernet Speed and Value Transmission Mode 10 Mbits sec half duplex 10halfduplex 10 Mbits sec full duple
83. 4 14 WDS Configuration Click the Edit button to update the Wireless Distribution System WDS Table 55 Advanced Configuration AP 700 User Guide Interfaces Alarms 1 Bridge QoS 1 RADIUS Profiles Y ssiomarusecariy Y System Network meraces Management 7 Filtering A Ge WDS Slot A Table Configuration Add Entries This page is used to configure the Wireless Distribution System WDS inks or partners You can configure up to six WDS links and the security to be used for those links Warning Connectivity requires that the encryption key for the WDS links between access points be identical Note Changes to these parameters require access point reboot in order to take effect WDS Security Enable WDS Security Mode r EncyptionKeyO ssssssss Ol 2 Cancel 4 WDS partner access points Port index 1 Partner MAC Address 00 00 09 00 09 00 Status Disable J Port index 2 Partner MAC Address 00 00 00 00 00 00 Status Disable Port index 3 Partner MAC Address 00 00 00 00 90 00 Status Disaclo Pon index 2 Partner MAC Address 00 00 09 00 00 00 Status Disable Figure 4 15 Adding WDS Links 9 Select whether to use encryption in the WDS by checking the Enable WDS Security Mode checkbox If you enabled WDS Security Mode enter the Encryption Key 0 used for encryption between the WDS links Enter the MAC Address that you wrote down in Step 2 in one of the Partner MAC Address field of the W
84. AN SSID RADIUS MAC Authentication Profile RADIUS EAP Authentication Profile RADIUS Accounting Profile If 802 1x WPA or 802 11i security mode is used the RADIUS EAP Authentication Profile must have a value A RADIUS Server Profile for authentication for each VLAN shall be configured as part of the configuration options for that VLAN RADIUS profiles are independent of VLANs The user can define any profile to be the default and associate all VLANs to that profile Four profiles are created by default MAC Authentication EAP Authentication Accounting and Management 8 If desired scroll down to the scroll down to the SSID and VLAN Table and click Edit to modify the Network Name VLAN ID or QoS profile of the SSID VLAN NOTE Because VLAN tagging is disabled attempting to add a new SSID VLAN will produce an error message The Edit Entries screen will be displayed See Figure 4 43 System x Network T Interfaces 1 Management y Filtenng Alarms Bridge QoS RADIUS Profiles SSIOMLAN Security ho SSID and VLAN Table Wireless A Edit Entries This page is used to configure additional SIDs and VLANs Each table entry requires a unique SSID and VLAN ID Note The first table entry cannot be disabled or deleted Noto Changes to these paramotors require access point reboot in order to take effect index 1 SID Network Name S VLAN ID 0 4094 My Wireless Network A untagged intagged 205 Profi
85. AP Image For this procedure you will first erase the AP Image currently installed on the unit and then use either ScanTool or the Bootloader CLI over the serial port to set the IP address and download a new AP Image Follow these steps 142 Troubleshooting AP 700 User Guide Recovery Procedures 1 While the unit is running press the RESET button NOTE You need to use a pin or the end of a paperclip to press a button The AP reboots and the indicators begin to flash CAUTION By completing Step 2 the firmware in the AP will be erased You will need an Ethernet connection a TFTP server and a serial cable if using the Bootloader CLI to reload firmware 2 Press and hold the RELOAD button for about 20 seconds until the POWER LED turns amber The AP deletes the current AP Image 3 Follow one of the procedures below to load a new AP Image to the Access Point Download a New Image Using ScanTool Download a New Image Using the Bootloader CLI Download a New Image Using ScanTool To download the AP Image you will need an Ethernet connection to the computer on which the TFTP server resides and to a computer that is running ScanTool this is either two separate computers connected to the same network or a single computer running both programs ScanTool detects if an Access Point does not have a valid software image installed In this case the TFTP Server and Image File Name parameters are enabled in the ScanTool s Change s
86. AP detects whether the file uploaded is LTV format or a CLI Batch file If the AP detects a CLI Batch file a file with extension cli the AP executes the file immediately The AP will reboot after executing the CLI Batch file Auto Configuration will not result in repeated reboots if the CLI Batch file contains rebootable parameters CLI Batch File Format and Syntax The CLI Batch file must be named with a cli extension to be recognized by the AP The maximum file size allowed is 100 Kbytes and files with larger sizes cannot be uploaded to the AP The CLI commands supported in the CLI Batch File are a subset of the legal AP CLI commands The follow commands are supported e Set commands Reboot command the reboot command ignores the argument time Each command must be separated by a new line NOTE The following commands are not supported Show command Debug command Undebug command Upload command Download command Passwd command Kill command and the Exit Quit and Done commands Sample CLI Batch File The following is a sample CLI Batch File set sysname systeml set sysloc sunnyvale set sysctname contactl set sysctphone 1234567890 set sysctemail email domain com set ipaddr 11 0 0 66 set ipaddrtype static set ipsubmask 255 255 255 0 set ipgw 11 0 0 1 set wif 4 autochannel disable set wif 4 mode 1 set syslogstatus enable set sysloghbstatus enable set sysloghbinterval 5 set wif 4 netname london reboot
87. Address IpAddress User Defined RW endipaddr Width Integer User Defined RW width Default Lease Time Integer32 gt 0 RW defleasetm optional 86400 sec default Maximum Lease Time Integer32 gt 0 RW maxleasetm optional 86400 sec default Comment optional DisplayString User Defined RW cmt Status optional Integer enable 1 RW status disable 2 delete 3 NOTE Set either End IP Address or Width but not both when creating an IP address pool DHCP Relay Group The DHCP Relay Group allows you to enable or disable DHCP Relay Agent Status Table Name Type Value Access CLI Parameter DHCP Relay Group Group N A R dhcprelay Status Integer enable RW dhcprelaystatus disable DHCP Relay Server Table R dhcprelaytbl DHCP Relay Server Table The DHCP Relay Server Table contains the commands to set the table entries The AP supports the configuration of a maximum of 10 server settings in the DHCP Relay Agents server table Name Type Value Access CLI Parameter DHCP Relay Server Table N A R dhcprelaytbl Table DHCP Relay Server Integer32 1 10 R dhcprlyindex Table Entry Index DHCP Relay Server IpAddress User Defined RW dhcprlyipaddr Table Entry IP Address DHCP Relay Server DisplayString User Defined RW dhcprlycmt Table Entry Comment DHCP Relay Server Integer enable 1 RW dhcprlystatus Table Entry Status disable 2 delete 3 create 4 178 Command Line Inte
88. Confirm that your computer s IP address is in the same IP subnet as the AP NOTE If you have not previously configured the Access Point s IP address and do not have a DHCP server on the network the Access Point will default to an IP address of 169 254 128 132 2 Go to the DOS command prompt on your computer 3 Type telnet lt IP Address of the unit gt 4 Enter the CLI password default is public NOTE Proxim recommends changing your default passwords immediately To perform this operation using CLI commands see Change Passwords Set Basic Configuration Parameters using CLI Commands There are a few basic configuration parameters that you may want to setup right away when you receive the AP For example e Set System Name Location and Contact Information Set Static IP Address for the AP Download an AP Configuration File from your TFTP Server e Set up Auto Configuration Set Network Names for the Wireless Interface Enable 802 11d Support and Set the Country Code Enable and Configure TX Power Control for the Wireless Interface s e Configure SSIDs Network Names VLANs and Profiles 160 Command Line Interface CLI AP 700 User Guide Set Basic Configuration Parameters using CLI Commands Download an AP Configuration File from your TFTP Server e Backup your AP Configuration File Set System Name Location and Contact Information Device Name Device Name Device Name Device Name gt set sysname
89. DuplicatelPAddressEncountered Another network device with the same IP address Major exists oriTrapDHCPRelayServerTableNotConfigured The DHCP relay agent server table is empty or Major not configured oriTrapVLANIDInvalidConfiguration A VLAN ID configuration is invalid Major oriTrapAutoConfigF ailure Auto configuration failed Minor oriTrapBatchExecFailure The CLI Batch execution fails for the following Minor reasons e Illegal Command is parsed in the CLI Batch file Execution error is encountered while executing CLI Batch file e Bigger file size than 100 Kbytes oriTrapBatchFileExecStart The CLI Batch execution begins after file is Minor uploaded oriTrapBatchFileExecEnd The execution of CLI Batch file ends Minor 75 Advanced Configuration AP 700 User Guide Alarms Security Trap Group Trap Name Description Severity Level oriTrapInvalidEncryptionKey Invalid encryption key has been detected Critical oriTrapAuthenticationFailure Client authentication failure has occurred Major Authentication failures can range from MAC Access Control table e RADIUS MAC authentication e 802 1x authentication specifying the EAP Type WORP mutual authentication SSID authorization failure specifying the SSID e VLAN ID authorization failure specifying the VLAN ID oriTrapUnauthorizedManagerDetected Unauthorized manager has attempted to view Major and or modify parameters oriTraprADScanComplete RAD scan is succe
90. Figure A 18 Sample CLI Batch File Reboot Behavior When a CLI Batch file contains a reboot command the reboot will occur only after the entire CLI Batch file has been executed There are two methods of uploading the CLI Batch File e Upload 202 Command Line Interface CLI AP 700 User Guide CLI Batch File Upload and reboot this option is to be used for a CLI Batch file containing the configuration parameters that require a reboot CLI Batch File Error Log If there is any error during the execution of the CLI Batch file the AP will stop executing the file The AP generates traps for all errors and each trap contains the following information Start of execution e Original filename of the uploaded file End of execution along with the status of execution Line number and description of failures that occurred during execution The AP logs all the errors during execution and stores them in the Flash memory in a CLI Batch File Error Log named CBFERR LOG The CLI Batch File Error Log can be downloaded though TFTP HTTP or CLI file transfer to a specified host 203 ASCII Character Chart AP 700 User Guide You can configure WEP Encryption Keys in either Hexadecimal or ASCII format Hexadecimal digits are 0 9 and A F not case sensitive ASCII characters are 0 9 A F a f case sensitive and punctuation marks Each ASCII character corresponds to two hexadecimal digits The table below lists the ASCI
91. I SNMP Agent Serial CLI Secure Management SSH RADIUS Based Management Access SINININININIS AP 700 User Guide 205 Specifications AP 700 User Guide Software Features Advanced Bridging Functions Feature Supported by AP 700 IEEE 802 1d Bridging Y WDS Relay Roaming Protocol Filtering Multicast Broadcast Storm Filtering Proxy ARP TCP UDP Port Filtering Blocking Intra BSS Clients Packet Forwarding SINININISININIS Medium Access Control MAC Functions Feature Supported by AP 700 Automatic Channel Selection ACS Y Dynamic Frequency Selection DFS Closed System Feature Wireless Service Shutdown 802 11d Support TX Power Control Wireless Multimedia Enhancements Quality of Service QoS DFS is required for 802 11a APs certified in the ETSI regulatory domain and operating in the middle frequency band When ACS is disabled available channels are limited to those in the lower frequency band See Dynamic Frequency Selection Radar Detection DFS RD SISISISISIS Security Functions Feature Supported by AP 700 Security Profiles per VLAN RADIUS Profiles per VLAN IEEE 802 11 WEP MAC Access Control RADIUS MAC based Access Control IEEE 802 1x Authenticationt Multiple Authentication Server Support per VLAN Rogue Scanning to Detect Rogue Access Points and Clients Per User Per Sessi
92. I characters that you can use to configure WEP Encryption Keys It also lists the Hexadecimal equivalent for each ASCII character ASCII Hex ASCII Hex ASCII Hex ASCII Hex Charact Equival f Charact Equival Charact Equival jj Charact Equival er ent er ent er ent er ent 21 9 39 Q 51 i 69 i 22 3A R 52 j 6A 23 3B S 53 k 6B 24 lt 3C T 54 l 6C 25 3D U 55 m 6D amp 26 gt 3E V 56 n 6E j 27 W o 6F 28 X p 70 29 A Y q 71 7 2A B Z r 72 2B C Ss 73 2C D t 74 2D E u 75 i 2E F A v 76 2F G w 77 0 30 H x 78 1 31 a y 79 2 32 J b Zz 7A 3 33 K 4B c 63 7B 4 34 L 4C d 64 7C 5 35 M 4D e 65 7D 6 36 N 4E f 66 7E 7 37 O 4F g 67 8 38 P 50 h 68 204 Specifications Software Features Hardware Specifications Available Channels RF Performance Software Features The tables below list the software features available on the AP 700 Number of Stations per BSS Management Functions Advanced Bridging Functions Medium Access Control MAC Functions Security Functions Network Functions Number of Stations per BSS Management Functions Feature Supported by AP 700 Without encryption up to 63 With WEP encryption up to 63 With 802 1x Authentication up to 63 With WPA up to 27 With 802 111 WPA2 up to 63 Feature Supported by AP 700 Web User Interface Telnet CL
93. IEEE 802 11 compliant devices An802 11a 802 11b or 802 11b g client device A computer that is connected to the same IP network as the AP and has one of the following Web browsers installed Microsoft Internet Explorer 6 with Service Pack 1 or later and patch Q323308 Netscape 7 1 or later The computer is required to configure the AP using the HTTP interface 19 Installation and Initialization AP 700 User Guide Hardware Installation Hardware Installation NOTE Before installing and using this product see the Regulatory Compliance section NOTE Avant l installation et l utilisation de ce produit veuillez vous r f rer a la partie Regulatory Compliance conformit aux r glementations NOTA Prima di installare ed utilizzare questo prodotto fare riferimento alla sezione relativa alla Regulatory Compliance conformita alle norme ANMERKUNG Bitte lesen Sie vor der Installation und Verwendung dieses Produkts im Abschnitt Regulatory Compliance NOTA Antes de instalar y usar este producto consulte la secci n Regulatory Compliance Cumplimiento de la normativa Mine YA RIU ULTRA Y DAN TAP 700 User Guide AP 700 2 F 3341 F O Regulatory Compliance E7YarveBRL ARC ET RARR ELT RSV Required Materials AP 700 unit Mounting bracket with screws Power adapter Security cover Quick Start Flyer Perform the following procedures to install the AP hardware Ca
94. LAN workgroup uses a different VLAN ID Tag 3 VLAN enabled a mixture of Tagged and Untagged workgroups exist 4 VLAN enabled all VLANs untagged VLAN is enabled in order to use SSID Note that typical use of SSIDs assumes actual use of VLANs NOTE VLAN must be enabled to configure security per SSID Management VLAN System Network interfaces Management i Filtering y Alarms Bridge Qos RADIUS Profiles SSIDNLAN Securtty Lo Security Profe AY MAC Access Wireless A Virtual Local Area Networks VLAN can be used to segment the network i e private vs public LANs guest vs employee LANs etc Warning Error in configuring Ure VLAN management ID may result in loss of management access to the access point if this occurs then the access point can only be managed via the serial console port Note Changes to these parameters require access point reboot in order to take effect Enable VLAN Tagging Vv VLAN Management ID 0 4094 untagged untagged OF j cancel j Figure 4 37 Mgmt VLAN VLAN Tagging Management Control Access to the AP Management access to the AP can easily be secured by making management stations or hosts and the AP itself members of a common VLAN Simply configure a non zero management VLAN ID and enable VLAN to restrict management of the AP to members of the same VLAN CAUTION Ifa non zero management VLAN ID is configured then management access to the AP is restricted to wired or wireless hosts
95. Note that you do not need a TFTP server running unless you want to transfer files to or from the AP After the TFTP server is installed e Check to see that TFTP is configured to point to the directory containing the AP Image Make sure you have the proper TFTP server IP Address the proper AP Image file name and that the TFTP server is connected Make sure the TFTP server is configured to both send and receive with no time out 147 AP 700 User Guide Command Line Interface CLI This section discusses the following General Notes Command Line Interface CLI Variations CLI Command Types Using Tables and Strings Configuring the AP using CLI commands Set Basic Configuration Parameters using CLI Commands Other Network Settings CLI Monitoring Parameters Parameter Tables CLI Batch File CLI commands can be used to initialize configure and manage the Access Point CLI commands may be entered in real time through a keyboard or submitted with CLI scripts A CLI Batch file is a user editable configuration file that provides a user friendly way to change the AP configuration through a file upload The CLI Batch file is an ASCII file that facilitates Auto Configuration because it does not require the user to access one of the AP s management interfaces to make configuration changes as is required with the proprietary LTV format configuration file The CLI is available through both the Serial Port interface and over the
96. P PSK Passphrase O 802 1ti Station Autnentcaton Mode 802 1x Cipher AES I 802 14 PSK Station Authentication Mode PSK Cipher AES PSK Passphrase OK ited Figure 4 40 Security Profile Table Add Entries 112 Advanced Configuration AP 700 User Guide SSID VLAN Security MAC Access The MAC Access sub tab allows you to build a list of stations identified by their MAC addresses authorized to access the network through the AP The list is stored inside each AP within your network Note that you must reboot the AP for any changes to the MAC Access Control Table to take effect Up to 1000 entries can be made in the table The MAC ACL Status parameter configurable on the SSID VLAN gt Wireless sub tab is per VLAN if VLAN Management is enabled All other parameters besides MAC ACL Status are configured per AP even if VLAN is enabled The following list details the configurable MAC Access parameters NOTE MAC Access Control status is enabled or disabled when configuring each Security Profile e Operation Type Choose between Passthru and Block This determines how the stations identified in the MAC Access Control Table are filtered e If set to Passthru only the addresses listed in the Control Table will pass through the bridge e If set to Block the bridge will block traffic to or from the addresses listed in the Control Table MAC Access Control Table Click Add to create a new entry Click Edit to ch
97. P HTTPS interface you must first log in to a web browser See Related Topics for instructions You may also perform commands using the command line interface See Command Line Interface CLI for more information To perform commands via HTTP HTTPS 1 Click the Commands button located on the left hand side of the screen Update AP A Retrieve File A Reboot A Reset A Help Link y Status Commands e There are five commands that can be executed on the access point Configure Monitor Update AP is used to upload files via TFTPHTTP to the access point This feature can be used to upgrade the access point and upload configuration files Commands Retricee Filo is used to retrieve configuration file from the access point via TFTPMTTP This feature can be used to backup the access point configuration fibe Help Reboot allows you to reboot the access point in the specified number of seconds t Eat Reset will reset all the configuration settings of the access point to the factory default values Help Link te used to configure where the eccess point help information can be retrieved Figure 6 1 Commands Main Screen 2 Click the tab that corresponds to the command you want to issue For example click Reboot to restart the unit Following a brief introduction to TFTP and HTTP file transfer each Commands tab is described in the remainder of this chapter Introduction to File Transfer via TFTP or HTTP There are two methods of tran
98. P UDP Port Ethernet Protocol The Ethernet Protocol Filter blocks or forwards packets based on the Ethernet protocols they support Follow these steps to configure the Ethernet Protocol Filter 1 Select the interface or interfaces that will implement the filter from the Ethernet Protocol Filtering drop down menu Ethernet Packets are examined at the Ethernet interface e Wireless Packets are examined at the Wireless interface All Interfaces Packets are examined at both interfaces e Disabled The filter is not used 2 Select the Filter Operation Type e If set to Passthru only the enabled Ethernet Protocols listed in the Filter Table will pass through the bridge e If set to Block the bridge will block enabled Ethernet Protocols listed in the Filter Table 3 Configure the Ethernet Protocol Filter Table This table is pre populated with existing Ethernet Protocol Filters however you may enter additional filters by specifying the appropriate parameters To add an entry click Add and then specify the Protocol Number and a Protocol Name Protocol Number Enter the protocol number See http www iana org assignments ethernet numbers for a list of protocol numbers Protocol Name Enter related information typically the protocol name To edit or delete an entry click Edit and change the information or select Enable Disable or Delete from the Status drop down menu An entry s status must be enabled in order for the p
99. PA or RADIUS accounting is enabled in the S5ID s security profile then the respective RADIUS server profiles should be configured and assigned to this SSID Note Changes to these porametors require access point reboot in order to take offect Enable Security Per SSID A Accounting Status or El RADIUS MAC Authentication Status Disable 8 MAC ACL Status Disati Rekeying Interval seconds bo oo Security Profile RADIUS MAC Authentication Profile MAC Autnenticasion RADIUS EAP Authentication Profile EAP Authentication RADIUS Accounting Profile Accounting Ol i Cancel D Figure 4 42 SSID VLAN and Security Configuration VLAN Tagging Disabled 2 Enable or disable RADIUS accounting on the VLAN SSID by selecting Enable or Disable from the Accounting Status drop down menu 3 Enable or disable RADIUS MAC authentication status on the VLAN SSID by selecting Enable or Disable from the RADIUS Authentication Status drop down menu 4 Enable or disable MAC Access Control List status on the VLAN SSID by selecting Enable or Disable from the MAC ACL Status drop down menu 5 Enter Rekeying Interval in seconds between 60 and 65525 The default interval is 900 seconds 114 Advanced Configuration AP 700 User Guide SSID VLAN Security 6 Enter the Security Profile used by the VLAN in the Security Profile field See the Security Profile section for more information 7 Define the RADIUS Server Profile Configuration for the VL
100. Pacific Time e International calls 408 542 5390 When contacting the Customer Service for support Buyer should be prepared to provide the Product description and serial number and a description of the problem The serial number should be on the product In the event the Customer Service Center determines that the problem can be corrected with a software update Buyer might be instructed to download the update from Proxim s web site or if that s not possible the update will be sent to Buyer In the event the Customer Service Center instructs Buyer to return the Product to Proxim for repair or replacement the Customer Service Center will provide Buyer a Return Material Authorization RMA number and shipping instructions Buyer must return the defective Product to Proxim properly packaged to prevent damage shipping prepaid with the RMA number prominently displayed on the outside of the container 1 LAN products include ORINOCO 2 WAN products include Lynx Tsunami Tsunami MP Tsunami Quickbridge 213 Statement of Warranty AP 700 User Guide Other Information Calls to the Customer Service Center for reasons other than Product failure will not be accepted unless Buyer has purchased a Proxim Service Contract or the call is made within the first thirty 30 days of the Product s invoice date Calls that are outside of the 30 day free support time will be charged a fee of 25 00 US Dollars per Support Call If Proxim reason
101. Protocol Name Interface Bitmask DisplayString Integer32 User Defined there are also 4 pre defined protocols see Port Number above 0 or 2 No interfaces disable 1 or 3 Ethernet 4 or 6 Wireless 5 or 7 All interfaces default is 7 RW RW protoname ifbitmask Status optional Integer enable default for new entries disable default for pre defined entries delete RW status Alarms Parameters SNMP Table Host Table Parameters When creating table entries you may either specifying the argument name followed by argument value CLI applies default values to the omitted arguments Due to the nature of the information the only argument that can be omitted is the comment argument Name Type Value Access CLI Parameter SNMP Trap Host Table Table N A R snmptraphostibl Table Index Integer User Defined N A index IP Address IpAddress User Defined RW ipaddr Password DisplayString User Defined up to 64 W passwd characters Comment optional DisplayString User Defined up to 254 RW cmt characters Status optional Integer enable default RW status disable delete Syslog Parameters The following parameters configure the Syslog settings Name Type Value Access CLI Parameter Syslog Group N A R syslog 192 Command Line Interface CLI Parameter Tables AP 700 User Guide
102. Requests Accounting Requests Accounting Retransmissions Accounting Retransmissions Accounting Responses Accounting Responses Accounting Bad Authenticators Accounting Bad Authenticators Figure 5 7 RADIUS Monitoring Tab 123 Monitoring Interfaces AP 700 User Guide Interfaces This tab displays statistics for the Ethernet and wireless interfaces Leam Table A Station Statistics version ICMP IPP This tab provides information and statistics on the access point Ethernet interface Type Description MIB Specific Definition Ethernet Chipset Physical Address Last Change Operational Status Admin Status Speed Maximum Packet Size in Octets byles In Unic ckels In Hon 4 In Discards in Errors Unknown Protocols Out Octets bytes Out Unicast Packets Out Non unicast Packets Out Discards Out Errors Outpul Queue Length Alignment Error FCS Errors Single Collision Frames Multiple Collision Frames SOE Test Errors Deferred Transmissions La Excess sions te Collisions internal MAC Transmit Errors nse Errors o Long Carrier Se Fran internal MAC Receive Errors cast Packets RADIUS interfaces IP ARP Table ethemel csmac 00 ae d 62010 00 20 A6 55 F3 3 1077310 U 100000001 Figure 5 8 Interface Monitoring Tab Ethernet Description of Interface Statistics 4 p A 5o50 1500 eooooo 3 The following stat
103. S Client for RADIUS Name Resolution Name Type Value Access CLI Parameter RADIUS Authentication Table N A R radiustbl Table Index Profile Integer N A R index Index Primary Secondary Index Integer Primary 1 R subindex Secondary 2 Status Integer enable RW status disable Server Address Format Integer lpaddr RW seraddrfmt Name Server IP Address or IpAddress User defined enter an IP RW ipaddr Name DisplayString address if seraddrfmt is ipaddr or a name if set to name up to 254 characters if using a name Port optional Integer User Defined RW port 1812 default Shared Secret DisplayString User Defined W ssecret 6 32 characters Response Time optional Integer 1 10 seconds RW responsetm 3 default Maximum Integer 0 4 RW maxretx Retransmissions 3 default optional RADIUS MAC Address Integer dashdelimited RW radmacaddrformat Format colondelimited singledashdelimited nodelimiter RADIUS Accounting Integer32 1 60 minutes RW radaccinactivetmr Inactivity Timer Authorization Lifetime Integer32 900 43200 seconds W radauthlifetm RADIUS Accounting Integer32 10 3600 minutes RW radacctupdinterval Update Interval VLAN ID vlaniD 1 untagged RW radvlanid 1 4094 196 Command Line Interface CLI Parameter Tables AP 700 User Guide Security Parameters MAC Access Control Parameters Name Type Value Acces
104. SSH Secure Shell Management You may securely also manage the AP using SSH Secure Shell The AP supports SSH version 2 for secure remote CLI Telnet sessions SSH provides strong authentication and encryption of session data 12 Introduction AP 700 User Guide Management and Monitoring Capabilities The SSH server AP has host keys a pair of asymmetric keys a private key that resides on the AP and a public key that is distributed to clients that need to connect to the AP As the client has knowledge of the server host keys the client can verify that it is communicating with the correct SSH server NOTE The remainder of this guide describes how to configure an AP using the HTTP Web interface or the CLI interface For information on how to manage devices using SNMP or SSH see the documentation that came with your SNMP or SSH program Also see the MIB files for information on the parameters available via SNMP and SSH 13 Installation and Initialization This chapter contains information on the following AP 700 Hardware Description Overview Antennas Active Ethernet LED Indicators Prerequisites Product Package System Requirements Hardware Installation Initialization Using ScanTool Logging In Using the Setup Wizard Installing the Software Related Topics AP 700 Hardware Description Overview The AP 700 is a tri mode AP that supports 802 11b 802 119 or 802 11a clien
105. Sent Announce Request Received Announce Response Sent Announce Response Received Handover Request Sent Handover Request Received Handover Response Sent Handover Request Retransmission Dropped PDUs Number of Roaming Clients Figure 5 6 IAPP Monitoring Tab 122 Monitoring AP 700 User Guide RADIUS RADIUS This tab provides RADIUS authentication EAP 802 1x authentication and accounting information for both the Primary and Backup RADIUS servers for each RADIUS Server Profile NOTE Separate RADIUS servers can be configured for each RADIUS Server Profile Select the RADIUS Server Profile to view statistics on from the Select Server Profile drop down menu ICMP IP ARP Table Learn Table RADIUS This tab provides statistics on the primary and backup RADIUS Authentication and Accounting server s with which the access point is configured to communicate Select Server Profile mac Authentication Primary Server Authentication Backup Server Authentication Statistics Statistics Access Requests Access Accepts Access Retransmissions Access Rejects Access Challenges Malformed Access Responses Authentication Bad Authenticators Timeouts Access Requests Access Accepts Access Retransmissions Access Rejects Access Challenges Malformed Access Responses Authenticabon Bad Authenticators Timeouts 00000000 00000000 Primary Server Accounting Backup Server Accounting Statistics Statistics Accounting
106. Syslog server e AutoConfig for Dynamic IP TFTP server address and configuration filename e AutoConfig Successful Hardware Configuration Reset CHRD Hardware Configuration Reset Status is a parameter that defines the hardware configuration reset behavior of the AP i e what effect pressing the reload button has on an AP operating in normal operating mode If a user loses or forgets the AP s HTTP Telnet SNMP password the reset button on the AP provides a way to reset the AP to default configuration values to gain access to the AP However in AP deployments where physical access to the 67 Advanced Configuration AP 700 User Guide Management AP is not protected an unauthorized person could reset the AP to factory defaults and thus gain control of the AP The user can disable the hardware configuration reset functionality to prevent unauthorized access The hardware configuration reset feature operates as follows When hardware configuration reset is enabled the user can press the hardware reload button for 10 seconds when the AP is in normal operational mode in order to delete the AP configuration When hardware configuration reset is disabled pressing the reload button when the AP is in normal operational mode does not have any effect on the AP The hardware configuration reset parameter does not have any effect on the functionality of the reload button to delete the AP image during AP boot loaded execution The defaul
107. TP A This feature checks connectivity between the access point and the network backbone Connectivity is checked by pinging the IP Addresses in the table below Note N the network backbone connection is lost then the access point wireless interfece s is are disabled until connectivity is resumed Note Changes to polling interval must be in 500 millisecond increments Enable Link integrity r Poll interval milliseconds Poll Retransmissions OK y Cancel D Target IP Address Table Edt Target IP Address Comment Status 0 0 0 0 Disable 0 0 0 0 Disable 0 0 0 0 Disable 0 0 0 0 Disabie 0 0 0 0 Disable Figure 4 7 Link Integrity Configuration Screen SNTP Simple Network Time Protocol SNTP allows a network entity to communicate with time servers in the network internet to retrieve and synchronize time of day information When this feature is enabled the AP will attempt to retrieve the time of day information from the configured time servers primary or secondary and if successful will update the relevant time objects in the AP Requests are sent every 10 seconds If the AP fails to retrieve the information after three attempts the AP will use the system uptime and update the relevant time objects If this feature is disabled the user can manually configure the date and time parameters 43 Advanced Configuration AP 700 User Guide Network Alarms Bridge QoS RADIUS Profiles SSID VLAN Securtty System Netwo
108. U i Edt 7 DHCP Server IP Address Comment Status Figure 4 5 DHCP Relay Agent DHCP Server IP Address Table The AP supports the configuration of a maximum of 10 server settings in the DHCP Relay Agents server table At least one server must be configured to enable DHCP Relay To add entries to the table of DHCP Relay Agents click Add in the DHCP Server IP Address Table to edit existing entries click Edit The following window is displayed 41 Advanced Configuration Network AP 700 User Guide Alarms i Bridge 1 QoS 1 RADIUS Profiles SSIDIVLAN Securtyy System Network A interfaces A Management A Filtering A DHCP Server IP Address Table Edit Entries Note For DHCP Relay Agent to function al feast one DHCP Server IP Address entry should be enabled Changes to these parameters require access point reboot in order fo fake efect iP Address 172 184 80 10 Comment Areias Status Enable D Figure 4 6 DHCP Server IP Address Table Edit Entries To add an entry enter the IP Address of the DHCP Server and a comment optional and click OK To edit an entry make changes to the appropriate entry Enable or disable the entry by choosing Enable or Disable from the Status drop down menu and click OK Link Integrity The Link Integrity feature checks the link between the AP and the nodes on the Ethernet backbone These nodes are listed by IP address in the Link Integrity IP Address Table The AP periodical
109. User Guide information from the DHCP server Information includes the DHCP server IP address that replied to the DHCP client request and the IP address subnet mask and gateway IP address returned from the DHCP server Trap Name Description Severity Level oriTrapDHCPFailed Response to the DHCP client request not Major received device not dynamically assigned an IP address oriTrapDNSClientLookupFailure DNS client attempts to resolve a specified Major hostname DNS lookup and a failure occurs because either the DNS server is unreachable or there is an error for the hostname lookup Trap specifies the hostname that was being resolved oriTrapSSLinitializationFailure SSL initialization failure Major oriTrapWirelessServiceShutdown Wireless interface has shutdown services for Informational wireless clients oriTrapWirelessServiceResumed Wireless interface has resumed service and is Informational ready for wireless client connections oriTrapSSHlnitializationStatus SSH initialization status Major oriTrapVLANIDUserAssignment User is assigned a VLAN ID from the RADIUS Informational server oriTrapDHCPLeaseRenewal AP requests DHCP renewal and receives new Informational Flash Memory Trap Group Trap Name Description Severity Level oriTrapFlashMemoryEmpty No data present in flash memory Informational Flash Memory Corrupted oriTrapFlashMemoryRestoringLastkKnownGoo dConfiguration Flash
110. W httphelplink SSL Status Integer enable disable RW ssistatus SSL Certificate DisplayString User Defined W sslpassphrase Passphrase The help link must be set to an HTTP address Use the forward slash character rather than the backslash character when configur ing the Help Link location Telnet Parameters Name Type Value Access CLI Parameter Telnet Group N A R telnet Telnet Management Interface Bitmask O or 2 No interfaces RW telifoitmask Interface Bitmask disable 1 or 3 Ethernet 4 or 6 Wireless 5 or 7 All interfaces default is 7 Telnet Port Integer User Defined RW telport 23 default Telnet Login Inactivity Integer 30 300 seconds RW tellogintout Time out 60 sec default Telnet Session Idle Integer 60 36000 seconds RW telsessiontout Time out 900 sec default 187 Command Line Interface CLI Parameter Tables AP 700 User Guide Serial Port Parameters RADIUS Based Management Access Parameters Name Type Value Access CLI Parameter Serial Group N A R serial Baud Rate Integer 2400 4800 9600 RW serbaudrate default 19200 38400 57600 Data Bits Integer 8 R serdatabits Parity Integer none R serparity Stop Bits Integer 1 R serstopbits Flow Control Value none default RW serflowctrl xonxoff The RADIUS Based Management Access parameters allow you to enable HTTP or Telnet Radius Management Access enable o
111. You must reboot the Access Point before changes to any of these DHCP server parameters take effect DHCP Relay Agent When enabled the DHCP relay agent forwards DHCP requests to the set DHCP server Click the Configure gt Network gt DHCP R A to configure DHCP relay agent servers and enable the DHCP relay agent NOTE At least one DHCP server must be enabled before DHCP Relay Agent can be enabled The DHCP Relay functionality of the AP supports Option 82 and sends the system name of the AP as a NAS identifier as a sub option of Option 82 The AP makes a DHCP Request for lease renewal five minutes ahead of the expiration of the Rebinding time as specified in the DHCP Offer from the DHCP server obtained during the last renewal Alarms Bridge QoS RADIUS Profiles SSIDNLAN S ecurity y System Network Interfaces A Management Filtering A IP Configuration DHCP Server DHCP RA 1 Link integrity SNTP A The DHCP Relay Agent in the access point allows for dynamic IP address assignment to wireless clients from a DHCP Server in a different subnet Note The DHCP Relay Agent can only be enabled after at least one entry has been enabled in the DHCP Server IP address table in addition to this DHCP Server should be disabled in the AP and IP Address Assignmont Type for the AP should be set to Static Changes to these parameters require access point reboot in order to take effect Enable DHCP Relay Agent Ol 3 DHCP Server IP Address Table A
112. ably determines that a returned Product is not defective or is not covered by the terms of this Warranty Buyer shall be charged a service charge and return shipping charges Other Information Search Knowledgebase Proxim stores all resolved problems in a solution database at the following URL http support proxim com Ask a Question or Open an Issue Submit a question or open an issue to Proxim technical support staff at the following URL http support proxim com cgi bin proxim cfg php enduser ask php Other Adapter Cards Proxim does not support internal mini PCI devices that are built into laptop computers even if identified as ORINOCO devices Customers having such devices should contact the laptop vendor s technical support for assistance For support for a PCMCIA card carrying a brand name other than Proxim ORINOCO Lucent Wavelan or Skyline Customer should contact the brand vendor s technical support for assistance 214 Regulatory Compliance AP 700 User Guide NOTE Please read this section before installing and using your product and save these instructions Visit http support proxim com for the latest regulatory compliance information This section contains important regulatory compliance information and details for the following products Product ORiNOCO Access Point AP 700 AP AG AT 01 8675 AU 8675 AU2 8675 BR 8675 CN 8675 EU 8675 EU2 8675 HK 8675 JP 8675 SG 8675 SK 8675 TW 8675 UK 8675 US
113. access point reboot in order to take effect Policy Name Policy Type nboundLayer2 Priority Mapping Index Enable QoS Marking r Policy Name Policy Type indoundLayer3 Priority Mapping Index Enable QoS Marting Ci Policy Name Policy Type outboundLayer2 Priority Mapping Index Enable QoS Marting r Policy Name Policy Type outboundLayer2 Priority Mapping Index Enable QoS Marting C Policy Name Policy Type spectralink Prionty Mapping Index Enable QoS Marking r OK D Cancel D Figure 4 29 Add QoS Policy 5 Enter the Policy Name 6 Select the Policy Type inlayer2 inbound traffic direction Layer 2 traffic type inlayer3 inbound traffic direction Layer 3 traffic type outlayer2 outbound traffic direction Layer 2 traffic type outlayer3 inbound traffic direction Layer 3 traffic type spectralink SpectraLink traffic 7 Enter the Priority Mapping Index For layer 2 policies an index from the 802 1p to 802 1d mapping table should be specified For layer 3 policies an index from the 802 1p to IP DSCP mapping table should be specified No mapping index is required for SpectraLink 8 Select whether to Enable QoS Marking 9 Click OK 91 Advanced Configuration AP 700 User Guide Qos Priority Mapping Use this page to configure QoS 802 1p to 802 1d priority mappings for layer 2 policies and IP DSCP to 802 1d priority mappings for layer 3 policies The first entry in each table contains the recommended p
114. adecimal digits xxyyzzaabbcc Accounting update interval Enter the time interval in minutes for sending Accounting Update messages to the RADIUS server A value of 0 default means that the AP will not send Accounting Update messages Accounting inactivity timer Enter the accounting inactivity timer This parameter supports a value from 1 60 minutes The default is 5 minutes Authorization lifetime Enter the time in seconds each client session may be active before being automatically re authenticated This parameter supports a value between 900 and 43200 seconds The default is 0 disabled Server Addressing Format select IP Address or Name If you want to identify RADIUS servers by name you must configure the AP as a DNS Client See DNS Client for details e Server Name IP Address Enter the server s name or IP address 99 Advanced Configuration AP 700 User Guide Radius Profiles Destination Port Enter the port number which the AP and the server will use to communicate By default RADIUS servers communicate on port 1812 Server VLAN ID Indicates the VLAN that uses this RADIUS server profile If VLAN is disabled this field will be grayed out Shared Secret and Confirm Shared Secret Enter the password shared by the RADIUS server and the AP The same password must also be configured on the RADIUS server The default password is public Response Time seconds Enter the maximum time in second
115. agement In addition to the HTTP and the CLI interfaces you can also manage and configure an AP using the Simple Network Management Protocol SNMP Note that this requires an SNMP manager program like HP Openview or Castlerock s SNMPc The AP supports several Management Information Base MIB files that describe the parameters that can be viewed and or configured over SNMP e MIB II RFC 1213 e Bridge MIB RFC 1493 Ethernet like MIB RFC 1643 e 802 11 MIB ORiNOCO Enterprise MIB Proxim provides these MIB files on the CD ROM included with each Access Point You need to compile one or more of the above MIBs into your SNMP program s database before you can manage an Access Point using SNMP See the documentation that came with your SNMP manager for instructions on how to compile MIBs The Enterprise MIB defines the read and read write objects that can be viewed or configured using SNMP These objects correspond to most of the settings and statistics that are available with the other management interfaces See the Enterprise MIB for more information the MIB can be opened with any text editor such as Microsoft Word Notepad or WordPad SNMPv3 Secure Management SNMPv3 is based on the existing SNMP framework but addresses security requirements for device and network management The security threats addressed by Secure Management are e Modification of information An entity could alter an in transit message generated by an aut
116. ally set the unit s Channel ensure that nearby devices do not use the same frequency unless you are setting up WDS links Available channels vary based on regulatory domain See Dynamic Frequency Selection Radar Detection DFS RD for more information and Available Channels for a list of available channels Transmit Rate Use the drop down menu to select a specific transmit rate for the AP The values depend on the Operational mode Auto Fallback is the default setting it allows the AP unit to select the best transmit rate based on the cell size For 802 11a only Auto Fallback 6 9 12 18 24 36 48 54 Mbits s NOTE In countries in which 802 11a 5 GHz is not available for use the AP 700 provides dual band 802 11b and 802 11g support only 802 11a functionality covered in this User Guide is not supported For 802 11b only Auto Fallback 1 2 5 5 11 Mbits sec For 802 11g only Auto Fallback 6 9 12 18 24 36 48 54 Mbits sec For 802 11b g Auto Fallback 1 2 5 5 6 9 11 12 18 24 36 48 54 Mbits sec For 802 11g wifi Auto Fallback 1 2 5 5 6 9 11 12 18 24 36 48 54 Mbits sec NOTE 802 11g wifi has been defined for Wi Fi testing purposes It is not recommended for use in your wireless network environment 50 Advanced Configuration AP 700 User Guide Interfaces NOTE Turbo mode is supported in 802 11a and 802 11g mode If turbo mode is enabled then this is displayed in th
117. an HTTP address d Click OK Telnet CLI Does Not Work 1 Make sure you have the proper IP Address Enter your AP IP address in the Telnet connection dialog from a DOS prompt type C gt telnet lt AP IP Address gt 2 Use the CLI over the serial port to check the IP Access Table which can be restricting access to Telnet and HTTP TFTP Server Does Not Work 1 Make sure the TFTP Server has been started 2 Verify the IP address of the TFTP Server The server may be local or remote so long as it has a valid IP address 3 Configure the TFTP Server to point to the folder containing the file to be downloaded or to the folder in which the file is to be uploaded 4 Verify that you have entered the proper AP Image file name including the file extension and directory path if needed 5 If you have a problem uploading a file verify that the TFTP server is configured to allow uploads typically the default setting is to allow only downloads Client Connection Problems Client Software Finds No Connection Make sure you have configured your client software with the proper Network Name and Security settings Network Names and WEP Keys are typically allocated and maintained by your network administrator 140 Troubleshooting AP 700 User Guide Symptoms and Solutions Client PC Card Does Not Work 1 Make sure you are using the latest PC Card driver software 2 Download and install the latest ORINOCO client software f
118. and Example 4 Display Prompts for Successive Parameters Enter the command a space and then Then when the parameter prompt appears enter the parameter value The parameter is changed and a new CLI line is echoed with the new value in the first part of the following example the value is the IP Address of the TFTP server After entering one parameter you may add another to the new CLI line to see the next parameter prompt and so on until you have entered all of the required parameters The following example shows how this is used for the download Command The last part of the example shows the completed download Command ready for execution Device Name gt download lt TFTP IP Address gt Device Name gt download 192 168 0 101 lt File Name gt Device Name gt download 192 168 0 101 apimage lt file type config img bootloader gt Device Name gt download 192 168 0 101 apimage img lt CR gt done exit quit Each of the following commands ends a CLI session Device Name gt done Device Name gt exit Device Name gt quit download Downloads the specified file from a TFTP server to the Access Point Executing download in combination with the asterisks character will make use of the previously set TFTP parameters Executing download without parameters will display command help and usage information 1 Syntax to download a file Device Name gt download lt tftp server
119. and values 1 gt VvVvVvovVvVoYV yv set set set set set set ipaddrtype static ipaddr lt Access Point IP Address gt ipsubmask lt IP Mask gt tftpipaddr lt TFTP Server IP Address gt tftpfilename lt AP Image File Name including file extension gt ipgw lt Gateway IP Address gt show to confirm your new settings reboot 144 Troubleshooting AP 700 User Guide Recovery Procedures Device nam show Device name gt set ipaddrtype static set ipaddr 10 0 0 12 set ipsubmask 255 255 255 0 set tftpipaddr 10 0 0 20 set tftpfilename MyImage bin set ipgw 10 0 0 30 show Device name Device name Device name e e e Device name e e Device name e VV VV VO V Vov Device name Device name gt reboot The AP will reboot and then download the image file You should see downloading activity begin after a few seconds within the TFTP server s status screen 8 When the download process is complete configure the AP as described in Installation and Initialization and Advanced Configuration Setting IP Address using Serial Port Use the following procedure to set an IP address over the serial port using the CLI The network administrator typically provides the AP IP address Hardware and Software Requirements e Standard straight through serial data RS 232 cable with a one male DB 9 connector and one female DB 9 connector The AP comes with a female 9 pin serial p
120. ange an existing entry Each entry contains the following field MAC Address Enter the wireless clients MAC address Comment Enter an optional comment such as the client s name Status The entry is enabled automatically when saved so the Status field is only visible when editing an entry You can also disable or delete entries by changing this field s value NOTE For larger networks that include multiple Access Points you may prefer to maintain this list on a centralized location using the MAC Access Control Via RADIUS Authentication System 1 Network 1 interfaces 1 Management 1 Filtering A Alarms Bridge QoS RADIUS Profiles SSIDMLAN Security Wireless This feature can be used to deny or allow network access to wireless clients associated to the access point The MAC access control table is used to enter the wireless client MAC Addresses With the introduction of the Security per SSID feature MAC access control status is now configured in the SSIOVLAN Security page Mgmt VLAN Security Profile MAC Access Note Changes to these parameters require access point reboot in order to take offect Operation Type Pasar Ob o cancel 2 MAC Access Control Table Add i Eda Comment MAC Address Status Figure 4 41 MAC Access Configuration Screen Wireless Each SSID can have its own Security Profile that defines its security mode authentication mechanism and encryptio
121. anties set forth in this Agreement will not apply to defects in a Product caused i through no fault of Proxim during shipment to or from Buyer ii by the use of software other than that provided with or installed in the Product iii by the use or operation of the Product in an application or environment other than that intended or recommended by Proxim iv by modifications alterations or repairs made to the Product by any party other than Proxim or Proxim s authorized repair partners v by the Product being subjected to unusual physical or electrical stress or vii by failure of Buyer to comply with any of the return procedures specified in this Statement of Warranty Support Procedures Buyer should return defective LAN Products within the first 30 days to the merchant from which the Products were purchased Buyer can contact a Proxim Customer Service Center either by telephone or via web Calls for support for Products that are near the end of their warranty period should be made not longer than seven 7 days after expiration of warranty Repair of Products that are out of warranty will be subject to a repair fee Contact information is shown below Additional support information can be found at Proxim s web site at http support proxim com LAN Products Domestic calls 866 674 6626 24 hours per day 7 days per week e International calls 408 542 5390 WAN Products Domestic calls 800 674 6626 8 00 A M 5 00 P M M F
122. ata rates of up to 54 Mbits sec Available Frequency Channels vary by regulatory domain and or country See Available Channels for details In 2003 the IEEE introduced the 802 11g standard 802 11g devices operate in the 2 4 GHz frequency band using OFDM to achieve data rates of up to 54 Mbits sec In addition 802 11g devices are backwards compatible with 802 11b devices Available Frequency Channels vary by regulatory domain and or country See Available Channels for details Management and Monitoring Capabilities There are several management and monitoring interfaces available to the network administrator to configure and manage an AP on the network e HTTP HTTPS Interface Command Line Interface SNMP Management e SSH Secure Shell Management HTTP HTTPS Interface The HTTP Interface Web browser Interface provides easy access to configuration settings and network statistics from any computer on the network You can access the HTTP Interface over your LAN switch hub etc over the Internet or with a crossover Ethernet cable connected directly to your computer s Ethernet Port HTTPS provides an HTTP connection over a Secure Socket Layer HTTPS is one of three available secure management options on the AP the other secure management options are SNMPv3 and SSH Enabling HTTPS allows the user to access the AP in a secure fashion using Secure Socket Layer SSL over port 443 The AP supports SSLv3 with a 128 bit encryption ce
123. ate AP Retrieve File Reboot Reset Help Link via TFTP via HTTP This page is used to retrieve configuration file latest CLI batch file and CLI batch file execution log from the Access Point using HTTP file transfer Click the Retrieve File button to start the file transfer System Information Software Version 31 0 Boot Loader Version 3 1 0 File Type Config z Config CLI Batch File Su Beh Leg id Figure 6 8 Retrieve File via HTTP Command Screen A confirmation message is displayed asking if the user wants to proceed with retrieving the file Microsoft Internet Explorer 2 You are retrieving Config file From the AP Do you want to proceed cae Figure 6 9 Retrieve File Confirmation Dialog Click OK to continue with the operation or Cancel to abort the operation On clicking OK the File Download window appears File Download x 9 Some files can harm your computer If the file information belove Y looks suspicious or you do not fully trust the source do not open ot save this file File name AP Conhg File type From 169 254 50 3 Would you like to open the file or save it to your computer Open Save Cancel More Info IV Always ask before opening this type of file Figure 6 10 File Download Dialog Box 135 Commands AP 700 User Guide Reboot On clicking the Save button the Save As window displays where the user is prompted to choose the filename and location where the fil
124. ation to begin configuring the AP without using the Setup Wizard The Command Line Interface CLI also provides a method for monitoring and configuring the AP using Telnet ora serial connection For more information about monitoring and configuring the AP with the CLI see Command Line Interface CLI Using the Setup Wizard The first time you connect to an AP s HTTP interface the Setup Wizard launches automatically The Setup Wizard provides step by step instructions for how to configure the Access Point s basic operating parameters such as Network Name IP parameters system parameters and management passwords 27 Installation and Initialization AP 700 User Guide Initialization Step 1 Introduction Step 2 System Configuration Step 3 IP Configuration Configuration Step 6 Summary Welcome to the Access Point Setup Wizard The setup wizard provides a set of pages for configuring basic access point parameters which are listed below System is used to configure device information such as system name and contact information IP Configuration is used to configure the internet TCP4P setting for the access point Password is used to configure the SAMP Telnet CLI and HTTP web default passwords Wiretess interfaces is used to configure the characteristics of the wireless medium Check the Setup Wizard button and the wizard will lead you through a step by step guide to configuring your access pont For mor
125. ational Start and Stop accounting messages for wireless Stop Messages clients CLI Configuration File Start 6 Informational CLI configuration file execution starts Execution CLI Configuration File End 6 Informational CLI configuration file execution ends Execution 82 Advanced Configuration AP 700 User Guide Alarms Syslog Message Name Priority Severity Description CLI Configuration File Execution 4 Minor There is an error in execution of the CLI Errors configuration file The message specifies the filename line number and error reason SSH Initialization Failure 3 Major One of the following failures occurs Keys not present Keys cannot be generated Internal error no available resources SSH Key Generation Successful Informational SSH Key generation is successful Wireless Service Shutdown Informational Wireless service is shutdown Wireless Service Resume Informational Wireless service resumes Second MIC Report Attack Minor Second MIC report attack is detected MIC Attack from Wireless Station Minor A MIC attack is detected from a wireless station 6 6 6 First MIC Report Attack 4 Minor First MIC report attack is detected 4 4 4 SNTP Time Retrieval Failure Minor SNTP Client in the AP fails to retrieve time information from the configured SNTP servers Also included in message IP Address of SNTP server SNTP Time Sync Up Failure 4 Minor SNTP Client in the AP
126. ators use the CLI to control Access Point operation and monitor network statistics The AP supports two types of CLI the Bootloader CLI and the normal CLI The Bootloader CLI provides a limited command set and is used when the current AP Image is bad or missing The Bootloader CLI allows you to assign an IP Address and download a new image Once the image is downloaded and running the Access Point uses the normal CLI This guide covers the normal CLI unless otherwise specified Bootloader CLI The Bootloader CLI is a minimal subset of the normal CLI used to perform initial configuration of the AP This interface is only accessible via the serial interface if the AP does not contain a software image or a download image command over TFTP has failed The Bootloader CLI provides you with the ability to configure the initial setup parameters as well as download a software image to the device The following functions are supported by the Bootloader CLI e configuration of initial device parameters using the set command show command to view the device s configuration parameters help command to provide additional information on all commands supported by the Bootloader CLI reboot command to reboot the device The parameters supported by the Bootloader CLI for viewing and modifying are e System Name IP Address Assignment Type IP Address IP Mask e Gateway IP Address TFTP Server IP Address Image File Name including
127. beans 213 Other Information se se eed sve A ted pay A eine aloha seal a ter od hee Ra 214 Search Knowledgebase seva si greken bee bee bebe bebe eb bee eee eee ede 214 Ask a Question or Open an Issue 214 Other Adapter Cards sea arian i hd Pend Ge SOA te Bik td OE SA dee bode 214 F Regulatory Compliance lt 6 scenes ended eae a a 215 Safety Information USA Canada amp European Union 0 000 eee 216 Federal Communications Commission FCC 0000 c eee eee 217 WalninGS sitter O le a ee ee ee ei 218 AP 700 User Guide Caution Exposure to Radio Frequency Radiation 00 eee eee 218 Modification sarar eet bed beaut eh aD RA Bde et Gadhia tke a pant e 218 Industry Canada IC Lar A Ras RA ER Meee pa deeds debe Pew eae 219 European Uni A A ola alien td what A Ruy i ede ei ints 220 Regulatory Compliance Certifications Summary 0 00 0 te ee 221 AP 700 User Guide Introduction This chapter contains information on the following e Document Conventions e Introduction to Wireless Networking e Guidelines for Roaming IEEE 802 11 Specifications e Management and Monitoring Capabilities Document Conventions AP refers to an AP 700 Access Point 802 11 is used to describe features that apply to the 802 11a 802 11b and 802 11g wireless standards Blue underlined text indicates a link to a topic or Web address If you are viewing this documentation on your computer
128. ble Services AutoConfig CHRO This tab is used to enable auto configuration and also to configure TFTP server IP address and configuration filename System Network interfaces Management Note The configuration filename and TFTP server IP address specified here are used only when the AP is configured for STATIC IP if the AP is configured for Dynamic IP these parameters are not used and obtained from DHCP Note For using a CU batch file with auto configuration give a cl extension for the filename that is stored in the TFTP server Enable Auto Configuration Configuration Filename TFTP Server Address Figure 4 19 Automatic Configuration Screen Set up Automatic Configuration for Dynamic IP Perform the following procedure to enable and set up Automatic Configuration when you have a dynamic IP address for the TFTP server via DHCP The Configuration filename and the TFTP server IP address are contained in the DHCP response when the AP gets its IP address dynamically from the DHCP server A Syslog server address is also contained in the DHCP response allowing the AP to send Auto Configuration success and failure messages to a Syslog server NOTE The configuration filename and TFTP server IP address are configured only when the AP is configured for Static IP If the AP is configured for Dynamic IP these parameters are not used and obtained from DHCP 1 Click Configure gt Management gt AutoConfig
129. blic Secure Management Services tab must be enabled to configure SNMPv3 Telnet CLI Password The password for the CLI interface via serial or Telnet Enter a password in both the Password field and the Confirm field This password must be between 6 and 32 characters The default password is public HTTP Web Password The password for the Web browser HTTP interface Enter a password in both the Password field and the Confirm field This password must be between 6 and 32 characters The default password is public NOTE For security purposes Proxim recommends changing ALL PASSWORDS from the default public immediately to restrict access to your network devices to authorized personnel If you lose or forget your password settings you can always perform the Reset to Factory Default Procedure 58 Advanced Configuration AP 700 User Guide Management Alarms Bridge QoS RADIUS Profiles SSIOMLANISecurity System Network Interfaces Management Filtering Passwords 1 IP Access Table y 7 Services CLI and HTTP web passwords SNMP Read Community Password seeeeeee SNMP Read Write Community Password jececsece SNMPv3 Authentication Password SNMPv3 Privacy Password mon Telnet CLI Password seno HTTP web Password e on Ob i IP Access Table The Management IP Access table limits in band management access to the IP addresses or range of IP addresses specified in the tab
130. bling the AP 700 Installing the Security Cover Mounting the AP 700 Installing External Antennas Cabling the AP 700 Connect cables to the AP as follows 1 Provide power to the AP as follows a Plug the power cord into the power jack the left port and connect the unit to an AC power outlet 100 240V 50 60Hz b If using Active Ethernet connect power to the unit from a DC injector device such as the ORINOCO 1 Port Active Ethernet DC Injector hub 20 Installation and Initialization AP 700 User Guide Hardware Installation 2 Attach one end of an Ethernet cable to the AP s LAN port the center port labeled LAN and the other end to a network hub or switch 3 Optionally connect an RS 232 cable to the RS 232 console port the right port labeled RS 232 NOTE You cannot install the security cover to the AP 700 if an RS 232 cable is connected Figure 2 4 Cabling the AP 700 4 Verify LED Status 5 When the AP 700 boots it performs a series of self tests 6 Wait for the power LED to turn green before proceeding Installing the Security Cover You can optionally install a security cover to deter unauthorized access to the AP 700 The security cover is a plastic cover that prevents access to the cabling and to the Reset and Reload buttons NOTE You cannot connect an RS 232 cable to the AP 700 when a security cover is installed 1 Slide the hinging end of the security cover into the hole o
131. caddrfmt 1 authlifetm 900 radaccinactivetmr 5 vlanid 33 status enable Device Name gt show radiustbl Index Primary Backup Profile Name 1 Primary MAC Authentication Server Status notReady Server Addressing Format ipaddr IP Address Host Name 0 0 0 0 Destination Port 1812 VLAN Identifier 1 MAC Address Format dashdelimited Response Time 3 Maximum Retransmission 3 Authorization Lifetime 0 Accounting Update Interval 0 Accounting Inactivity Timer 5 Index 1 Primary Backup Backup Profile Name MAC Authentication Server Status notReady Server Addressing Format ipaddr IP Address Host Name 0 0 0 0 Destination Port 1812 VLAN Identifier 1 MAC Address Format dashdelimited Response Time 3 Maximum Retransmission 3 Index 4 Primary Backup Backup Profile Name Management Access Server Status notReady Server Addressing Format ipaddr IP Address Host Name 0 0 0 0 Destination Port 1812 VLAN Identifier 1 MAC Address Format dashdelimited Response Time 3 Maximum Retransmission 3 Authorization Lifetime 0 Accounting Update Interval 0 Accounting Inactivity Timer 5 Figure A 17 Result of showradiustbl CLI Command 171 Command Line Interface CLI AP 700 User Guide Other Network Settings Set Rogue Scan Parameters Perform the following command to enable or disable Rogue Scan on a wireless interface and configure the scanning parameters The cycletime parameter is only configured for backgro
132. cate for authentication in SSL communications SSL Private Key the private key for encryption in SSL communications Upgrade BSPBL the Bootloader software CLI Batch File a CLI Batch file that contains CLI commands to configure the AP This file will be executed by the AP immediately after being uploaded See CLI Batch File for more information SSH Public Key the public key in SSH communications See Secure Shell SSH Settings for more information SSH Private Key the private key in SSH communications See Secure Shell SSH Settings for more information 2 Use the Browse button or manually type in the name of the file to be downloaded including the file extension in the File Name field If typing the file name you must include the full path and the file extension in the file name text box 3 To initiate the HTTP Update operation click the Update AP button 132 Commands AP 700 User Guide Retrieve File A warning message gets displayed that advises the user that a reboot of the device will be required for changes to take effect Microsoft Internct Explorer L E xj 2 You are updating Image file to the AP You will need to reboot the device for changes to take effect Do you want to proceed lx o Figure 6 4 Warning Message 4 Click OK to continue with the operation or Cancel to abort the operation NOTE An HTTP file transfer using SSL may take extra time If the operation completes succ
133. cating with a Single Wired Device Configure the following settings to prevent all three Wireless Clients from communicating with Wired Server 1 Wired MAC Address 00 40 F4 1C DB 6A Wired Mask FF FF FF FF FF FF Wireless MAC Address 00 00 00 00 00 00 Wireless Mask 00 00 00 00 00 00 Result The Access Point blocks all traffic between Wired Server 1 and all wireless clients Prevent a Wireless Device from Communicating with the Wired Network Configure the following settings to prevent Wireless Client 3 from communicating with any device on the Ethernet Wired MAC Address 00 00 00 00 00 00 Wired Mask 00 00 00 00 00 00 Wireless MAC Address 00 20 A6 12 4E 38 e Wireless Mask FF FF FF FF FF FF Result The Access Point blocks all traffic between Wireless Client 3 and the Ethernet network Prevent Messages Destined for a Specific Multicast Group from Being Forwarded to the Wireless LAN If there are devices on your Ethernet network that use multicast packets to communicate and these packets are not required by your wireless clients you can set up a Static MAC filter to preserve wireless bandwidth For example if routers on your network use a specific multicast address such as 01 00 5E 00 32 4B to exchange information you can set up a filter to prevent these multicast packets from being forwarded to the wireless network 72 Advanced Configuration AP 700 User Guide Filtering Wired MAC Address 01 00 5E 00 32 4B
134. cc tees 67 Esti in Moat Sod and ate a r A Ml Cotte eee dna acd tana eats at ls 70 Ethernet Protocols 30 A I AA a ee e a 70 Static MAC os Beh dias et Ms at e Bide a dd te AR to E e A hate A les Ba 70 AVANCE A a aAa ake A a 73 TEP UDP Ports A A AS A dd E DI ade 4 73 AMOS ta A a a aba 75 COUPE de ta hte sa tlie ate gestae tg 75 YI ura tarea a id Ae qt 80 o MR A Pia azaleas Yate telat nts tna cub Agnes ha eee Sad alot hag el alten ana ga E Beet Gaon Penh we 83 Bdge cine sss ete Bod ir AMINE halo ds ras be apd etre AG EA Poteet tier and tetas A ee 87 SPANNING TKS scp and edt A Ghat Dh eee dee band Al ees DEO Ad 87 storm TAKESMOMG asa cout A eta wi AA A e a 88 A A A AA 89 Packet Forwarding sio citas eed at pla 89 Doa A A AA AA AAA A A A A 90 Wireless Multimedia Extensions WME Quality of Service QOS 0 0 eee 90 Priority MappiNd 26 ios A E A ota AAA daegalans 92 Enhanced Distributed Channel Access EDCA oooococcccooo tenet eee 93 RadiUsiRFOMMES ere 2 a OS i RA A Gag ES ee A ates 96 RADIUS Servers per Authentication Mode and per VLAN ooo 96 Configuring Radius Profiles oooooooocooocoo ro ENTER EAE E Eea EE 97 MAC Access Control Via RADIUS Authentication 0 000 0020 eee 100 802 1x Authentication using RADIUS 0 ae pronio irak r ee eae 100 RADIUS Accounting 50 54 ek one eed EIE SR Gee AAA ee bes 100 SoID VLAN S6CURY nr vane aN errada a d ea o Baus Bees 103 NLANOVeIVIEW sur sd a aS a Poh tiritas Coe Re
135. cess Point that is a member of the WDS must have the same Channel setting to communicate with each other If your network does not support spanning tree be careful to avoid creating network loops between APs For example creating a WDS link between two Access Points connected to the same Ethernet network will create a network loop if spanning tree is disabled For more information see the Spanning Tree section WDS Setup Procedure NOTE You must disable Auto Channel Select to create a WDS Each Access Point that is a member of the WDS must have the same channel setting to communicate with each other To setup a wireless backbone follow the steps below for each AP that you wish to include in the Wireless Distribution System 1 2 3 4 Confirm that Auto Channel Select is disabled Write down the MAC Address of the radio that you wish to include in the Wireless Distribution System Click on Configure gt Interfaces gt Wireless Scroll down to the Wireless Distribution System heading Wireless Distribution System WDS WOS can be used to establish point to point Le wireless backhaul connections with other access points This table is used to configure WOS partner access points Ede Port Index Partner MAC Address Status 1 00 00 00 00 00 00 Disable 2 00 00 00 00 00 00 Disable 3 00 00 00 00 00 00 Disable 4 00 00 00 00 00 00 Disable 5 00 00 00 00 00 00 Disable 6 00 00 00 00 00 00 Disable F 5 igure
136. change sequence onto the wireless medium The Tx OP Limit defines the upper limit placed on the value of Tx OP a wireless entity can obtain for a particular access category Configurable range is 0 to 65535 MSDU Lifetime specifies the maximum elapsed time between a MSDU transfer request and delivery to the destination beyond which delivery becomes unnecessary Configurable range is 0 to 500 seconds Admission Control Mandatory Possible values are True or False Admission control defines if an Access Point accepts or rejects a requested traffic stream with certain QoS specifications based on available channel capacity and link conditions Admission control can be configured for each Access Category Index On the Policy sub tab the user can also configure a medium maximum threshold for all Admission Controls Admission will be granted if the new requested traffic stream and already admitted time is less than the medium maximum threshold 95 Advanced Configuration AP 700 User Guide Radius Profiles Radius Profiles Configuring Radius Profiles on the AP allows the administrator to define a profile for RADIUS Servers used by the system or by a VLAN The network administrator can define RADIUS Servers per Authentication Mode and per VLAN The AP communicates with the RADIUS server defined in a profile to provide the following features MAC Access Control Via RADIUS Authentication e 802 1x Authentication using RADIUS e RADIUS Ac
137. click the blue text to jump to the linked item e Text enclosed within triangle brackets lt gt should be replaced with a user defined value The following special notations are used NOTE A note contains important information that helps you make better use of the AP or your computer CAUTION A Caution indicates potential damage to hardware or loss of data WARNING A Warning indicates imminent danger to hardware or loss of data Introduction to Wireless Networking An Access Point extends the capability of an existing Ethernet network to devices on a wireless network Wireless devices can connect to a single Access Point or they can move between multiple Access Points located within the same vicinity As wireless clients move from one coverage cell to another they maintain network connectivity In a typical network environment see Figure 1 1 the AP functions as a wireless network access point to data and voice networks An AP network provides Seamless client roaming for both data and voice VoIP Easy installation and operation e Over the air encryption of data High speed network links Introduction AP 700 User Guide Guidelines for Roaming Internet Router Area Figure 1 1 Typical Wireless Network Access Infrastructure Guidelines for Roaming Typical voice network cell coverages vary based on environment Proxim recommends having a site survey done professionally to ensure optimal performance
138. configured as a valid user for Radius based management access when local user access is enabled Automatic Configuration AutoConfig The Automatic Configuration feature which allows an AP to be automatically configured by downloading a specific configuration file from a TFTP server during the boot up process Automatic Configuration is disabled by default The configuration process for Automatic Configuration varies depending on whether the AP is configured for dynamic or static IP When an AP is configured for dynamic IP the Configuration filename and the TFTP server IP address are contained in the DHCP response when the AP gets its IP address dynamically from the DHCP server When configured for static IP these parameters are instead configured in the AP interface After setting up automatic configuration you must reboot the AP When the AP reboots it receives the new configuration information and must reboot one additional time If Syslog is configured a Syslog message will appear indicating the success or failure of the Automatic Configuration Auto Configuration and the CLI Batch File The Auto Configuration feature allows download of the LTV Length Type Value format configuration file or the CLI Batch file The LTV file contains parameters used by the AP the CLI Batch file contains CLI executable commands used to set AP parameters The AP detects whether the uploaded file is LTV format or a CLI Batch file If the AP detects an LTV f
139. counting Also RADIUS Based Management Access allows centralized user management The network administrator can configure default RADIUS authentication servers to be used on a system wide basis or in networks with VLANs enabled the administrator can also configure separate authentication servers to be used for MAC authentication EAP authentication or Accounting in each VLAN You can configure the AP to communicate with up to six different RADIUS servers per VLAN SSID Primary Authentication Server MAC based authentication e Back up Authentication Server MAC based authentication e Primary Authentication Server EAP 802 1x authentication e Back up Authentication Server EAP 802 1x authentication Primary Accounting Server e Back up Accounting Server The back up servers are optional but when configured the AP will communicate with the back up server if the primary server is off line After the AP has switched to the backup server it will periodically check the status of the primary RADIUS server every five 5 minutes Once the primary RADIUS server is again online the AP automatically reverts from the backup RADIUS server back to the primary RADIUS server All subsequent requests are then sent to the primary RADIUS server You can view monitoring statistics for each of the configured RADIUS servers RADIUS Servers per Authentication Mode and per VLAN The user can configure separate RADIUS authentication servers for each auth
140. coverage area for Access Points and Clients To dedicate the AP s wireless interface to scanning set the scan mode to continuous scan Note that while the wireless interface is in continuous scan mode it does not perform normal AP operations To enable the AP s wireless interface to scan in the background while still performing normal AP operations set the scan cycle time in minutos and set the scan mode to background scanning mode Note that AP throughput decreases with an increase in scanning efficiency Notet When Rogue Scan is enabled the Security Alarm Group must also be enabled anda Trap Host configured to receive the list of access points and clients detected during the scan Note2 The scan parameter scan interval time can only be modified for background scanning mode Wireless A Scan Mode Scan interval 1 1440 minutes Enable Rogue Scan Number of New Stations detected in last scan Scan Result Table Ageing time 60 7200 minutes Scan Result Notification Scan results trap notification mode Scan results trap report style ad Figure 4 26 Rogue Scan Screen 86 Advanced Configuration AP 700 User Guide Bridge Bridge The AP is a bridge between your wired and wireless networking devices As a bridge the functions performed by the AP include MAC address learning Forward and filtering decision making e Spanning Tree protocol used for loop avoidance Once the AP is connected to your network it learns wh
141. creating table entries you may either specify the argument name followed by argument value or simply entering the argument value When only the argument value is specified then enter the values in the order depicted by the following table CLI applies default values to the omitted arguments Due to the nature of the information the only argument that can be omitted is the comment argument Name Type Value Access CLI Parameter IP Access Table Table N A R mgmtipaccesstbl Table Index Integer User Defined N A index IP Address IpAddress User Defined RW ipaddr IP Mask IpAddress User Defined RW ipmask Comment optional DisplayString User Defined RW cmt Status optional Integer enable default RW status disable delete 189 Command Line Interface CLI Parameter Tables AP 700 User Guide Filtering Parameters Ethernet Protocol Filtering Parameters Name Type Value Access CLI Parameter Ethernet Filtering Group N A R etherfit Filtering Interface Interface Bitmask O or 2 No interfaces RW etherfitifbitmask Bitmask disable 1 or 3 Ethernet 4 or 6 Wireless 5 or 7 All interfaces default is 7 Operation Type passthru RW etherfltoptype block Ethernet Filtering Table Identify the different filters by using the table index Name Type Value Access CLI Parameter Ethernet Filtering Table Table N A R etherfittbl Table Index N A N A R index Prot
142. creen so you can download a new image to the unit These fields are grayed out if ScanTool does not detect a software image problem Preparing to Download the AP Image Before starting you need to know the Access Point s IP address subnet mask the TFTP Server IP Address and the AP Image file name Make sure the TFTP server is running and configured to point to the folder containing the image to be downloaded Download Procedure Follow these steps to use ScanTool to download a software image to an Access Point with a missing image Download the latest software from http support proxim com Knowledgebase Answer ID 1686 Copy the latest software updates to your TFTP server Launch ScanTool Highlight the entry for the AP you want to update and click Change Set IP Address Type to Static AOON NOTE You need to assign static IP information temporarily to the Access Point since its DHCP client functionality is not available when no image is installed on the device 5 Enter an unused IP address that is valid on your network in the IP Address field You may need to contact your network administrator to get this address 6 Enter the network s Subnet Mask in the field provided 7 Enter the network s Gateway IP Address if necessary You may need to contact your network administrator to get this address You should only need to enter the default gateway address 169 254 128 133 if the Access Point and the TFTP ser
143. ct Background Scanning or Continuous Scanning In Continuous Scanning mode the AP stops normal operation and scans continuously on that interface In Background Scanning mode the AP performs background scanning while doing normal AP operation on that interface If the Scan Mode is Background Scanning then enter the Scan Interval The Scan Interval specifies the time period in minutes between scans in Background Scanning mode and can be set to any value between 1 and 1440 minutes Configure the Scan Result Table Ageing Time The AP ages out older entries in the Rogue Scan result table if a detected station is inactive for more than this time The valid range is from 60 7200 minutes the default is 60 minutes Configure the Scan Results Trap Notification Mode to control the notification behavior when APs or stations are detected in a scan e No Notification e Notify AP Notify Client e Notify All Notify both AP and Client detection Configure the Scan Results Trap Report Style to control the way detected stations are reported in the notification Report all detected stations since last scan default e Report all detected stations since start of scan Click OK The results of the Rogue Scan can be viewed in the Status page in the HTTP interface 85 Advanced Configuration AP 700 User Guide Alarms ae oan Oe CCN Groups Syslog f Rogue Scan Rogue Scan uses the selected wireless interface for scanning its
144. ct the antenna cable to the AP as follows 1 Press down near the center of the compartment covering and slide open the external antenna access compartment The compartment closer to the LED panel contains the connectors NOTE AP 700 models 8675 US2 and 8675 AU do not provide external antenna connectors 22 Installation and Initialization AP 700 User Guide Hardware Installation Figure 2 6 Opening the Antenna Compartment 2 There are two antenna connectors in the AP 700 labeled 1 and 2 Connect the antenna cable to connector 1 the connector closer to the LED panel in the compartment 802 11a b g Radio Connectors Connector 2 m a m oe a a Connector 1 NN meo lt A Figure 2 7 AP 700 Antenna Connectors 3 If installing a second external antenna not recommended connect the antenna cable to connector 2 4 Close the external antenna access compartment 5 If desired manually select which antenna s to use through the Command Line Interface See Configure Antenna Diversity Installing the AP in a Plenum In an office building plenum is the space between the structural ceiling and the tile ceiling that is provided to help air circulate Many companies also use the plenum to house communication equipment and cables These products and cables must comply with certain safety requirements such as Underwriter Labs UL Standard 2043 Standard for Fire T
145. ctive Ethernet power injector hub switch etc Type of Security enabled on the wireless network None WEP Encryption 802 1x Mixed Information about AP configuration Read write password A description of the problem you are experiencing What were you doing when the error occurred What error message did you see Can you reproduce the problem For each ORiNOCO product describe the behavior of the device s LEDs when the problem occurs If the local reseller is unable to resolve your issue contact ORINOCO Technical Support online or by phone as described below Online Support Software and Documentation Downloads The latest software and documentation is available for download at http support proxim com Knowledgebase Answer ID 1686 Knowledgebase We store all resolved problems in our solution database Search by product category keywords or phrases Also find links to drivers documents and other downloads Search the Knowledgebase at lt http support proxim com cgi bin proxim cfg php enduser std_alp php gt 211 Technical Support AP 700 User Guide Telephone Support Submit a Knowledgebase question or open an issue at lt http support proxim com cgi bin proxim cfg php enduser ask php gt Our technical support staff will reply to you by email NOTE The Knowledgebase is available to all website visitors First time users will be asked to create an account to gain access T
146. d Scanning Mode In background scanning mode the AP performs background scanning while performing normal AP operations on the wireless interface You can configure the scan cycle time between 1 1440 minutes 24 hours The scan cycle time indicates how frequently a channel is sampled and defines the minimum attack period that can go unnoticed In background scanning mode the AP will scan one channel then wait for a time known as channel scan time The channel scan time affects the amount of data collected during scanning and defines the maximum number of samples possible detections in one scan This is increased to improve scanning efficiency the tradeoff is that it decreases throughput The optimum value for this parameter during background scanning mode is 20ms The channel scan time is calculated from the scan cycle time parameter and the number of channels in the scan channel list as follows intra channel scan time scan cycle time channel scan time number of channels in the scan list number of channels in the scan list Rogue Scan Data Collection The AP stores information gathered about detected stations during scanning in a Rogue Scan result table The Rogue Scan result table can store a maximum of 2000 entries When the table fills the oldest entry gets overwritten The Rogue Scan result table lists the following information about each detected station e Station Type indicates one of the following types of station Unknow
147. d list o co Figure 2 10 Enter Network Password 26 Installation and Initialization AP 700 User Guide Initialization 4 Enter the HTTP password in the Password field Leave the User Name field blank For new units the default HTTP password is public If you are logging on for the first time the Setup Wizard will launch automatically NOTE To prevent the Setup Wizard from launching upon log in click on Management gt Services and choose Disable from the Setup Wizard drop down menu 5 Follow the steps below to configure the AP using the Setup Wizard see Using the Setup Wizard or click Exit to configure the system manually Upon clicking Exit the System Status screen will appear atu A wba AP 700 v3 1 0 938 SN 04UT45570522 n _ System Status v3 1 0 contas Coregure A ne 7 Siem Name A onta ne Or mb Monit stem Locat Contsd Email onilo o Time DO HH MI bjectiD Commands System Alarms This table displays information on the alarms SIMP Traps generated by the ecoess port They shouid be Help deleted once they are reviewed and resotved The alarm severity levels are Critical Major Minor and informaboral Exit alot All y esa xt Al Description Severity Time Stamp r P Cold Started dermatensi OdaysOnsOm tes iz 4 n r 1 n Detete Figure 2 11 System Status Screen The buttons on the left of the screen provide access to the monitoring and configuration options for the AP See Advanced Configur
148. d to operate in the following modes e 802 11a only mode The radio uses the 802 11a standard only 802 11b mode only The radio uses the 802 11b standard only 802 11g mode only The radio is optimized to communicate with 802 11g devices This setting will provide the best results if this radio interface will only communicate with 802 11g devices 802 11b g mode This is the default mode Use this mode if you want to support a mix of 802 11b and 802 11g devices 46 Advanced Configuration AP 700 User Guide Interfaces e 802 11g wifi mode The 802 11g wifi mode has been defined for Wi Fi testing purporses It is not recommended for use in your wireless network environment NOTE In countries in which 802 11a 5 GHz is not available for use the AP 700 provides dual band 802 11b and 802 119 support only 802 11a functionality covered in this User Guide is not supported In general you should use either 802 11g only mode if you want to support 802 11g devices only or 802 11b g mode to support a mix of 802 11b and 802 11g devices Super Mode and Turbo Mode Super mode improves throughput between the access point and wireless clients that support this capability For wireless clients that support this capability the AP will negotiate and treat them accordingly for other clients that do not support super mode the AP will treat them as normal wireless clients Super mode can be configured only when the wireless operational m
149. dated software or drivers are required and available interfaces Station Statistics Learn Table IP ARP Table Serial Number Name ID Variant Version Not Applicable Wireless Card A NIC 3 1 0 0 Not Applicable AP Software Image 1 3 1 0 04UT45570522 Hardware inventory 1 1 0 0 Not Applicable Original Bootloader 1 3 1 0 Not Applicable Enterprise MIB 1 3 71 0 Not Applicable Configuration File 0 0 1 1 Not Applicable Uporade Bootloader 0 0 0 0 Figure 5 2 Version Monitoring Tab 120 Monitoring AP 700 User Guide ICMP ICMP This tab provides statistical information for both received and transmitted messages directed to the AP Not all ICMP traffic on the network is counted in the ICMP Internet Control Message Protocol statistics IP ARP Table Leam Table This tab provides statistics on the internet Control Message Protocol ICMP packets transmitted and received by the access point 0 Messages Received Messages Transmitted Total ICMP Packets Errors Destination Unreachable Time Exceeded Parameter Problems Source Quench Redirects Echos Echo Reply Time Stamps Time Stamp Reply Address Mask Address Mask Reply Total ICMP Packets Errors Destination Unreachable Time Exceeded Parameter Problems Source Quench Redirects Echos Echo Reply Time Stamps Time Stamp Reply Address Mask Address Mask Reply esooooeooceqceoocoso eococococococ ejc Figure 5 3 ICMP Monitoring Tab
150. dates to your TFTP server 2 Open the CLI interface via Telnet or a serial connection 3 4 Enter the command download lt tftpaddr gt lt filename gt img Enter the CLI password when prompted The download will begin and the image will be downloaded to the Access Point When the download is complete type reboot 0 and press Enter NOTE See Command Line Interface CLI for more information Related Topics The Setup Wizard helps you configure the basic AP settings required to get the unit up and running The AP supports many other configuration and management options The remainder of this user guide describes these options in detail See Advanced Configuration for information on configuration options that are available within the Access Point s HTTP interface See Monitoring for information on the statistics displayed within the Access Point s HTTP interface See Commands for information on the commands supported by the Access Point s HTTP interface See Troubleshooting for troubleshooting suggestions See Command Line Interface CLI for information on the CLI interface and for a list of CLI commands 32 AP 700 User Guide System Status The first screen displayed after Logging In is the System Status screen You can always return to this screen by clicking the Status button System St AP 700 v3 1 0 938 SN 04UT45570522 v3 1 0 IP Address 109 234 303 Contact Name ContactName System Itame OSNOCOAP Contact Phone Con
151. deals beeen eats biped A A regalo en s 133 Retrieve File Via HTTP rai oe dase gw bode Peed eS ee eee ada neh See De de oe ee ee sed da abt 134 Reboot rrenan SI DA Rete ee Gated se AS E eee ee ot A 136 Reset iaa d yah tore ys a om hia T a ree a ra 136 HEI LINK een oa Sugai a hd a ole ae Me oo le Ra Ean De AAA ne ee gee es 137 T Troubleshooting 45 0 02 ord eee isa Henne 138 Troublesho ting Concepts morra A Sy ee AR AS ee he Ae A aay SU gt e Ba 138 Symptoms and Solutions nse ove de eS ase Rha ep OSES RON SE oie ee Bake duane AAA 138 Connectivity Issues ex nobis Sep he bed en a ao Bikey e Meena Roe 138 Basic Software Setup and Configuration Problems 0 000 e eee a 139 Client Connection Problems 0 0 eee eee eee eee ees 140 VLAN Operation ISSUCS is io ee a eee tins Sa ie ee Bd ee os wd Sted ea 141 Active Ethernet AE Jia cra edhe cda tard aaa e 141 Recovery Procedures muta a A A Aa 142 Reset to Factory Default Procedure 0 00 0 cece eee 142 Contents AP 700 User Guide Forced Reload Procedure ita parta lol dana eth tne at aan dau a a 142 Setting IP Address using Serial Port oooooomooorrcr rr eee ee bee eee 145 Related Applications 0 cc eee teen eee eens 146 RADIUS Authentication Server eetos a eee eee ee be Ree a ee 146 TETP Servo meto was dto A eee A pa Mees a RR weary 146 A Command Line Interface CLI oooooooococonnnnn eee eee eee 148 GeneraliNOleS iy ec
152. distribution The client uses this key to encrypt data after it has been authenticated For 802 11a and 802 11b g clients that communicate with an AP each client receives its own unique encryption key this is known as Per User Per Session Encryption Keys Wi Fi Protected Access WPA 802 11i WPA2 Wi Fi Protected Access WPA is a security standard designed by the Wi Fi Alliance in conjunction with the Institute of Electrical and Electronics Engineers IEEE The AP supports 802 11i WPA2 based on the IEEE 802 11 i security standard 107 Advanced Configuration AP 700 User Guide SSID VLAN Security WPA is a replacement for Wired Equivalent Privacy WEP the encryption technique specified by the original 802 11 standard WEP has several vulnerabilities that have been widely publicized WPA addresses these weaknesses and provides a stronger security system to protect wireless networks WPA provides the following new security measures not available with WEP Improved packet encryption using the Temporal Key Integrity Protocol TKIP and the Michael Message Integrity Check MIC Per user per session dynamic encryption keys Each client uses a different key to encrypt and decrypt unicast packets exchanged with the AP A client s key is different for every session it changes each time the client associates with an AP The AP uses a single global key to encrypt broadcast packets that are sent to all clients simultaneously
153. dium Integer 50 90 RW qosmaximummediumthresh Threshold old Configuring QoS Policies The QoS group manages the QoS policies Name Type Value Access CLI Parameter QoS Group Group N A N A qos QoS Policy Table Table N A N A qospolicytbl Table Primary Index Integer N A R index Table Secondary Index Integer N A R secindex Policy Name Display String 0 32 characters RW policyname 199 Command Line Interface CLI Parameter Tables AP 700 User Guide Name Type Value Access CLI Parameter Policy Type Integer inlayer2 RW type inlayer3 outlayer2 outlayer3 spectralink Priority Mapping Index Integer See Notet RW mapindex Apply QoS Marking Object Status enable RW markstatus disable Table Row Status Row Status enable RW status disable delete QoS must be enabled on the wireless interface before spectralink can be enabled t A priority mapping needs to be specified for a QoS Policy The priority mapping depends on the type of policy configured For Layer 2 policy types inbound or outbound a mapping index from the 802 1p to 802 1D table should be specified For Layer 3 policy types inbound or out bound a mapping index from the IP DSCP to 802 1D table should be specified The mapping index in both cases depends on the number of mappings configured by the user For SpectraLink policy type a mapping is not required Specifying the Mapping between 802 1p and 802 1D P
154. do not wish to have all policy types per policy do not delete them simply disable the ones that aro not desired Note Changes to these parameters require access point reboot in order to take effect Wireless A Enable Quality of Service r 20S Masmum Medium Threshold 50 90 yo OF Cancel D Figure 4 28 QoS Policies 2 To enable QoS check the Enable Quality of Service checkbox 3 Configure the QoS Maximum Medium Threshold for all Admission Controls Admission will be granted if the new requested traffic stream and already admitted time is less than the medium maximum threshold 90 Advanced Configuration Qos AP 700 User Guide 4 To add a QoS Policy click the Add button in the QoS Policies Table box The Add Entries box appears System Network Interfaces Management Filtering Alarms Bridge QoS RADIUS Profiles SSIDAVLAN Secunity QoS Policies Table Add Entries This page is used to create QoS Policies By default when adding a QoS policy all 5 QoS policy types are added For Layer 2 policies a priority mapping index from the 802 1p to 02 10 mapping table should be specified For Layer 3 policies a priority mapping index from the 802 1p to IP DSCP mapping table should be specified No Priority mapping index is needed for SpectraLink QoS policy types You can also enable or disable QoS marking on each policy type and enable or disable the different types Note Changes to these parameters require
155. e The default password is public SNMP Read Password Each Access Point requires a password to allow get requests from an SNMP manager The default password is public SNMP Read Write Password Each Access Point requires a password to allow get and set requests from an SNMP manager The default password is public SNMPv3 Authentication Password If Secure Management is enabled each Access Point requires a password for sending authenticated SNMPv3 messages The default password is public The default SNMPv3 username is administrator with SHA authentication and DES privacy protocol SNMPv3 Privacy Password If Secure Management is enabled each Access Point requires a password when sending encrypted SNMPv3 data The default password is public Security Settings You need to determine what security features you will enable on the Access Point Authentication Method Authentication Server Shared Secret A primary authentication server may be configured a backup authentication server is optional The network administrator typically provides this information This is a password shared between the Access Point and the RADIUS authentication server so both passwords must be the same and is typically provided by the network administrator Authentication Server Authentication Port This is a port number default is 1812 and is typically provided by the network administ
156. e A 10 Results of show network and show ip CLI Commands Example 6 Show Individual and Table Parameters 1 View a single parameter Syntax Device Name gt show lt parameter name gt Example Device Name gt show ipaddr Displays the Access Point IP address Device Namel gt show ipaddr ipaddr 10 0 8 1 Device Namel gt _ Figure A 11 Result of show ipaddr CLI Command 2 View all parameters in a table Syntax Device Name gt show lt table name gt Example Device Name gt show mgmtipaccesstbl The CLI displays the IP Access Table and its entries 158 Command Line Interface CLI AP 700 User Guide Using Tables and Strings Using Tables and Strings Working with Tables Each table element or parameter must be specified as in the example below Device Name gt set mgmtipaccesstbl 0 ipaddr 10 0 0 10 ipmask 255 255 0 0 Below are the rules for creating modifying enabling disabling and deleting table entries e Creation The table name is required The table index is required for table entry instance creation the index is always zero 0 The order in which the table arguments or objects are entered in not important Parameters that are not required can be omitted in which case they will be assigned the default value e Modification The table name is required The table index is required to modify the table index must be the index of the
157. e advanced configuration options click the exit button below and visit the Configuration section of the web intertace Once you have completed the setup wizard you must reboot the access point in order for the changes to take effect M you start the Setup Wizard but do not completo it any changes that you saved up to the point that you exited the wizard will be saved by the Access Point and applied the next time the unit reboots Figure 2 12 Setup Wizard Setup Wizard Instructions 1 Click Setup Wizard to begin The Setup Wizard supports the following navigation options Save Next Button Each Setup Wizard screen has a Save amp Next button Click this button to submit any changes you made to the unit s parameters and continue to the next page The instructions below describe how to navigate the Setup Wizard using the Save amp Next buttons Navigation Panel The Setup Wizard provides a navigation panel on the left hand side of the screen Click the link that corresponds to the parameters you want to configure to be taken to that particular configuration screen Note that clicking a link in the navigation panel will not submit any changes you made to the unit s configuration on the current page Exit The navigation panel also includes an Exit option Click this link to close the Setup Wizard at any time CAUTION If you exit from the Setup Wizard any changes you submitted by clicking the Save amp Next button up t
158. e from an AP to a TFTP server 1 If retrieving a Config file configure all the required parameters in their respective tabs Reboot the device 2 Retrieve and store the file Click the Retrieve File button to initiate the upload of the file from the AP to the TFTP server 3 If you retrieved a Configuration file update the file as necessary 4 If you retrieved a CLI Batch File or CLI Batch Log you can examine the file using a standard text editor For more information on CLI Batch Files see CLI Batch File Update AP Retrieve File Reboot Reset Help Link via TFTP via HTTP A This page is used to retrieve configuration file latest CLI batch file and CLI batch file execution log from the Access Point using TFTP System Information Software Version 24 0 Boot Loader Version 3 1 0 TFTP Information Server IP Address 160 254 128 133 File Name FILENAME File Type Config Contig CLI Batch File CLI Batch Log Cancel Figure 6 7 Retrieve File via TFTP Command Screen Retrieve File via HTTP Use the Retrieve File via HTTP tab to retrieve configuration files CLI Batch Files or CLI Batch Logs from the AP Select the type of file Config CLI Batch File or CLI Batch Log from the File Type drop down menu For more information on CLI Batch Files and CLI Batch Logs see CLI Batch File 134 Commands AP 700 User Guide Retrieve File Click on the Retrieve File button to initiate the operation Upd
159. e is to be downloaded Select an appropriate filename and location and click OK Reboot Use the Reboot tab to save configuration changes if any and reset the AP Enter a value between 0 and 65535 seconds entering a value of 0 zero seconds causes an immediate reboot Note that Reset described below does not save configuration changes CAUTION Rebooting the AP will cause all users who are currently connected to lose their connection to the network until the AP has completed the restart process and resumed operation Update AP Retrieve File Reboot Reset Help Link This tab is used to reboot the access point by specifying the number of seconds before the next reboot The access point reboots immediately by entering a value of zero Warning Rebooting the access point will cause all users who are currently connected to lose their connection to the notwork until the unit has completed the restart process and resumed operation Reboot D Figure 6 11 Reboot Command Screen Reset Use the Reset tab to restore the AP to factory default conditions Since this will reset the AP s current IP address a new IP address must be assigned See Recovery Procedures for more information CAUTION Resetting the AP to its factory default configuration will permanently overwrite all changes that have made to the unit The AP will reboot automatically after this command has been issued Update AP Retrieve File Reboot Help Link
160. e target AP or an AP connected to the same LAN segment subnet If all else fails Use the Forced Reload Procedure to erase the current AP Image and configuration file and then download a new image Symptoms and Solutions Connectivity Issues Connectivity issues include any problem that prevents you from powering up or connecting to the AP AP Unit Will Not Boot No LED Activity 1 Make sure your power source is operating 2 Make sure all cables are connected to the AP correctly 3 If you are using Active Ethernet make sure you are using a Category 5 foiled twisted pair cable to power the AP 138 Troubleshooting AP 700 User Guide Symptoms and Solutions Serial Link Does Not Work 1 Make sure you are using a standard straight through 9 pin serial cable 2 Double check the physical network connections 3 Make sure your PC terminal program such as HyperTerminal is active and configured to the following values Com Port COM1 COM2 etc depending on your computer Baud rate 9600 Data bits 8 Stop bits 1 Flow Control None Parity None Line Feeds with Carriage Returns In HyperTerminal select File gt Properties gt Settings gt ASCII Setup gt Send Line Ends with Line Feeds Ethernet Link Does Not Work 1 Double check the physical network connections Use a known good unit to make sure the network connection is present Once you have the AP IP address you can use the Ping command o
161. e unable to reset the AP to factory default configuration if the AP becomes inaccessible and the hardware configuration reset functionality is disable Procedure to Reset Configuration via the Serial Interface 1 During boot up observe the message output on the serial interface The AP prompts the user with the message Press ctrl R in 3 seconds to choose configuration reset option 2 Enter ctrl R within 3 seconds after being prompted The AP prompts the user with Press ctrl Z to continue with normal boot up or enter password to reset configuration If the user enters ctrl Z the AP continues to boot with the stored configuration 3 Enter the configuration reset password The default configuration reset password is public When the correct configuration reset password is entered the AP gets reset to factory defaults and displays the message AP has been reset to Factory Default Settings The AP continues to boot up If an incorrect configuration reset password is entered the AP shows an error message and reprompts the user If the incorrect password is entered three times in a row the AP proceeds to boot up 69 Advanced Configuration AP 700 User Guide Filtering Filtering The Access Point s Packet Filtering features help control the amount of traffic exchanged between the wired and wireless networks There are four sub tabs under the Filtering heading Ethernet Protocol e Static MAC e Advanced e TC
162. e web Ul and the transmit speeds and channels pull down menus are updated with the valid values DTIM Period The Deferred Traffic Indicator Map DTIM Period determines when to transmit broadcast and multicast packets to all clients If any clients are in power save mode packets are sent at the end of the DTIM period This parameter supports a range between 1 and 255 it is recommended to leave the DTIM at its default value unless instructed by technical support Higher values conserve client battery life at the expense of network performance for broadcast or multicast traffic RTS CTS Medium Reservation This parameter affects message flow control and should not be changed under normal circumstances Range is 0 to 2347 When set to a value between 0 and 2347 the Access Point uses the RTS CTS mechanism for packets that are the specified size or greater When set to 2347 the default setting RTS CTS is disabled See RTS CTS Medium Reservation for more information Enable Closed System When enabled the AP will not respond to probe requests from client stations requesting ANY Enabling closed system will require the client station to configure the SSID of the AP manually e Wireless Service Status Select Shutdown to shutdown the wireless service on a wireless interface or resume to resume wireless service See Wireless Service Status for more information Load Balancing Max Clients Load balancing distributes clients among available acc
163. ed 103 Contents AP 700 User Guide Management VLAN snc ans gag palta gis ck E tne ai at E dais ENE hae Boeke 105 Security Profile erer as tye Deed Bide Teed WEA A AA Il NS 106 MAG ACCESS ista bie Melee eleven god sedate see Meee Pee sees 113 Wireless ada 113 Broadcast SSID and Closed System 0 0c ttt 118 5 Monitoring cocos cis es ieee ee ese ete ieee ee ee ete e is 119 NE Soe Sea teas gree ante BN ae to a Breese Me Ae ae tte Sema ames Win ae oer E Lee etree ae 120 IGMP asthe arise oct aaa id a a de a With ale ao 121 IP ARP Tables cita it atid ea eh il ae ee bt a Me A ER Sok a ea be hn eg ti n 121 LAMM ADIC presio eat dora na talle ban rte pro aba aR 122 AR ed a A A Ea oa 122 RADIO Sos o A A A AA AA or dd AAA 123 WMG ACES 2 ce tarios rana ras o tt ae eae Gack BRM Ti ees 124 Statiom StatiSticsS ri a SA AR es A EAN oma 127 6 Commands as A dE 129 Introduction to File Transfer via TFTP or HTTP 2 eee 129 TFTP File Transfer Guidelines ons aces cad alee A a ias 130 HTTP File Transfer Guidelines aso teris ecen etere ee ee nee ee ee eee 130 Image Error Checking During File Transfer 0 2 0 00 00 cece eae 130 Update AP niera taxes Oe Rance Ra ee Bie We had eae ae nd akon Wet as Rae 131 Update AP ViasTE TPs cita Se eda el ew a ee ee dele ened 131 Update AP Wier TP is a a o Ee a OAs RON PRN ca r A e foot E 132 Relieve File cost A RA bath dies A Bee a DO 6 ements 133 Retrieve File Via TETP toi os ots ed ties Woe bad
164. ed filtering enables you to control wireless user access to network services by selectively blocking TCP UDP protocols through the AP A user specifies a Protocol Name Port Number Port Type TCP UDP or TCP UDP and filtering interfaces Wireless only Ethernet only all interfaces or no interfaces in order to block access to services such as Telnet and FTP and traffic such as NETBIOS and HTTP For example an AP with the following configuration would discard frames received on its Ethernet interface with a UDP destination port number of 137 effectively blocking NETBIOS Name Service packets Protocol Type Destination Port Protocol Name Interface Status Enable Disable TCP UDP Number UDP 137 NETBIOS Name Ethernet Enable Service Adding TCP UDP Port Filters 1 Place a check mark in the box labeled Enable TCP UDP Port Filtering 2 Click Add under the TCP UDP Port Filter Table heading 3 In the TCP UDP Port Filter Table enter the Protocol Names to filter 73 Advanced Configuration AP 700 User Guide Filtering 4 7 Set the destination Port Number a value between 1 and 65535 to filter See the IANA Web site at http www iana org assignments port numbers for a list of assigned port numbers and their descriptions Set the Port Type for the protocol TCP UDP or both TCP UDP Set the Interface to filter Only Ethernet e Only Wireless All interfaces Click OK Editing TCP
165. elephone Support Contact technical support by phone 24 hours a day seven days a week Domestic 1 866 674 6626 International 408 542 5390 212 AP 700 User Guide Statement of Warranty Warranty Coverage Proxim Corporation warrants that its Products are manufactured solely from new parts conform substantially to specifications and will be free of defects in material and workmanship for a Warranty Period of 1 year from the date of purchase Repair or Replacement In the event a Product fails to perform in accordance with its specification during the Warranty Period Proxim offers return to factory repair or replacement with a thirty 30 business day turnaround from the date of receipt of the defective Product at a Proxim Corporation Repair Center When Proxim has reasonably determined that a returned Product is defective and is still under Warranty Proxim shall at its option either a repair the defective Product b replace the defective Product with a refurbished Product that is equivalent to the original or c where repair or replacement cannot be accomplished refund the price paid for the defective Product The Warranty Period for repaired or replacement Products shall be ninety 90 days or the remainder of the original Warranty Period whichever is longer This constitutes Buyer s sole and exclusive remedy and Proxim s sole and exclusive liability under this Warranty Limitations of Warranty The express warr
166. enable default RW stpstatus disable Bridge Priority Integer 0 65535 RW stppriority 32768 default Maximum Age Integer 600 4000 RW stpmaxage in 0 01 sec intervals i e 6 to 40 seconds 2000 default Hello Time Integer 100 1000 1 100 RW stphellotime second i e 1 to 10 seconds enter values in increments of 100 200 default Forward Delay Integer 400 3000 RW stpfwddelay in 0 01 sec intervals i e 4 to 30 seconds 1500 default Spanning Tree Priority and Path Cost Table Name Type Value Access CLI Parameter Spanning Tree Table Table N A R stpbl Table Index Port N A 1 15 R index Priority Integer 0 255 RW priority 128 default Path Cost Integer 1 65535 RW pathcost 100 default State Integer disable R state blocking listening learning forwarding broken Status Integer enable RW status disable Storm Threshold Parameters Name Type Value Access CLI Parameter Storm Threshold Group N A N A stmthres Broadcast Threshold Integer 0 255 packets sec RW stmbrdthres default is 0 Multicast Threshold Integer 0 255 packets sec RW stmmultithres default is 0 194 Command Line Interface CLI AP 700 User Guide Parameter Tables Storm Threshold Table Name Type Value Access CLI Parameter Storm Threshold Table Table N A R stmthrestbl Table Index Integer 1 Ethernet R index 3 Wireless Broadcast Threshold Integer 0 255 packets sec RW bcast
167. ent The Management tab contains the following sub tabs Passwords IP Access Table Services Automatic Configuration AutoConfig Hardware Configuration Reset CHRD Passwords You can configure the following passwords SNMP Read Community Password The password for read access to the AP using SNMP Enter a password in both the Password field and the Confirm field This password must be between 6 and 32 characters The default password is public SNMP Read Write Community Password The password for read and write access to the AP using SNMP Enter a password in both the Password field and the Confirm field This password must be between 6 and 32 characters The default password is public SNMPv3 Authentication Password The password used when sending authenticated SNMPv3 messages Enter a password in both the Password field and the Confirm field This password must be between 6 and 32 characters but a length of at least 8 characters is recommended The default password is public Secure Management Services tab must be enabled to configure SNMPv3 The default SNMPv3 username is administrator with SHA authentication and DES privacy protocol SNMPv3 Privacy Password The password used when sending encrypted SNMPv3 data Enter a password in both the Password field and the Confirm field This password must be between 6 and 32 characters but a length of at least 8 characters is recommended The default password is pu
168. entication mode and for each SSID VLAN For example The user can configure separate RADIUS servers for RADIUS MAC authentication and 802 1x authentication e The user can configure separate RADIUS servers for each VLAN VLAN1 could support only WEP clients whereas VLAN2 could support 802 1x and WEP clients 96 Advanced Configuration AP 700 User Guide Radius Profiles VLAN 1 Authentication VLAN 1 OS Authentication Access Point Switch pet JE VLAN 2 Authentication ae VLAN 2 Authentication RADIUS Server Figure 4 33 RADIUS Servers per VLAN This figure shows a network with separate authentication servers for each authentication type and for each VLAN The clients in VLAN 1 are authenticated using the authentication servers configured for VLAN 1 The type of authentication server used depends on whether the authentication is done for an 802 1x client or a non 802 1x client The clients in VLAN 2 are authenticated using a different set of authentication servers configured for authenticating users in VLAN 2 Authentication servers for each VLAN are configured as part of the configuration options for that VLAN RADIUS profiles are independent of VLANs The user can define any profile to be the default and associate all VLANs to that profile Four profiles are created by default MAC Authentication EAP Authentication Accounting and Management RADIUS Servers Enforcing VLAN Access Control A
169. ents that receive dynamic addresses from the AP will be assigned this same subnet mask Gateway IP Address The AP will assign the specified address to its DHCP clients Primary DNS IP Address The AP will assign the specified address to its DHCP clients Secondary DNS IP Address The AP will assign the specified address to its DHCP clients Number of IP Pool Table Entries This is a read only field that reports the number of entries in the IP Pool Table IP Pool Table Entry This entry specifies a range of IP addresses that the AP can assign to its wireless clients Click Add to create a new entry Click Edit to change an existing entry Each entry contains the following field Start IP Address End IP Address Default Lease Time optional The default time value for clients to retain the assigned IP address DHCP automatically renews IP Addresses without client notification This parameter supports a range between 0 and 86400 seconds The default is 86400 seconds Maximum Lease Time optional The maximum time value for clients to retain the assigned IP address DHCP automatically renews IP Addresses without client notification This parameter supports a range between 0 and 86400 seconds The default is 86400 seconds Comment optional 40 Advanced Configuration AP 700 User Guide Network Status IP Pools are enabled upon entry in the table You can also disable or delete entries by changing this field s value NOTE
170. equirements a if P ii la hes AT AN E March 1 2004 Silii Date Dave Koberstein VP Product Marketing 219 Regulatory Compliance AP 700 User Guide European Union European Union NOTE European Union includes the following countries Austria Belgium Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands Poland Portugal Slovakia Slovenia Spain Sweden and the United Kingdom DoC also applies to Iceland Liechtenstein Norway and Switzerland CE 13130 DECLARATION OF CONFORMITY July 27 2004 We Proxim Corp Located at 935 Stewart Dr Sunnyvale CA 94085 Declare under our sole responsibility that the following products ORiNOCO AP 700 Access Point Models AP AG AT 01 amp 8675 XXX Are in conformity with the following Standards and Directives Safety 1EC60950 1999 EN 60950 1 2001 Immunity EN 55022 1994 A1 1995 A2 1997 Class B EN 61000 3 2 2000 Class A EN 61000 3 3 1995 A1 2001 EN 61000 4 2 1995 A1 1998 A2 2000 EN 61000 4 3 1995 A1 1998 A2 2000 EN 61000 4 4 1995 A1 2000 EN 61000 4 5 1995 A1 2000 EN 61000 4 6 1996 A1 2000 EN 61000 4 11 1994 A1 2000 EMC EN 301 489 1 2002 08 EN 301 489 17 2002 08 Radio EN 300 328 1 2001 12 EN 300 328 2 2001 12 EN 301 893 v1 2 3 2003 08 Directives European Directive 1999 5 EC the Radio and Telecommunications Terminal Equipment Directi
171. erfaces Management Filtering A System IP Contguraton Y DHCP Semer Y DHcPRA uinkimegrty Y sure This tab is used to configure the internet TCPAP settings for the access point These settings can be cither entered manually static IP address subnet mask and gateway IP address or obtained automatically dynamic The ONS Client functionality can also be configured so that host names used for configuring the access point can be resolved to their IP addresses Note Changes to these parameters require access point reboot in order to take effect IP Address Assignment Type Static IP Address 109 254 50 3 Subnet Mask Gateway IP Address 100 254 128 132 Enable ONS Client DNS Primary Server IP Address DNS Secondary Server IP Address DNS Client Default Domain Name Default TTL Time To Live Cancel b Figure 4 3 IP Configuration Sub tab You can configure and view the following parameters within the IP Configuration sub tab NOTE You must reboot the Access Point in order for any changes to the Basic IP or DNS Client parameters to take effect 38 Advanced Configuration AP 700 User Guide Network Basic IP Parameters IP Address Assignment Type Set this parameter to Dynamic to configure the Access Point as a Dynamic Host Configuration Protocol DHCP client the Access Point will obtain IP settings from a network DHCP server automatically during boot up If you do not have a DHCP server or if you want to
172. ering Parameters Ethernet Protocol Filtering Parameters Control network traffic based on protocol type Static MAC Address Filter Table Enable and disable specific addresses Proxy ARP Parameters Enable or disable proxy ARP for wireless clients IP ARP Filtering Parameters Control which ARP messages are sent to wireless clients based on IP settings Broadcast Filtering Table Control the type of broadcast packets forwarded to the wireless network TCP UDP Port Filtering Filter IP packets based on TCP UDP port Alarms Parameters SNMP Table Host Table Parameters Enter the list of IP addresses that will receive alarms from the AP Syslog Parameters Configure the AP to send Syslog information to network servers e Bridge Parameters Spanning Tree Parameters Used to help prevent network loops Storm Threshold Parameters Set threshold for number of broadcast packets Intra BSS Subscriber Blocking Enable or disable peer to peer traffic on the same AP Packet Forwarding Parameters Redirect traffic from wireless clients to a specified MAC address RADIUS Parameters Set RADIUS Parameters Configure RADIUS Servers and assign them to VLANs e Security Parameters Access Point security settings MAC Access Control Parameters Control wireless access based on MAC address Rogue Scan Configuration Table Enable and configure Rogue Scan to detect Rogue APs and clients Hardware Configuration
173. ernal Antennas Active Ethernet The AP 700 is equipped with an 802 3af compliant Active Ethernet module Active Ethernet AE delivers both data and power to the access point over a single Ethernet cable If you choose to use Active Ethernet there is no difference in operation the only difference is in the power source The Active Ethernet AE integrated module receives 48 VDC over a standard Category 5 Ethernet cable e To use Active Ethernet you must have an AE hub also known as a power injector connected to the network The cable length between the AE hub and the Access Point should not exceed 100 meters approximately 325 feet The AE hub is not a repeater and does not amplify the Ethernet data signal If connected to an AE hub and an AC power simultaneously the Access Point draws power from Active Ethernet Also see Hardware Specifications NOTE The AP s 802 3af compliant Active Ethernet module is backwards compatible with all ORINOCO Active Ethernet hubs that do not support the IEEE 802 3af standard LED Indicators The top panel of the AP 700 has the following LED indicators Ce CO al a Power Wireless Ethernet Interface Figure 2 3 LED Indicators on the Top Panel 16 Installation and Initialization Prerequisites AP 700 User Guide The LED indicators exhibit the following behavior Indication Power Wireless Interface Ethernet 802 11 a b g radio Solid Green AP image running Wireles
174. ess points Enter a number between 1 and 63 to specify the maximum number of clients to allow e Channel Blacklist Table The Channel Blacklist table contains all available channels It can be used to manually blacklist channels and it also reflects channels that have been automatically blacklisted by the Dynamic Frequency Selection Radar Detection DFS RD function See Channel Blacklist Table for configuration information e Wireless Distribution System A Wireless Distribution system can be used to establish point to point i e wireless backhaul connections with other access points See Wireless Distribution System WDS for configuration information Dynamic Frequency Selection Radar Detection DFS RD In order to prevent interference with radar systems and other devices that occupy the 5 GHz band 802 11a APs certified in the ETSI Europe regulatory domain see Affected Countries and operating in the middle frequency band select an operating channel through a combination of Auto Channel Select ACS and Dynamic Frequency Selection DFS Radar Detection RD During boot up ACS scans the available channels and selects the best channel Once a channel is selected the AP performs a channel availability check for 60 seconds to ensure that there is no radar on the channel and then commences normal operation When the AP enters normal operation DFS works in the background to detect radar interference on that channel If interference is detected
175. essfully the following screen appears HTTP Update was Successful Figure 6 5 Update AP Successful If the operation did not complete successfully the following screen appears and the reason for the failure is displayed HTTP Update of AP was not successful File was Zero Bytes Figure 6 6 Update AP Unsuccessful Retrieve File Retrieve File via TFTP Use the Retrieve File via TFTP tab to upload files from the AP to the TFTP server The TFTP server must be running and configured to point to the directory to which you want to copy the uploaded file We suggest you assign the file a meaningful name which may include version or location information If you don t have a TFTP server installed on your system install the TFTP server from the ORINOCO CD You can either install the TFTP server from the CD Wizard or run OEM TFTP Server exe found in the CD s Xtras SolarWinds sub directory The Retrieve AP via TFTP tab shows version information and allows you to enter TFTP information as described below e Server IP Address Enter the TFTP server IP Address 133 Commands AP 700 User Guide Retrieve File Double click the TFTP server icon on your desktop and locate the IP address assigned to the TFTP server File Name Enter the name of the file to be uploaded e File Type Select the type of file to be uploaded Config file CLI Batch File or CLI Batch Error Log Use the following procedure to retrieve a fil
176. est for Heat and Visible Smoke Release for Discrete Products and Their Accessories Installed in Air Handling Spaces The AP 700 has been certified under UL Standard 2043 and can be installed in the plenum When installed in a plenum the AP must use Active Ethernet 23 Installation and Initialization AP 700 User Guide Initialization Initialization The following sections detail how to initialize the AP using ScanTool log in to the HTTP interface perform an initial configuration of the AP using the Setup Wizard and download the required AP software e Using ScanTool e Logging In e Using the Setup Wizard e Installing the Software Using ScanTool ScanTool is a software utility that is included on the installation CD ROM It is an initial configuration tool that allows you to find the IP address of an Access Point by referencing the MAC address in a Scan List or to assign an IP address if one has not been assigned The tool automatically detects the Access Points installed on your network regardless of IP address and lets you configure each unit s IP settings In addition you can use set initial device parameters that will allow the AP to retrieve a new software to an AP that does not have a valid software image installed see Client Connection Problems To access the HTTP interface and configure the AP the AP must be assigned an IP address that is valid on its Ethernet network By default the AP is configured to obtai
177. ew certificate private key pair which will have a corresponding passphrase Device Name gt set sslpassphrase lt SSL certificate passphrase gt Device Name gt show http to view all HTTP configuration information including SSL HTTP Group Parameters httpifbitmask 15 httppasswd ERNE httpport 80 httphelplink file C Program Files ORiNOCO AP700 HTML index htm httpsetupwiz disable sslstatus enable sslpassphrase E EXELERAR Figure A 15 Result of show HTTP CLI Command Set Telnet Session Timeouts Device Name gt set tellogintout lt time in seconds between 1 and 300 default is 30 gt Device Name gt set telsessiontout lt time in seconds between 1 and 36000 default is 900 gt Configure Serial Port Interface NOTE To avoid unexpected performance issues leave Flow Control at the default setting none unless you are sure what this setting should be Device Name gt set serbaudrate lt 2400 4800 9600 19200 38400 57600 gt Device Name gt set serflowctrl lt none xonxoff gt Device Name gt show serial Device Name gt show serial Serial Interface Group Parameters serbaudrate H 9600 serdatabits 8 serparity none serstopbits g 1 serf lowctrl none Figure A 16 Result of show serial CLI Command Configure Syslog Device Name gt set syslogpriority lt 1 7 default is 6 gt Device Name gt set syslogstatus lt enable disable gt Device Name gt set sysloghbs
178. ft hand side of the screen 34 Advanced Configuration AP 700 User Guide Configure There are ten main categories of configuration for the access point which may be changed to suit your network properbes and configuration System ts used to configure specific system information such as system name and contact information Network is used to configure IP settings DNS client OHCP server DHCP relay agent and Link Integrity Interfaces ts used to configure the access point operational modes and interfaces Wireless and Ethernet Ne waed t conPgure We serene e cd e Tatia Soniees and Auto Configuration and Configurable Hardware Reset to Defautts feature Hitenng ts used to configure Ethernet Protocol filters Static MAC Address filters Advanced filters and Port filters Alarmas is used to enable and disable Alarm SEMP Trap Groups configure the Alarm Host Table the Syslog and the Rogue Scan feature Bridge is used to configure the Spanring Tree Protocol Storm Threshold protection intra BSS traffic and Packet Forwarding Q95 is used to configure the Quality of Service 005 festure This tab can be used to configure QoS Policies Priority Mapping and EDCA values RADIUS Profiles is used to configure RADIUS Profiles for servers used for MAC based RADWS Authentication EAPI002 1x and Accounting eee SSD s for cach wireless interface s VLAN properties MAC Access Control and Security Profile Figure 4 1 Configure
179. g Security Profiles for detailed configuration procedures 6 Review the configuration summary If you want to make any additional changes use the navigation panel on the left hand side of the screen to return to an earlier screen After making a change click Save amp Next to save the change and proceed to the next screen 7 When finished click Reboot on the Summary screen to restart the AP and apply your changes Installing the Software Proxim periodically releases updated software for the AP on its Web site http support proxim com Knowledgebase Answer ID 1686 Proxim recommends that you check the Web site for the latest updates after you have installed and initialized the unit 29 Installation and Initialization AP 700 User Guide Initialization Download the Software 1 2 ON DO FW In your web browser go to http support proxim com If prompted create an account to gain access NOTE The Knowledgebase is available to all website visitors First time users will be asked to create an account to gain access Click Search Knowledgebase Inthe Search Knowledgebase field enter 1686 From the Search By drop down menu select Answer ID Click Search Click on the appropriate link to download the software Use the instructions in the following sections to install the new software Install Software with HTTP Interface Use the Update AP via HTTP tab to update the AP with the latest software image
180. gement FUNCUONS escu aor eae cote pen Dede taeda aa Ape ale eGante egies BGR dp a a 205 Advanced Bridging FunctionS 0 2 sasaaa aeee 206 Medium Access Control MAC Functions 0 0 0 ccc cnet eee 206 security FUNCTIONS vocera e hel aoe dae a E eae a awe mea aaa 206 Network FUNCIONS vi 2 0 06 ene eh bee eee Ee ee ee ee ie db Poe ee a 207 Hardware Specifications o o oooo t teens 208 Physical Specifications 04206444 bo eng ike oe A elt acta 208 Electrical Specifications sc cesio debri aia ccc ee eee eee eee 208 Environmental Specifications 0 00 000 eee eee 208 Ethernet Interface fie arses a aa a wend da be a 208 Serial Portinterace ciao si sagas doe Bere base eas aida eee 208 Active Ethernet Interface 0 0 0 0000 cc eee ete 208 Available Channels seter cate awe aac i E yah he aoa ey Bias lat doe 209 RE Perormance a O A es ay RR als a Se E Mac age 210 D Technical SUPPO ses 6 428 und Ores ERAS a ee eae Sb be 211 Online SUPport ai SR Acar weaned A Stn Ge eat eee ata phase Ree bine al ate 211 Telephone SUPPOM scioga katrai a a eee ad ata e of Sew Fated Serene a Fs 212 E statement of Warranty 22 2cccreseet a ited a Ses eee eee pede E E a cae 213 Warranty Coverage cinch aida ave lc Medes kee ar beet ed dab ane a 213 Repair or Replacement 213 Limitations of Warranty oes aner eR SPEA EEE ERREURS PE Rete ce eee A eee a wile pide rene 213 Support Procedures oc An tack Balen o A els A AE oe
181. gle network device identified by its MAC address e Specifying an absolute maximum number of messages per interface The Storm Threshold parameters allow you to specify a set ofthresholds for each interface of the AP identifying separate values for the number of broadcast messages second and Multicast messages second When the number of frames for an interface or from a single network device exceeds the maximum value per second the AP will ignore all subsequent messages in that second received on that interface or from that network device e Address Threshold Enter the maximum allowed number of packets per second Ethernet Threshold Enter the maximum allowed number of packets per second 88 Advanced Configuration AP 700 User Guide Bridge Wireless Threshold Enter the maximum allowed number of packets per second Intra BSS The wireless clients or subscribers that associate with a certain AP form the Basic Service Set BSS of a network infrastructure By default wireless subscribers in the same BSS can communicate with each other However some administrators such as wireless public spaces may wish to block traffic between wireless subscribers that are associated with the same AP to prevent unauthorized communication and to conserve bandwidth This feature enables you to prevent wireless subscribers within a BSS from exchanging traffic Although this feature is generally enabled in public access environments Enterprise
182. gt set secprofiletbl 5 secmode wpa rekeyint 900 status enable Configure a Security Profile with WPA PSK Security Mode Device Name gt set secprofiletbl lt index gt secmode wpa psk passphrase lt value gt status enable Example Device Name gt set secprofiletbl 6 secmode wpa psk passphrase 12345678 status enable Configure a Security Profile with 802 11i Security Mode Device Name gt set secprofiletbl lt index gt secmode 802 11i rekeyint lt value gt status enable Example Device Name gt set secprofiletbl 7 secmode 802 11i rekeyint 900 status enable Configure a Security Profile with 802 11i PSK Security Mode Device Name gt set secprofiletbl lt index gt secmode 802 11i psk passphrase lt value gt status enable Example Device Name gt set secprofiletbl 8 secmode 802 11i psk passphrase 12345678 status enable CLI Monitoring Parameters Using the show command with the following table parameters will display operating statistics for the AP these are the same statistics that are described in the Monitoring section e staticmp Displays the ICMP statistics statarptbl Displays the IP ARP Table statistics statbridgetbl Displays the Learn Table 173 Command Line Interface CLI AP 700 User Guide Parameter Tables statiapp Displays the IAPP statistics statradius Displays the RADIUS Authentication statistics statif Displays information and statistics about the Ethernet and wireless interfaces
183. gure the other DNS Client parameters DNS Primary Server IP Address The IP address of the network s primary DNS server DNS Secondary Server IP Address The IP address of a second DNS server on the network The Access Point will attempt to contact the secondary server if the primary server is unavailable DNS Client Default Domain Name The default domain name for the Access Point s network for example proxim com Contact your network administrator if you need assistance setting this parameter Advanced Default TTL Time to Live Time to Live TTL is a field in an IP packet that specifies the number of hops or servers in different locations that the request can travel before returning a failed attempt message The Access Point uses the default TTL for generated packets for which the transport layer protocol does not specify a TTL value This parameter supports a range from 0 to 255 By default TTL is 64 DHCP Server If your network does not have a DHCP Server you can configure the AP as a DHCP server to assign dynamic IP addresses to Ethernet nodes and wireless clients CAUTION Make sure there are no other DHCP servers on the network and do not enable the DHCP server without checking with your network administrator first as it could disrupt normal network operation Also the AP must be configured with a static IP address before enabling this feature When the DHCP Server functionality is enabled you can create one
184. han lower priority packets Note We have defined default recommended values for EDCA parameters we recommend not modifying EDCA parameters unless strictly necessary STA EDCA Table Edt Access Admission Control Cat CWmin CWmax AIFSN Tx OP Limit Mandatory BestEfion 15 1023 3 0 false Background 15 1023 7 0 false video 7 15 2 3008 false Voice 3 7 2 1504 false BestEfion 15 1023 3 0 false Background 15 1023 7 0 false Video 7 15 2 3008 false Voice 3 7 2 1504 false AP EDCA Table Ege Access Admission Control Category Cwmin Cwmax AIFSN Tx OP Limit Mandatory BestEnon 15 63 3 0 false Background 15 1023 7 0 false Video 7 15 1 3008 false Voice 3 7 1 1504 false BestEfion 15 63 3 0 false Background 15 1023 7 0 false Video 7 5 1 3008 false Voice 3 7 1 1504 false Figure 4 32 EDCA Tables 2 Click Edit and configure the following parameters in each table NOTE Changes to EDCA parameters require a reboot of the AP to take effect Index read only Indicates the index of the Access Category 1 4 being defined CWMin minimum Contention Window Configurable range is 0 to 255 CWMax maximum Contention Window Configurable range is O to 65535 AIFSN Arbitration IFS per access category Configurable range is 2 to 15 94 Advanced Configuration AP 700 User Guide Qos e Tx OP Limit The Transmission Opportunity Limit The Tx OP is an interval of time during which a particular QoS enhanced client has the right to initiate a frame ex
185. hannels RW channel Supported Data Rates Octet String See Transmit Rate below suppdatarates 182 Command Line Interface CLI Parameter Tables AP 700 User Guide Name Type Value Access CLI Parameter Transmit Rate Integer32 For 802 11b only mode 0 auto fallback default 1 Mbits sec 2 Mbits sec 5 5 Mbits sec 11 Mbits sec For 802 11g only mode 0 auto fallback default 6 Mbits sec 9 Mbits sec 12 Mbits sec 18 Mbits sec 24 Mbits sec 36 Mbits sec 48 Mbits sec 54 Mbits sec For 802 11b g mode 0 auto fallback default 1 Mbits sec 2 Mbits sec 5 5 Mbits sec 11 Mbits sec 6 Mbits sec 9 Mbits sec 12 Mbits sec 18 Mbits sec 24 Mbits sec 36 Mbits sec 48 Mbits sec 54 Mbits sec RW txrate Physical Layer Type Integer ERP Extended Rate Protocol R phytype Super Mode Integer enable disable default RW supermode Turbo Modet Integer enable disable default RW turbo Also for 802 11g wifi mode 802 11g wifi has been defined for Wi Fi testing purposes it is not recommended for use in your wireless network environment t Super mode must be enabled on the wireless interface before Turbo mode can be enabled 183 Command Line Interface CLI Parameter Tables AP 700 User Guide Channel Blacklist Parameters
186. he OpenSSH client has been verified 188 Command Line Interface CLI AP 700 User Guide Parameter Tables Auto Configuration Parameters These parameters relate to the Auto Configuration feature which allows an AP to be automatically configured by downloading a specific configuration file from a TFTP server during the boot up process Name Type Value Access CLI Parameter Auto Configuration Group N A R autoconfig Auto Configuration Status Integer enable default RW autoconfigstatus disable Auto Config File Name DisplayString User Defined RW autoconfigfilename Auto Config TFTP Server IpAddress User Defined RW autoconfigTFTPaddr IP Address TFTP Server Parameters These parameters relate to upload and download commands When a user executes an upload and or download Command the specified arguments are stored in TFTP parameters for future use If nothing is specified in the command line when issuing subsequent upload and or download commands the stored arguments are used Name Type Value Access CLI Parameter TFTP Group N A R tftp TFTP Server IP Address lpAddress User Defined RW tftpipaddr TFTP File Name DisplayString User Defined RW tftpfilename TFTP File Type Integer img RW tftpfiletype config bootloader ssicertificate sslprivatekey sshprivatekey sshpublickey clibatchfile CLI Batch File cbflog CLI Batch Error Log IP Access Table Parameters When
187. help information Please enter a location where your browser can find the Help Information For example e A Path to a Local Directory i e file C Program Fileshelp accesspoint index htm e APath to a Mapped Drive Le file G sharedhelp accesspointindex htm or An HTTPURL Address Le http www accesspoint comhelpindex hMm Note Due to security changes in internet Explorer a tink to a focal or mapped drive may not work untess the IP address of the Access Point is added to the Trusted Sites of Riternet Explorer Security tab under Intermet Options There is no known method for enabling Hinks to local or mapped drives with Netscape The user may install the help files on an internal or external web site and point the fink to it Help Link file C Program Fileshelp accesspoint ndex htmi OK Cancel Figure 6 13 Help Link Configuration Screen 137 AP 700 User Guide Troubleshooting This chapter provides information on the following Troubleshooting Concepts Symptoms and Solutions Recovery Procedures Related Applications NOTE This section helps you locate problems related to the AP device setup For details about RADIUS TFTP serial communication programs such as HyperTerminal Telnet applications or web browsers please see the documentation that came with the respective application for assistance Troubleshooting Concepts The following list identifies important troubleshooting concepts and topics The m
188. hernet The interface s address at the protocol layer immediately below the network layer in the protocol stack Received Fragment Count Wireless The number of successfully received Data or Management MAC Protocol Data Units MPDUs Retry Count Wireless The number of packets successfully transmitted after one or more retransmissions Single Collision Frames Ethernet The number of successfully transmitted frames for which transmission is inhibited by exactly one collision Speed Ethernet Wireless An estimate of the interface s current bandwidth in bits per second SQE Test Errors Ethernet The number of times that the Signal Quality Error SQE Test Error message is generated by the physical layer signalling PLS sublayer Successful RTS Count Wireless The number of times a Clear to Send CTS is received in response to an Request to Send RTS Transmitted Fragment Count Wireless The number of trasnmitted fragmented packets Transmitted Frame Count Wireless This number of successfully transmitted packets Type Ethernet Wireless The type of interface distinguished according to the physical link protocol s immediately below the network layer in the protocol stack Unknown Protocols Ethernet Wireless The number of packets received that were discarded because of an unknown or unsupported protocol WEP Undecryptable Count Wireless The number of undecryptable WEP frames received 126 Monitoring AP 700
189. hine 9 Click Open 10 To initiate the file transfer click the Update AP button The fingerprint of the new SSH public key will be displayed in the Management gt Services page ON DO FW 63 Advanced Configuration AP 700 User Guide Management Serial Configuration Settings The serial port interface on the AP is enabled at all times See Setting IP Address using Serial Port for information on how to access the CLI interface via the serial port You can configure and view the following parameters Serial Baud Rate Select the serial port speed bits per second Choose between 2400 4800 9600 19200 38400 or 57600 the default Baud Rate is 9600 Serial Flow Control Select either None default or Xon Xoff software controlled data flow control NOTE To avoid potential problems when communicating with the AP through the serial port Proxim recommends that you leave the Flow Control setting at None the default value Serial Data Bits This is a read only field and displays the number of data bits used in serial communication 8 data bits by default e Serial Parity This is a read only field and displays the number of parity bits used in serial communication no parity bits by default e Serial Stop Bits This is a read only field that displays the number of stop bits used in serial communication 1 stop bit by default NOTE The serial port bit configuration is commonly referred to as 8N1 RADIUS Based Ma
190. horized entity in such a way as to effect unauthorized management operations including the setting of object values The essence of this threat is that an unauthorized entity could change any management parameter including those related to configuration operations and accounting Masquerade Management operations that are not authorized for some entity may be attempted by that entity by assuming the identity of an authorized entity e Message stream modification SNMP is designed to operate over a connectionless transport protocol There is a threat that SNMP messages could be reordered delayed or replayed duplicated to effect unauthorized management operations For example a message to reboot a device could be copied and replayed later e Disclosure An entity could observe exchanges between a manager and an agent and thereby could learn of notifiable events and the values of managed objects For example the observation of a set command that changes passwords would enable an attacker to learn the new passwords To address the security threats listed above SNMPv3 provides the following when secure management is enabled e Authentication Provides data integrity and data origin authentication e Privacy a k a Encryption Protects against disclosure of message payload e Access Control Controls and authorizes access to managed objects The default SNMPv3 username is administrator with SHA authentication and DES privacy protocol
191. hts reserved The names OpenSSL Toolkit and OpenSSL Project must not be used to refer to endorse or promote the products or for any other purpose related to the products without prior written permission For written permission please contact openssl core openssl org This software is provided by the OpenSSL Project as is and any expressed or implied warranties including but not limited to the implied warranties of merchantability and fitness for a particular purpose are disclaimed In no event shall the OpenSSL Project or its contributors be liable for any direct indirect incidental special exemplary or consequential damages including but not limited to procurement of substitute goods or services loss of use data or profits or business interruption however caused and on any theory of liability whether in contract strict liability or tort including negligence or otherwise arising in any way out of the use of this software even if advised of the possibility of such damage ORiNOCO AP 700 User Guide Software v3 1 P N 70856 August 2005 AP 700 User Guide Contents T a A Sha cae OR he FO OE ee Cee ye OE Re Owed ees 9 Document Conventi0NS ooocco ee ee ete eee 9 Introduction to Wireless Networking lt lt lt lt lt cooo ooocnrsirrrrernrrra eee eee ee 9 Guidelines TORROAMINO 3 000 Tiras aa a dt ha bee asd be dd Gam Pte 10 IEEE 802 11 Specifications rran kale ies Ba eR a WE ARG Ee Sw ls 10
192. ich devices are connected to it and records their MAC addresses in the Learn Table The table can hold up to 10 000 entries To view the Learn Table click on the Monitor button in the web interface and select the Learn Table tab The Bridge tab has four sub tabs e Spanning Tree e Intra BSS e Packet Forwarding Spanning Tree A Spanning Tree is used to avoid redundant communication loops in networks with multiple bridging devices Bridges do not have any inherent mechanism to avoid loops because having redundant systems is a necessity in certain networks However redundant systems can cause Broadcast Storms multiple frame copies and MAC address table instability problems Complex network structures can create multiple loops within a network The Spanning Tree configuration blocks certain ports on AP devices to control the path of communication within the network avoiding loops and following a spanning tree structure For more information on Spanning Tree protocol please see Section 8 0 of the IEEE 802 1d standard The Spanning Tree configuration options are advanced settings Proxim recommends that you leave these parameters at their default values unless you are familiar with the Spanning Tree protocol 87 Advanced Configuration AP 700 User Guide Bridge System Network interfaces Management Filtering Alarms Bridge QoS sie ss SSIDNLAN Secunty i Spanning Tree i Storm Threshold Y intra BSS AN Pr Fwd A The spanning
193. ies Perform the following procedure to enable QoS and add QoS policies 1 Click Configure gt QoS gt Policy System Network interfaces Management Fiering Alarms Bridge QoS RADIUS Profiles A SSIDNLAN Secunty A Policy A Priority Mapping A EDCA A This page is used to enable or disable the Quality of Service QoS feature and to configure QoS policies for cach wireless interface There are 5 possible QoS policy types to configure Inbound Layer 2 outbound Layer 2 inbound Layer 3 outbound Layer 3 and SpectraLink Vihen a QoS policy is added an entry for each QoS policy type is created with default values You can then modify the Gefautt values for each QoS Policy type if desired and enable the QoS policy type Depending on the policy type a policy mapping index should be specified For Layer 2 policies an index from the 202 1p to 802 1D mapping table should be specified For Layer 3 policies an index from the 8021p to IP DSCP mapping table should be specified No mapping index ts required for SpectraLink policy types QoS marking are also supported and can be configured per policy type QoS marking can be enabled or disabled The 90 table is used to apply QoS Policies configured in the Policy Table Go to the SYD VLAN Security page and there you can specify the QoS Pobey to be applied per SSID based on the pobey index number Note Like with adding a QoS Policy when a QoS policy is deleted all 5 QoS policy types are deleted you
194. ifications Dimensions H x W x L 6 5 x 18 5 x 26 cm 2 5 x 7 25 x 10 25 in Weight 1 75 Kg 3 5 Ib Electrical Specifications Voltage 100 to 240 VAC 50 60 Hz Current 0 2 amp Power Consumption lt 9 Watts power supply Environmental Specifications Operating 0 C to 55 C 32 F to 131 F 5 to 95 relative humidity non condensing at 5 C and 55 C Storage 20 C to 85 C 4 F to 185 F 5 to 95 relative humidity non condensing at 5 C and 85 C Ethernet Interface 10 100 Base TX RJ 45 female socket Serial Port Interface Standard RS 232C interface with DB 9 female connector Active Ethernet Interface Category 5 foiled twisted pair cables must be used to ensure compliance with FCC Part 15 subpart B Class B requirements Standard 802 3af pin assignments 208 Specifications AP 700 User Guide Available Channels Available Channels Available channels vary based on operational mode and country To verify which channels are available for your product 1 Locate the product SKU on the underside of your AP unit or on the unit s box 2 Note the alphanumeric code following the number 8675 e g 8675 EU 3 See the following table NOTE Country restrictions may apply Please see Regulatory Compliance Mode Frequency Channel Product SKU Band AU AU2 BR CN EU EU2 HK JP SG SK TW UK US
195. ile it stores the file in the AP s flash memory If the AP detects a CLI Batch file a file with an extension of cli the AP executes the commands contained in the file immediately The AP will reboot after executing the CLI Batch file Auto Configuration will not result in repeated reboots if the CLI Batch file contains rebootable parameters For more information see the CLI Batch File section Set up Automatic Configuration for Static IP Perform the following procedure to enable and set up Automatic Configuration when you have a static IP address for the TFTP server 1 Click Configure gt Management gt AutoConfig The Automatic Configuration Screen appears 2 Check Enable Auto Configuration Enter the Configuration Filename 4 Enter the IP address of the TFTP server in the TFTP Server Address field NOTE The default filename is config The default TFTP IP address is 169 254 128 133 for AP 700 oO 5 Click OK to save the changes 6 Reboot the AP When the AP reboots it receives the new configuration information and must reboot one additional time If a Syslog server was configured the following messages can be observed on the Syslog server e AutoConfig for Static IP TFTP server address and configuration filename e AutoConfig Successful 65 Advanced Configuration AP 700 User Guide Management Alarms Bridge QoS RADIUS Profiles SSOMLANISecurity Filtering A Passwords IP Access Ta
196. ill applied to all of them 3 Click Add to configure additional SSIDs VLANs and their associated security profiles and RADIUS server profiles or click Edit to modify existing SSIDs The Add Entries or Edit Entries screen appears See Figure 4 45 116 Advanced Configuration AP 700 User Guide SSID VLAN Security System Network interfaces Management Filtering X Alarms Bridge QoS RADIUS Profiles SSID VLAN Security SSID VLAN and Security Table Wireless A Edit Entries This page is used to configure additional SIDs VLANs and their associated security profiles and RADIUS server profiles Each table entry requires a unique SSID and VLAN ID Security Profiles are used to configure the allowed security modes If RADIUS MAC 802 1 WPA or RADIUS accounting is enabled in the SSID s security profile then the respective RADIUS server profiles should be configured and assigned to this SSID Note Changes to these parameters require access point reboot in order to take effect Index 1 Network Name SSID My Wireless Networ A VLAN ID 0 4094 untagged a SSID Authorization Distt Accounting Status Dianie z RADIUS MAC One E Authentication Status MAC ACL Status Disacieo z Rekeying Interval 900 seconds Secunty Profile fi RADIUS MAC IMAC Authentication Authentication Profile ADIUS EAP Authentication y et EAP Authentication rry reee pereen Profle RADIUS Accounting Profile Accourting
197. ion or select Enable Disable or Delete from the Status pull down menu Services You can configure the following management services Secure Management Secure Management allows the use of encrypted and authenticated communication protocols such as SNMPv3 Secure Socket Link SSL and Secure Shell SSH to manage the Access Point 59 Advanced Configuration AP 700 User Guide Management Secure Management Status Enables the further configuration of HTTPS Access SNMPv3 and Secure Shell SSH After enabling Secure Management you can choose to configure HTTPS SSL and Secure Shell access on the Services tab and to configure SNMPv3 passwords on the Passwords tab SNMP Settings SNMP Interface Bitmask Configure the interface or interfaces Ethernet Wireless All Interfaces from which you will manage the AP via SNMP You can also select Disabled to prevent a user from accessing the AP via SNMP HTTP Access HTTP Interface Bitmap Configure the interface or interfaces Ethernet Wireless All Interfaces from which you will manage the AP via the Web interface For example to allow Web configuration via the Ethernet network only set HTTP Interface Bitmask to Ethernet You can also select Disabled to prevent a user from accessing the AP from the Web interface HTTP Port Configure the HTTP port from which you will manage the AP via the Web interface By default the HTTP port is 80 You must reboot the Access Poin
198. ional Make sure the TFTP server is configured to both Transmit and Receive files with no automatic shutdown or time out Three types of files can be downloaded to the AP from a TFTP server Image AP software image or kernel Config configuration file BspBl BSP Bootloader firmware file Install Updates from your TFTP Server using the Web Interface 1 Download the latest software from http support proxim com Knowledgebase Answer ID 1686 See Download the Software for instructions Copy the latest software updates to your TFTP server In the Web Interface click the Commands button and select the Download tab Enter the IP address of your TFTP server in the field provided Enter the File Name including the file extension Enter the full directory path and file name If the file is located in the default TFTP directory you need enter only the file name Select the File Type from the drop down menu use Img for software updates Select Download amp Reboot from the File Operation drop down menu 8 Click OK The Access Point will reboot automatically when the download is complete oR WwW DY N O 31 Installation and Initialization AP 700 User Guide Related Topics Install Updates from your TFTP Server using the CLI 1 5 Download the latest software to http support proxim com Knowledgebase Answer ID 1686 See Download the Software for instructions 1 Copy the latest software up
199. ireless Distribution Setup window Set the Status of the device to Enable 10 Click OK 11 Reboot the AP Ethernet Select the desired speed and transmission mode from the drop down menu Half duplex means that only one side can transmit at a time and full duplex allows both sides to transmit When set to auto duplex the AP negotiates with its switch or hub to automatically select the highest throughput option supported by both sides 56 Advanced Configuration AP 700 User Guide Interfaces SSIDNLANSecurity Y Alarms A Bridge QoS 1 RADIUS Profiles System Network Interfaces Management A Fittoring TE Operational Mode Wireless Ethernet A This tab is used to configure the Ethernet interface speed and transmission mode Note Changes to this parameter requires access point reboot in order to take effect MAC Address 00 20 A6 55 F3 31 Speed and Transmission Mode eutoseeec eute curlex OF Cancel D Figure 4 16 Ethernet Sub tab For best results Proxim recommends that you configure the Ethernet setting to match the speed and transmission mode of the device the Access Point is connected to such as a hub or switch If in doubt leave this setting at its default auto speed auto duplex Choose between e 10 Mbit s half duplex or full duplex e 100 Mbit s half duplex or full duplex Auto speed auto duplex 57 Advanced Configuration AP 700 User Guide Management Managem
200. is determined by the WEP encryption key WPA Station Authentication Mode 802 1x e Cipher TKIP WPA PSK Station e Authentication Mode PSK e Cipher TKIP PSK Passphrase an 8 63 character user defined phrase It is recommended a passphrase of at least 13 characters including both letters and numbers and upper and lower case characters be used to ensure that the generated key cannot be easily deciphered by network infiltrators e 802 11i Station Authentication Mode 802 1x Cipher CCMP based on AES 802 11i PSK Station Authentication Mode PSK 110 Advanced Configuration AP 700 User Guide SSID VLAN Security e Cipher CCMP based on AES PSK Passphrase an 8 63 character user defined phrase It is recommended a passphrase of at least 13 characters including both letters and numbers and upper and lower case characters to ensure that the generated key cannot be easily deciphered by network infiltrators 5 When finished configuring all parameters click OK 6 If you selected a Security Mode of 802 1x Station WPA Station or 802 11i Station you must configure a RADIUS 802 1x EAP server See the Configuring Radius Profiles section Security Profile 1 will be used by default for all wireless interfaces 7 Reboot the AP Advanced Configuration AP 700 User Guide SSID VLAN Security Security Profile Table Add Entries This page is used to edit a Security Profile if the WEP security
201. isabled For configuring server name in the RADIUS profile enable ONS client first VLAN is disabled For configuring VLAN ID in the RADIUS profile enable VLAN first Server Profile Name MAC Address Format Type Desndetimites Accounting update interval minutes Accounting inactity umer minutes 8 Authorization lifetime seconds ly Server Parameter Primary Server Addressing Format e Agdress z Server NameAP Address 0000 Destination Port 1812 Server VLAN ID VLAN is disabled Shared Secret Confirm Shared Secret Response Time seconds Maximum Retransmissions 0 4 Server Status OF i Cancel i Figure 4 35 Add RADIUS Server Profile Server Profile Name the profile name This is the name used to associated a VLAN to the profile See Configuring Security Profiles The Server Profile Name is also used in the Configure gt Management gt Services page to specify the RADIUS profile to be used for RADIUS Based Management Access MAC Address Format Type This parameter should correspond to the format in which the clients 12 digit MAC addresses are listed within the RADIUS server Available options are Dash delimited dash between each pair of digits xx yy zz aa bb cc Colon delimited colon between each pair of digits xx yy zz aa bb cc Single dash delimited dash between the sixth and seventh digits xxyyzz aabbcc No delimiters No characters or spaces between pairs of hex
202. istics are displayed for the Ethernet interface only the wireless interface only or for both the Ethernet and wireless interfaces Admin Status Ethernet Wireless The desired state of the interface Up ready to pass packets Down not ready to pass packets or Testing testing and unable to pass packets Alignment Error Ethernet The number of frames received that are not an integral number of octets in length and do not pass the Frame Check Sequence check Carrier Sense Errors Ethernet The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame The count increments at most once per transmission attempt Deferred Transmission Ethernet The number of frames for which the first transmission attempt is delayed because the medium is busy This number does not include frames involved in collisions Description Ethernet Wireless Information about the interface e g the name of the manufacturer the product name and the version of the hardware interface 124 Monitoring AP 700 User Guide Interfaces Duplicate Frame Count Wireless The number of duplicate frames received Ethernet Chipset Ethernet Identifies the chipset used to realize the interface Excessive Collisions Ethernet The number of frames for which transmission fails due to excessive collisions Failed ACK Count Wireless The number of of times an acknowledgment or ACK is not received
203. ized and the other is horizontally polarized to provide optimal spatial and polarization diversity When the AP is hung on the wall of an office or building the horizontally polarized antenna provides coverage for that particular floor level The vertically polarized antenna provides spatial diversity for the horizontally polarized antenna in the event of an antenna null In addition the vertically polarized antenna provides some coverage above and below the current floor level When the AP is mounted on the ceiling or sitting on a table the effect is the same but the roles of the two antennas switch The AP supports both receive and transmit diversity When receiving the AP chooses the antenna that recieves the strongest signal When transmitting the AP chooses the antenna with the highest success rate and broadcasts are transmitted on alternating antennas Antenna diversity is enabled by default set to auto When using the internal antennas Proxim recommends leaving antenna diversity disabled However you may disable antenna diversity by manually selecting which antenna to use through the Command Line Interface See Configure Antenna Diversity for information External Antennas The AP 700 also has two antenna connectors for use with external antennas 802 11a b g Radio Connectors Connector 2 Loh me am ao om i OON Connector 1 Y Pror im h Nee e OaS Figure 2 2 AP 700 Antenna Connectors When the
204. keylength Rekey Interval Integer RW rekeyint WPA PSK Value Integer W pskkey WPA PSK Pass Phrase Integer 8 64 characters W passphrase 198 Command Line Interface CLI Parameter Tables AP 700 User Guide Other Parameters IAPP Parameters on Startup disable Name Type Value Access CLI Parameter IAPP Group N A R iapp IAPP Status Integer enable default RW iappstatus disable Periodic Announce Integer 80 RW iappannint Interval seconds 120 default 160 200 Announce Response Integer 2 seconds R iappannresp Time Handover Time out Integer 410 ms RW iapphandtout 512 ms default 614 ms 717 ms 819 ms Max Handover Integer 1 4 default 4 RW iapphandretx Retransmissions Send Announce Request Integer enable default RW iappannregstart NOTE These parameters configure the Inter Access Point Protocol IAPP for roaming Leave these settings at their default value unless a technical representative asks you to change them Wireless Multimedia Enhancements WME Quality of Service QoS parameters The Wireless Multimedia Enhancements commands enable and configure Wireless Multimedia Enhancement Quality of Service parameters The following two commands are part of the Wireless Interface Properties table Enabling QoS Name Type Value Access CLI Parameter QoS Status Object Status enable RW qosstatus disable default QoS Maximum Me
205. l take effect j When prompted click OK a second time to return to the Scan List screen k Click Cancel to close the ScanTool Logging In Once the AP has a valid IP Address and an Ethernet connection you may use your web browser to monitor and configure the AP To configure and monitor using the command line interface see Command Line Interface CLI 1 FT Open a Web browser on a network computer The HTTP interface supports the following Web browsers e Microsoft Internet Explorer 6 with Service Pack 1 or later e Netscape 7 1 or later If necessary disable the browser s Internet proxy settings For Internet Explorer users follow these steps Select Tools gt Internet Options Click the Connections tab Click LAN Settings f necessary remove the check mark from the Use a proxy server box Click OK twice to save your changes and return to Internet Explorer Enter the Access Point s IP address in the browser s Address field and press Enter or Go This is either the dynamic IP address assigned by a network DHCP server or the static IP address you manually configured See Using ScanTool for information on how to determine the unit s IP address and manually configure a new IP address if necessary The Enter Network Password screen appears Please type your user name and password Site 169 254 50 2 Realm Access Product User Name esw a I Save this passwoed in pour parswor
206. le This feature applies to all management services SNMP HTTP and CLI except for CLI management over the serial port To configure this table click Add and set the following parameters a Y AutoConfig AY Note Changes to Password must be between 6 and 32 characters Cancel i Confirm onfirm Confirm Confirm Confirm Confirm This tab is used to configure SHMPyiiv2c community SNMPy3 authentication SHMPY3 privacy Telnet Change the default passwords to a value known only to you If this is not done then users may be able to manage the access point and modify its configuration without your Knowledge IP Address Enter the IP Address for the management station IP Mask Enter a mask that will act as a filter to limit access to a range of IP Addresses based on the IP Address you already entered The IP mask 255 255 255 255 would authorize the single station defined by the IP Address to configure the Access Point The AP would ignore commands from any other IP address In contrast the IP mask 255 255 255 0 would allow any device that shares the first three octets of the IP address to configure the AP For example if you enter an IP address of 10 20 30 1 with a 255 255 255 0 subnet mask any IP address between 10 20 30 1 and 10 20 30 254 will have access to the AP s management interfaces Comment Enter an optional comment such as the station name To edit or delete an entry click Edit Edit the informat
207. le 1 Stalus Erani Figure 4 43 SSID VLAN Edit Entries Screen VLAN Tagging Disabled 9 Enter a unique Network Name SSID between 1 and 32 characters This parameter is mandatory NOTE Do not use quotation marks single or double in the Network Name this will cause the AP to misinterpret the name 10 Enter a unique VLAN ID This parameter is mandatory AVLAN ID is a number from 1 to 4094 A value of 1 means that an entry is untagged e You can set the VLAN ID to 1 or untagged if you do not want clients that are using a specific SSID to be members of a VLAN workgroup The VLAN ID must match an ID used by your network contact your network administrator if you need assistance defining the VLAN IDs 115 Advanced Configuration AP 700 User Guide SSID VLAN Security 11 Specify a QoS profile See the Enabling QoS and Adding QoS policies section for more information 12 If editing an entry enable or disable the parameters on this page by electing Enable or Disable from the Status drop down menu If adding a new entry this drop down menu will not appear 13 Click OK to return to Wireless Security Configuration Screen 14 Reboot the AP Configuring SSID VLANs with VLAN Tagging Enabled With VLAN Tagging enabled from the SSID VLAN Security gt Mgmt VLAN tab multiple SSID VLANs are supported Parameters set on the Wireless tab can be enabled per SSID by choosing the Enable Security per SSID opti
208. lients can be segmented into wireless sub networks via SSID and VLAN assignment A Client can access the network by connecting to an AP configured to support its assigned SSID VLAN AP devices are fully VLAN ready however by default VLAN support is disabled Before enabling VLAN support certain network settings should be configured and network resources such as a VLAN aware switch a RADIUS server and possibly a DHCP server should be available Once enabled VLANs are used to conveniently efficiently and easily manage your network in the following ways e Manage adds moves and changes from a single point of contact e Define and monitor groups Reduce broadcast and multicast traffic to unnecessary destinations Improve network performance and reduce latency e Increase security Secure network restricts members to resources on their own VLAN Clients roam without compromising security VLAN tagged data is collected and distributed through an AP s wireless interface s based on Network Name SSID An Ethernet port on the access point connects a wireless cell or network to a wired backbone The access points communicate across a VLAN capable switch that analyzes VLAN tagged packet headers and directs traffic to the appropriate ports On the wired network a RADIUS server authenticates traffic and a DHCP server manages IP addresses for the VLAN s Resources like servers and printers may be present and a hub may include multiple APs
209. line This link provides Client 2 with access to network resources even though AP 2 is not directly connected to the Ethernet network Packets destined for or sent by the client are relayed between the Access Points over the WDS link Client 1 Client 2 Figure 4 13 WDS Example Bridging WDS Each WDS link is mapped to a logical WDS port on the AP WDS ports behave like Ethernet ports rather than like standard wireless interfaces on a BSS port an Access Point learns by association and from frames on a WDS or Ethernet port an Access Point learns from frames only When setting up a WDS keep in mind the following 54 Advanced Configuration AP 700 User Guide Interfaces There are separate security settings for clients and WDS links The same WDS link security mode must be configured currently we only support none or WEP on each Access Point in the WDS and the same WEP key must be configured The WDS link shares the communication bandwidth with the clients Therefore while the maximum data rate for the Access Point s cell is 54 Mbits second 802 11a 802 11g only or 802 b g modes or 11 Mbits second 802 11b only mode client throughput will decrease when the WDS link is active If there is no partner MAC address configured in the WDS table the WDS port remains disabled Each WDS port on a single AP should have a unique partner MAC address Do not enter the same MAC address twice in an AP s WDS port list Each Ac
210. ly pings the nodes listed within the table If the AP loses network connectivity that is the ping attempts fail the AP disables its wireless interface s Note that this feature does not affect WDS links if WDS links are configured and enabled You can configure and view the following parameters within the Link Integrity Configuration screen Enable Link Integrity Place a check mark in the box provided to enable Link Integrity Poll Interval milliseconds The interval between link integrity checks Range is 500 15000 ms in increments of 500 ms default is 500 ms Poll Retransmissions The number of times a poll should be retransmitted before the link is considered down Range is 0 to 255 default is 5 Target IP Address Entry This entry specifies the IP address of a host on the network that the AP will periodically poll to confirm connectivity The table can hold up to five entries By default all five entries are set to 0 0 0 0 Click Edit to update one or more entries Each entry contains the following field Target IP Address Comment optional Status Set this field to Enable to specify that the Access Point should poll this device You can also disable an entry by changing this field s value to Disable 42 Advanced Configuration Network AP 700 User Guide Bridge RADIUS Profiles SSID VLAN Security System Network Interfaces A Management al Filtering q IP Configuration DHCP Server DHCP RA Link integrity i SN
211. m that the new IP address has taken effect 8 When the proper IP address is set use the HTTP interface or CLI over Telnet to configure the rest of the unit s operating parameters Related Applications RADIUS Authentication Server If you enabled RADIUS Authentication on the AP make sure that your network s RADIUS servers are operational Otherwise clients will not be able to log in There are several reasons the authentication server services might be unavailable here are two typical things to check e Make sure you have the proper RADIUS authentication server information setup configured in the AP Check the RADIUS Authentication Server s Shared Secret and Destination Port number default is 1812 for RADIUS Accounting the default is 1813 Make sure the RADIUS authentication server RAS setup matches the AP TFTP Server The Trivial File Transfer Protocol TFTP server allows you to transfer files across a network You can upload configuration files from the AP for backup or copying and you can download configuration files or new software images The TFTP software is located on the ORINOCO AP Installation CD ROM 146 Troubleshooting AP 700 User Guide Related Applications If a TFTP server is not configured and running you will not be able to download and upload images and configuration files to from the AP Remember that the TFTP server does not have to be local so long as you have a valid TFTP IP address
212. maintains the Idle Timeout attribute obtained for each of the users during their authentication process and uses this time interval in place of accounting inactivity time for timing out clients Calling Station Id MAC address of the client getting authenticated Called Station Id The AP sends the MAC address of its own wireless interface with which the client getting authenticated is getting associated appended with the SSID If VLAN is enabled the SSID and corresponding VLAN ID get appended Acct Interim Interval Obtained during the Authentication process and used for determining the time interval for sending Accounting Update messages This attribute value takes precedence over the value of the Accounting Update Interval Accounting Attributes Acct Delay Time Indicates how many seconds the AP has been trying to send a particular packet related to a particular user This time can be used at the server to determine the approximate time of the event generating this accounting request Acct Session ld Unique accounting ID that aids in tracking client accounting records This attribute is sent in Start and Stop RADIUS accounting messages and contains the client MAC address appended with the unique session ID Acct Session Time Acct Session Time is calculated the following way for each transmitted retransmitted Acct Stop Acct Session Time time of last sent packet subscriber login time Acct Inp
213. mary Status Secondary Status O 1 MAC Authentication Disabled Disabled 2 EAP Authentication Disabled Disabled O 3 Accounting Disabled Disabled Cc 4 Management Access Disabled Disabled Figure 4 34 RADIUS Server Profiles Adding or Modifying a RADIUS Server Profile Perform the following procedure to add a RADIUS server profile and to configure its parameters 1 Click Add to create a new profile To Modify an existing profile select the profile and click Edit To delete an existing profile select the profile and click Delete You cannot delete a RADIUS server profile if it is applied to an SSID 2 Configure the following parameters for the RADIUS Server profile see Figure 4 35 NOTE This page configures only the Primary RADIUS Server associated with the profile After configuring these parameters save them by clicking OK Then to configure the Secondary RADIUS Server edit the profile from the main page 98 Advanced Configuration AP 700 User Guide Radius Profiles System Network Interfaces Management pl Filtering Alarms Bridge QoS RADIUS Profies Y SSIDNLANSecuriy Y o This page is used to add a RADIUS Server Profile This page creates the primary server To configure the secondary server edit this profile from the RADIUS profiles page The RADIUS server profiles created on this page are to be assigned to act as MAC authentication EAP authentication Accounting server in the SSID configuration ONS is d
214. me Integer dd hh mm ss R sysuptime dd days hh hours mm minutes ss seconds Emergency Restore to Resets all parameters to RW sysresettodefaults defaults default factory values Note You must enter the following command twice to reset to defaults set sysresettodefaults 1 Inventory Management Information Name Type Value Access CLI Parameter System Inventory Subgroup N A R sysinvmgmt Management Component Table Subgroup N A R sysinvmgmtcmptbl Component Interface Subgroup N A R sysinvmgmtcmpiftbl Table NOTE The inventory management commands display advanced information about the AP s installed components You may be asked to report this information to a representative if you contact customer support 176 Command Line Interface CLI Parameter Tables AP 700 User Guide Network Parameters IP Configuration Parameters dynamic default Name Type Value Access CLI Parameter Network Group N A R network IP Configuration Group N A R ip Note The network and ip parameters display the same information IP Address IpAddress User Defined RW ipaddr IP Mask IpAddress User Defined RW ipmask Default Router IP IpAddress User Defined RW ipgw Address Default TTL Integer User Defined seconds RW ipttl 0 255 64 default Address Type Integer static RW ipaddrtype NOTE The IP Address Assignment Type ipaddrtype must be set to static before the IP Address
215. n so that customers can have multiple types of clients non WEP WEP 802 1x WPA WPA PSK 802 11i 802 11i PSK on 113 Advanced Configuration AP 700 User Guide SSID VLAN Security the same system separated per VLAN See the Security Profile section for more information Each SSID can support a unique VLANs In order for the AP to support multiple SSID VLANs VLAN Tagging must be enabled These parameters are configurable on the Wireless sub tab Configuring an SSID VLAN with VLAN Tagging Disabled With VLAN tagging disabled from the SSID VLAN Security gt Mgmt VLAN tab only one SSID can be configured All parameters set on the Wireless tab will be applied to that SSID 1 Click SSID VLAN Security gt Wireless The SSID VLAN and Security Configuration page is displayed System Network interfaces Management Filtering Alarms Bridge Qos RADIUS Profiles SSIDVLANSecu rity Y Mgmt VLAN Secunty Profile MAC Access Wireless A SSID VLAN and Security Data Configuration Wireless A This page is used to configure multiple 1Ds Wireless Network Names VLAN IDs and the associated security profile and RADIUS server profiles in order for the Security per VLAN and SSID feature to function VLAN Status must be enabled iomt VLAN The user must specify unique SSIDs and VLAN IDs values only a single untagged VLAN ID can be configured Security Profiles are used to configure the allowed security modes If RADIUS MAC 802 1x W
216. n System links To monitor the AP using the HTTP HTTPS interface you must first log in to a web browser See Logging In for instructions You may also monitor the AP using the command line interface See Command Line Interface CLI for more information To monitor the AP via HTTP HTTPS 1 Click the Monitor button located on the left hand side of the screen The main Monitor screen will be displayed APP 1 RADIUS interfaces 1 Simon Staistcs A version A ICUP IP ARP Table A Learn Table Salus Monitor Ranta There are nine mam categories that provide monitoring and Giagnostcs information on the access pont Corea Mantas Version provides information on the version of the access ponit and its system components Commands j CM displays staQstcs on internet Control Message Protocol messages received and transmitted by the access pont Hiig 7 IP ARP Tabie provides informason on the P Address Resolution table ag Bodoc Learn Tabie displays entries that have been learned by the access point bridge A LAPP provides stumsties on the inter Access Point Protocol messages recered and transmitted by the access point RADIS provides statistics on the primary and beckup RADIUS server s configured to communicate with the access point Interfaces displays access point witertace statistes Ethernet and Wireless Sismon Matatics is used to Monitor Statistics of Wireless Statens and WOS links Figure 5 1 Monitor Main Screen 2 Click the
217. n an IP address automatically from a network Dynamic Host Configuration Protocol DHCP server during boot up If your network contains a DHCP server you can run ScanTool to find out what IP address the AP has been assigned If your network does not contain a DHCP server the Access Point s IP address defaults to 169 254 128 132 In this case you can use ScanTool to assign the AP a static IP address that is valid on your network ScanTool Instructions Follow these steps to install ScanTool and initialize the AP 1 Locate the unit s Ethernet MAC address and write it down for future reference The MAC address is printed on the product label Each unit has a unique MAC address which is assigned at the factory 2 Confirm that the AP is connected to the same LAN subnet as the computer that you will use to configure the AP 3 Power up reboot or reset the AP The unit requests an IP Address from the network DHCP server 4 Insert the Installation CD into the CD ROM drive of the computer that you will use to configure the AP The installation program will launch automatically 5 Follow the on screen instructions to install the Access Point software and documentation NOTE The ORINOCO Installation program supports the following operating systems Windows 98SE Windows 2000 Windows NT Windows ME Windows XP 6 After the software has been installed double click the ScanTool icon on the Windows desktop to launch the prog
218. n station AP station Infrastructure Client Station IBSS Client Station MAC Address of the detected station 84 Advanced Configuration AP 700 User Guide Alarms Channel the working channel of the detected station SNR the SNR value of the last frame from the station as received by the AP BSSID the BSSID field stores the MAC address of the associated Access Point in the case of a client Zero MAC address or MAC address of the partner Access Point if the AP is a partner of a WDS link The AP ages out older entries in the Rogue Scan result table if a detected station is inactive for more than the Scan Result Table Ageing Time Rogue Scan Perform this procedure to enable Rogue Scan and define the Scan Interval See Figure 4 26 on page 86 The Rogue Scan screen also displays the number of new access points and clients detected in the last scan on each wireless interface 1 2 3 Enable the Security Alarm Group Select the Security Alarm Group link from the Rogue Scan screen Configure a Trap Host to receive the list of access points and clients detected during the scan Click Configure gt Alarms gt Rogue Scan Enable Rogue Scan on the wireless interface by checking Enable Rogue Scan NOTE Rogue Scan cannot be enabled on a wireless interface when the Wireless Service Status on that interface is 9 shutdown First resume service on the wireless interface Enter the Scan Mode Sele
219. n the history buffer Ctrl N Go to the next line in the history buffer Tab Complete the command line 2 List available commands CLI Error Messages The following table describes the error messages associated with improper inputs or expected CLI behavior Error Message Description Syntax Error Invalid syntax entered at the command prompt Invalid Command A non existent command has been entered at the command prompt Invalid Parameter Name An invalid parameter name has been entered at the command prompt Invalid Parameter Value An invalid parameter value has been entered at the command prompt Invalid Table Index An invalid table index has been entered at the command prompt Invalid Table Parameter An invalid table parameter has been entered at the command prompt Invalid Table Parameter Value An invalid table parameter value has been entered at the command prompt Read Only Parameter User is attempting to configure a read only parameter Incorrect Password An incorrect password has been entered in the CLI login prompt Download Unsuccessful The download operation has failed due to incorrect TFTP server IP Address or file name Upload Unsuccessful The upload operation has failed due to incorrect TFTP server IP Address or file name 149 Command Line Interface CLI AP 700 User Guide Command Line Interface CLI Variations Command Line Interface CLI Variations Administr
220. n the rear panel of the AP 700 to the left of the connectors 2 Use two screws to screw the right side of the security cover to the RS 232 screw holes on the rear panel of the AP 700 Mounting the AP 700 Proxim recommends that you have a site survey professionally conducted to determine the best location for the AP For professional site surveyors Ekahau Site Survey software is included in the Xtras folder on the Installation CD ROM Once you have chosen a final location for your unit mount the AP 700 to a wall to a T bar ceiling or in a vehicle as follows Mounting the AP 700 to a Ceiling 1 Attach the mounting plate to the bottom of the AP 700 by lining up the keyholes and attaching it with two screws 2 Snap the tabs onto the ceiling T bar Rotate the AP 700 until it snaps on to the T bar 21 Installation and Initialization AP 700 User Guide Hardware Installation LAY 1 qe FRONT BACK ss Figure 2 5 AP 700 Mounting Plate Mounting the AP 700 to a Wall 1 Put the mounting plate up to the wall 2 Screw through the mounting plate 3 Place the AP up against the mounting plate Orient the AP with the long access vertical with the connectors facing to the left Installing External Antennas You can optionally install external antennas on the AP 700 For information on the AP s antenna functionality see Antemas Follow the mounting instructions included with your external antenna and then conne
221. nabled for a single SSID This object can only be configured using the CLI and SNMP using a MIB browser or network management application Closed System manages the way probe requests are handled If enabled the AP will respond to probe requests with an SSID only if the client has specified the SSID in the probe request If the client sends a probe request with a null or ANY SSID the AP will respond with a null SSID If disabled the AP will respond with each configured SSID whether or not an SSID has been specified in the probe request This option is disabled by default For more information on Broadcast SSID and Closed System see Knoweldgebase Answer ID 1698 at http support proxim com 118 AP 700 User Guide Monitoring This chapter discusses the following monitoring options Version Provides version information for the Access Point s system components ICMP Displays statistics for Internet Control Message Protocol packets sent and received by the AP IP ARP Table Displays the AP s IP Address Resolution table Learn Table Displays the list of nodes that the AP has learned are on the network IAPP Provides statistics for the Inter Access Point Protocol messages sent and received by the AP RADIUS Provides statistics for the configured RADIUS server s Interfaces Displays the Access Point s interface statistics Wireless and Ethernet Station Statistics Displays statistics for stations and Wireless Distributio
222. nagement Access User management of APs can be centralized by using a RADIUS server to store user credentials The AP cross checks credentials using RADIUS protocol and the RADIUS server accepts or rejects the user HTTP HTTPS and Telnet SSH users can be managed with RADIUS Serial CLI and SNMP cannot be managed by RADIUS Two types of users can be supported using centralized RADIUS management Super User The super user has access to all functionality of a management interface A super user is configured in the RADIUS server by setting the filter ID attribute returned in the RADIUS Accept packet for the user to a value of super user not case sensitive A user is considered a super user if the value of the filter id attribute returned in the RADIUS Accept packet for the user is super user not case sensitive Limited User A limited user has access to only a limited set of functionality on a management interface All users who are not super users are considered limited users However a limited user is configured in the RADIUS server by setting the filter id attribute returned in the RADIUS Accept packet to limited user not case sensitive Limited users do not have access to the following configuration capabilities Update retrieve files to and from APs Reset the AP to factory defaults Reboot the AP Change management properties related to RADIUS management modes and management passwords NOTE When a
223. nd Resume The following traps are generated during wireless service shutdown and resume and are also sent to any configured Syslog server When the wireless service is shut down on a wireless interface the AP generates a trap called oriTrapWirelessServiceShutdown When the wireless service is resumed on a wireless interface the AP generate a trap called oriTrapWirelessServiceResumed Channel Blacklist Table The Channel Blacklist table contains all available channels channels vary based on regulatory domain It can be used to manually blacklist channels and it also reflects channels that have been automatically blacklisted by the Dynamic Frequency Selection Radar Detection DFS RD function In the ETSI Europe regulatory domain channels are blacklisted automatically when radar is detected when a channel has been automatically blacklisted the Radar Detected status is set to True and the channel will remain remain blacklisted for 30 minutes Additionally an administrator can blacklist channels manually to prevent their being used when ACS is enabled To blacklist a channel manually 1 Click on Configure gt Interfaces gt Wireless 2 Scroll down to the Channel Blacklist heading Channel Blacklist Table This table is used to configure blacklist channels A channel can be blacklisted automatically if radar is detected on the operating channel this is applicable only to specific regulatory domains If radar is detected on a
224. nd Solutions 6 Perform the Reset to Factory Default Procedure in this guide This will reset the unit to DHCP mode If there is a DHCP Server on the network the DHCP Server will assign an IP Address to the AP HTTP Interface or Telnet Interface Does Not Work 1 Make sure you are using a compatible browser Microsoft Internet Explorer 6 with Service Pack 1 or later Netscape 7 1 or later 2 Make sure you have the proper IP address Enter your Access Point s IP Address in the browser address bar similar to this example http 192 168 1 100 When the Enter Network Password window appears leave the User Name field empty and enter the HTTP password in the Password field The default HTTP password is public 3 Use the CLI over the serial port to check the IP Access Table which can be restricting access to Telnet and HTTP HTML Help Files Do Not Appear 1 Verify that the HTML Help files are installed in the default directory C Program Files ORINOCO AP700 HTML If the Help files are not located in this folder contact your network administrator to find out where the Help files are located on your server 2 Copy the entire folder to your Web server 3 Perform the following steps to specify the path for the Help files a Click the Commands button in the HTTP interface b Select the Help tab located at the top of the screen c Enter the pathname where the Help files are located in the Help Link box This must be
225. nds affect Access Point behavior such as downloading rebooting and so on After entering commands and parameters if any press the Enter key to execute the Command Line Operational commands include e Typing a question mark lists CLI Commands or parameters depending on usage you do not need to type Enter after typing this command done exit quit Terminates the CLI session download Uses a TFTP server to download image files config files bootloader upgrade files SSL certificates SSL private keys SSH public keys SSH private keys or CLI Batch Files to the Access Point e help Displays general CLI help information or command help information such as command usage and syntax history Remembers commands to help avoid re entering complex statements e passwd Sets the Access Point s CLI password reboot Reboots the Access Point in the specified time e search Lists the parameters in a specified Table e upload Uses TFTP server to upload config files from Access Point to TFTP default directory or specified path List Commands This command can be used in a number of ways to display available commands and parameters The following table lists each operation and provides a basic example Following the table are detailed examples and display results for each operation Operation Basic Example Display the Command List Example 1 Device Name
226. ng User Defined up to 254 RW cmt characters Status optional Integer enable RW status disable default delete 179 Command Line Interface CLI Parameter Tables AP 700 User Guide Interface Parameters Wireless Interface Parameters The wireless interface group parameter is wif For Single radio APs the wireless interface uses table index 3 Common Parameters to 802 11a b g Name Type Value Access CLI Parameter Wireless Interfaces Group N A R wif Table Index Integer 3 R index Network Name DisplayString 1 32 characters RW netname My Wireless Network default Auto Channel Select ACS Integer enable default RW autochannel disable DTIM Period Integer 1 255 RW dtimperiod 1 default RTS CTS Medium Integer 0 2347 RW medres Reservation Default is 2347 off MAC Address PhyAddress 12 hex digits R macaddr Closed System Integer enable RW closedsys disable default Wireless Service Status T Integer 1 resume RW wssstatus 2 shutdown Supported Frequency Octet String Depends on Regulatory R suppchannels Channels Domain Load Balancing Max Clients Integer 1 63 RW lbmaxclients Distance Between APst Integer 1 large default RW distaps 2 medium 3 small 4 minicell 5 microcell Antenna Diversity Integer 1 Antenna 1 RW atdiversity 2 Antenna 2 5 Auto both antennas See Configure Antenna Diversity For 802 11a APs certified in
227. nnectivity by pinging the switch to ensure VLAN properties and by pinging hosts past the switch to confirm the switch is functional Ultimately traffic can be sniffed on the Ethernet or WDS interfaces if configured using third party packages Most problems can be avoided by ensuring that 802 1Q compliant VLAN tags containing the proper VLAN ID have been inserted in the bridged frames The VLAN ID in the header should correspond to the user s assigned network name What if network traffic is being directed to a nonexistent host All sessions are disconnected traffic is lost and a Forced Reload is necessary See Forced Reload Procedure Workaround you can configure the switch to mimic the nonexistent host I have just configured the Management ID and now I can t manage the AP Check to ensure your password is correct If your password is incorrect or all inbound packets do NOT have the correct tag then a Forced Reload is necessary See Forced Reload Procedure CAUTION The Forced Reload Procedure disconnects all users and resets all values to factory defaults Active Ethernet AE The AP Does Not Work 1 Verify that you are using a standard UTP Category 5 cable 2 Try a different port on the same AE hub remember to move the input port accordingly if it works there is probably a faulty port or bad RJ 45 port connection 3 If possible try to connect the AP to a different AE hub 141 Troubleshooting AP 7
228. non LB Switzerland CH Croatia HR Liechtenstein LI Syria SY Cyprus CY Lithuania LT Taiwan TW Czech Republic CZ Luxembourg LU Thailand TH Denmark DK Macau MO Turkey TR Dominican Republic DO Macedonia MK Ukraine UA Ecuador EC Malaysia MY United Arab Emirates AE Egypt EG Malta MT United Kingdom GB El Salvador SV Mexico MX United Kingdom 5 8ghz G1 Estonia EE Monaco MC United States US Finland FI Morocco MA United States World UW France FR Netherlands NL United States Dfs U1 Georgia GE New Zealand NZ Uruguay UY Germany DE Nicaragua NI Venezuela VE Greece GR Norway NO Vietnam VN Guam GU Oman OM Guatemala GT Pakistan PK Enable and Configure TX Power Control for the Wireless Interface s The TX Power Control feature lets the user configure the transmit power level of the card in the AP at one of four levels e 100 of the maximum transmit power level of the card e 50 e 25 e 12 5 Perform the following commands to enable TX Power Control and set the transmit power level Device Name gt set txpowercontrol enable Device Name gt set wif lt interface number gt currenttxpowerlevel lt value gt Allowed values are 1 100 2 50 3 25 4 12 5 Configure SSIDs Network Names VLANs and Profiles Perform the following command to configure SSIDs and VLANS and to assign Security and RADIUS Profiles Device Name gt set wifssidtbl lt Wireless Interface Index SSID Index gt ssid lt Network Name gt
229. ns Device name gt Pleas nter password 4 Enter the CLI password default is public The terminal displays a welcome message and then the CLI Prompt Device name gt 5 Enter show ip Network parameters appear Device Namel gt show ip IP Network Group Parameters ipaddr 18 0 8 1 ipsubmask s 255 0 0 0 ipgw 16 0 6 1 ipt 64 ipaddrt ype E static Device Namel gt _ Figure 7 1 Result of show ip CLI Command 6 Change the IP address and other network values using set and reboot CLI commands similar to the example below use your own IP address and subnet mask Note that IP Address Type is set to Dynamic by default If you have a DHCP server on your network you should not need to manually configure the Access Point s IP address the Access Point will obtain an IP address from the network s DHCP server during boot up After each entry the CLI reminds you to reboot however wait to reboot until all commands have been entered Device name gt set ipaddrtype static gt set ipaddr lt IP Address gt gt set ipsubmask lt IP Subnet Mask gt Device nam Device nam Device name gt set ipgw lt Default Gateway IP Address gt Device name gt show ip to confirm your new settings Device name gt reboot 0 7 After the AP reboots verify the new IP address by reconnecting to the CLI and enter a show ip command Alternatively you can ping the AP from a network computer to confir
230. nter the appropriate MAC addresses and Masks to setup a filter The entry is enabled automatically when saved To edit an entry click Edit To disable or remove an entry click Edit and change the Status field from Enable to Disable or Delete Alarms 1 Bridge 1 QoS 7 RADIUS Profiles System Network interfaces Management Filtering 1 SSID VLAN Security x Ethemet Protocol Static MAC 1 Advanced 1 TCP UDP Port A The static MAC filter can be used to optimize the network performance by allowing filtering based on MAC eddresses or groups of MAC addresses on wired and wireless interfaces Groups of MAC addresses can be specified by using a betmask For Example if a block of MAC addresses header consisting of 00 11 22 is to be filtered from wired to wireless interface then the following can be configured Wired MAC Addross 00 11 22 AA BB CC Wired Mask FF FF FF 00 00 00 This mask filters out all MAC addresses with a header of 00 11 22 Wireless MAC Address 00 00 00 00 00 00 Enter all zeros since filtering wired MAC addresses Wireless Mask 00 00 00 00 00 00 Enter all zeros for the mask since filtoring wired MAC addresses Add Edi i Wired MAC Wired Wireless MAC Wireless Address Mask Address Mask Comment Status Figure 4 23 Static MAC Configuration Screen Static MAC Filter Examples Consider a network that contains a wired server and three wireless clients The MAC address for each unit is as follows Wired Server 0
231. ntry You can also disable or delete entries by changing this field s value Syslog Messages The following messages are supported in the AP Syslog Message Name Priority Severity Description Auto Configuration using DHCP 6 Informational Configuration filename and TFTP server address are obtained from DHCP when dynamic IP is configured on the device Auto Configuration using Static IP 6 Informational Configured TFTP server address and configuration filename is used when Static IP is configured on the device TFTP Server IP and configuration 4 Minor Configuration filename and or TFTP server filename not present in DHCP address is not present in the DHCP response when response using DHCP TFTP Server IP Address used in 6 Informational TFTP server IP address used for AutoConfig AutoConfig feature TFTP Server filename used in 6 Informational TFTP filename used for AutoConfig AutoConfig feature Auto Configuration TFTP 4 Minor TFTP download of a configuration file for Download Failure AutoConfig fails for the following reasons Incorrect or non reachable TFTP server address Incorrect or unavailable configuration filename TFTP transfer timeout Image Compatibility Check 2 Major One of the following failures occurs Invalid Image Invalid Signature Zero File Size Large File Non VxWork Image Incompatible Image AP Heartbeat Status 5 Informational AP syslog keep alive message 8
232. o castes ES e A Stee e E da he O te A 148 Prerequisite Skills and Knowledge 1 0 0 ccc tenet eee 148 Notation Conventions s 2 2 eee ee ee epee eee 148 Important Terminology oened enron eenen e EE AE E E o a9 la nbn bp Ada bt pee 148 Navigation and Special KeyS erri anan ERARE OTER PEA ee be eee bed eee eet eee 149 CLI Error Messages cnn ive ea A ee ae aes 149 Command Line Interface CLI Variations 0 0 0 0 eee 150 Bootloader GL ess lo a este ad ae A ae ake tt ae Pa as GAs Phe aes Male ew 150 CLI Command TY DES 526d is Eta een tes an Mages As tng eas ere te eg ede tee 151 Operational CLI Commands e 12 a neta pads a o aad oda a a ot bie td 151 Parameter Control Commands ers ma pr Te arre Ei AD OE eed bee ene dete eden eee 155 Using Tables and Stings isanne a ia aai aa a Ts e it Tas 159 Working wih Tables ssi ieee ree A ted oa a ae eed e gad A TEE O40 Ge 159 USING SOIS lt 3 costs pa a A eg te eta ake Creates Cate depts Cee a ee 159 Configuring the AP using CLI commandS 22sec iw ks ne OS ita heeds td See a 160 Log into the AP using HyperTerminal 0 0 ccc tee 160 Log into the AP using Tenet srera ssp aika Pag Gun alate Peed Saath Speck gag a oe ead Boe eg RG ae ed ERG 160 Set Basic Configuration Parameters using CLI Commands 0 00 e ee eee 160 Other Network Settings diee TA A ae NE a RR A o e Adee At 164 CLI Monitoring Parameters oss se eek sek E A ee la ude ARA A eee Se eS 173 Parameter Tables oo
233. o comply with these guidelines 218 Regulatory Compliance AP 700 User Guide Industry Canada IC Industry Canada IC Be industry Industrie Canada Canada DECLARATION OF CONFORMITY This device is in conformance with ICES 003 of the IC Rules and Regulations for Information Technology Equipment Operation of this product is subject to the following two conditions 1 this device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation Supplier Information Trade Name Proxim Model 8675 XXX 7 Responsible Party Proxim Corporation Address 935 Stewart Drive Sunnyvale CA 94085 Contact Person Title Mohammad Sa id Regulatory Compliance Manager Telephone 408 542 5357 Fax 408 720 9380 EUT Certification Summary Equipment Class Class B Product Type ORINOCO AP 700 Access Point Report Number RF921107R01 Report Issuance Date 2004 02 09 _Testedby Advance Data Technology Corporation _ We the responsible party Proxim Corporation declare that the product ORiNOCO AP 700 Access Point was tested to conform to the applicable IC Rules and Regulations The method of testing was in accordance to the most accurate measurement standards possible and that all necessary steps have beenfin forced to assure that all production units of the same equipment will continue to comply Wo ithe ra Canada s r
234. o ira rei nane a YOO e eed eh ws Ed a Re ee Be 174 System Parameters 1 223 iie A ee ben A bene a A Ee 176 Network Faramello Surai iora i par did eh Ade Dee be de ddd Ad wh Add Oa Rae 177 Interface Parameters vi nox cid base Rise AS TE EE E tee Molds Teg Paid beac 180 Management Parameters 0 0 0 nee 185 Filtering Parameters oot eae alae eee ee a ded ale So eta LA ete oe ee ag Aad ete 190 Alarms Parameters seu enone Akt pact A A aa 192 Bridge Parameters a s 04 acre dda e da dl da he eh 194 RADIUS Parameters ro aris prieta ba aaa dase AGG aot eis ane 196 security Parametros 197 VLAN SSID Parameters s os 0 03 ganda date ga do eee a ghetto gawd ey ins eaten eas 198 Security Profile Table our med ae ae e A aa ean a eee Bo Bale hake aaa 198 Other Parameters arreen A A ad a E 199 Wireless Multimedia Enhancements WME Quality of Service QoS parameters 200 eae 199 Contents AP 700 User Guide CEI Batch File isis a Bat aad aah taba Vie wie A A A o 201 Auto Configuration and the CLI Batch File 0 0 00 eee 202 CLI Batch File Format and Syntax 0 0 nee ee 202 Reboot BehaviOhs sies asana hate aan edi end Sethe goa i hase a aa aon Pella ed Gc gap a a biG Gad dee 2 202 B ASCII Character Chalco tester oy piesa eee eG e Ee eee fete 204 C SPecilicatlons 3 5 1 SA NS eee ee ewe See eas 205 SottWwaTe Features draen talks ogc ok ences to A wean anders eect 205 Number of Stations per BSS 1 0000 205 Mana
235. o that point will be saved to the unit but will not take effect until it is rebooted 2 Configure the System Configuration settings and click Save amp Next See System for more information 3 Configure the Access Point s Basic IP address settings if necessary and click Save amp Next See Basic IP Parameters for more information 4 Assign the AP new passwords to prevent unauthorized access and click Save amp Next Each management interface has its own password SNMP Read Password SNMP Read Write Password e CLI Password HTTP Web Password By default each of these passwords is set to public See Passwords for more information 5 Configure the basic Wireless Interface Configuration settings e Select the Operational Mode as follows and click Save amp Next 802 11a only mode The radio uses the 802 11a standard only 802 11b mode only The radio uses the 802 11b standard only 802 11g mode only The radio is optimized to communicate with 802 11g devices This setting will provide the best results if this radio interface will only communicate with 802 119 devices 802 11b g mode This is the default mode Use this mode if you want to support a mix of 802 11b and 802 11g devices 28 Installation and Initialization AP 700 User Guide Initialization 802 11g wifi 802 11g wifi has been defined for Wi Fi testing purporses It is not recommended for use in your wireless network environmen
236. oS enabled AP to establish policy to change policies when accepting new stations or new traffic or to adapt to changes in the offered load The EDCA parameters assign priorities to traffic types where higher priority packets gain access to the wireless medium more frequently than lower priority packets NOTE We have defined default recommended values for EDCA parameters we recommend not modifying EDCA parameters unless strictly necessary Name Type Value Access CLI Parameter EDCA Table Table N A N A qosedcatbl Table Index Integer 1 4 R index CWmin Integer 0 255 RW cwmin CWmax Integer 0 65535 RW cwmax AIFSN Integer 2 15 RW aifsn Tx OP Limit Integer 0 65535 RW txoplimit MSDU Lifetime Integer 0 500 RW msdulifetime AC Mandatory Truth Value true RW acmandatory false QAP EDCA Table Table N A N A qosqapedcatbl Table Index Integer 1 4 R index CWmin Integer 0 255 RW cwmin CWmax Integer 0 65535 RW cwmax AIFSN Integer 2 15 RW aifsn Tx OP Limit Integer 0 65535 RW txoplimit MSDU Lifetime Integer 0 500 RW msdulifetime AC Mandatory Truth Value true RW acmandatory false Defining the QoS Policy used for a Wireless Interface SSID The QoS Policy object configures the QoS policy to be used per wireless interface SSID This object is part of the Wireless Interface SSID Table the CLI command for this table is wifssidtbl Name Type Value Access CLI Paramete
237. ocol Number Octet String N A RW protonumber Protocol Name optional DisplayString RW protoname Status optional Integer enable 1 RW status disable 2 delete 3 NOTE The filter Operation Type passthru or block applies only to the protocol filters that are enabled in this table Static MAC Address Filter Table Name Type Value Access CLI Parameter Static MAC Address Filter Table N A R staticmactbl Table Table Index N A N A R index Static MAC Address on PhysAddress User Defined RW wiredmacaddr Wired Network Static MAC Address PhysAddress User Defined RW wiredmask Mask on Wired Network Static MAC Address on PhysAddress User Defined RW wirelessmacaddr Wireless Network Static MAC Address PhysAddress User Defined RW wirelessmask Mask on Wireless Network Comment optional DisplayString max 255 characters RW cmt Status optional Integer enable default RW status disable delete 190 Command Line Interface CLI Parameter Tables AP 700 User Guide Proxy ARP Parameters Name Type Value Access CLI Parameter Proxy ARP Group N A R parp Status Integer enable RW parpstatus disable default IP ARP Filtering Parameters Name Type Value Access CLI Parameter IP ARP Filtering Group N A R iparp Status Integer enable RW iparpfitstatus di
238. ode is one of the following e 802 11a only mode e 802 11g only mode e 802 11b g mode NOTE Super mode and Turbo mode are not available in operational modes 802 11b and 802 11g wifi Dynamic Turbo mode is supported in 802 11a and 802 11g mode Dynamic turbo mode supports turbo speeds at twice the standard 802 11a g data rates and also dynamically switches between turbo mode speeds and normal speeds depending on the wireless client If turbo mode is enabled then this is displayed in the web UI and the transmit speeds and channels pull down menus are updated with the valid values When Turbo mode is enabled only a subset of the wireless channels on both the 2 4 GHz and 5 0 GHz spectrum can be used If any wireless clients do not support turbo mode the AP will fall back to normal mode Turbo mode can be configured only when Super mode has already been enabled Super mode in 802 11a and 802 11g and Turbo mode in 802 11g are supported in all regulatory domains Turbo mode in 802 11a is available in all regulatory domains except Japan IEEE 802 11d Support for Additional Regulatory Domains The IEEE 802 11d specification allows conforming equipment to operate in more than one regulatory domain over time IEEE 802 11d support allows the AP to broadcast its radio s regulatory domain information in its beacon and probe responses to clients This allows clients to passively learn what country they are in and only transmit in the allowable spectrum
239. ommands to configure the AP This file will be executed by the AP immediately after being uploaded See CLI Batch File for more information File Operation Select either Update AP or Update AP amp Reboot You should reboot the AP after downloading files Update AP via HTTP Use the Update AP via HTTP tab to download Configuration AP Image Bootloader files and Certificate and Private Key files to the AP Once on the Update AP screen click on the via HTTP tab Update AP Reneve File A Reboot eset A Help Link A via TFTP via HTTP This page is used to update software images and configuration files in the Access Point using HTTP file transfer Check on the browse button to search for the file or enter the path in the text box Select the file type and click the Update AP button to start the file transfer Note if you are updating the AP with a configuration file an image or CLI batch file the access point will require a reboot in order for the changes to take effect System Information Sofware Version Figure 6 3 Update AP via HTTP Command Screen The Update AP via HTTP tab shows version information and allows you to enter HTTP information as described below 1 Select the File Type that needs to be updated from the drop down box Choices include Image for the AP Image executable program Config for configuration information such as System Name Contact Name and so on SSL Certificate the digital certifi
240. on 1 Click SSID VLAN Security gt Wireless 2 Select the Enable Security Per SSID option The screen will update to the following System Network Interfaces Management Filtering Alarms Bridge Qos RADIUS Profiles SSIDNLAN Secuntty Y Mgmt VLAN Secunty Profile MAC Access SSID VLAN and Security Data Configuration Wireless A This page is used to configure multiple SSIDs Wireless Network Names VLAN IDs and the associated security profile and RADIUS server profiles in order for the Security per VLAN and SSID feature to function VLAN Status must be enabled Mamt VLAN The user must specify unique SSIDs and VLAN IDs values only a single untagged VLAN ID can be configured Security Profiles are used to configure the allowed security modes if RADIUS MAC 302 1x WPA or RADIUS accounting is enabled in the SSID s security profile then the respective RADIUS server profiles should be configured and assigned to this 55 0 Note Changes to these parameters require access point reboot in order to take offect Enable Security Per SSID Y SSID VLAN and Security Data Table Add Eck index Network Name SSID VLANID Security Profile QoSProfile Status My Wireless NetworkA untagged 1 1 Enable Figure 4 44 SSID VLAN Configuration VLAN Tagging Enabled NOTE If you disable uncheck the Enable Security per SSID option you will be able to add multiple SSID VLANSs but the same configuration parameters described below w
241. on PUPS Encryption Wi Fi Protected Access WPA Hardware Configuration Reset Disable SINININININININSININIS Key lengths supported by 802 11a 64 bit 128 bit and 152 bit Key lengths supported by 802 11b 64 bit and 128 bit Key lengths supported by 802 11b g 64 bit 128 bit and 152 bit t EAP MD5 EAP TLS EAP TTLS and PEAP client supplicant supported 206 Specifications Software Features AP 700 User Guide Support is provided for a primary and backup RADIUS authentication server for both MAC based authentication and 802 1x authentication per VLAN Use in conjunction with WPA or 802 1x Authentication Network Functions Feature Supported by AP 700 DHCP Client DHCP Server DHCP Relay Agent and IP Lease Renewal Inter Access Point Protocol IAPP Link Integrity System Logging Syslog RADIUS Accounting Support DNS Client TCP IP Protocol Support SINININSININININSIS Virtual LAN Support Up to 16 SSIDs and VLANs with specific Security and RADIUS profiles For more information see the Advanced Configuration chapter Includes Fallback to Primary RADIUS Server RADIUS Session Timeout RADIUS Multiple MAC Address Formats RADIUS DNS Host Name Support RADIUS Start Stop Accounting 207 Specifications AP 700 User Guide Hardware Specifications Hardware Specifications Physical Spec
242. only the hexadecimal digits 0 and F in the Mask where 0 is any value and F is the value specified in the MAC address A Mask of 00 00 00 00 00 00 corresponds to all MAC addresses and a Mask of FF FF FF FF FF FF applies only to the specified MAC Address For example if the MAC Address is 00 20 A6 12 54 C3 and the Mask is FF FF FF 00 00 00 the AP will examine the source and destination addresses of each packet looking for any MAC address starting with 00 20 A6 If the Mask is FF FF FF FF FF FF the AP will only look for the specific MAC address in this case 00 20 A6 12 54 C3 When creating a filter you can configure the Wired parameters only the Wireless parameters only or both sets of parameters Which parameters to configure depends upon the traffic that you want block To prevent all traffic from a specific wired MAC address from being forwarded to the wireless network configure only the Wired MAC Address and Wired Mask leave the Wireless MAC Address and Wireless Mask set to all zeros To prevent all traffic from a specific wireless MAC address from being forwarded to the wired network configure only the Wireless MAC address and Wireless Mask leave the Wired MAC Address and Wired Mask set to all zeros e To block traffic between a specific wired MAC address and a specific wireless MAC address configure all four parameters A maximum of 200 entries can be created in the Static MAC filter table To create an entry click Add and e
243. ort e ASCII Terminal software such as HyperTerminal Attaching the Serial Port Cable 1 Connect one end of the serial cable to the AP and the other end to a serial port on your computer 2 Power on the computer and AP if necessary Initializing the IP Address using CLI After installing the serial port cable you may use the CLI to communicate with the AP CLI supports most generic terminal emulation programs such as HyperTerminal which is included with the Windows operating systems In addition many web sites offer shareware or commercial terminal programs you can download Once the IP address has been assigned you can use the HTTP interface or the CLI over Telnet to complete configuration Follow these steps to assign the AP an IP address 1 Open your terminal emulation program like HyperTerminal and set the following connection properties Com Port lt COM1 COM2 etc depending on your computer gt Baud rate 9600 Data Bits 8 Stop bits 1 Flow Control None e Parity None 2 Under File gt Properties gt Settings gt ASCII Setup enable the Send line ends with line feeds option HyperTerminal sends a line return at the end of each line of code 3 Press the RESET button on the AP The terminal display shows Power On Self Tests POST activity and then displays a CLI prompt similar to the example below This process may take up to 90 seconds 145 Troubleshooting AP 700 User Guide Related Applicatio
244. ost common initialization and installation problems relate to IP addressing For example you must have valid IP addresses for both the AP and the management computer to access the unit s HTTP interface IP Address management is fundamental Factory default units are set for Dynamic DHCP IP Address assignment The default IP address for the AP is 169 254 128 132 if your network does not have a DHCP server If you connect the AP to a network with an active DHCP server then use ScanTool to locate the IP address of your unit If a DHCP server is not active on your subnet then use ScanTool to assign a static IP address to the unit The Trivial File Transfer Protocol TFTP provides a means to download and upload files These files include the AP Image executable program and configuration files If the AP password is lost or forgotten you will need to reset to default values The Reset to Factory Default Procedure resets configuration but does not change the current AP Image The AP Supports a Command Line Interface CLI If you are having trouble locating your AP on the network connect to the unit directly using the serial interface and see Command Line Interface CLI for CLI command syntax and parameter names ScanTool does not work over routers You must be connected to the same subnet physical LAN segment to use ScanTool Note that ScanTool also works over the wireless interface you can run it on a wireless client connected to th
245. process The standard refers to them as 1 Supplicant client PC 2 Authenticator Access Point 3 Authentication server RADIUS server When the Security Mode is set to 802 1x Station WPA Station or 802 11i Station you need to configure your RADIUS server for authentication purposes Prior to successful authentication an unauthenticated client PC cannot send any data traffic through the AP device to other systems on the LAN The AP inhibits all data traffic from a particular client PC until the client PC is authenticated Regardless of its authentication status a client PC can always exchange 802 1x messages in the clear with the AP the client begins encrypting data after it has been authenticated Figure 4 38 RADIUS Authentication Illustrated The AP acts as a pass through device to facilitate communications between the client PC and the RADIUS server The AP 2 and the client 1 exchange 802 1x messages using an EAPOL EAP Over LAN protocol A Messages sent from the client station are encapsulated by the AP and transmitted to the RADIUS 3 server using EAP extensions B Upon receiving a reply EAP packet from the RADIUS the message is typically forwarded to the client after translating it back to the EAPOL format Negotiations take place between the client and the RADIUS server After the client has been successfully authenticated the client receives an Encryption Key from the AP if the EAP type supports automatic key
246. r QoS Policy Integer See Note RW qospolicy A QoS Policy number needs to be specified in the SSID table This depends on the QoS policies configured by the user Once the user has configured QoS policies the user should specify the policy to be used for that SSID CLI Batch File A CLI Batch file is a user editable file that lists a series of CLI set commands that can be uploaded to the Access Point to change its configuration The Access Point executes the CLI commands specified in the CLI Batch file after upload and the configuration gets changed accordingly A CLI Batch file can also be used for Auto Configuration The CLI Batch file does not replace the existing LTV format configuration file which continues to define the configuration of the AP The CLI Batch file contains a list of CLI commands that the AP will execute The AP performs the commands in the file immediately after the file is uploaded to the AP manually or during Auto Configuration The AP parses the file and 201 Command Line Interface CLI AP 700 User Guide CLI Batch File executes the CLI commands Commands that do not require a reboot take effect immediately while commands that require a reboot typically commands affecting a wireless interface will take effect after reboot Auto Configuration and the CLI Batch File The Auto Configuration feature allows download of the LTV format configuration file or the CLI Batch file The
247. r based on AES and encrypts frames to clients based on a Pre Shared Key The Pre Shared Key must be 256 bits long which is either 64 hexadecimal digits or 32 alphanumeric characters The AP also supports a PSK Pass Phrase option to facilitate the creation of the Pre Shared Key so a user can enter an easy to remember phrase rather than a string of characters NOTE For more information on WPA see the Wi Fi Alliance Web site at http www wi fi org Authentication Protocol Hierarchy There is a hierarchy of authentication protocols defined for the AP The hierarchy is as follows from Highest to lowest 802 1x authentication MAC Access Control via RADIUS Authentication MAC Access Control through individual APs MAC Access Control Lists If you have both 802 1x and MAC authentication enabled the 802 1x results will take effect This is required in order to propagate the WEP keys to the clients in such cases Once you disable 802 1x on the AP you will see the effects of MAC authentication 108 Advanced Configuration AP 700 User Guide SSID VLAN Security VLANs and Security Profiles The AP 700 allows you to segment wireless networks into multiple sub networks based on Network Name SSID and VLAN membership A Network Name SSID identifies a wireless network Clients associate with Access Points that share an SSID During installation the Setup Wizard prompts you to configure a Primary Network Name for each wireless interface
248. r disable local user access and configure the local user password The default local user ID is root and the default local user password is public Root cannot be configured as a valid user for RADIUS based management access when local user access is enabled Name Type Value Access CLI Parameter Radius Local User Status Integer enable RW radlocaluserstatus disable Radius Local User DisplayString User Defined RW radlocaluserpasswd Password HTTP Radius Integer enable RW httpradiusmgmtaccess Management Access disable Telnet Radius Integer enable RW telradiusmgmtaccess Management Access disable SSH Parameters The following commands enable or disable SSH and set the SSH host key Name Type Value Access CLI Parameter SSH Status Integer enable RW sshstatus disable SSH Public Host Key DisplayString AP Generated RW sshkeyfprint Fingerprint SSH Host Key Status Integer create RW sshkeystatus delete The AP SSH feature open SSH confirms to the SSH protocol and supports SSH version 2 The following SSH clients have been verified to interoperate with the AP s server The following table lists the clients version number and the website of the client Clients Version Website OpenSSH V3 4 2 http www openssh com Putty Rel 0 53b http www chiark greenend org uk Zoc 5 00 http www emtec com Axessh V2 5 http Awww labf com For key generation only t
249. ram if the program is not already running ScanTool scans the subnet and displays all detected Access Points The ScanTool s Scan List screen appears as shown in the following example NOTE If your computer has more than one network adapter installed you will be prompted to select the adapter that you want ScanTool to use before the Scan List appears If prompted select an adapter and click OK You can 24 Installation and Initialization AP 700 User Guide Initialization change your adapter setting at any time by clicking the Select Adapter button on the Scan List screen Note that the ScanTool Network Adapter Selection screen will not appear if your computer only has one network adapter installed E Scam List ef lolx res oy Selec Acaso mu o f Figure 2 8 Scan List 7 Locate the MAC address of the AP you want to initialize within the Scan List NOTE If your Access Point does not show up in the Scan List click the Rescan button to update the display If the unit still does not appear in the list see Troubleshooting for suggestions Note that after rebooting an Access Point it may take up to five minutes for the unit to appear in the Scan List 8 Do one of the following e Ifthe AP has been assigned an IP address by a DHCP server on the network write down the IP address and click Cancel to close ScanTool Proceed to the Logging In section for information on how to access the HTTP interface using this
250. rameter or table entry Command Usage set lt parameter gt lt parameter value gt lt CR gt set lt table gt lt index gt lt argi gt lt valuel gt lt argN gt lt valueN gt lt CR gt Example set sysname My Wireless Device lt CR gt set mgmtipaccesstbl ipaddr 16 6 6 16 ipmask 255 255 0 0 cmt Test WorkStation lt CR gt Device Namel gt set hroadcastf 1ltthl dhcpgw dhcpippooltbl dhcppridnsipaddr dhcpsecdnsipaddr dhcpstatus dnsdomainname dnsprisuripaddr dnssecsuripaddr dnsstatus etherf 1tifbitmask telsessiontout tftpfilename tftpfiletype tftpipaddr vlanidthl vlanmgmtid vlanstatus wdsthl wif wifsec Device Name gt set Figure A 5 Result of set CLI command 152 Command Line Interface CLI AP 700 User Guide CLI Command Types Example 3b Display parameters based on letter sequence This example shows entries for parameters that start with the letter i The more letters you enter the fewer the results returned Notice that there is no space between the letters and the question mark Device Name gt show ipa Device Namel gt show ipa ipaddr ipaddrt ype parp iparpf ltipaddr iparpf ltstatus iparpf ltsubmask Figure A 6 Result of show ipa CLI command Device Name gt show iparp Device Namel gt show iparp iparp iparpf ltipaddr iparpf ltstatus iparpf l1tsubmask Device Namel gt show iparp_ Figure A 7 Result of show iparp CLI comm
251. rator 17 Installation and Initialization Prerequisites AP 700 User Guide Client IP Address Pool Allocation Scheme The Access Point can automatically provide IP addresses to clients as they sign on The network administrator typically provides the IP Pool range DNS Server IP Address The network administrator typically provides this IP Address Gateway IP Address and Subnet Mask The gateway IP address and subnet mask of the network environment where the Access Point is deployed 18 Installation and Initialization AP 700 User Guide Product Package Product Package Each AP 700 comes with the following AP 700 unit with integrated 802 11a b g radio and Active Ethernet Power adapter One ceiling or wall mounting plate Security cover One Installation CD ROM that contains the following Software Installation Wizard ScanTool MIBs User s Guide in PDF format Xtras folder containing the following SolarWinds TFTP software Ekahau Site Survey software Acrobat Reader software One Quick Start Flyer If any of these items are missing or damaged please contact your reseller or Technical Support see Technical Support for contact information System Requirements To begin using an AP you must have the following minimum requirements A 10Base T Ethernet or 100Base TX Fast Ethernet switch or hub or cross over Ethernet cable At least one of the following
252. re 4 22 1 Click Configure gt Management gt CHRD Alarms 1 Bridge 1 QoS i RADIUS Profiles SSIDVLAN Securky y System Network Interfaces Management A Filtering A CHRD Senicos Passwords AutoConfig The hardware configuration Reset functionality allows the user to reset the AP to factory defaults configuration by pressing the hardware reload button when the AP is in operational mode This is useful in gaining access to the AP if the user forgets the MTTPTelnetiSUMP password Note if the Hardware Configuration Roset is disabled the user shall be prompted for the configuration roset password during boot up to reset the AP to factory defaults from the serial interface it is important to store this password safely The AP cannot be restored to defaults from the boot time serial interface if this password is lost Enable Hardware Configuration F Reset Configuration Reset Password seveeeee Contin eeeeees oK Cancel y Figure 4 22 Hardware Configuration Reset 68 Advanced Configuration AP 700 User Guide Management 2 Check enable or uncheck disable the Enable Hardware Configuration Reset checkbox 3 Change the default Configuration Reset Password in the Configuration Reset Password and Confirm fields 4 Click OK 5 Reboot the AP NOTE It is important to safely store the configuration reset password If a user forgets the configuration reset password the user will b
253. rface CLI AP 700 User Guide Parameter Tables SNTP Parameters Name Type Value Access CLI Parameter SNTP Group Group N A R sntp SNTP Status Integer enable RW sntpstatus disable Primary Server Name or DisplayString 0 255 characters RW sntpprisvr IP Address Secondary Server Name DisplayString 0 255 characters RW sntpsecsvr or IP Address Time Zone Integer See MIB for RW sntptimezone requirements Daylight Savings Time Integer 2 RW sntpdaylightsaving 1 0 1 2 Year Integer32 N A RW sntpyear Month Integer32 1 12 RW sntpmonth Day Integer32 1 31 RW sntpday Hour Integer32 0 23 RW sntphour Minutes Integer32 0 59 RW sntpmins Seconds Integer32 0 59 RW sntpsecs Addressing Format Integer ipaddress RW sntpaddrfmt name Link Integrity Parameters Name Type Value Access CLI Parameter Link Integrity Group N A R linkint Link Integrity Status Integer enable RW linkintstatus disable default Link Integrity Poll Interval Integer 500 15000 ms RW linkintpollint in increments of 500ms 500 ms default Link Integrity Poll Integer 0 255 RW linkintpollretx Retransmissions 5 default Link Integrity IP Target Table Name Type Value Access CLI Parameter Link Integrity IP Target Table Table N A R linkinttbl Table Index Integer 1 5 N A index Target IP Address IpAddress User Defined RW ipaddr Comment optional DisplayStri
254. rfaces Configure the Access Point s interfaces Wireless and Ethernet settings Configure the Channel Blacklist Table and a Wireless Distribution System WDS Management Configure the Access Point s management Passwords IP Access Table and Services such as configuring secure or restricted access to the AP via SNMPv3 HTTPS or CLI Configure Secure Management SSL Secure Shell SSH and RADIUS Based Access Management Set up Automatic Configuration for Static IP Filtering Configure Ethernet Protocol filters Static MAC Address filters Advanced filters and Port filters Alarms Configure the Alarm SNMP Trap Groups the Alarm Host Table and the Syslog features Bridge Configure the Spanning Tree Protocol Storm Threshold protection Intra BSS traffic and Packet Forwarding QoS Configure Wireless Multimedia Enhancements Quality of Service parameters and QoS policies Radius Profiles Configure RADIUS features such as RADIUS Access Control and Accounting SSID VLAN Security Configure SSIDs VLANs and security profiles Configure security features such as MAC Access Control WPA WEP Encryption and 802 1x To configure the AP using the HTTP HTTPS interface you must first log in to a web browser See Logging In for instructions You may also configure the AP using the command line interface See Command Line Interface CLI for more information To configure the AP via HTTP HTTPS 1 Click the Configure button located on the le
255. riorities The QoS 802 1p to 802 1D Mapping Table specifies the mapping between 802 1P and 802 1D priorities Name Type Value Access CLI Parameter QoS 802 1p to 802 1D Table N A N A qos1pto1dtbl Mapping Table Table Index Primary Integer 0 7 R index Index 802 1D Priority Integer 0 7 R 1dpriority Secondary Index 802 1p Priority Integer 0 7 RW 1ppriority Table Row Status Row Status enable RW status disable delete Specifying the Mapping between IP Precedence DSCP Ranges and 802 1D Priorities The QoS IP DSCP to 802 1D Mapping Table specifies the mapping between IP Precedence DSCP Ranges and 802 1D priorities Name Type Value Access CLI Parameter QoS IP DSCP to 802 1D Table N A N A qosdscpto1dtbl Mapping Table Table Index Primary Integer 0 7 R index Index 802 1D Priority Integer 0 7 R 1dpriority IP DSCP Lower Limit Integer 0 62 RW dscplower IP DSCP Upper Limit Integer 1 63 RW dscpupper Table Row Status Row Status enable RW status disable delete 200 Command Line Interface CLI AP 700 User Guide CLI Batch File QoS Enhanced Distributed Channel Access EDCA Parameters The following commands configure the client STA and AP Enhanced Distributed Channel Access EDCA parameters The EDCA parameter set provides information needed by the client stations for proper QoS operation during the wireless contention period These parameters are used by the Q
256. riority mappings Custom entries can be added to each table with different priority mappings 1 Click Configure gt QoS gt Priority Mapping Policy Pronty Mapping EDCA This page is used to configure QoS 602 1D to 802 1p priority mappings and 802 10 To IP DSCP priority mappings The first entry in each table contains the recommended priority mappings and cannot be deleted Custom entries can be added to each table with different priority mappings 802 1D to 802 1p Priority Mapping Table Add Edit index 802 1D Priority 802 1p Priority Status 1 0 0 Enable 1 1 1 Enable 1 2 2 Enable 1 3 3 Enable 1 4 4 Enable 1 5 5 Enable 1 6 6 Enable 1 7 7 Enable 802 1D to IP DSCP Priority Mapping Table Add Edt index 802 1D Priority IP DSCP Range Status 1 0 0 7 Enable 1 1 8 15 Enable 1 2 16 23 Enable 1 3 24 31 Enable 1 4 32 39 Enable 1 5 40 47 Enable 1 6 48 55 Enable 1 7 56 63 Enable Figure 4 30 Priority Mapping 2 Click Add in the 802 1p and 802 1d priority mapping table 92 Advanced Configuration AP 700 User Guide Qos System 1 Network 1 imertaces 1 Management Filtering Y Alarms Bridge QoS 17 RADIUS Profiles ML ssion Securty i amp QoS 802 1D to 802 1p Mapping Table Add Entries This page is used to add 802 10 to 802 1p mappings This table contains a one to one mapping of 802 10 to 802 1p priorities so it requires all priorities to be specified Please enter the desired values for 802 1p priorities and
257. rk Interfaces AY Management A Filtering A IP Configuration DHCP Server DHCP RA Link Integrity SNTP 7 This page is used to configure the Simple Network Time Protocol SMTP feature If this feature is enabled the AP will attempt to retrieve the time of day from the configured time servers primary or secondary If successful the AP will update the relevant time objects with the retrieved time of day otherwise it will use the system uptime to update the relevant time objects If this feature is disabled then you can manually configure the date and time parameters Note The time servers can be configured using either the host name URL or the IP address H these servers are configured with the host name then the DNS client feature must be enabled and configured properly If a time server is configured with a 0 0 0 0 IP address then the SITP client in the AP will not send a time request to that server Note When SNTP is enabled it will take some time for the access point to retrieve the time of day from the configured time servers and update the relevant date and time parameters Enable SNTP Status r Address Format IP Address Primary Time Server 0 0 0 0 Secondary Time Server 0 0 0 0 Time Zone esteline Daylight Saving o Date MM DDITYYYY 1 iC Time MHMMSS 0 9 54 Ok Cancel b Figure 4 8 SNTP Configuration Screen You can configure and view the following parameters within the SNTP screen SNTP Sta
258. rminate the session on timeout The range is 60 to 36000 seconds the default is 900 seconds Secure Shell SSH Settings The AP supports SSH version 2 for secure remote CLI Telnet sessions SSH provides strong authentication and encryption of session data The SSH server AP has host keys a pair of asymmetric keys a private key that resides on the AP and a public key that is distributed to clients that need to connect to the AP As the client has knowledge of the server host keys the client can verify that it is communicating with the correct SSH server The client authentication is performed as follows e Using a username password pair if RADIUS Based Management is enabled otherwise using a password to authenticate the user over a secure channel created using SSH SSH Session Setup An SSH session is setup through the following process e The SSH server public key is transferred to the client using out of band or in band mechanisms e The SSH client verifies the correctness of the server using the server s public key The user client authenticates to the server An encrypted data session starts The maximum number of SSH sessions is limited to two If there is no activity for a specified amount of time the Telnet Session Timeout parameter the AP will timeout the connection SSH Clients The following SSH clients have been verified to interoperate with the AP s server The following table lists the clients version number
259. rofile Y MAC Access a l Wireless Security Profile Configuration This page is used to configure security profiles Note Changes to these parameters require access point reboot in order to take effect Security Profile Table Profile NonSecure WEP 802 1x WPA VIPAPSK 802 111 Enabled Disabled Disabled Disabled Disabled Disabled Disabled Enabled Disabled Disabled Disabled Disabled Disabled Disabled Figure 4 39 Security Profile Configuration 2 Click Add in the Security Profile Table to create a new entry To modify an existing profile select the profile and click Edit To delete an existing profile select the profile and click Delete You cannot delete a Security Profile used in an SSID Also the first Security Profile cannot be deleted 109 Advanced Configuration AP 700 User Guide SSID VLAN Security 3 Configure one or more types of wireless stations security modes that are allowed access to the AP under the security profile The WEP PSK parameters are separately configurable for each security mode To enable a security mode in the profile Non Secure Station WEP Station 802 1x Station WPA Station WPA PSK Station 802 11i WPA2 Station 802 11i PSK Station check the box next to the mode See Figure 4 40 on page 112 If the security mode selected in a profile is WEP WPA PSK or 802 11i PSK then you must configure the WEP or Pre Shared Keys NOTE If an 802 1x client that has already been authen
260. rom http support proxim com Intermittent Loss of Connection 1 Make sure you are within range of an active AP 2 You can check the signal strength using the signal strength gauge on your client software Client Does Not Receive an IP Address Cannot Connect to Internet 1 If the AP is configured as a DHCP server open the Web browser Interface and select the Configure button and then the Network tab to make sure the proper DHCP settings are being used 2 If you are not using the DHCP server feature on the AP then make sure that your local DHCP server is accessible from the Access Point s subnet 3 If using Active Ethernet make sure you are not using a crossover Ethernet cable between the AP and the hub VLAN Operation Issues Verifying Proper Operation of the VLAN Feature The correct VLAN configuration can be verified by pinging both wired and wireless hosts from both sides of the AP device and the network switch Traffic can be sniffed on both the wired Ethernet and wireless WDS backbones if configured Bridge frames generated by wireless clients and viewed on one of the backbones should contain IEEE 802 1Q compliant VLAN headers or tags The VLAN ID in the headers should correspond to one of the VLAN User IDs configured for the AP NOTE The AP 700 supports 16 VLAN SSID pairs each with a configured security profile VLAN Workgroups The correct VLAN assignment can be verified by pinging the AP to ensure co
261. roper QoS operation during the wireless contention period These parameters are used by the QoS enabled AP to establish policy to change policies when accepting new stations or new traffic or to adapt to changes in the offered load The EDCA parameters assign priorities to traffic types where higher priority packets gain access to the wireless medium more frequently than lower priority packets NOTE Default recommended values for EDCA parameters have been defined Proxim recommends not modifying EDCA parameters unless strictly necessary Perform the following procedure to configure the Station and AP EDCA tables 93 Advanced Configuration Qos AP 700 User Guide 1 Click Configure gt QoS gt EDCA Alarms Bridge f Qos RADIUS Profiles SSID VLAN Security Policy Priority Mapping EDCA This page is used to configure the client STA and AP Enhanced Distributed Channel Access EDCA parameters You can modity the EDCA values for both Wireless A and Wireless B when applicable The EDCA parameter set provides information needed by the client stations for proper QoS operation during the wireless contention period These parameters are used by the QoS enabled AP to establish policy to change policies when accepting new stations or new traffic or to adapt to changes in the offered load The EDCA parameters assign priorities to traffic types where higher priority packets gain access to the wireless medium more frequently t
262. rotocol to be subject to the filter Static MAC The Static MAC Address filter optimizes the performance of a wireless and wired network When this feature is properly configured the AP can block traffic between wired devices and wireless devices based on MAC address For example you can set up a Static MAC filter to prevent wireless clients from communicating with a specific server on the Ethernet network You can also use this filter to block unnecessary multicast packets from being forwarded to the wireless network NOTE The Static MAC Filter is an advanced feature You may find it easier to control wireless traffic via other filtering options such as Ethernet Protocol Filtering Each static MAC entry contains the following fields Wired MAC Address e Wired Mask e Wireless MAC Address e Wireless Mask e Comment This field is optional 70 Advanced Configuration AP 700 User Guide Filtering Each MAC Address or Mask is comprised of 12 hexadecimal digits 0 9 A F that correspond to a 48 bit identifier Each hexadecimal digit represents 4 bits 0 or 1 Taken together a MAC Address Mask pair specifies an address or a range of MAC addresses that the AP will look for when examining packets The AP uses Boolean logic to perform an AND operation between the MAC Address and the Mask at the bit level However for most users you do not need to think in terms of bits It should be sufficient to create a filter using
263. rs Name Type Value Access CLI Parameter Secure Management Integer 1 enable RW securemgmtstatus 2 disable SNMP Parameters Name Type Value Access CLI Parameter SNMP Group N A R snmp SNMP Management Interface Bitmask O or 2 No interfaces RW snmpifbitmask Interface Bitmask disable 1 or 3 Ethernet 4 or 6 Wireless 5 or 7 All interfaces default is 7 Read Password DisplayString User Defined W snmprpasswd public default 6 32 characters 185 Command Line Interface CLI AP 700 User Guide Parameter Tables Read Write Password DisplayString User Defined W snmprwpasswd public default 6 32 characters SNMPv3 Authentication DisplayString User Defined W snmpv3authpasswd Password public default 6 32 characters SNMPv3 Privacy DisplayString User Defined W snmpv3privpasswd Password public default 6 32 characters 186 Command Line Interface CLI Parameter Tables AP 700 User Guide HTTP Parameters Name Type Value Access CLI Parameter HTTP Group N A R http HTTP Management Interface Bitmask O or 2 No interfaces RW httpifbitmask Interface Bitmask disable 1 or 3 Ethernet 4 or 6 Wireless 5 or 7 All interfaces default is 7 HTTP Password DisplayString User Defined 6 32 W httppasswd characters HTTP Port Integer User Defined RW httpport Default 80 Help Link DisplayString User Defined R
264. rs see Set RADIUS Parameters Set RADIUS Parameters Configure RADIUS Authentication servers Perform the following command to configure a RADIUS Server and assign it to a VLAN The RADIUS Server Profile index is specified by the index parameter and the subindex parameter specifies whether you are configuring a primary or secondary RADIUS server Device Name gt set radiustbl lt Index gt profname lt Profile Name gt seraddrfmt lt 1 IP Address 2 Name gt sernameorip lt IP Address or Name gt port lt value gt ssecret lt value gt responsetm lt value gt maxretx lt value gt acctupdtintrvl lt value gt macaddrfmt lt value gt authlifetm lt value gt radaccinactivetmr lt value gt vlanid lt vlan id 1 to 4094 gt status enable NOTE To create a new RADIUS profile use O for lt Index gt Examples of Configuring Primary and Secondary RADIUS Servers and Displaying the RADIUS Configuration Primary server configuration Device Name set radiustbl 1 1 profname MAC Authentication seraddrfmt 1 sernameorip 20 0 0 20 port 1812 ssecret public responsetm 3 maxretx 3 acctupdtintrvl 0 macaddrfmt 1 authlifetm 900 radaccinactivetmr 5 vlanid 22 status enable Secondary server configuration 170 Command Line Interface CLI AP 700 User Guide Other Network Settings Device Name set radiustbl 1 2 profname MAC Authentication seraddrfmt 1 sernameorip 20 0 0 30 port 1812 ssecret public responsetm 3 maxretx 3 acctupdtintrvl 0 ma
265. rtificate maintained by the AP for secure communications between the AP and the HTTP client All communications are encrypted using the server and the client side certificate The AP comes pre installed with all required SSL files default certificate private key and SSL Certificate Passphrase installed Command Line Interface The Command Line Interface CLI is a text based configuration utility that supports a set of keyboard commands and parameters to configure and manage an AP Users enter Command Statements composed of CLI Commands and their associated parameters Statements may be issued from the keyboard for real time control or from scripts that automate configuration For example when downloading a file administrators enter the download CLI Command along with IP Address file name and file type parameters You access the CLI over a HyperTerminal serial connection or via Telnet During initial configuration you can use the CLI over a serial port connection to configure an Access Point s IP address When accessing the CLI via Telnet you can communicate with the Access Point from over your LAN switch hub etc from over the Internet or with a crossover Ethernet cable connected directly to your computer s Ethernet Port See Command Line Interface CLI for more information on the CLI and for a list of CLI commands and parameters 11 Introduction AP 700 User Guide Management and Monitoring Capabilities SNMP Man
266. s Bridge QoS RADIUS Profiles SSIDVLAN Secutty System y Network A Interfaces A Management A Filtering A This tab allows for configuration of system unique parameters and contact information Note Changes to these parameters require access point reboot in order to take effect Note Name is also used as Dynamic DNS hostname Note Name can only contain alphanumeric characters Hyphen is the only special character allowed No spaces are allowed First character can t be a numeric Name Acces Point Loca on System Lomson Contact Name Contact Name Contact Ema Contact Email Contact Phone Contact Prone numser Object IC 1 3 6 1 4 1 11898 24 12 Ethernet MAC Address 00 2046 33F3 31 Descriptor AF v3 1 0 1939 SN O4UT45570522 v3 1 0 Up Time O0 HHMM SS 00023317 Figure 4 2 System Tab Dynamic DNS Support DNS is a distributed database mapping the user readable names and IP addresses and more of every registered system on the Internet Dynamic DNS is a lightweight mechanism which allows for modification of the DNS data of host systems whose IP addresses change dynamically Dynamic DNS is usually used in conjunction with DHCP for assigning meaningful names to host systems whose IP addresses change dynamically Access Points provide DDNS support by adding the host name option 12 in DHCP Client messages which is used by the DHCP server to dynamically update the DNS server 36 Advanced Configuration AP 700 User Guide S
267. s 802 11a b g Radio Ze Ee Moss A imertacos f Op Mode Wireless Ethernet Wireless interface properties determine the characteristics of the wireless medum as well as how wireless clients wil communicate with the access point Verity configuration of the desired operational mode prior to configuring the wireless imertace properties below Note This page allows configuration of a single SSID Wireless Network Name in order to configure more than one SSID please visit the SSIDVLAN Security page Note Changes to these parameters except Wireless Service Status require access point reboot in order to take effect Physical interface Type 802 119 OFDM DSSS 2 4 GHz MAC Address 002046 49 94 06 Regulatory Domain Asa Network Name SSID My Wreless Neto A Enable Auto Channel Select Frequency Chanmel Transmit Rate DTM Period 1 255 RTSICTS Medium Reservaton 2347 0f Enable Closed System Wireless Service Status Load Balancing Max Ctents enticed Channel Blacklist Table This table is used to configure Diacklist chanmels A channel can be blacklisted automatically if radar os detected on the operating channel thes i apphcabte anty to specific regulatory domains If radar is detected on a channel that channel will be biack sted for 30 minutes A channel can also be blackisted by the administrator in case that channel ia mot to be used when ACS is enabled ed 0 0 0 0 0 0 0 o 0 0 0 0 0 Wireless
268. s that the AP should wait for the RADIUS server to respond to a request The range is 1 10 seconds the default is 3 seconds Maximum Retransmissions 0 4 Enter the maximum number of times an authentication request may be transmitted The range is 0 to 4 the default is 3 Server Status Select Enable from the drop down box to enable the RADIUS Server Profile 3 Click OK 4 Select the Profile and click Edit to configure the Secondary RADIUS Server if required MAC Access Control Via RADIUS Authentication If you want to control wireless access to the network and if your network includes a RADIUS Server you can store the list of MAC addresses on the RADIUS server rather than configure each AP individually You can define a RADIUS Profile that specifies the IP Address of the server that contains a central list of MAC Address values identifying the authorized stations that may access the wireless network You must specify information for at least the primary RADIUS server The back up RADIUS server is optional NOTE Each VLAN can be configured to use a separate RADIUS server and backup server for MAC authentication MAC access control can be separately enabled for each VLAN NOTE Contact your RADIUS server manufacturer if you have problems configuring the server or have problems using RADIUS authentication 802 1x Authentication using RADIUS You must configure a primary EAP 802 1x Authentication server to use 802 1x security A back
269. s you will not be able to download a new AP Image to the AP IP Address management is fundamental We suggest you create a chart to document and validate the IP addresses for your system If the password is lost or forgotten you will need to reset the AP to default values The Reset to Factory Default Procedure resets configuration settings but does not change the current AP Image If the AP has a corrupted software image follow the Forced Reload Procedure to erase the current AP Image and download a new image Reset to Factory Default Procedure Use this procedure to reset the network configuration values including the Access Point s IP address and subnet mask The current AP Image is not deleted Follow this procedure if you forget the Access Point s password 1 Press and hold the RELOAD button for 10 seconds NOTE You need to use a pin or the end of a paperclip to press a button The AP reboots and the factory default network values are restored 2 If not using DHCP use the ScanTool or use CLI over a serial connection to set the IP address subnet mask and other IP parameters See Command Line Interface CLI for CLI information Forced Reload Procedure Use this procedure to erase the current AP Image and configuration file and download a new AP Image In some cases specifically when a missing or corrupted AP Image prevents successful booting you may need to use ScanTool or the Bootloader CLI to download a new executable
270. s CLI Parameter MAC Address Control Group N A R macacl Status Integer enable RW aclstatus disable default Operation Type Integer passthru default RW macacloptype block MAC Access Control Table Name Type Value Access CLI Parameter MAC Address Control Table N A R macacitbl Table Table Index N A N A R index MAC Address PhysAddress User Defined RW macaddr Comment optional DisplayString User Defined RW cmt max 254 characters Status optional Integer enable default RW status disable delete Rogue Scan Configuration Table The Rogue Scan Configuration Table allows you to enable or disable Rogue Scan and configure the scanning parameters Name Type Value Access CLI Parameter Rogue Scan Table N A R rscantbl Configuration Table Rogue Scan Mode Integer Bkscan 1 RW mode Contscan 2 Rogue Scan Cycle Time Integer 1 1440 RW cycletime Rogue Scan Integer 3or4 RW index Configuration Table Index Rogue Scan Status Integer enable RW status disable Hardware Configuration Reset The Hardware Configuration Reset commands allows you to enable or disable the feature and to change the password to be used for configuration reset during boot up 197 Command Line Interface CLI Parameter Tables AP 700 User Guide or 1 4094 Name Type Value Access CLI Parameter Hardware Configuration Integer enable 1 R
271. s and Tables Tables contain parameters for a series of similar entities To see a definition and syntax example type only show and then press the Enter key To see a list of available parameters enter a question mark after show example show 155 Command Line Interface CLI AP 700 User Guide CLI Command Types Syntax Device Name gt show lt parameter gt Device Name gt show lt group gt Device Name gt show lt table gt Examples Device Name gt show ipaddr Device Name gt show network Device Name gt show mgmtipaccesstbl set CLI Command Sets modifies the value of the specified parameter To see a definition and syntax example type only set and then press the Enter key To see a list of available parameters enter a space then a question mark after set example set Syntax Device Name gt set lt parameter gt lt value gt Device Name gt set lt table gt lt index gt lt argument 1 gt lt value 1 gt lt argument N gt lt value N gt Example Device Name gt set sysloc Main Lobby Device Name gt set mgmtipaccesstbl 0 ipaddr 10 0 0 10 ipmask 255 255 0 0 Configuring Objects that Require Reboot Certain objects supported by the Access Point require a device reboot in order for the changes to take effect In order to inform the end user of this behavior the CLI provides informational messages when the user has configured an object that requires a reboo
272. s interface is preparing Ethernet interface is connected for use at 100 Mbps with no traffic Blinking Green n a Ethernet interface is connected at 100 Mbps with traffic Wireless interface is transmitting or receiving wireless packets Solid Amber The Bootloader is loading the n a Ethernet interface is connected application software at 10 Mbps with no traffic Blinking Amber The AP is reloading n a The Ethernet interface is connected at 10 Mbps with traffic Solid Red Power On Self Test POST n a n a running Blinking Red Rebooting n a n a Prerequisites Before installing an AP 700 you need to gather certain network information The following table identifies the information you need Network Name SSID of the wireless cards You must assign the Access Point a Network Name before wireless users can communicate with it The clients also need the same Network Name This is not the same as the System Name which applies only to the Access Point The network administrator typically provides the Network Name AP s IP Address If you do not have a DHCP server on your network then you need to assign the Access Point an IP address that is valid on your network HTTP Password Each Access Point requires a read write password to access the web interface The default password is public CLI Password Each Access Point requires a read write password to access the CLI interfac
273. sable default IP Address IpAddress User Defined RW iparpfltipaddr Subnet Mask IpAddress User Defined RW iparpfltsubmask Broadcast Filtering Table Name Type Value Access CLI Parameter Broadcast Filtering Table Table N A R broadcastfittbl Index Integer 1 5 N A index Protocol Name DisplayString N A R protoname Direction Integer ethertowireless RW direction wirelesstoether both default Status Integer enable RW status disable default TCP UDP Port Filtering The following parameters are used to enable disable the Port filter feature Name Type Value Access CLI Parameter Port Filtering Group N A R portfit Port Filter Status Integer enable default RW portfitstatus disable TCP UDP Port Filtering Table The following parameters are used to configure TCP UDP Port filters Name Type Value Access CLI Parameter Port Filtering Table Table N A R portfittbl Table Index N A User Defined R index there are also 4 pre defined indices see Port Number below for more information Port Type Octet String tcp RW porttype udp tcp udp 191 Command Line Interface CLI Parameter Tables AP 700 User Guide Name Type Value Access CLI Parameter Port Number Octet String User Defined there are also 4 pre defined protocols Index 1 NetBios Name Service 137 Index 2 NetBios Datagram Service 138 Index 3 NetBios Session Service 139 Index 4 SNMP Service 161 RW portnum
274. sferring files to or from the AP TFTP or HTTP or HTTPS if enabled Downloading files Configuration AP Image Bootloader Private Key and Certificate CLI Batch File to the AP using one of these two methods is called Updating the AP 129 Commands AP 700 User Guide Introduction to File Transfer via TFTP or HTTP e Uploading files Configuration CLI Batch File from the AP is called Retrieving Files TFTP File Transfer Guidelines A TFTP server must be running and configured to point to the directory containing the file If you do not have a TFTP server installed on your system install the TFTP server from the ORINOCO CD HTTP File Transfer Guidelines HTTP file transfer can be performed either with or without SSL enabled HTTP file transfers with SSL require enabling Secure Management and Secure Socket Layer HTTP transfers that use SSL may take additional time NOTE SSL requires Internet Explorer version 6 128 bit encryption Service Pack 1 and patch Q323308 Image Error Checking During File Transfer The Access Point performs checks to verify that an image downloaded through HTTP or TFTP is valid The following checks are performed on the downloaded image e Zero Image size e Large image size Non VxWorks image AP image e Digital signature verification If any of the above checks fail on the downloaded image the Access Point deletes the downloaded image and retains the old image Otherwise if
275. shows the current links Device Name gt set linkinttbl lt 1 5 depending on what table row you wish to address gt ipaddr lt ip address of the host computer you want to check gt Device Name gt set linkintpollint lt the interval between link integrity checks gt Device Name gt set linkintpollretx lt number of times to retransmit before considering the link down gt Device Name gt set linkintstatus enable Device Name gt show linkinttb1 to confirm new settings Device Name gt reboot 0 Change your Wireless Interface Settings See Interfaces for information on the parameters listed below The AP 700 uses index 3 Operational Mode Device Name gt set wif lt index gt mode lt see table gt Mode Operational Mode 1 dot1 1b only 2 dot1 1g only 3 dot11bg 4 dot 1a only 5 dot11g wifi Autochannel Select ACS ACS is enabled by default Reboot after disabling or enabling ACS Device Name gt set wif lt index gt autochannel lt enable disable gt Device Name gt reboot 0 Enable Disable Closed System Device Name gt set wif lt index gt closedsys lt enable disable gt 166 Command Line Interface CLI AP 700 User Guide Other Network Settings Shutdown Resume Wireless Service Device Name gt set wif lt index gt wssstatus lt 1 resume 2 shutdown gt Set Load Balancing Maximum Number of Clients Device Name gt set wif lt index gt lbmaxclients lt
276. ss Assignment mode is dynamic DHCP If you do not have a DHCP server on your network the default IP Address is 169 254 128 132 If you have more than one unintialized AP connected to the network they will all have the same default IP address and you will not be able to communicate with them due to an IP address conflict In this case assign each AP a static IP address via the serial cable or turn off all units but one and change the IP address using ScanTool one at a time 2 The AP only contacts a DHCP server during boot up If your network s DHCP server is not available while the AP is booting the device will use the default IP address 169 254 128 132 Reboot the AP once your DHCP server is on line again or use the ScanTool to find the Access Point s current IP address 3 To find the unit s current IP address if using DHCP open the IP Client Table in the DHCP Server and match the Access Point s IP address to its MAC address found on the product label Alternatively use ScanTool to identify an Access Point s current IP address 4 Once you have the current IP address use the HTTP or CLI Interface to change the unit s IP settings if necessary 5 If you use static IP Address assignments and cannot access the unit over Ethernet use the Initializing the IP Address using CLI procedure Once the IP Address is set you can use the Ethernet Interface to complete configuration 139 Troubleshooting AP 700 User Guide Symptoms a
277. ssfully completed Informational oriTrapRADScanResults Provides information on the RAD Scan results Informational oriTrapRogueScanStationDetected Rogue station detected Informational oriTrapRogueScanCycleComplete Rogue scan successfully completed Informational Wireless Interface Card Trap Group Trap Name Description Severity Level oriTrapWLCFailure General failure wireless interface card failure Critical oriTrapWLCRadarlInterferenceDetected Radar interference detected on the channel being Major used by the wireless interface MIC Attack Detected Supported in Web interface only Major MIC Attack Report Detected Supported in Web interface only Major Operational Trap Group Trap Name Description Severity Level oriTrapUnrecoverableSoftwareErrorDetected Unrecoverable software error detected Causes software watch dog timer to expire which in turn causes the device to reboot Critical oriTrapRADIUSServerNotResponding RADIUS server not responding to authentication Major requests sent from the RADIUS client in the device oriTrapModuleNotinitialized Module hardware or software not initialized Major oriTrapDeviceRebooting Device rebooting Informational oriTrapTaskSuspended Task suspended Critical oriTrapBootPFailed Response to the BootP request not received Major device not dynamically assigned an IP address 76 Advanced Configuration Alarms AP 700
278. sswd lt New Password gt SNMPv3 privacy password gt reboot 0 Device Nam Device Nam Device Nam Device Nam Device Nam Device Nam Device Nam 0000000 CAUTION Proxim strongly urges you to change the default passwords to restrict access to your network devices to authorized personnel If you lose or forget your password settings you can always perform the Reset to Factory Default Procedure Set Network Names for the Wireless Interface Device Name gt set wif lt index 3 gt netname lt Network Name SSID for wireless interface gt Device Name gt show wif 161 Command Line Interface CLI AP 700 User Guide Set Basic Configuration Parameters using CLI Commands Device Name gt show wif Wireless Interface Table 3 Network Name My Wireless Network A Distance Between APs large Interference Robustness J disable DTIH Period 1 Automatic Channel Selection enable Frequency Channel A 56 RTS CTS Medium Reservation S 2347 Multicast Rate z 2 MBps Closed System disable Load Balancing enable Medium Density Distribution disable MAC Address 00 30 F1 65 09 E9 Supported Data Rates 6 9 12 18 24 36 48 54 Supported Frequency Channels 52 56 66 64 36 46 44 48 149 153 157 161 Physical Layer Type Regulatory Domain List Transmit Rate Turbotbode OFDM USA FCC 8 disable Figure A 13 Results of show wif CLI command for an AP Enable 802 11d Support and Set the Country Code
279. st Parameters View and configure blacklisted channels Wireless Distribution System WDS Parameters Configure the WDS partnerships Wireless Interface SSID VLAN Profile Parameters Configure the SSIDs VLANs and security modes Up to 16 SSIDs are supported different security settings can be applied to each SSID and a unique VLAN can be configured per SSID Ethernet Interface Parameters Set the speed and duplex of the Ethernet port Management Parameters Control access to the AP s management interfaces SNMP Parameters Set read and read write passwords HTTP Parameters Set up the graphical web browser interface If required enable SSL and configure the SSL certificate passphrase Telnet Parameters Telnet Port setup Serial Port Parameters Serial Port setup RADIUS Based Management Access Parameters Configure RADIUS Based Management Access for HTTP and Telnet access SSH Parameters Enable SSH and configure the host key TFTP Server Parameters Set up for file transfers specify IP Address file name and file type 174 Command Line Interface CLI AP 700 User Guide Parameter Tables IP Access Table Parameters Configure range of IP addresses that can access the AP Auto Configuration Parameters Configure the Auto Configuration feature which allows an AP to be automatically configured by downloading a configuration file from a TFTP server during boot up e Filt
280. st transmits a Request to Send RTS packet to confirm that the medium is clear When the receiving radio successfully receives the RTS packet it transmits back a Clear to Send CTS packet to the sending radio When the sending radio receives the CTS packet it sends the data packet to the receiving radio The RTS and CTS packets contain a reservation time to notify other radios including hidden nodes that the medium is in use for a specified period This helps to minimize collisions While RTS CTS adds overhead to the radio network it is particularly useful for large packets that take longer to resend after a collision occurs RTS CTS Medium Reservation is an advanced parameter and supports a range between 0 and 2347 bytes When set to 2347 the default setting the RTS CTS mechanism is disabled When set to 0 the RTS CTS mechanism is used for all packets When set to a value between 0 and 2347 the Access Point uses the RTS CTS mechanism for packets that are the specified size or greater You should not need to enable this parameter for most networks unless you suspect that the wireless cell contains hidden nodes Wireless Service Status The user can shut down or resume the wireless service on the wireless interface of the AP through the CLI HTTP or SNMP interface When the wireless service on a wireless interface is shut down the AP will Stop the AP services to wireless clients connected on that wireless interface by disassociating them
281. stall the TFTP server from the CD Wizard or run OEM TFTP Server exe found in the CD s Xtras SolarWinds sub directory The Update AP via TFTP tab shows version information and allows you to enter TFTP information as described below Server IP Address Enter the TFTP server IP Address Double click the TFTP server icon on your desktop and locate the IP address assigned to the TFTP server NOTE This is the IP address that will be used to point the Access Point to the AP Image file File Name Enter the name of the file to be downloaded including the file extension Copy the updated AP Image file to the TFTP server s root folder The default AP Image is located at C Program Files ORINOCO AP700 File Type Select the proper file type Choices include Config for configuration information such as System Name Contact Name and so on Image for the AP Image executable program Upgrade BspBI for the Bootloader software SSL Certificate the digital certificate for authentication in SSL communications SSL Private Key the private key for encryption in SSL communications SSH Public Key the public key in SSH communications See Secure Shell SSH Settings for more information SSH Private Key the private key in SSH communications See Secure Shell SSH Settings for more information 131 Commands AP 700 User Guide Update AP via HTTP CLI Batch File a CLI Batch file that contains CLI c
282. t NOTE In countries in which 802 11a 5 GHZ is not available for use the AirSPEED AP541 provides dual band 802 11b and 802 119 support only 802 11a functionality covered in this User Guide is not supported In general you should use either 802 11g only mode if you want to support 802 11g devices only or 802 11b g mode to support a mix of 802 11b and 802 11g devices e Configure the following available options and click Save amp Next Primary Network Name SSID Enter a Network Name between 1 and 32 characters long for the wireless network You must configure each wireless client to use this name as well Note that the AP 700 supports up to 16 SSIDs and VLANs Please see the Advanced Configuration chapter for information on the detailed rules on configuring multiple SSIDs VLANs and security profiles NOTE Do not use quotation marks single or double in the Network Name this will cause the AP to misinterpret the name Auto Channel Select By default the AP scans the area for other Access Points and selects the best available communication channel either a free channel if available or the channel with the least amount of interference Remove the check mark to disable this option See Dynamic Frequency Selection Radar Detection DFS RD for information and Available Channels for a list of available channels Frequency Channel When Auto Channel Select is enabled this field is read only and displays the Access Point s curren
283. t 802 1x requires a RADIUS server and uses the Extensible Authentication Protocol EAP as a standards based authentication framework and supports automatic key distribution for enhanced security The EAP based authentication framework can easily be upgraded to keep pace with future EAP types Popular EAP types include EAP Message Digest 5 MD5 Username Password based authentication does not support automatic key distribution EAP Transport Layer Security TLS Certificate based authentication a certificate is required on the server and each client supports automatic key distribution 106 Advanced Configuration AP 700 User Guide SSID VLAN Security EAP Tunneled Transport Layer Security TTLS Certificate based authentication a certificate is required on the server a client s username password is tunneled to the server over a secure connection supports automatic key distribution PEAP Protected EAP with MS CHAP Secure username password based authentication supports automatic key distribution Different servers support different EAP types and each EAP type provides different features See the documentation that came with your RADIUS server to determine which EAP types it supports NOTE The AP supports the following EAP types when Security Mode is set to 802 1x WPA or 802 111 WPA2 EAP TLS PEAP EAP TTLS EAP MD5 and EAP SIM Authentication Process There are three main components in the authentication
284. t The following messages are displayed as a result of the configuring such object or objects Example 1 Configuring objects that require the device to be rebooted The following message is displayed every time the user has configured an object that requires the device to be rebooted Device Name gt set ipaddr 135 114 73 10 The following elements require reboot ipaddr Example 2 Executing the exit quit or done commands when an object that requires reboot has been configured In addition to the above informational message the CLI also provides a message as a result of the exit quit or done command if changes have been made to objects that require reboot If you make changes to objects that require reboot and execute the exit command the following message is displayed Device Name gt exit lt CR gt OR quit lt CR gt OR done lt CR gt Modifications have been made to parameters that require the device to be rebooted These changes will only take effect after the next reboot set and show Command Examples In general you will use the CLI show Command to view current parameter values and use the CLI set Command to change parameter values As shown in the following examples parameters may be set individually or all parameters for a given table can be set with a single statement 156 Command Line Interface CLI AP 700 User Guide CLI Command Types Example 1 Set the Access Point IP Address Parameter
285. t are not tracked Authentication and Accounting Attributes Additionally the AP supports a number of Authentication and Accounting Attributes defined in RFC2865 RFC2866 RFC2869 and RFC3580 Authentication Attributes State Received in Access Accept Packet by the AP during Authentication and sent back as is during Re Authentication Class Received in Access Accept Packet by the AP during Authentication and back as in Accounting Packets Session Timeout Ifthe RADIUS server does not send a Session Timeout the AP will set the subscriber expiration time to 0 which means indefinite access The Termination Action attribute defines how the Session Timeout attribute will be interpreted If the Termination Action is DEFAULT then the session is terminated on expiration of the Session Timeout time interval If Termination Action is RADIUS Request then re authentication is done on expiration on the session Ifthe RADIUS server sends a Session Timeout the value specified by the Session Timeout attribute will take precedence over the configured Authorization Lifetime value Termination Action Valid values are Default 0 RADIUS Request 1 When the value is default the Termination Action attribute sends an accounting stop message and then reauthenticates If the value is RADIUS Request the Termination Action attribute reauthenticates without sending an accounting stop Idle Timeout The AP internally
286. t hardware configuration reset status is enabled When disabling hardware configuration reset the user is recommended to configure a configuration reset password A configuration reset option appears on the serial port during boot up before the AP reads its configuration and initializes Whenever the AP is reset to factory default configuration hardware configuration reset status is enabled and the configuration reset password is set to the default public If secure mode is enabled in the AP only secure SSL SNMPv3 SSH users can modify the values of the Hardware Configuration Reset Status and the configuration reset password Configuration Reset via Serial Port During Bootup If hardware configuration reset is disabled the user gets prompted by a configuration reset option to reset the AP to factory defaults during boot up from the serial interface By pressing a key sequence ctrl R the user gets prompted to enter a configuration reset password before the configuration is reset NOTE It is important to safely store the configuration reset password If a user forgets the configuration reset password the user will be unable to reset the AP to factory default configuration if the AP becomes inaccessible and the hardware configuration reset functionality is disable Configuring Hardware Configuration Reset Perform the following procedure to configure Hardware Configuration Reset and to set the Configuration Reset Password See Figu
287. t if you change the HTTP Port HTTP Wizard Status The Setup Wizard appears automatically the first time you access the HTTP interface If you exited out of the Setup Wizard and want to relaunch it enable this option click OK and then close your browser or reboot the AP The Setup Wizard will appear the next time you access the HTTP interface HTTPS Access Secure Socket Layer NOTE SSL requires Internet Explorer version 6 128 bit encryption Service Pack 1 and patch Q323308 NOTE You need to reboot the AP after enabling or disabling SSL for the changes to take effect HTTPS Secure Web Status The user can access the AP in a secure fashion using Secure Socket Layer SSL over port 443 The AP comes pre installed with all required SSL files default certificate and private key installed Use the drop down menu to enable disable this feature SSL Certificate Passphrase After enabling SSL the only configurable parameter is the SSL passphrase The default SSL passphrase is proxim The AP supports SSLv3 with a 128 bit encryption certificate maintained by the AP for secure communications between the AP and the HTTP client All communications are encrypted using the server and the client side certificate If you decide to upload a new certificate and private key using TFTP or HTTP File Transfer you need to change the SSL Certificate Passphrase for the new SSL files Accessing the AP through the HTTPS interface The user should use
288. t operating channel When Auto Channel Select is disabled you can specify the Access Point s channel If you decide to manually set the unit s channel ensure that nearby devices do not use the same frequency Available Channels vary based on regulatory domain See Dynamic Frequency Selection Radar Detection DFS RD for details more information and Available Channels for a list of available channels Transmit Rate Use the drop down menu to select a specific transmit rate for the AP 700 radio The Auto Fallback feature allows the AP to select the best transmit rate based on the cell size For 802 11a only mode choose between 6 9 12 18 24 36 48 54 Mbits s and Auto Fallback For 802 11b only mode choose between 1 2 5 5 11 Mbits s and Auto Fallback For 802 11g only mode choose between 6 9 12 18 24 36 48 54 Mbits s and Auto Fallback For 802 11bg mode choose between 1 2 5 5 6 9 11 12 18 24 36 48 54 Mbits sec and Auto Fallback For 802 11g wifi mode choose between 6 9 12 18 24 36 48 54 Mbits s and Auto Fallback NOTE 802 11g wifi has been defined for Wi Fi testing purposes lt is not recommended for use in your wireless network environment Additional advanced settings are available in the Wireless Interface Configuration screen See Interfaces for details See Security Profile for a description of security features Management VLAN for a description of VLAN capabilities and Configurin
289. tab that corresponds to the statistics you want to review For example click Learn Table to see the list of nodes that the AP has discovered on the network 3 If necessary click the Refresh button to update the statistics Each Monitor tab is described in the remainder of this chapter 119 Monitoring AP 700 User Guide Version Version From the HTTP interface click the Monitor button and select the Version tab The list displayed provides you with information that may be pertinent when calling Technical Support With this information your Technical Support representative can verify compatibility issues and make sure the latest software are loaded This screen displays the following information for each Access Point component Serial Number The component s serial number if applicable Component Name ID The AP identifies a system component based on its ID Each component has a unique identifier e Variant Several variants may exist of the same component for example a hardware component may have two variants one with more memory than the other e Version Specifies the component s version or build number The Software Image version is the most useful information on this screen for the typical end user lAPP Version This tab displays version information of the access point system components This information can be used by Technical Support to diagnose incompatibility issues and to determine if up
290. tact Phone Number System Location System Locaton ContactEmail My Wireless Network B Up Time DDHHMUSS 0001 3302 Odjec ID 136141 1189824 12 System Alarms This table displays information on the alarms SUMP Traps generated by the access pont They should be deleted once they are reviewed and resotved The alarm severity levels are Critical Major Minor and informatonal itd Descripsen Severity Time Stamp AP Cold Started Odays OnrsOm 189 Link Up Odays Ons Om 265 Link Up O cays Ons Om 268 Figure 3 1 System Status Screen The System Status screen provides the following information System Status This area provides system level information including the unit s IP address and contact information See System for information on these settings System Alarms System traps if any appear in this area Each trap identifies a specific severity level critical major minor and informational See Alarms for a list of possible alarms From this screen you can also access the AP s monitoring and configuration options by clicking on the buttons on the left of the screen 33 AP 700 User Guide Advanced Configuration This chapter contains information on configuring settings in the following categories System Configure specific system information such as system name and contact information Network Configure IP DNS client DHCP server DHCP Relay Agent DHCP Relay Servers Link Integrity and SNTP settings Inte
291. tatistics are available through SNMP e Octets Received The number of octets received from the associated wireless station or WDS link partner by the AP Unicast Frames Received The number of Unicast frames received from the associated wireless station or WDS link partner by the AP Non Unicast Frames Received The number of Non Unicast frames received i e broadcast or multicast from the associated wireless station or WDS link partner by the AP e Octets Transmitted The number of octets sent to the associated wireless station or WDS link partner from the AP Unicast Frames Transmitted The number of Unicast frames transmitted to the associated wireless station or WDS link partner from the AP 128 AP 700 User Guide Commands This chapter contains information on the following Command functions e Introduction to File Transfer via TFTP or HTTP Describes the available file transfer methods Update AP via TFTP Download files from a TFTP server to the AP Update AP via HTTP Download files to the AP from HTTP e Retrieve File Upload configuration files from the AP to a TFTP server e Retrieve File via HTTP Upload configuration files from the AP via HTTP e Reboot Reboot the AP in the specified number of seconds e Reset Reset all of the Access Point s configuration settings to factory defaults e Help Link Configure the location where the AP Help files can be found To perform commands using the HTT
292. tatus lt enable disable gt default is disable Device Name gt set sysloghbinterval lt 1 604800 gt default is 900 seconds Device Name gt set sysloghosttbl lt index gt ipaddr lt ipaddress gt cmt lt comment gt status lt enable disable gt 169 Command Line Interface CLI AP 700 User Guide Other Network Settings Configure Intra BSS Device Name gt set intrabssoptype lt passthru default block gt Configure Wireless Distribution System Create Enable WDS Device Name gt set wdstbl lt Index gt partnermacaddr lt MAC Address gt status enable Enable Disable WDS Device Name gt set wdstbl lt Index gt status lt enable disable gt NOTE lt Index gt is 3 1 3 6 To determine the index type show wdstb1 at the prompt Configure MAC Access Control Setup MAC Address Access Control Device Name gt set wifssidtbl lt index gt aclstatus enable disable Device Name gt set macacloptype lt passthru block gt Device Name gt reboot 0 Add an Entry to the MAC Access Control Table Device Name gt set macacltbl 0 macaddr lt MAC Address gt status enable Device Name gt show macacltbl Disable or Delete an Entry in the MAC Access Control Table Device Name gt set macacltbl lt index gt status lt disable delete gt Device Name gt show macacltbl NOTE For larger networks that include multiple Access Points you may prefer to maintain this list on a centralized location using the RADIUS paramete
293. tenna system No user serviceable parts all repairs and service must be handled by a qualified service center 216 Regulatory Compliance AP 700 User Guide Federal Communications Commission FCC Federal Communications Commission FCC FE DECLARATION OF CONFORMITY This device is in conformance with Part 15 of the FCC Rules and Regulations for Information Technology Equipment Operation of this product is subject to the following two conditions 1 this device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation Supplier Information Trade Name Proxim Model 8675 XXX Responsible Party Proxim Corporation Address 935 Stewart Drive Sunnyvale CA 94085 Contact Person Title Mohammad Sa id Regulatory Compliance Manager Telephone 408 542 5357 Fax 408 720 9380 EUT Certification Summary Equipment Class Class B Product Type ORiNOCO AP 700 Access Point Report Number RF921107R01 Report Issuance Date 2004 02 09 Tested by Advance Data Technology Corporation We the responsible party Proxim Corporation declare that the product ORiNOCO AP 700 Access Point was tested to conform to the applicable FCC Rules and regulations The method of testing was in accordance to the most accurate measurement standards possible and that all necessary steps have been enforded to assure that all production units of the same
294. the ETSI regulatory domain and operating in the middle frequency band disabling Auto Channel Select will limit the available channels to those in the lower frequency band Wireless Service Status cannot be shut down on an interface where Rogue Scan is enabled Distance Between APs allows the AP to perform better in high noise environments by increasing the recieve sensitivity and transmit defer threshold as follows Distance Between Receive Sensitivity Threshold Transmit Defer Threshold APs Value dBm Value dBm Large 0 96 33 62 Medium 9 86 33 62 Small 17 78 43 52 Mini 25 70 53 42 Micro 33 62 59 36 180 Command Line Interface CLI Parameter Tables AP 700 User Guide 802 11a Only Parameters Name Operating Frequency Channel Type Integer Value Varies by regulatory domain and country See Available Channels Access RW CLI Parameter channel Supported Data Rates Octet String See Transmit Rate below suppdatarates Transmit Rate Integer32 0 Auto Fallback default 6 Mbits sec 9 Mbits sec 12 Mbits sec 18 Mbits sec 24 Mbits sec 36 Mbits sec 48 Mbits sec 54 Mbits sec RW txrate Physical Layer Type Integer ofdm orthogonal frequency division multiplexing for 802 11a phytype Super Mode Integer enable disable default RW supermode Turbo Mode Integer enable disable default
295. the office Double Quotes within Single Quotes Daniel s Desk in the office One Single Quote within Double Quotes Daniel s Desk in the office One Double Quote within Single Quotes 159 Command Line Interface CLI AP 700 User Guide Configuring the AP using CLI commands The string delimiter does not have to be used for every string object The single quote or double quote only has to be used for string objects that contain blank space characters If the string object being used does not contain blank spaces then the string delimiters single or double quotes mentioned in this section are not required Configuring the AP using CLI commands Log into the AP using HyperTerminal 1 Open your terminal emulation program like HyperTerminal and set the following connection properties Com Port lt COM1 COM2 etc depending on your computer gt Baud rate 9600 Data Bits 8 Stop bits 1 Flow Control None e Parity None 2 Under File gt Properties gt Settings gt ASCII Setup enable the Send line ends with line feeds option HyperTerminal sends a line return at the end of each line of code 3 Enter the CLI password default is public NOTE Proxim recommends changing your default passwords immediately To perform this operation using CLI commands see Change Passwords Log into the AP using Telnet The CLI commands can be used to access configure and manage the AP using Telnet Follow these steps 1
296. ther DHCP server on the network Enabling this feature with incorrect address pools will cause problems on your network Configure the DNS Client Device Name gt set dnsstatus enable Device Name gt set dnsprisvripaddr lt IP address of primary DNS server gt Device Name gt set dnssecsvripaddr lt IP address of secondary DNS server gt Device Name Device Name gt show dns gt set dnsdomainname lt default domain name gt dnsstatus d dnsprisuripaddr B dnssecsuripaddr B dnsdomainname Device Namel gt show dns DNS Client Group Figure A 14 Results of show dns CLI command 165 Command Line Interface CLI AP 700 User Guide Other Network Settings Configure DHCP Relay Perform the following command to enable or disable DHCP Relay Agent Status NOTE You must have at least one entry in the DHCP Relay Server Table before you can set the DHCP Relay Status to Enable Device Name gt set dhcprelaystatus enable Configure DHCP Relay Servers Perform the following command to configure and enable a DHCP Relay Server The AP allows the configuration of a maximum of 10 server settings in the DHCP Relay Agents server table Device Name gt set dhcprlyindex 1 dhcprlyipaddr lt ip address gt dhcprlycmt lt comment gt dhcprlystatus 1 1 to enable 2 to disable 3 to delete 4 to create Maintain Client Connections using Link Integrity Device Name gt show linkinttbl this
297. ticated attempts to switch to WEP or if a WEP client that has already been connected attempts to switch to 802 1x the AP will not allow the client to switch immediately If this happens either reboot the AP or disable the client roam to a new AP for five minutes and then attempt to reconnect to the AP If the client is still unable to connect after waiting five minutes reboot the AP 4 Configure the parameters as follows for each enabled security mode See Figure 4 40 on page 112 Non Secure Station e Authentication Mode None The AP allows access to Stations without authentication Non secure station should be used only with WEP or 802 1x security mode e Cipher None WEP Station e Authentication Mode None e Cipher WEP Encryption Key 0 Encryption Key 1 Encryption Key 2 Encryption Key 3 e Encryption Key Length 64 128 or 152 Bits For 64 bit encryption an encryption key is 10 hexadecimal characters 0 9 and A F or 5 ASCII characters see ASCII Character Chart For 128 bit encryption an encryption key is 26 hexadecimal characters or 13 ASCII characters For 152 bit encryption an encryption key is 32 hexadecimal characters or 16 ASCII characters e Encryption Transmit Key select Key 0 Key 1 Key 2 or Key 3 e 802 1x Station e Authentication Mode 802 1x e Cipher WEP e Encryption Key Length 64 or 128 Bits If 802 1x is enabled simultaneously with WEP the 802 1x Station s encryption key length
298. tree protocol is an advanced bridge setup option for complex network topologies by eliminating unnecessary data loops This tab can be used to configure spanning tree protocol characteristics and bridge priority and path cost Warning Changing these parameters may significantly affect the network topology and performance Noto Changes to Hello Time and Forwarding Dolay must be in 100 millisecond increments Changos to Spanning Tree Protocol parameters require access point reboot in order to take effect Enable Spanning Tree Protocol iF Bridge Priority 0 65535 22788 Max Age 600 4000 1 100 sec 2009 Hello Time 100 1000 1 100 sec 200 Forward Delay 400 3000 1 100 sec 1209 OK gt Cancel D Priority and Path Cost Table Eot Port Priority Path Cost State Status 1 128 100 Forwarding Enabled 2 128 100 Forwarding Enabled 3 128 100 Disabled Enabled 4 128 100 Disabled Enabled 5 128 100 Disabled Enabled 6 128 100 Disabled Enabled 7 128 100 Disabled Enabled 8 128 100 Disabled Enabled 9 12 100 Forwarding Enabled 10 128 100 Disabled Enabled 11 128 100 Disabled Enabled 2 12 100 Disabled Enabled 13 128 100 Disabled Enabled 4 128 100 Disabled Enabled 15 128 100 Disabled Enabled Figure 4 27 Spanning Tree Sub Tab Storm Threshold Storm Threshold is an advanced Bridge setup option that you can use to protect the network against data overload by Specifying a maximum number of frames per second as received from a sin
299. ts AP 700 User Guide The AP 700 contains one embedded 802 11a b g radio that supports the following operational modes 802 11a only mode 802 11b only mode 802 11g only mode 802 11b g mode 802 119 wifi NOTE 802 11g wifi has been defined for Wi Fi testing purposes It is not recommended for use in your wireless network environment NOTE In countries in which 802 11a 5 GHz is not available for use the AP 700 provides dual band 802 11b and 802 119 support only 802 11a functionality covered in this User Guide is not supported The AP 700 can be powered through either Active Ethernet 802 3af Power over Ethernet or through an external DC power source using the power cord The AP 700 includes a a power jack a 10 100 base T Ethernet port and an RS 232 serial data communication port The AP includes an optional security cover that can be installed to protect against access to the power and LAN cables and to the reset and reload buttons See Figure 2 1 14 Installation and Initialization AP 700 User Guide AP 700 Hardware Description Power LAN RS 232 Reset Reload Figure 2 1 Rear Panel The AP 700 has been designed to rest horizontally on a flat surface but can be wall or ceiling mounted with the long axis vertical The unit includes screw slots in the bottom plastic for mounting to a flat wall or ceiling Antennas The AP 700 employs two internal antennas for antenna diversity one is vertically polar
300. ts 0 59 45 Advanced Configuration AP 700 User Guide Interfaces Interfaces From the Interfaces tab you configure the Access Point s operational mode settings power control settings wireless interface settings and Ethernet settings You may also configure a Wireless Distribution System for AP to AP communications The Interfaces tab contains the following sub tabs e Operational Mode e Wireless 802 11a b g Radio Ethernet Operational Mode From this tab you can configure and view the operational mode for the Wireless interface Alarms 7 Bridge Qos RADIUS Profiles Ml ssimarisecunty Y System Network Interfaces Management A Filtering A Operational Mode Y Wireless Ethernet A The operational mode of the wireless interface determines the mode of communication between wireless chents and the access point Note Changes to these parameters require access point reboot in order to take effect Note Select the desired operational mode prior to configuring other wireless interface parameters Note 802 110 needs to be enabled before enabling IBSS Power Control Wireless A Operational Mode 802 tta cety Enable Super Mode r Enable Turbo Mode F Enable 802 114 r ISOMEC 3166 1 CountryCode ureo STATES Enable TX Power Contre F Wireless A Transmit Power Level 100 OK Cancel i Figure 4 9 Operational Mode Screen The Wireless 802 11a b g interface can be configure
301. tted frames for which transmission is inhibited by more than one collision Multiple Retry Count Wireless The number of packets successfully transmitted after more than one retransmission Operational Status Ethernet Wireless The current state of the interface Up ready to pass packets Down not ready to pass packets or Testing testing and unable to pass packets 125 Monitoring AP 700 User Guide Interfaces Out Discards Ethernet Wireless The number of error free outbound packets chosen to be discarded to prevent their being transmitted One possible reason for discarding such a packet could be to free up buffer space Out Errors Ethernet Wireless The number of outbound packets that could not be transmitted because of errors Out Non unicast Packets Ethernet Wireless The total number of packets that higher level protocols requested be transmitted to a non unicast i e a subnetwork broadcast orsubnetwork multicast address including those that were discarded or not sent Out Octets bytes Ethernet Wireless The total number of octets transmitted out of the interface including framing characters Out Unicast Packets Ethernet Wireless The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Output Queue Length Ethernet Wireless The length of the output packet queue in packets Physical Address Et
302. tus Select Enable or Disable from the drop down menu The selected status will determine which of the parameters on the SNTP screen are configurable NOTE When SNTP is enabled it will take some time for the AP to retrieve the time of day from the configured time servers and update the relevant date and time parameters Addressing Format If SNTP is enabled choose whether you will use the host name or the IP address to configure the primary secondary SNTP servers If these servers are configured with the host name the DNS client feature must be enabled and configured properly Primary Server Name or IP Address If SNTP is enabled enter the host name or IP address of the primary SNTP server Secondary Server Name or IP Address If SNTP is enabled enter the host name or IP address of the secondary SNTP server Time Zone Select the appropriate time zone from the drop down menu Daylight Savings Time Select the number of hours to adjust for daylight savings time Time and Date Information When SNTP is disabled the following time relevant objects are manually configurable When SNTP is enabled these objects are grayed out 44 Advanced Configuration AP 700 User Guide Network Year Enter the current year Month Enter the month in digits 1 12 Day Enter the day in digits 1 31 Hour Enter the hour in digits 0 23 Minutes Enter the minutes in digits 0 59 Seconds Enter the seconds in digi
303. u can also set the channel manually see Interfaces for details Access Points that use the same channel should be installed as far away from each other as possible to reduce potential interference IEEE 802 11 Specifications In 1997 the Institute of Electrical and Electronics Engineers IEEE adopted the 802 11 standard for wireless devices operating in the 2 4 GHz frequency band This standard includes provisions for three radio technologies direct sequence spread spectrum frequency hopping spread spectrum and infrared Devices that comply with the 802 11 standard operate at a data rate of either 1 or 2 Megabits per second Mbits sec In 1999 the IEEE modified the 802 11 standard to support direct sequence devices that can operate at speeds of up to 11 Mbits sec The IEEE ratified this standard as 802 11b 802 11b devices are backwards compatible with 2 4 GHz 10 Introduction AP 700 User Guide Management and Monitoring Capabilities 802 11 direct sequence devices that operate at 1 or 2 Mbits sec Available Frequency Channels vary by regulatory domain and or country See Available Channels for details Also in 1999 the IEEE modified the 802 11 standard to support devices operating in the 5 GHz frequency band This standard is referred to as 802 11a 802 11a devices are not compatible with 2 4 GHz 802 11 or 802 11b devices 802 11a radios use a radio technology called Orthogonal Frequency Division Multiplexing OFDM to achieve d
304. und scanning mode Device Name gt set rscantbl lt 3 4 gt mode lt 1 for background scanning 2 for continuous scanning gt cycletime lt cycletime from 1 1440 minutes gt status lt enable disable gt NOTE Rogue Scan cannot be enabled on a wireless interface when the Wireless Service Status on that interface is shutdown First resume service on the wireless interface Set Hardware Configuration Reset Parameters The Hardware Configuration Reset commands allows you to enable or disable the hardware reset functionality and to change the password to be used for configuration reset during boot up To disable hardware configuration reset enter Device Name gt set hwconfigresetstatus disable To enable hardware configuration reset enter Device Name gt set hwconfigresetstatus enable To define the Configuration Reset Password to be used for configuration reset during boot up enter the following command Device Name gt set configresetpasswd lt password gt It is important to safely store the NOTE It is important to safely store the configuration reset password If a user forgets the configuration reset password the user will be unable to reset the AP to factory default configuration if the AP becomes inaccessible and the hardware configuration reset functionality is disable Set VLAN SSID Parameters Enable VLAN Management Device Name gt set vlanstatus enable Device Name gt set vlanmgmtid lt 1 4094 gt Device Name gt
305. ut Octets 101 Advanced Configuration AP 700 User Guide Radius Profiles Number of octets bytes received by subscriber Acct Output Octets Number of octets bytes sent by subscriber e Acct Input Packets Number of packets received by subscriber e Acct Output Packets Number of packets sent by subscriber e Acct Terminate Cause Indicates how the session was terminated Vendor Specific Attributes 102 Advanced Configuration AP 700 User Guide SSID VLAN Security SSID VLAN Security The AP provides several security features to protect your network from unauthorized access This section gives an overview of VLANs and then discusses the SSID VLAN Security configuration options in the AP VLAN Overview Management VLAN e Security Profile e MAC Access e Wireless The AP also provides Broadcast SSID Closed System and Rogue Scan to protect your network from unauthorized access See the Broadcast SSID and Closed System and Rogue Scan sections from more information VLAN Overview Virtual Local Area Networks VLANs are logical groupings of network hosts Defined by software settings other VLAN members or resources appear to clients to be on the same physical segment no matter where they are attached on the logical LAN or WAN segment They simplify traffic flow between clients and their frequently used or restricted resources VLANs now extend as far as the reach of the access point signal C
306. uthenticated WDS inks are shown in the table as long as the link is configured in the AP Enable Monitoring Station Statistics OF Cancel i Number of Clients 0 MAC Address IP Address interface Type Protocol SNR TSLF Figure 5 9 Station Statistics Monitoring Tab Description of Station Statistics The following stations statistics are displayed MAC Address The MAC address of the wireless client for which the statistics are gathered For WDS links this is the partner MAC address of the link IP Address The IP address of the associated wireless station for which the Statistics are gathered 0 0 0 0 for WDS links Interface to which the Station is connected The interface number on which the client is connected with the AP For WDS links this is the interface on which the link is configured Station Type The type of wireless client STA or WDS MAC Protocol The MAC protocol for this wireless client or WDS link partner The possible values are 802 11a 802 11b 802 11g Signal Noise The Signal Noise Level measured at the AP when frames are received from the associated wireless station or WDS link partner Time since Last Packet Received The time elapsed since the last frame from the associated wireless station or WDS link partner was received 127 Monitoring AP 700 User Guide Station Statistics Number of Clients The number of stations and WDS links monitored The following stations s
307. ve Low Voltage Directive 73 23 EEC and the Electromagnetic Compatibility Directive 89 336 EEC Issued by Proxim Corporation Sunnyvale California July 2004 Dave Koberstein VP Product Marketing 220 Regulatory Compliance Regulatory Compliance Certifications Summary AP 700 User Guide Regulatory Compliance Certifications Summary Country Certification Reference No Australia 8 New Zealand N11394 Brazil ANATEL Cert No 0090 05 1641 Canada China IC Cert No 4110A APAGATO1 Safety UL File No E177793 CMI ID 2004DJ0339 European Union CE1313 Safety CB Lic No DK 7318 India Pending Japan Radio Cert Nos OO3NY04005 0801 003GZ04002 0801 003WY04002 0801 Mexico COFETEL Cert No RCPPR8605 039 Saudi Arabia Pending Singapore TAC No PMREQ T1459 2004 South Korea Radio Cert No RLARN 04 0009 Taiwan DGT Cert No 93LP0050 United Arab Emirates Pending USA FCC ID IXMAPAGAT01 Safety UL File No E177793 European Union includes the following countries Austria Belgium Cyprus Czech Republic Denmark Estonia Finland France Germany Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands Poland Portugal Slovakia Slovenia Spain Sweden and the United Kingdom also applies to Iceland Liechtenstein Norway and Switzerland 221
308. ved or identified as harmful If you are uncertain of the policy that applies on the use of wireless equipment in a specific organization or environment e g airports you are encouraged to ask for authorization to use this device prior to turning on the equipment Caution Exposure to Radio Frequency Radiation To comply with the FCC radio frequency exposure requirements the following antenna installation and device operating configurations must be satisfied e For client devices using an integral antenna the separation distance between the antenna s and any person s body including hands wrists feet and ankles must be at least 2 5 cm 1 inch e For Base Stations and configurations using an approved external antenna the separation distance between the antenna and any person s body including hands wrists feet and ankles must be at least 20 cm 8 inch The transmitter shall not be collocated with other transmitters or antennas Modifications The FCC requires the user to be notified that any changes or modifications to this device that are not expressly approved by the manufacturer may void the user s authority to operate the equipment The correction of interference caused by unauthorized modification substitution or attachment will be the responsibility of the user The manufacturer and its authorized resellers or distributors are not liable for any damage or violation of government regulations that may arise from failing t
309. vents for each wireless client as an alternative to RADIUS accounting See RFC 3164 at http www rfc editor org for more information on the Syslog standard System 1 Network 1 Interfaces 1 Management 1 Filtering Alarms Bridge A Qos RADIUS Profiles 1 ss DIVLAN Securtty Y Groups Alarm Host Table Syslog Rogue Scan A This tab is used to configure hosts or servers on the network that will receive syslog messages from the access point Enable Syslog r Syslog Port Number 544 Syslog Lowest Priority Logged F Syslog Heartbeat Status cone wl Syslog Heartbeat interval OF i ance A Add i Edt P IP Address Comment Status 169 254 129 124 Enable Figure 4 24 Syslog Configuration Screen Setting Syslog Event Notifications Syslog Events are logged according to the level of detail specified by the administrator Logging only urgent system messages will create a far smaller more easily read log than a log of every event the system encounters Determine which events to log by selecting a priority defined by the following scale Event Priority Description LOG EMERG JO System is unusable LOG_ALERT 1 Action must be taken immediately LOG_CRIT 2 Critical conditions LOG_ERR 3 Error conditions LOG_WARNING 4 Warning conditions LOG NOTICE 5 Normal but significant condition LOG_INFO 6 Informational LOG DEBUG 7 Debug level messages Configuring Syslog Event Notifications You can configure
310. ver Ethernet to test the IP Address If the AP responds to the Ping then the Ethernet Interface is working properly 2 By default the Access Point will attempt to automatically detect the Ethernet settings However if you are having problems with the Ethernet link manually configure the Access Point s Ethernet settings For example if your switch operates at 100 Mbits sec Full Duplex manually configure the Access Point to use these settings see Ethernet If you cannot access the unit over Ethernet then use the CLI interface over the serial port to configure the Ethernet port see Command Line Interface CLI and Set Ethernet Speed and Transmission Mode 3 Perform network infrastructure troubleshooting check switches routers etc Basic Software Setup and Configuration Problems Lost AP Telnet or SNMP Password 1 Perform the Reset to Factory Default Procedure in this guide This procedure resets system and network parameters but does not affect the AP Image The default AP HTTP password is public The default Telnet password and the default SNMP password are also public Client Computer Cannot Connect 1 Client computers should have the same Network Name and security settings as the AP 2 Network Names should be allocated and maintained by the Network Administrator 3 See the documentation that came with your client card for additional troubleshooting suggestions AP Has Incorrect IP Address 1 Default IP Addre
311. ver are separated by a router 8 Enter the IP address of your TFTP server in the field provided 9 Enter the Image File Name including the file extension Enter the full directory path and file name If the file is located in the default TFTP directory you need enter only the file name 10 Click OK The Access Point will reboot and the download will begin automatically You should see downloading activity begin after a few seconds within the TFTP server s status screen 143 Troubleshooting Recovery Procedures AP 700 User Guide 11 Click OK when prompted that the device has been updated successfully to return to the Scan List screen 12 Click Cancel to close the ScanTool 13 When the download process is complete configure the AP as described in Installation and Initialization and Advanced Configuration Download a New Image Using the Bootloader CLI To download the AP Image you will need an Ethernet connection to the computer on which the TFTP server resides This can be any computer on the LAN or connected to the AP with a cross over Ethernet cable You must also connect the AP to a computer with a standard serial cable and use a terminal client such as HyperTerminal From the terminal enter CLI Commands to set the IP address and download an AP Image Preparing to Download the AP Image Before starting you need to know the Access Point s IP address subnet mask the TFTP Server IP Address and the AP Image file name
312. vice for changes to take effect Do you want to proceed co Figure 2 14 Warning Message 5 Click OK to continue with the operation or Cancel to abort the operation 6 If the operation is unsuccessful you will receive an error message If this occurs see the Troubleshooting chapter or attempt installing the software with a TFTP server as described in the next section 7 If the operation is successful you will receive a confirmation message For installation changes to take effect reboot the AP as follows e Click Commands gt Reboot Enter 0 in the Time to Reboot field e Click OK Install Software with TFTP Server A Trivial File Transfer Protocol TFTP server allows you to transfer files across a network You can upload files from the AP for backup or copying and you can download the files for configuration and AP Image upgrades The Solarwinds TFTP server software is located on the ORINOCO AP Installation CD ROM You can also download the latest TFTP software from Solarwind s Web site at http www solarwinds net NOTE If a TFTP server is not available in the network you can perform similar file transfer operations using the HTTP interface See Update AP via HTTP After the TFTP server is installed e Check to see that TFTP is configured to point to the directory containing the AP Image Make sure you have the proper TFTP server IP address the proper AP Image file name and that the TFTP server is operat
313. will not allows connections using SSH When host keys are created or deleted the AP updates the fingerprint information displayed on the Management gt Services page Uploading Externally Generated Host Keys Perform the following procedure to upload externally generated host keys to the AP You must upload both the SSH public key and SSH private key for SSH to work 1 Verify that the host keys have been externally generated The OpenSSH client has been verified to interoperate with AP s SSH server 2 Click Commands gt Update AP gt via HTTP or via TFTP Update AP r Retrieve File 1 Redoct i Reset 1 Help Link da TFTP da HTTP L This page is used to update software images and configuration files in the Access Point using HTTP file transfer Click on the browse button to search for the file or enter the path in the text box Select the file type and chick the Update AP button to start the Me transfer System Information Sofware Version 210 Boot Loader Version 310 Filo Type image File Marne SSH Put Ke Figure 4 18 Uploading an Externally Generated SSH Public Key and SSH Private Key Select SSH Public Key from the File Type drop down menu Click Browse select the SSH Public Key file on your local machine Click Open to initiate the file transfer click the Update AP button Select SSH Private Key from the File Type drop down menu Click Browse select the SSH Private Key on your local mac
314. x 10fullduplex 10 Mbits sec auto duplex 10autoduplex 100 Mbits sec half duplex 100halfduplex 100 Mbits sec full duplex 100fullduplex Auto Speed half duplex autohalfduplex Auto Speed auto duplex autoautoduplex default Set Interface Management Services Edit Management IP Access Table Device Name gt set mgmtipaccesstbl lt index gt ipaddr lt IP address gt ipmask lt subnet mask gt Configure Management Ports Device Name gt set snmpifbitmask lt see below gt Device Name gt set httpifbitmask lt see below gt Device Name gt set telifbitmask lt see below gt Choose from the following values Interface Bitmask Description 0 or 2 Disable all interfaces 1 or 3 Ethernet only 4 or 6 Wireless only 5 or 7 All interfaces All management channels disabled Ethernet only enabled Wireless only enabled All management channels enabled Set Communication Ports Device Name gt set httpport lt HTTP port number default is 80 gt Device Name gt set telport lt Telnet port number default is 23 gt 168 Command Line Interface CLI AP 700 User Guide Other Network Settings Configure Secure Socket Layer HTTPS Enabling SSL and configuring a passphrase allows encrypted Secure Socket Layer communications to the AP through the HTTPS interface Device Name gt set sslstatus lt enable disable gt The user must change the SSL passphrase when uploading a n
315. y per SSID Security Profile The AP supports the following security features WEP Encryption The original encryption technique specified by the IEEE 802 11 standard e 802 1x Authentication An IEEE standard for client authentication e Wi Fi Protected Access WPA 802 11i WPA2 A new standard that provides improved encryption security over WEP NOTE The AP does not support shared key 802 11 MAC level authentication Clients with this MAC level feature must disable it WEP Encryption The IEEE 802 11 standards specify an optional encryption feature known as Wired Equivalent Privacy or WEP that is designed to provide a wireless LAN with a security level equal to what is found on a wired Ethernet network WEP encrypts the data portion of each packet exchanged on an 802 11 network using an Encryption Key also known as a WEP Key When Encryption is enabled two 802 11 devices must have the same Encryption Keys and both devices must be configured to use Encryption in order to communicate If one device is configured to use Encryption but a second device is not then the two devices will not communicate even if both devices have the same Encryption Keys 802 1x Authentication IEEE 802 1x is a standard that provides a means to authenticate and authorize network devices attached to a LAN port A port in the context of IEEE 802 1x is a point of attachment to the LAN either a physical Ethernet connection or a wireless link to an Access Poin
316. ystem Access Point System Naming Convention The Access Point s system name is used as its host name In order to prevent Access Points with default configurations from registering similar host names in DNS the default system name of the Access Point is uniquely generated Access Points generate unique system names by appending the last 3 bytes of the Access Point s MAC address to the default system name The system name must be compliant with the encoding rules for host name as per DNS RFC 1123 The DNS host name encoding rules are Alphanumeric or hyphen characters are allowed The name cannot start or end with a hyphen The name cannot start with a digit The number of characters has to be 63 or less Currently the system name length is limited to 32 bytes 37 Advanced Configuration AP 700 User Guide Network Network The Network tab contains the following sub tabs e IP Configuration e DHCP Server DHCP Relay Agent e Link Integrity e SNTP Simple Network Time Protocol IP Configuration This tab is used to configure the internet TCP IP settings for the access point These settings can be either entered manually static IP address subnet mask and gateway IP address or obtained automatically dynamic The DNS Client functionality can also be configured so that host names used for configuring the access point can be resolved to their IP addresses Bridge D 1 SSIDMLAN Security i twork Int
Download Pdf Manuals
Related Search