Proxim ORiNOCO User guide

ORiNOCO AP-800
User Guide
AP-800 User Guide
IMPORTANT!
Before installing and using this product, see the
Safety and Regulatory Compliance Guide located at Answer ID 2813 at http://support.proxim.com.
Copyright
© 2008 Proxim Wireless Corporation. All rights reserved. Covered by one or more of the following U.S. patents: 5,231,634; 5,875,179;
6,006,090; 5,809,060; 6,075,812; 5,077,753. This User Guide and the software described in it are copyrighted with all rights reserved. No part
of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form by any
means without the written permission of Proxim Wireless Corporation.
Trademarks
ORiNOCO and Proxim are registered trademarks, and the Proxim logo is a trademark, of Proxim Wireless Corporation.
Acrobat Reader is a registered trademark of Adobe Systems Incorporated.
HyperTerminal is a registered trademark of HilGraeve, Incorporated.
Microsoft and Windows are a registered trademarks of Microsoft Corporation.
Netscape is a registered trademark of Netscape Communications Corporation.
SolarWinds is a registered trademark of SolarWinds.net.
All other trademarks mentioned herein are the property of their respective owners.
GPL License Note
Proxim AP 800/8000 includes software code developed by third parties, including software code subject to the GNU General Public License
("GPL") or GNU Lesser General Public License ("LGPL"). Please see the GPL and LGPL Web sites to view the terms of each license.
To access to the GPL Code and LGPL Code used in Proxim AP 800/8000, extract the source version and explore opensrc directory. The GPL
Code and LGPL Code used in this AP are distributed WITHOUT ANY WARRANTY and are subject to the copyrights of one or more authors.
For details, see the GPL Code and LGPL Code of this AP and the terms of the GPL and LGPL.
OpenSSL License Note
This product contains software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) and that is subject
to the following copyright and conditions:
Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to refer to, endorse, or promote the products or for any other purpose
related to the products without prior written permission. For written permission, please contact openssl-core@openssl.org.
This software is provided by the OpenSSL Project “as is” and any expressed or implied warranties, including, but not limited to, the implied
warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the OpenSSL Project or its contributors be
liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute
goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract,
strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of
such damage.
ORiNOCO AP-800 User Guide
User Guide Ver1.0.0
P/N 75957, October 2008
2
AP-800 User Guide
1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Products Covered in this User Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
About AP-800 Single Radio Wireless Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Core Features of AP-800 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Two Independent Multi-Band MIMO Radios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
802.11n Multiple Input and Multiple Output (MIMO). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Quality of Service (QoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Software Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Compliant to Wireless Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2
Installation and Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
LED Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Antennas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Power Socket . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Ethernet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Serial Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Description of the AP-800 Unit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Product Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Optional Accessories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Hardware Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Attach the Cables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Using a Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Install the Cable Security Cover (Optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Install the Antenna . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Mount the Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Power on the Unit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Using ScanTool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Installing the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Update Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Retrieve From Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Install Software Using TFTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3
Managing the Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
HTTP/HTTPS Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
1
AP-800 User Guide
Command Line Interface/Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
SNMP Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
SSH (Secure Shell) Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
HyperTerminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
ProximVision ES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4
Basic Configuration for an Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Configuring Basic Settings for the Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Finding and Assigning the Access Point’s IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Configuring the System Name and the Country Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Configuring the Wireless Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Configuring the Operational Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Password Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Configuring the Security Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5
Access Point Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Configuring the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Managing the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Upgrading the Firmware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Password Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Management Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Monitoring the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
System Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Interface Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Network Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
6
Using Web Interface to Manage the Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Web Interface Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
2
AP-800 User Guide
Error Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Configuring the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Managing the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
System Inventory Management Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Upgrading the Firmware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Password Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Management Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Monitoring the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
System Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Interface Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Network Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
7
Using SNMP Interface to Manage the Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Pre-requisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Viewing the MIB Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Configuring the MIB Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
To Configure the Scalar Objects : . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
To Configure the Tabular Objects: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
To apply the changes to the flash memory: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
8
Using CLI to Manage the Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Global Configuration Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
General Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Configuring the AP using CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Log into the AP using HyperTerminal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Log into the AP using Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Command Line Interface Mode Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
User Exec Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Privileged Exec Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
9
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
3
AP-800 User Guide
Troubleshooting Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Symptoms and Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Connectivity Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Basic Software Setup and Configuration Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Client Connection Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
VLAN Operation Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Gigabit Ethernet PoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Recovery Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Soft Reset to Factory Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Hard Reset to Factory Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Forced Reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Setting IP Address using Serial Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Related Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
RADIUS Authentication Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
TFTP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
A ASCII Character Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
B Bootloader CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
c
Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Number of Stations per BSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Management Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Advanced Bridging Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Medium Access Control (MAC) Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Network Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Hardware Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Available Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
D Technical Services and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Obtaining Technical Service and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Support Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Proxim eService Web Site Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Telephone Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
ServPak Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
E Statement of Warranty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Warranty Coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Repair or Replacement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Limitations of Warranty. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Support Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
4
AP-800 User Guide
Other Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Search Knowledgebase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Ask a Question or Open an Issue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Other Adapter Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
5
AP-800 User Guide
1
Introduction
This chapter contains information on the following:
•
Products Covered in this User Guide
•
About AP-800 Single Radio Wireless Access Point
•
Core Features of AP-800
–
Two Independent Multi-Band MIMO Radios
–
802.11n Multiple Input and Multiple Output (MIMO)
–
Security
–
Quality of Service (QoS)
–
Software Upgrade
–
Compliant to Wireless Standards
Products Covered in this User Guide
This User Guide details functionality of the following products:
Product
AP-800
Description
An Access Point with:
•
single radio that supports 2.4/5.0GHz
•
Gigabit Ethernet with PoE support
About AP-800 Single Radio Wireless Access Point
The AP-800 is 802.11n single radio wireless Access Point that provides connectivity between wired network and
wireless systems and other devices. The AP-800 wireless Access Point is a Wi-Fi a/b/g/n certified that supports single
radio modes in 2.4 GHz and 5 GHz frequency band. You can configure the radio using different 2.4 GHz or 5 Ghz
settings.
With AP-800, you can achieve higher throughput by increasing the channel width from 20 MHz to 40 MHz thereby
doubling the data rate and by using the MIMO feature. The 802.11n products have incorporated multiple antennas. This
Multiple-Input, Multiple-Output (MIMO) antenna technology provides spatial multiplexing, short Guard Interval(GI) for
increased range and throughput.
Using the Channel Bonding technique, the Access Point uses two separate adjacent 20MHz bands to transmit data. This
increases the amount of data that can be transmitted.
NOTE: Wherever “n” is mentioned, it refers to the Draft 802.11n Version 2.0.
8
Introduction
Core Features of AP-800
AP-800 User Guide
Core Features of AP-800
Two Independent Multi-Band MIMO Radios
Proxim’s Access Points have two independent multi-band MIMO radios (802.11a/b/g/n ) that offer significant increase in
capacity and performance within a given bandwidth and power.
The 802.11n Access Points operates on both 2.4 Ghz and 5 GHz radio bands and Proxim’s Access Points provides you
with the facility of selecting the band on which you would like to operate on.
Both these radios can be planned independently as per your network requirements. Using the single MAC protocol, it
operates with multiple frequency layers and this improves the range, coverage, and throughput in both frequency bands.
802.11n Multiple Input and Multiple Output (MIMO)
The MIMO technology is used for multiple antennas at both the transmitter and receiver to improve communication
performance. Using the MIMO technology, the Access Points can offer significant increase in data throughput and link
range without additional band width or transmit power. This is achieved by high spectral efficiency and link reliability or
diversity.
For the 802.11n Access Points, MIMO is the heart for the entire system because it uses a third, spatial dimension beyond frequency and time as a carrier of information.
Security
Proxim’s Access Points utilize robust industry-leading security protocols such as WPA and WPA2 to protect sensitive
data that is transmitted over the wireless LAN. You can configure unique security settings for each BSSID according to
your network requirements making it more secure.
Quality of Service (QoS)
The AP supports Wi-Fi Multimedia (WMM), which is a solution for QoS functionality based on the IEEE 802.11e
specification. WMM defines enhancements to the MAC for wireless LAN applications with Quality of Service
requirements, which include transport of voice and video traffic over IEEE 802.11 wireless LANs. Using this parameter
you can configure the feature that affects the flow of traffic from AP to client station and vice-versa. And also prioritize the
traffic according to your network requirements so that flow of traffic is eased out without loosing any information.
Software Upgrade
You can upgrade the firmware easily as and when you want either through web-GUI, CLI using HTTP or TFTP.
Compliant to Wireless Standards
The AP-800 adheres to the 802.11a, 802.11b/g/n draft 2.0 standards that enable you to get the best performance from
your wireless network and support a wide range of compliant devices.
The device can be powered by a 5 VDC input and also by standard 802.3af compliant Gigabit Ethernet PoE device.
9
AP- 800 User Guide
Installation and Initialization
2
In this chapter:
•
Hardware Overview
–
LED Indicators
–
Antennas
–
Power Socket
–
Reset
–
Reload
–
Description of the AP-800 Unit
•
Prerequisites
•
System Requirements
•
Product Package
•
Optional Accessories
•
Hardware Installation
–
•
–
Install the Cable Security Cover (Optional)
–
Install the Antenna
–
Mount the Unit
–
Power on the Unit
Initialization
–
•
Attach the Cables
Using ScanTool
Installing the Software
–
Install Software Using TFTP Server
Hardware Overview
The Access Point supports dual radio operations using the 2.4 or 5 GHz, and has three antenna connectors. The 2.4
GHz radios support 802.11b/g and 802.11n/g modes of operation whereas 5 GHz radio supports 802.11n/a, and the
802.11n.
LED Indicators
The top panel of the AP-800 has the following LED indicators:
•
The Power LED provides whether the device is switched on/off.
•
The Ethernet LED signals Ethernet traffic on the wired Ethernet LAN
•
The Wireless Interface (Radio) 1LED provides the status of the wireless radio.
•
The Wireless Interface (r) LED is reserved for future reference.
10
Installation and Initialization
Hardware Overview
AP-800 User Guide
Figure 2-1 LED Indicators
Antennas
The Access Point has been designed to operate with omni-directional antennas, having the maximum gain of 2.5 dBi.
These antennas have standard connectors and can be installed easily. Proxim also provides an optional accessory Range Extender Antenna, which has standard connectors and can be installed easily.
Power Socket
This socket connects to the 5VDC power adapter.
Reset
If you need to powercycle the device, then press Reset button.
Reload
You can use the Reload feature of the device to reset the device configuration parameters to default factory settings. If
you cannot access the unit or you have lost its password, you can reset the unit to the factory default settings.
Ethernet Port
The Ethernet port of the device allows you to connect to th LAN using CAT5 or CAT6 Ethernet cable.
Serial Port
The AP-800 device has a serial port that enables the use of external modems that connect to PC or laptop via a serial
cable.
Figure 2-2 Rear View of the AP-800
11
Installation and Initialization
Prerequisites
AP-800 User Guide
Description of the AP-800 Unit
Figure 2-3 Schematic Illustration of the Unit
Prerequisites
Before installing your unit, you need to gather certain network information. The following table identifies the information
you need:
AP’s IP Address
If you do not have a DHCP server on your network, then you need to assign the
Access Point an IP address that is valid on your network.
Web Interface/Telnet/CLI User
Name/Password
Each Access Point requires a read/write username and password to access the
web interface, Telnet and CLI. The default username is “admin” and password is
“public”.
SNMP Read Password
Each Access Point requires a password to allow get requests from an SNMP
manager. The default username is “admin” and password is “public”.
SNMP Read-Write Password
Each Access Point requires a password to allow get and set requests from an
SNMP manager. The default password is “public”.
Security Settings
You need to determine what security features you will enable on the Access
Point.
Gateway IP Address and Subnet
Mask
The gateway IP address and subnet mask of the network environment where the
Access Point is deployed.
12
Installation and Initialization
System Requirements
AP-800 User Guide
System Requirements
To begin using an AP, you must have the following minimum requirements:
•
Ethernet switch or cross-over Ethernet cable.
•
One of the following IEEE 802.11- compliant devices:
–
•
An 802.11a/b/g or 802.11n client devices
A computer that is connected to the same IP network as the AP and has one of the following installed:
–
Web browser
–
Telnet
–
RS-232 Serial Port
–
MIB Browser
–
Ethernet NIC Card
Product Package
Each AP-800 shipment includes the items in the following table. Verify that you have received all parts of the shipment.
NOTE: Unless noted in this table, cables are not supplied with the unit.
AP-800 Product Package Description
Images
AP-800 unit with (1 Qty):
– one radio (802.11a/b/g/n) support
– Ethernet port with PoE support (10/100/1000)
CD-ROM containing software and documentation (1
Qty)
Quick Install Guide (1 Qty)
2.4 GHz/ 5GHz omni-directional antennas with reverse
SMA connectors (6 Qty)
Cable Security Cover (1 Qty)
Wall/Ceiling mount plate (1 Qty)
13
Installation and Initialization
Optional Accessories
AP-800 User Guide
Optional Accessories
You can also use these optional accessories that Proxim recommends.
110-220V worldwide power adapter (1 Qty)
Range Extender Antenna (REA)
Gigabit Ethernet PoE
Hardware Installation
IMPORTANT:
Before installing and using this product, see Safety and Regulatory Compliance Guide available with
AP-800 Answer ID 2813 at http://support.proxim.com.
Perform the following procedures to install the AP-800 hardware:
•
Attach the Cables
–
Cabling with Power Adapter
–
Cabling with Gigabit Ethernet PoE
•
Install the Cable Security Cover (Optional)
•
Install the Antenna
•
Mount the Unit
•
Power on the Unit
Attach the Cables
NOTE: Proxim recommends to use CAT6 cable for the length of 100 m or CAT5e cable for lower length. Though the
AP-800 can work with CAT5 cable, there is a possibility that you may experience a drop in Ethernet speed from
1000BaseT to 100BaseT or Ethernet interface may show errors.
Cabling with Power Adapter
1. Plug the barrel of the power cable from the power supply into the power jack.
2. Connect one end of an CAT 6 Ethernet cable (not supplied) to the unit’s LAN port. The other end of the cable should
not be connected to another device until installation is complete:
•
Use a straight-through CAT 6 Ethernet cable if you intend to connect the unit to a switch, hub, or patch panel.
•
Use a cross-over Ethernet cable CAT6) or adapter if you intend to connect the unit to a single computer.
14
Installation and Initialization
Hardware Installation
AP-800 User Guide
Cabling with Gigabit Ethernet PoE
1. To power the device using Gigabit Ethernet PoE, you must use Gigabit PoE injector (ordered separately). Connect
one end of a CAT6 Ethernet cable (not supplied) to the unit’s LAN port. Connect the other end to the Data and Power
Out port of the PoE Injector.
2. Connect one end of the second CAT6 Ethernet cable to the Data In port of the DC Injector. The other end of the cable
should not be connected to another device until installation is complete:
•
Use a straight-through cable if you intend to connect the unit to a switch, hub or patch panel.
•
Use a cross-over Ethernet cable (CAT6) or adapter if you intend to connect the unit to a single computer.
Using a Console Port
You may connect your Access Point with a console port. Follow the steps provided below if you are using the Console
port:
1. Connect a nine-pin, male-to-female serial cable to the COM port on a computer or laptop and to the DB9 connector of
the Access Point.
2. Open the Microsoft’s HyperTerminal to set up the AP-800. For more information refer Initialization.
Install the Cable Security Cover (Optional)
When the RS-232 cable is not connected, you may install a security cover to deter unauthorized access to the unit. The
security cover is a plastic enclosure that prevents access to the power and LAN ports, and the Reset and Reload
buttons.
1. Open the split end of the security cover just enough to slide the power cable (if you are not using Gigabit Ethernet
PoE) and the CAT 6 Ethernet cable through the opening until they fit inside the straight clamping portion of the cover.
Exercise care as you slide the cable (s) so you do not accidentally break the cover.
2. Slide the hinging end of the security cover into the hole on the rear panel of the unit to the left of connectors. Once in
place, pivot the cover to bring it close to the rear panel of the unit.
3. Use two screws to fasten the security cover on to the rear panel of the unit.
Install the Antenna
The omni-directional antennas supplied with the product do not require any professional installation as they have
non-standard connectors.
NOTE: Optionally, you can use the Range extended Antenna (REA). This accessory also has non-standard connectors,
and can install them easily.
If the regular outdoor antennas are used, connected via a pigtail conversion cable that offers a standard connector type
for antenna connection, then professional installation is required.
Follow these steps to assemble the antennas to AP-800:
1. Hand-tighten the antennas clockwise, onto the outer connectors of AP-800 until they are firmly attached.
2. Position the antennas as close to the horizontal surface (ceiling or wall), so as to get the maximum signal coverage of
the omni-directional antenna.
NOTE: Proxim recommends to aim the antenna horizontal, as the wireless coverage angle is wider with the antenna
pointing up or down.
Mount the Unit
Proxim recommends that you have site survey professionally conducted to determine the best location for the AP.
The following considerations must be kept in mind when the AP-800 is mounted.
15
Installation and Initialization
Hardware Installation
AP-800 User Guide
•
The AP must be protected from exposure, and the environmental conditions must be within those specified in the
product datasheet that can be found at http://www.proxim.com/products/
•
The AP-800 uses +5V/3A power adapter.
•
Note that the AP-800 has been certified under UL Standard 2043 and can be installed in the plenum. In an office
building, plenum is the space between the structural ceiling and the tile ceiling that is provided to help air circulate.
Many companies also use the plenum to house communication equipment and cables. These products and cables
must comply with certain safety requirements, such as Underwriter Labs (UL) and Standard 2043: “Standards for Fire
Test for Heat and Visible Smoke Release for Direct Products and Their Accessories installed in Air-Handling Spaces”.
NOTE: When installed in a plenum, the AP must use PoE.
Once you have chosen a final location for your unit, the following are the mounting options are available:
•
Wall Mounting
•
Ceiling Mounting
Wall Mounting
Follow these steps to mount the unit on a wall:
1. If the unit’s power supply is plugged in, unplug it.
2. Put the mounting plate up to the wall so that the embossed letter “L” is on the top. If the plate is correctly oriented, the
circular tab that is vertically aligned with the square hole should be on top.
3. Fasten the mounting plate with two screws through the circular holes of the plate. Depending on the type of wall, you
may need to use the fasteners.
4. Holding the unit so that the connectors on the rear, align the holes on the bottom of the unit with the two tabs on the
mounting plate. Press the unit down so it is flush with the plate.
5. Carefully slide the unit to the up until the tabs snap securely on to the narrow holes of the unit. if the unit is mounted
correctly, no portion of the mounting plate should protrude from any of the sides of the unit.
Ceiling Mounting
Follow these steps to mount the unit to a ceiling:
1. If the unit’s power supply is plugged in, unplug it.
2. Snap the rectangular tabs on the back of the mounting plate onto a ceiling T-bar. You may need to slightly rotate the
plate until it securely snaps onto the T-bar.
3. Fasten the mounting plate to the ceiling tile with two screws through the circular holes of the plate.
4. Position so that the embossed letter “L” on the mounting plate is facing up. Hold the unit so that the connectors on the
rear, align the two holes on the bottom of the unit with the two tabs on the mounting plate. Press the unit up so it is
flush with the plate.
5. Carefully slide the unit to the “L” direction until the tabs snap securely onto the narrow holes of the unit. If the unit is
mounted correctly, no portion of the mounting plate should protrude from any of the sides of the unit.
Power on the Unit
The AP can be powered by a power supply (just plug the power cord of the power supply into an AC power outlet), or by
Gigabit Ethernet PoE.
When power is applied to the Access Point, you will observe that Power LED lights up Green.
Connect the AP-800 LAN port to a stand-alone PC using Ethernet cable, or to a network hub or switch. You can monitor
the Ethernet LEDs on the top of the Access Point. The color of the Ethernet LEDs will inform about the speed of the
Ethernet traffic:
•
GREEN: 1000 Mbps
16
Installation and Initialization
Initialization
•
RED: 100 Mbps
•
BLANK: No link available or Ethernet is not connected
AP-800 User Guide
NOTE: When in operational status, the wireless LEDs will be steady Green. The wireless LEDs would blink Green when
the wireless traffic is being transmitted or received.
Initialization
The following sections detail how to initialize the AP using the ScanTool, log in to the HTTP interface, perform an initial
configuration if required (the Access Points are configured to a default settings) and download the required AP software.
Using ScanTool
ScanTool is a software utility that is included in the installation CD-ROM. It is an initial configuration tool that allows you to
find the IP address of an Access Point by referencing the MAC address in a Scan List, or to assign an IP address if one
has not been assigned.
The tool automatically detects the Access Points installed in your network, regardless of IP address, and lets you
configure each unit’s IP settings. In addition, you can use set initial device parameters that will allows the AP to retrieve
new software to an AP that does not have a valid software image installed.
To access the HTTP interface and configure the AP, the AP must be assigned an IP address that is valid on its Ethernet
network. By default, the AP is configured to obtain an IP address automatically from the network Dynamic Host
Configuration Protocol (DHCP) server during the boot-up.
If your network contains a DHCP server, you can run the ScanTool to find out what IP address the AP has been assigned.
If your network does not contain a DHCP server, the Access Point’s IP address defaults to 169.254.128.132 and the
device starts with a dynamic IP address. By default, the IP address is Static.
ScanTool Instructions
Follow these steps to install ScanTool and initialize the AP:
1. Power up, reboot, or reset the AP.
2. Double-click the ScanTool icon on the Windows desktop to launch the program (if the program is not already running).
If the icon is not on your desktop, click Start > All Programs > ORiNOCO > AP-800 > Xtras > ScanTool.
NOTE: If your computer has more than one network adapter installed, you will be prompted to select the adapter that
you want ScanTool to use before the Scan List appears. You can use either an Ethernet or wireless adaptor. If
prompted, select an adapter and click OK. You can change your adapter setting at any time by clicking the Select
Adapter button on the Scan List screen.
ScanTool scans the subnet and displays all detected Access Points. The ScanTool’s Scan List screen appears, as shown
Figure 2-4 ScanTool
17
Installation and Initialization
Initialization
AP-800 User Guide
3. Locate the MAC address of the AP you want to initialize within the Scan List.
NOTE: If your Access Point does not appear in the Scan List, click the Rescan button to update the display. If the unit still
does not appear in the list, see Troubleshooting for suggestions. Note that after rebooting an Access Point, it
may take up to five minutes for the unit to appear in the Scan List.
4. Do one of the following:
•
If the AP has been assigned an IP address by a DHCP server on the network:
a. Highlight the entry for the AP you want to configure.
b. Click the Change button. The Change screen appears.
c. Click on the Web Configuration button at the bottom of the change screen.
d. Proceed to the Logging In section for information on how to access the HTTP interface using the IP address.
•
If the AP has not been assigned an IP address (in other words, the unit is using its default IP address,
169.254.128.132), follow these steps to assign it a static IP address that is valid on your network:
a. Highlighting the entry for the AP you want to configure.
b. Click the Change button. The Change screen appears.
Figure 2-5 Change Screen
c. Set IP Address Type to Static.
d. Enter a static IP Address for the AP in the field provided. You must assign the unit a unique address that is
valid on your IP subnet. Contact your network administrator if you need assistance selecting an IP address for
the unit.
e. Enter your network’s Subnet Mask.
f.
Enter your network’s Gateway IP Address.
g. Enter the SNMP Read/Write password in the Read/Write Password field (for new units, the default SNMP
Read/Write password is public).
NOTE: The TFTP Server IP Address and Image File Name fields are only available if ScanTool detects that the AP does
not have a valid software image installed.
h. Click OK to save your changes.
i.
The Access Point will need reboot to apply any changes you made. When the reboot message appears, click
OK to reboot the device and return to the Scan List screen.
18
Installation and Initialization
Initialization
AP-800 User Guide
Figure 2-6 Change Screen - Reboot
j.
After allowing sufficient time for the device to reboot, click Rescan to verify that your changes have been
applied.
k. Click the Change button to return to the Change screen.
l.
Click the Web Configuration button at the bottom of the Change screen.
Figure 2-7 Change Screen - Web Configuration
m. Proceed to the Logging In section for information on how to access the HTTP interface using this IP address.
19
Installation and Initialization
Installing the Software
AP-800 User Guide
Logging In
Once the AP has a valid IP Address and an Ethernet connection, you may use your web browser to monitor and
configure the AP. (To configure and monitor using the command line interface, see Using CLI to Manage the Access
Point and To configure and monitor using the SNMP interface, see Using SNMP Interface to Manage the Access Point.)
1. Open a Web browser on a network computer.
2. If necessary, disable the browser’s Internet proxy settings. For Internet Explorer users, follow these steps:
–
Select Tools > Internet Options.
–
Click the Connections tab.
–
Click LAN Settings.
–
If necessary, remove the check mark from the Use a proxy server box.
–
Click OK twice to save your changes and return to Internet Explorer.
3. Enter the Access Point’s IP address in the browser’s Address field and press Enter or Go.
This is either the dynamic IP address assigned by a network DHCP server or the static IP address you manually
configured. See Using ScanTool for information on how to determine the unit’s IP address and manually configure a
new IP address, if necessary.
The Access Point Login screen appears.
Figure 2-8 Login
4. Enter the HTTP User Name and Password. The default username and password are “admin” and “public”. The user
name and password are case-sensitive fields.
NOTE: The Home Page is automatically launched. By default, the Access Point is configured to the default settings
and with those settings you can manage your access point. You can make changes/modify the default settings
according to your network requirements.
The links on the left of the screen provide access to the configuration, management and monitoring options for the AP.
The Command Line Interface (CLI) also provides a method for monitoring and configuring the AP using Telnet or a serial
connection. For more information about monitoring and configuring the AP with the CLI, see Using CLI to Manage the
Access Point.
Using SNMP Interface you can configure and monitor the AP, see Using SNMP Interface to Manage the Access Point
Installing the Software
Proxim periodically releases updated software for the AP on its Web site, Check the Web site for the latest updates after
you have installed and initialized the unit.
1. In your web browser, go to http://support.proxim.com
20
Installation and Initialization
Installing the Software
AP-800 User Guide
2. If prompted, create an account to gain access.
NOTE: The Knowledgebase is available to all website visitors. First -time users will be asked to create an account to
gain access.
3. Click Search Knowledgebase.
4. In the Search Knowledgebase field, enter 2813 for AP-800.
5. Click Search.
6. Click on the appropriate link to access the download page.
7. Use the instructions in the following sections to install the new software.
Use the File Management to upload or download the latest AP software files (images, config etc) from host device to the
device or device to host device.
Update Device
Using HTTP
Use the HTTP Download page to download config, image files to the device. In the HTTP Download page, perform the
following procedure to download the specific file:
Figure 2-9 Update Device using the HTTP Download Page
1. Select the File Type that needs to be updated from the drop-down box. Choices include:
–
Image for the AP Image (executable program).
–
Config for configuration, such as System Name, Contact Name and so on.
2. Use the Browse button or manually type in the name of the file to be downloaded (including the file extension in the
File Name field. If typing the file name, you must include the full path and the file extension in the file name text box.
3. To initiate the HTTP Update operation, click Update button.
NOTE: An HTTP file transfer using SSL may take extra time.
•
If the operation is completed successfully the device would provide the information about the successful update.
Figure 2-10 Update Device Using HTTP- Success Message
21
Installation and Initialization
Installing the Software
•
AP-800 User Guide
If the operation is not completed successfully the following screen appears, and the reason for the failure is
displayed.
Figure 2-11 Update Device Using HTTP- Failure Message
Using TFTP
Use the TFTP Download page to download config, image file to the device. A TFTP server must be running and
configured to point to the directory containing the file.
If you do not have a TFTP server installed on your system, install the TFTP server from the installation CD. You can either
install the TFTP server from the CD Wizard or run OEM-TFTP-Server.exe found in the CD’s Xtras/SolarWinds
sub-directory.
Using the TFTP Download page to enter the following information as described below:
Figure 2-12 Update Device Using TFTP Server
•
Server IP Address: Enter the TFTP server IP Address.
–
Double-click the TFTP server icon on your desktop and locate the IP address assigned to the TFTP server.
NOTE: This is the IP address that will be used to point the Access Point to the AP Image file.
•
File Name: Enter the name of the file to be downloaded (including the file extension).
–
•
•
Copy the file to the TFTP server’s root folder.
File Type: Select the proper file type. Choices include:
–
Config: Configuration information, such as System name, contact name, and so on.
–
Image: AP image (executable program)
Operation: Select either Download or Download & Reboot. You should reboot the AP after downloading files.
NOTE: If you select None as Operation, then no operation will be performed.
Click OK to initiate the process.
•
If the operation is completed successfully the device would provide the information about the successful update.
22
Installation and Initialization
Installing the Software
AP-800 User Guide
Figure 2-13 Update Device Using TFTP- Success Message
•
If the operation is not completed successfully the following screen appears, and the reason for the failure is
displayed.
Figure 2-14 Update Device Using TFTP- Failure Message
Retrieve From Device
Using HTTP
Use the HTTP Upload page to retrieve config files from device.
1. Select the type of file (config, event log) from the File Type drop-down box.
2. Click Retrieve button to initiate the process.
Figure 2-15 Retrieve File using HTTP
3. The Download page is displayed. Click Download to download the file.
23
Installation and Initialization
Installing the Software
AP-800 User Guide
Figure 2-16 Download Page
4. File Download window pops up. Click Save button to save the file.
Figure 2-17 File Download Page
5. Select an appropriate filename and location and click Save.
Using TFTP
Use the TFTP Upload to upload files from the AP to the TFTP server. The TFTP server must be running and configured
to point to the directory to which you want to copy the uploaded file. We suggest you assign the file a meaningful name.
If you don’t have a TFTP server installed on your system, install the TFTP server from the installation CD. You can either
install the TFTP server from the CD Wizard or run OEM-TFTP-Server.exe found in the CD’s Xtras/SolarWinds
sub-directory.
In the TFTP Upload page enter the following TFTP information as described below:
24
Installation and Initialization
Installing the Software
AP-800 User Guide
Figure 2-18 Retrieve From Device Using TFTP
•
Server IP Address: Enter the TFTP server IP Address.
–
Double-click the TFTP server icon on your desktop and locate the IP address assigned to the TFTP server.
•
File Name: Enter the name of the file to be uploaded.
•
File Type: Select the type of the file to be uploaded: Config file or Event Log.
Click Retrieve to initiate the procedure.
Install Software Using TFTP Server
A Trivial File Transfer Protocol (TFTP) server allows you to transfer files across a network. You can upload files from the
AP for backup or copying, and you can download the files for configuration and AP Image upgrades. The Solarwinds
TFTP server software is located on the AP Installation CD-ROM. You can also download the latest TFTP software from
Solarwind’s Web site at http://www.solarwinds.net. The instructions that follow assume that you are using the Solarwinds
TFTP server software; other TFTP servers may require different configurations.
NOTE: If a TFTP server is not available in the network, you can perform similar file transfer operations using the HTTP
interface.
TFTP Server Setup
To download or upload a file, you must connect to the computer with the TFTP server through the unit’s Ethernet port.
This can be any computer in the network or a computer connected to the unit with a cross-over Ethernet cable.
Ensure that:
1. The Upload or download directory is correctly set (the default directory is C:\TFTP-Root).
2. The required image file is present in the directory.
3. The TFTP server is running. The TFTP server must be running only during file upload or download. You can check the
connectivity between the unit and TFTP server by pinging the unit from the computer that hosts the TFTP server. The
ping program should show replies from the unit.
4. The TFTP server is configured to both Transmit and Receive files, with no automatic shutdown or time-out.
Install Updates from your TFTP Server using the CLI
1. Download the latest software. See Installing the Software for instructions.
2. Copy the latest software updates to your TFTP server.
3. Open the CLI interface via Telnet or a serial connection.
4. Enter the CLI password when prompted.
Enter the command: download (config-tftp)#operation type <operation type or corresponding
number>.
The download will begin, and the image will be downloaded to the Access Point.
25
Installation and Initialization
Installing the Software
AP-800 User Guide
5. When the download is complete, click REBOOT button.
26
AP-800 User Guide
Managing the Access Point
3
There are several management and monitoring interfaces available to the network administrator to configure and
manage an AP on the network:
•
HTTP/HTTPS Interface
•
Command Line Interface/Telnet
•
SNMP Management
•
SSH (Secure Shell) Management
•
ProximVision ES
HTTP/HTTPS Interface
The HTTP Interface (Web browser Interface) provides easy access to configuration settings and network statistics from
any computer on the network. You can access the HTTP Interface over your LAN (switch, hub, etc.), over the Internet, or
with a “crossover” Ethernet cable connected directly to your computer’s Ethernet Port.
HTTPS provides an HTTP connection over a Secure Socket Layer. HTTPS is one of the three available secure
management options on the AP; the other secure management option is SSH. HTTPS allows the user to access the AP
in a secure fashion using Secure Socket Layer (SSL) over port 443. The AP supports SSLv3 with a 128-bit encryption
certificate maintained by the AP for secure communications between the AP and the HTTP client. All communications
are encrypted using the server and the client-side certificate.
NOTE: When the AP is powered on, it always comes up with the default IP Address 169.254.128.132 for the first time,
unless otherwise it is configured to use a different IP, or send request to a dynamic server. In other words, the
default ip address type is "static".
•
If the DHCP server is available, then AP-800 unit will be assigned an IP address automatically. You can find the IP
address of the device either from the DHCP server or the ScanTool.
•
If the DHCP server is not available, then you can use the default IP address (169.254.128.132) or change the IP
address of your subnet using the ScanTool. You can log in to the device using the default UserName (admin) and
Password (public).
NOTE: The UserName and Password are case-sensitive.
The AP comes pre-installed with all required SSL files: default certificate, private key and SSL Certificate Pass-phrase
installed.
Command Line Interface/Telnet
The Command Line Interface (CLI) is a text-based configuration utility that supports a set of keyboard commands and
parameters to configure and manage an AP. To login to the CLI Interface, follow the procedure:
1. Confirm that your computer’s IP address is same as that of the IP subnet of the AP.
2. Go to the DOS Command prompt on your computer.
3. Type telnet <IP address of the unit>.
4. Enter the User Name and Password. The default username is “admin” and the default password is “public”. The
username and password are case-sensitive.
5. From here proceed further to configure the device interface.
You can enter Command Statements, composed of CLI Commands and their associated parameters. Statements may
be issued from the keyboard for real time control, or from scripts that automate configuration.
27
Managing the Access Point
SNMP Management
AP-800 User Guide
For example, when downloading a file, administrators enter the download CLI Command along with IP Address, file
name, and file type parameters.
You can access the CLI over a HyperTerminal serial connection or via Telnet. During initial configuration, you can use the
CLI over a serial port connection to configure an Access Point’s IP address. When accessing the CLI via Telnet, you can
communicate with the Access Point from over your LAN (switch, hub, etc.), from over the Internet, or with a “crossover”
Ethernet cable connected directly to your computer’s Ethernet Port. See Using CLI to Manage the Access Point for more
information on the CLI and for a list of CLI commands and parameters.
SNMP Management
In addition to the HTTP and the CLI interfaces, you can also manage and configure an AP using the Simple Network
Management Protocol (SNMP). Note that this requires an SNMP manager program. The AP supports following
Management Information Base (MIB) files that describe the parameters that can be viewed and/or configured over
SNMP:
•
MIB-II (RFC 1213)
•
Proxim Enterprise MIB
Proxim provides these MIB files on its support site http://support.proxim.com. You need to logon to the support site and
use the Answer ID: 2813 to locate the MIB. You need to compile one or more of the above MIBs into your SNMP
program’s database before you can manage an Access Point using SNMP.
The Enterprise MIB defines the read and read-write objects that can be viewed or configured using SNMP. These objects
correspond to most of the settings and statistics that are available with the other management interfaces. See the
Enterprise MIB for more information; the MIB can be opened with any text editor, such as Microsoft Word, Notepad, or
WordPad.
SSH (Secure Shell) Management
You may securely also manage the AP using SSH (Secure Shell). The AP supports SSH version 2, for secure remote CLI
(Telnet) sessions. SSH provides strong authentication and encryption of session data.
The SSH server (AP) has host keys - a pair of asymmetric keys - a private key that resides on the AP and a public key
that is distributed to clients that need to connect to the AP. As the client has knowledge of the server host keys, the client
can verify that it is communicating with the correct SSH server.
HyperTerminal
HyperTerminal is a program that you can use to connect to other computers, Telnet sites, and bulletin board systems
(BBSs), online services, and host computers, using either your modem or a null modem cable.
•
If you are using RS-232 cable, verify the following information in the Hyper Terminal Serial Port Setup:
Port
COM1 (default)
Baud Rate
115200
Data
8-bit
Parity
None
Stop
1-bit
Flow Content
NONE
28
Managing the Access Point
ProximVision ES
•
AP-800 User Guide
Log in to the device using the default User Name as “admin” and Password as “public”. The username and
password are case sensitive. The Home page displays.
NOTE: The User Name and Password are case-sensitive
ProximVision ES
Using ProximVision ES you can discover and manage your AP-800 device. For more information, refer to the PVES User
Guide.
29
AP-800 User Guide
Basic Configuration for an Enterprise
4
This chapter describes the initial configuration of the Access Point using the web-browser. By default, the pre-configured
Access Point can be accessed, but as an enterprise user, you can modify the default settings of the Access Point to
provide a secure access for your enterprise.
In this chapter, following sections are included:
•
Configuring Basic Settings for the Access Point
–
Finding and Assigning the Access Point’s IP Address
•
Configuring the System Name and the Country Code
•
Configuring the Wireless Information
•
Configuring the Operational Mode
•
Password Management
•
Configuring the Security Profile
Configuring Basic Settings for the Access Point
Follow these steps to access the Access Point’s default settings:
1. Connect the Access Point as described in the Quick Install Guide (QIG) which is available along with the product
package.
2. You will follow these steps to enter the access point’s basic settings.
3. Once you have updated all the required information, ensure that you click COMMIT and then click REBOOT to
update the changes.
Finding and Assigning the Access Point’s IP Address
1. If your Access Point receives an IP address from the DHCP server on the network, then use the ScanTool to find its
IP address.
2. Navigate Configuration > Network IP Config page to set IP address.
•
Select the Address Type either Static or Dynamic.
•
You must assign unique IP Address for your device that is valid on your IP subnet, this would be based on the
Address Type that you have selected.
NOTE: Contact your network administrator if you need assistance in selecting an IP address for the unit.
•
You can also provide your network’s Subnet Mask, and Gateway IP address.
NOTE: If you enter the Gateway IP Address, then it mandatory that you must enter the Subnet Mask.
•
Click OK to save your changes.
30
Basic Configuration for an Enterprise
Configuring the System Name and the Country Code
AP-800 User Guide
Configuring the System Name and the Country Code
1. Navigate Management > System > Information to configure the System information.
2. Enter the following parameters:
•
System Name
•
System Location
•
Select the Country Code using the drop-down list. This field displays the country in which the AP will be used.
Setting the country makes the AP automatically compliant with the rules of the regulatory domain in which it is
used by configuring the allowed frequency bands, channels, Dynamic Frequency Selection Status, Transmit
Power Control status, and power levels.
•
Click Ok.
Configuring the Wireless Information
1. Navigate to Configuration page to configure the Wireless information. Navigate to Configuration > Wireless >
Interface 1 > VAP.
NOTE: By default both the interfaces are active. If you want, you can change the default values for a single interface.
2. Click on the radio button of the index for which you want to make the changes, click Edit.
3. Configure the following parameters:
•
Enter the VAP SSID Name (wireless network name).
•
Enter the Security Profile Name.
•
Enter Radius Profile Name.
4. Click OK.
Configuring the Operational Mode
1. Click Configuration > Wireless > Interface 1 > Properties. Configure the following parameters:
•
Status: Check the Status checkbox to enable the wireless interface properties.
•
Operational Mode: Select the Operational Mode. This field indicates the operational mode of the unit.
NOTE: You can select the legacy Dot11g/a modes only after changing the current channel bandwidth to 20 MHz,
otherwise these options would not be available in the drop-down list box.
•
Current Channel Bandwidth: Select the channel bandwidth. By default it is set to 40 MHz.
•
Auto Channel selection: Enable or disable the auto channel selection for wireless interface.
•
Current Operating Channel: This will display the current operating channel on which wireless interface is
operating. If you have enabled the auto channel selection option, then this field will select the channel
automatically and also list out the other channels that are available.
•
Click OK.
Password Management
As sson as you login, ensure that you change the default passwords of the device. To change the password, navigate to
Management > Services.
•
HTTP/HTTPS: The password for the Web browser HTTP interface. Enter a password in the Password field. The
default password is “public”.
•
Telnet/SSH: The password for the CLI interface (via serial or Telnet). Enter a password between 6 and 32 characters
in the Password field. The default password is “public”.
31
Basic Configuration for an Enterprise
Configuring the Security Profile
•
AP-800 User Guide
SNMP: The password for Read/Write access to the AP using SNMP interface. Enter a password between 6 and 32
characters in the Password field. The default password is “public”.
NOTE: This password “public” is SNMP Read/Write Community string and is also applicable to SNMP Read
Community.
•
Trap Host IP Address: Enter the IP Address for which the traps needs to be delivered. By default, an IP Address will
be available, that you can change.
NOTE: For security purposes Proxim recommends changing ALL PASSWORDS from the default “public” immediately, to
restrict access to your network devices to authorized personnel.
Configuring the Security Profile
1. Click Configuration > Security > Wireless Security.
2. Click Add in the Wireless Security CFG table to create a new entry. The Wireless Security Create Row page
displays.
3. Enter the Profile Name.
4. Authentication Mode:
•
Authentication Mode: None, then the AP allows access to stations without authentication. In other words, the
security will be disabled for that VAP.
•
Authentication Mode: WEP
— Wep Key: Enter the Wep Key. The Key Length can be 64 or 128 Bits.
• For 64-bit encryption, an encryption key is 10 hexadecimal characters (0-9 and A-F) or 5 ASCII characters
see ASCII Character Chart).
• For 128-bit encryption, an encryption key is 26 hexadecimal characters or 13 ASCII characters.
— Encryption Type: Select the Encryption type as WEP.
— Enter the Status.
•
Authentication Mode: Psk
— Encryption Type: WPA-TKIP, WPA2-AES, WPA-TKIP + WPA2-AES
— PSK : Enter the password. The limit for the passphrase is between 8 and 63 characters
— Re-keying Interval: The value should be between 900 to 65535 seconds.
— Enter Status.
NOTE: When you select the encryption type as WPA-TKIP+WPA2-EAS, then the AP is considered to be in
Auto-Encryption mode, and the client will support both encryption type.
•
Authentication Mode: 802.1x
— Encryption Type: WEP, WPA-TKIP, WPA2-AES, WPA-TKIP + WPA2-AES
— Re-Keying Interval: The value should be between 900 to 65535 seconds.
— Enter Status.
NOTE: When you select the encryption type as WPA-TKIP+WPA2-EAS, then the AP is considered to be in
Auto-Encryption mode, and the client will support both encryption type. This type of security is called Dynamic
WEP.
NOTE: If an 802.1x client that has already been authenticated attempts to switch to WEP, or if a WEP client that has
already been connected attempts to switch to 802.1x, the AP will not allow the client to switch immediately. If
this happens, either reboot the AP or disable the client/roam to a new AP for five minutes, and then attempt to
reconnect to the AP. If the client is still unable to connect after waiting five minutes, reboot the AP.
NOTE: If you select WEP or TKIP, then the device will work on legacy rates not on 11n rates.
32
Basic Configuration for an Enterprise
Configuring the Security Profile
AP-800 User Guide
5. When finished configuring all parameters, click Add.
6. If you have selected a security profile of 802.1x, then you must configure a RADIUS 802.1x/EAP server. See. RADIUS
profile.
NOTE: Ensure that you assign the newly configured Security profiles to VAP.
7. Click COMMIT and REBOOT to update the changes.
33
AP-800 User Guide
Access Point Features
5
This chapter provides you information about the features of the Access Point:
•
Configuring the Device
•
Managing the Device
•
Monitoring the Device
Configuring the Device
Following features are available under Device Configuration:
Wireless
The wireless feature of the Access Point enables you to use the new technology called Multiple Input Multiple Output
(MIMO), that uses several antennas to transfer multiple data streams. In this way more data can be transferred in the
same period of time. The wireless architecture is based on the cellular architecture where the systems are divided into
cells, and each cell is called the BSS, that Base Station called Access Point (AP) controls.
The Wireless LAN (WLAN) can be formed of a single cell or of many cells . Each of the WLAN has an entry point which
is called Virtual Access Point (VAP), which has a unique BSSID and other relevant protocols that make these VAP as
independent entity. Each of the BSSID can be configured independly so that the user can provide unique authentication
and security feature.
VAP Features
•
VAP(Virtual Access Point): This is a logical entity that exists within the physical WLAN access device. The VAP
enables a single device to be divided into layers and each layer gets assigned to different users with their usage
rights.
•
VAP SSID (Service Set Identifier): An SSID is referred as a network name which is unique and a wireless
network is identified by this SSID which is assigned to it. In other words, this specifies which wireless network to
access and this enables communication between users and the Access Point.
•
VAP BSSID: This parameter represents the MAC address for the VAP BSSID.
•
Closed System: The status of the closed system controls whether the SSID is advertised in the beacon and
manage te way probe requests are handled.
— If the Closed System is set to Enable, then the SSID is not advertised in the beacon. The AP will respond to
probe requests with an SSID only if the client has specified the SSID in the probe requests. If the client sends
a probe requests with a null or any, then the AP will not respond.
— If the Closed System is set to Disable, then the SSID is advertised in the beacon. The AP will respond with
each configured SSID irrespective of whether it is specified in the probe request or not.
•
Fragmentation Threshold: The process of dividing a MAC Service Data Unit (MSDU) into smaller MAC level
frames for transmission over the wireless network is called fragmentation. This technique reduces both the
probality and adverse effects of wireless packet corruption, and thereby improving the overall wireless network
performance. You can fragment the Unicast receiver address, whereas Broadcast/Multicast frames cannot be
fragmented, even though they exceed a fragmentation threshold. You can configure fragmentation threshold up
to 2346 bytes.
•
Security Profile Name: This parameter allows you to configure the Security profile name for Wireless VAP. It has
to be a valid security profile configured under Wireless Security.
•
RADIUS Profile Name: This parameter allows you to configure the RADIUS profile name for Wireless VAP. It has
to be a valid Radius profile configured under Security.
34
Access Point Features
Configuring the Device
AP-800 User Guide
•
VLAN ID: This parameter is used to represent the VLAN ID for the wireless VAP. Select any value between 1 4094 to configure wireless port as Access Port. Configure -1 to configure wireless port as untagged port.
•
VLAN Priority: This parameter is used to configure the VLAN priority for Wireless VAP. By default the value is set
to 0.
•
QoS Profile Name: This parameter is used to configure the profile name for the Wireless VAP QoS.
•
Local MAC Authentication: This parameter is used to enable or disable the local MAC Access Control for VAP.
•
RADIUS MAC Authentication: This parameter is used to enable or disable the (wireless client) MAC Address
Authentication using RADIUS Servers for VAP.
•
RADIUS Accounting: This parameter is used to enable or disable the RADIUS Accounting Status.
Properties Features
•
Operational Mode: This parameter is used to set the wireless NIC Operational mode. Depending on the wireless
NIC in the device different wireless operational modes can be configured.
•
Current Bandwidth: This parameter represents the current bandwidth that Wireless is currently operating on. It is
represented in “MHz"
•
Auto Channel Selection: This parameter of the AP allows the device to select the channel on its own that is least
congested during the start up of the device.
•
Current Operating Channel: This will display the current operating channel on which wireless interface is
operating.
•
Auto Rate Selection: This parameter is used to configure the value for data rate for the wireless interface. For an
Access Point this value is always "Auto".
•
RTS Threshold (Request to Send Threshold). This parameter affects message flow control and should not be
changed under normal circumstances. The range for this field is between 0 to 2346. When set to a value between
0 and 2346, the Access Point uses the RTS mechanism for packets that are the specified size or greater. When
set to 2346 (the default setting), RTS is disabled.
•
Beacon Interval: The Beacon interval specifies the interval time between two successive beacons transmission.
You can set the value for Beacon interval between 100 ms and 1000ms for each beacon transmission.
•
TPC: The unit transmits the maximum output power for the country or regulatory domain and operational mode
selected. However, with Transmit Power Control (TPC), you can adjust the output power of the unit to a lower level
in order to reduce interference to neighboring devices or to use a higher gain antenna without violating the
maximum radiated output power allowed for your regulatory domain.
•
Cell Size: The cell size setting is a valuable feature for achieving maximum coverage for a BSS in a wireless
network. It is in dBm.
•
DTIM: The Delivery Traffic Indicator Map (DTIM) timer determines how frequently the station must leave power
save mode and determine if the traffic is lining up for it. You can set the DTIM interval based on the applications
that are being used on the network.
11n Properties Features
•
11n AMPDU (Aggregated MAC Protocol Data Unit) Status: AMPDU (Aggregated MAC Protocol Data Unit)
specifies the aggregation of several MAC frames into a single large frame to achieve higher throughput.
•
AMPDU Max Num Frames: This field represents the AMPDU frames that are transmitted as a single PSDU by
the PHY. It can be configured up to 64 frames.
•
AMPDU Max FrameSize: This parameter is used to configure the maximum AMPDU frame size (in bytes) that
can be transmitted.
•
11n AMSDU (Aggregated MAC Service Data Unit) Status: This parameter is used define the AMSDU status for
wireless 11n interface.
•
Frequency Extension: This parameter is used to configure the frequency extension for the wireless interface.
35
Access Point Features
Configuring the Device
AP-800 User Guide
•
Guard Interval: Guard Interval ensures that distinct transmissions do not interfere with one another. This feature
provides immunity to users. Each user is allotted a time slot to transmit their data and this time slot ends with the
guard interval. This parameter is used to configure the guard interval for the wireless interface.
•
Tx Antennas: This parameter enables the transmission antennas. This is configured as bit-mask. Eg: 3 - 011
(binary value) - first and second antennas are enabled. 7 - 111 (binary value) - all three are enabled.
•
Rx Antennas: This parameter enables the receiving antennas. This is configured as bit-mask. Eg: 3 - 011 (binary
value) - first and second antennas are enabled. 7 - 111 (binary value) - all three are enabled.
The bottom enclosure of the device will display R and A with specific numbers, where R stands for Radio and A stands for
Antenna.
Decimal
Binary
Active Antennas
Marking of the Enclosure
1
001
First Antenna
A1
2
010
Second Antenna
A2
3
011
First and Second Antenna
A1 and A2
4
100
Third Antenna
A3
5
101
Third and First Antenna
A3 and A1
6
110
Third and Second Antenna
A3 and A2
7
111
First, Second and Third Antenna
A1, A2, and A3
Ethernet
The Ethernet feature is the most popular physical layer LAN technology because it strikes a good balance between
speed, cost and ease of installation. Because of these benefits it is an ideal networking technology for the computer
users. Using this feature you can view the properties of the Ethernet of your network.
Ethernet Features
•
MAC Address: This parameter represents the MAC address of the Ethernet interface.
•
Speed: This parameter is used for configuring the speed of the Ethernet interface.
•
Transmit: This parameter is used for configuring the transmit mode of the Ethernet interface.
Security
The AP supports the following security features:
•
WEP Encryptions
The IEEE 802.11 standards specify an optional encryption feature, known as Wired Equivalent Privacy or WEP, that is
designed to provide a wireless LAN with a security level equal to what is found on a wired Ethernet network. WEP
encrypts the data portion of each packet exchanged on an 802.11 network using an Encryption Key (also known as a
WEP Key).
When Encryption is enabled, two 802.11 devices must have the same Encryption Keys and both devices must be
configured to use Encryption in order to communicate. If one device is configured to use Encryption but a second device
is not, then the two devices will not communicate, even if both devices have the same Encryption Keys.
•
802.1x Authentication
IEEE 802.1x is a standard that provides a means to authenticate and authorize network devices attached to a LAN port.
A port in the context of IEEE 802.1x is a point of attachment to the LAN, either a physical Ethernet connection or a
wireless link to an Access Point. 802.1x requires a RADIUS server and uses the Extensible Authentication Protocol
36
Access Point Features
Configuring the Device
AP-800 User Guide
(EAP) as a standards-based authentication framework, and supports automatic key distribution for enhanced security.
The EAP-based authentication framework can easily be upgraded to keep pace with future EAP types.
Popular EAP types include:
•
EAP-Message Digest 5 (MD5): Username/Password-based authentication; does not support automatic key
distribution
•
EAP-Transport Layer Security (TLS): Certificate-based authentication (a certificate is required on the server and each
client); supports automatic key distribution
•
EAP-Tunneled Transport Layer Security (TTLS): Certificate-based authentication (a certificate is required on the
server; a client’s username/password is tunneled to the server over a secure connection); supports automatic key
distribution
•
PEAP - Protected EAP with MS-CHAP: Secure username/password-based authentication; supports automatic key
distribution
Different servers support different EAP types and each EAP type provides different features. See the documentation that
came with your RADIUS server to determine which EAP types it supports.
NOTE: The AP supports the following EAP types when Security Mode is set to 802.1x, WPA, or 802.11i (WPA2):
EAP-TLS, PEAP, EAP-TTLS, EAP-MD5, and EAP-SIM.
Authentication Process
There are three main components in the authentication process. The standard refers to them as:
1. Supplicant (client PC)
2. Authenticator (Access Point)
3. Authentication server (RADIUS server)
When the Security Mode is set to 802.1x Station, WPA Station, or 802.11i Station you need to configure your RADIUS
server for authentication purposes.
Prior to successful authentication, an unauthenticated client PC cannot send any data traffic through the AP device to
other systems on the LAN. The AP inhibits all data traffic from a particular client PC until the client PC is authenticated.
Regardless of its authentication status, a client PC can always exchange 802.1x messages in the clear with the AP (the
client begins encrypting data after it has been authenticated).
The AP acts as a pass-through device to facilitate communications between the client PC and the RADIUS server. The
AP (2) and the client (1) exchange 802.1x messages using an EAPOL (EAP Over LAN) protocol (A). Messages sent from
the client station are encapsulated by the AP and transmitted to the RADIUS (3) server using EAP extensions (B).
Upon receiving a reply EAP packet from the RADIUS, the message is typically forwarded to the client, after translating it
back to the EAPOL format. Negotiations take place between the client and the RADIUS server. After the client has been
successfully authenticated, the client receives an Encryption Key from the AP (if the EAP type supports automatic key
distribution). The client uses this key to encrypt data after it has been authenticated.
For 802.11b/g clients that communicate with an AP, each client receives its own unique encryption key; this is known as
Per User Per Session Encryption Keys.
•
Wi-Fi Protected Access (WPA/802.11i [WPA2])
Wi-Fi Protected Access (WPA) is a security standard designed by the Wi-Fi Alliance in conjunction with the Institute of
Electrical and Electronics Engineers (IEEE). The AP supports 802.11i (WPA2), based on the IEEE 802.11i security
standard.
WPA is a replacement for Wired Equivalent Privacy (WEP), the encryption technique specified by the original 802.11
standard. WEP has several vulnerabilities that have been widely publicized. WPA addresses these weaknesses and
provides a stronger security system to protect wireless networks.
WPA provides the following new security measures not available with WEP:
37
Access Point Features
Configuring the Device
AP-800 User Guide
•
Improved packet encryption using the Temporal Key Integrity Protocol (TKIP) and the Michael Message Integrity
Check (MIC).
•
Per-user, per-session dynamic encryption keys:
•
•
–
Each client uses a different key to encrypt and decrypt unicast packets exchanged with the AP
–
A client's key is different for every session; it changes each time the client associates with an AP
–
The AP uses a single global key to encrypt broadcast packets that are sent to all clients simultaneously
–
Encryption keys change periodically based on the Re-keying Interval parameter
–
WPA uses 128-bit encryption keys
Dynamic Key distribution
–
The AP generates and maintains the keys for its clients
–
The AP securely delivers the appropriate keys to its clients
Client/server mutual authentication
–
802.1x
–
Pre-shared key (for networks that do not have an 802.1x solution implemented)
The AP supports the following WPA security modes:
•
WPA: The AP uses 802.1x to authenticate clients and TKIP for encryption. You should only use an EAP that supports
mutual authentication and session key generation, such as EAP-TLS, EAP-TTLS, and PEAP. See 802.1x
Authentication for details.
•
WPA-PSK (Pre-Shared Key): For networks that do not have 802.1x implemented, you can configure the AP to
authenticate clients based on a Pre-Shared Key. This is a shared secret that is manually configured on the AP and
each of its clients. The Pre-Shared Key must be 256 bits long, which is either 64 hexadecimal digits or 32
alphanumeric characters. The AP also supports a PSK Pass Phrase option to facilitate the creation of the TKIP
Pre-Shared Key (so a user can enter an easy-to-remember phrase rather than a string of characters).
•
802.11i (also known as WPA2): The AP provides security to clients according to the 802.11i standard, using 802.1x
authentication, a CCMP cipher based on AES, and re-keying.
•
802.11i-PSK (also known as WPA2 PSK): The AP uses a CCMP cipher based on AES, and encrypts frames to
clients based on a Pre-Shared Key. The Pre-Shared Key must be 256 bits long, which is either 64 hexadecimal digits
or 32 alphanumeric characters. The AP also supports a PSK Pass Phrase option to facilitate the creation of the
Pre-Shared Key (so a user can enter an easy-to-remember phrase rather than a string of characters).
NOTE: For more information on WPA, see the Wi-Fi Alliance Web site at http://www.wi-fi.org.
Recommended Security Profiles
Proxim recommends to configure following combination of the security profiles:
•
MAC-ACL + WEP/WPA-PSK
If you have enabled the MAC-ACL as Local MAC Authentication, then you need to ensure that you have the combination
of WEP/WPA-PSK security profile. Once you enable the MAC-ACL authentication then based on the MAC-ACL policy the
client will get connected.
•
Radius-MAC + WEP/WPA-PSK
If you have enabled RADIUS-MAC as RADIUS-MAC Authentication, then you need to ensure that you have the
combination of WEP/WPA-PSK security profile. If you enable RADIUS-MAC, then ensure that RADIUS Authentication
server is configured.
•
WPA2/WPA
CAUTION: Proxim recommends not to enable both Local MAC Authentication and RADIUS-MAC Authentication. You
also need to ensure that RADIUS MAC Authentication and Access Control is not enabled together.
38
Access Point Features
Configuring the Device
AP-800 User Guide
Configuring Security Profiles
Security policies can be configured and applied on the AP as a whole, or on a per SSID basis. You can configure a
security profile for each VLAN.
The user defines a security policy by specifying one or more values for the following parameters:
•
Wireless STA types (WPA station, 802.11i (WPA2) station, WPA-PSK, and 802.11i-PSK) that can associate to the AP.
•
Authentication mechanisms (802.1x ) that are used to authenticate clients for each type of station.
•
Cipher Suites (AES, TKIP, WEP, None) used for encapsulating the wireless data for each type of station.
NOTE: If you select WEP or TKIP, then the device will work on legacy rates not on 11n rates.
AP-800 supports up to 8 security profiles and can be mapped to any of the VAPs. You can apply unique security profiles
to VAPs without enabling the VLAN.
Wireless Security Features
•
Profile Name: This parameter represents the name of the security profile name.
•
Authentication Mode: This parameter is used to configure the security authentication mode for wireless.
•
WEP Key: This parameter is used to configure the Wep key for wireless security.
•
Encryption Type: This parameter is used to configure the type of encryption for the wireless security.
•
PSK: This is the read parameter and used to display the security key in asterisk.
•
Rekeying Interval: This parameter represents the time interval within which the number of times the key is changed.
NOTE: Rekeying Interval in case of Dynamic WEP is WEP Rekeying Interval, whereas in the case of WPA Security
Modes is WPA Group Rekeying Interval.
RADIUS
Configuring Radius Profiles on the AP allows the administrator to define a profile for RADIUS Servers used by the system
or by a VLAN.
The network administrator can configure default RADIUS authentication servers to be used on a system-wide basis, or in
networks with VLANs enabled the administrator can also configure separate authentication servers to be used for MAC
authentication, 802.1x authentication, or RADIUS based accounting. If the back-up server are configured, then the AP
will communicate with the back-up server till the primary server is offline.
The AP communicates with the RADIUS server defined in a profile to provide the following features:
MAC Access Control Via RADIUS Authentication
If you want to control wireless access to the network and if your network includes a RADIUS Server, you can store the list
of MAC addresses on the RADIUS server rather than configure each AP individually. you can define a RADIUS profile
that specifies the IP Address of the server that contains a central list of MAC Address values identifying the authorized
stations that may access the wireless network. You must specify information for the least primary RADIUS server. The
back-up server is optional.
NOTE: Each VLAN can be configured to use a separate RADIUS server (and backup server) for MAC authentication.
MAC access control can be separately enabled for each VLAN.
802.1x Authentication using RADIUS
You must configure a primary EAP/802.1x Authentication server to use 802.1x security. A back-up server is optional.
NOTE: Each VLAN can be configured to use a separate RADIUS server (and back-up server) for 802.1x authentication.
802.1x authentication (“EAP authentication”) can be separately enabled for each VLAN.
39
Access Point Features
Configuring the Device
AP-800 User Guide
RADIUS Accounting
Using an external RADIUS server, the AP can track and record the length of client sessions on the access point by
sending the RADIUS accounting messages per RFC2866. When a wireless client is successfully authenticated, RADIUS
accounting is initiated by sending an “Accounting Start” request to the RADIUS server. When the wireless client session
ends, an “Accounting Stop” request is sent to the RADIUS server.
NOTE: Each VLAN can be configured to use a separate RADIUS accounting server (and backup accounting server).
Session Length
Accounting sessions continue when a client reauthenticates to the same AP. Sessions are terminated when:
1. A client disassociates
2. Session-Timeout attributes are configured in the Radius server.
If the client roams from one AP to another, one session is terminated and a new session begins.
NOTE: This feature requires RADIUS authentication using 802.1x. If the clients are using Local MAC Authentication or
RADIUS MAC Authentication, then the session length is not tracked.
Authentication Attributes
•
User-Name
This Attribute indicates the name of the user that needs to be authenticated. It must be sent in Access-Request packets if
available.
•
User-Password
This Attribute indicates the password of the user to be authenticated, or the user's input following an Access-Challenge.
It is only used in Access-Request packets.
•
NAS-IP-Address
This Attribute indicates the identifying IP Address of the NAS which is requesting authentication of the user, and should
be unique to the NAS within the scope of the RADIUS server. NAS-IP-Address is only used in Access-Request packets.
•
State
This Attribute is available to be sent by the server to the client in an Access-Challenge and must be sent unmodified from
the client to the server in the new Access-Request reply to that challenge, if any.
•
Class
This Attribute is available to be sent by the server to the client in an Access-Accept and should be sent unmodified by the
client to the accounting server as part of the Accounting-Request packet if accounting is supported.
•
Session-Timeout
This Attribute sets the maximum number of seconds of service to be provided to the user before termination of the
session or prompt. This Attribute is available to be sent by the server to the client in an Access-Accept or
Access-Challenge.
•
Termination-Action
This Attribute indicates what action the NAS should take when the specified service is completed. It is only used in
Access-Accept packets.
•
Called-Station-Id
This Attribute allows the NAS to send in the Access-Request packet the phone number that the user called, using Dialed
Number Identification (DNIS) or similar technology. It isonly used in Access- Request packets.
•
Calling-Station-Id
40
Access Point Features
Configuring the Device
AP-800 User Guide
This Attribute allows the NAS to send in the Access-Request packet the phone number that the call came from, using
Automatic Number Identification (ANI) or similar technology. It is only used in Access-Request packets.
•
Acct-Interim-Interval
Obtained during the Authentication process and used for determining the time interval for sending Accounting Update
messages.
NOTE: If this attribute is not obtained from the Radius Server, the AP uses default value of 300 seconds for updating
the accounting messages.
Accounting Attributes
•
Acct-Status-Type
This attribute indicates whether this Accounting-Request marks the beginning of the user service (Start) or the end
(Stop).
•
Acct-Input-Octets
This attribute indicates how many octets have been received from the port over the course of this service being provided,
and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop.
•
Acct-Output-Octets
This attribute indicates how many octets have been sent to the port in the course of delivering this service, and can only
be present in Accounting-Request records where the Acct-Status-Type is set to Stop.
•
Acct-Session-Id
This attribute is a unique Accounting ID to make it easy to match start and stop records in a log file. The start and stop
records for a given session will have the same Acct-Session-Id.
•
Acct-Authentic
This attribute is included in an Accounting-Request to indicate how the user was authenticated, whether by RADIUS, the
NAS itself, or another remote authentication protocol.
•
Acct-Session-Time
This attribute indicates how many seconds the user has received service for, and can only be present in
Accounting-Request records where the Acct-Status-Type is set to Stop.
•
Acct-Input-Packets
This attribute indicates how many packets have been received from the port over the course of thisservice being provided
to a Framed User, and can only be present in Accounting-Request recordswhere the Acct-Status-Type is set to Stop.
•
Acct-Output-Packets
This attribute indicates how many packets have been sent to the port in the course of delivering this service to a Framed
User, and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop
•
Acct-Terminate-Cause
This attribute indicates how the session was terminated, and can only be present in Accounting- Request records where
the Acct-Status-Type is set to Stop.
RADIUS Features
The parameters that can be configured:
•
Profile Name: This parameter provides the RADIUS profile name.
•
Max ReTransmissions: This parameter represents the maximum number of RADIUS Access requests messages
transmitted from the client to server since the client startup.
41
Access Point Features
Configuring the Device
AP-800 User Guide
•
Message Response Time: This parameter represents the response time in seconds that the AP should wait for the
RADIUS server to respond to a request. The range is between 3 to 12 seconds.
•
ReAuthentication Period: This parameter represents the time interval in seconds for performing 802.1x
re-authentication (EAP re-authentication) for 802.1x enabled client/stations.
NOTE: If the value is set to “0”, then the re-authentication is disabled. This parameter does not apply for clients using
RADIUS MAC Authentication.
You have four radius profiles available for configurations:
•
Server Type: There are four radius profiles available for configurations: Primary Authentication Server, Secondary
Authentication Server, Primary Accounting Server, and Secondary Accounting Server.
•
IP Address: The parameter represents the IP address of the Radius servers.
•
Server Port: This parameter represents the port number which the AP and the server will use to communicate.
•
Shared Secret: This parameter represents the password shared by the RADIUS server and the AP. It must be the
same password that is configured on the RADIUS server.
MAC ACL Features
•
Operation Type: This parameter is used for configure MAC ACL operation type.
While adding the MAC ACL row, following are the parameters:
•
MAC Address: This parameter represents the valid MAC address of the MAC ACL.
•
Comment: This parameter is an optional and is used for entering a comment.
QoS
Wi-Fi Multimedia (WMM)/Quality of Service (QoS) Introduction
The AP supports Wi-Fi Multimedia (WMM), which is a solution for QoS functionality based on the IEEE 802.11e
specification. WMM defines enhancements to the MAC for wireless LAN applications with Quality of Service
requirements, which include transport of voice and video traffic over IEEE 802.11 wireless LANs.
The enhancement are in the form of changes in protocol frame formats (addition of new fields and information elements)
addition of new messages, definition of new protocol actions, channel access mechanisms (differentiated control of
access to medium) and network elements (QoS/WME aware APs, STAs), and configuration management.
WME supports Enhanced Distributed Channel Access (EDCA) for prioritized QoS services. The WME/QoS feature can
be enabled or disabled per VAP.
Enhanced Distributed Channel Access (EDCA)
WME uses Enhanced Distributed Channel Access, a prioritized CSMA/CA access mechanism used by WME-enabled
clients/AP in a WME enabled BSS to realize different classes of differentiated Channel Access.
A wireless Entity is defined as all wireless clients and APs in the wireless medium contending for the common wireless
medium. EDCA uses a separate channel access function for each of the Access Categories (Index) within a wireless
entity. Each channel access function in a wireless entity that contends for the wireless medium as if it were a separate
client contending for the wireless medium. Different channel access functions in a given Wireless Entity contend among
themselves for access to the wireless medium in addition to contending with other clients.
STA EDCA Table and AP EDCA Table
This page is used to configure the client (STA) and AP Enhanced Distributed Channel Access (EDCA) parameters. You
can modify the EDCA values for Wireless.
The EDCA parameter set provides information needed by the client stations for proper QoS operation during the wireless
contention period. These parameters are used by the QoS enabled AP to establish policy, to change policies when
42
Access Point Features
Configuring the Device
AP-800 User Guide
accepting new stations or new traffic, or to adapt to changes in the offered load. The EDCA parameters assign priorities
to traffic types where higher priority packets gain access to the wireless medium more frequently than lower priority
packets.
NOTE: Default recommended values for EDCA parameters have been defined; Proxim recommends not to modify
EDCA parameters unless strictly necessary.
QoS EDCA Features
•
Profile Name: This parameter is used to displays the name for the Wireless QoS EDCA profile.
•
STA CW Min: This parameter is used to configure the minimum value for CW for the wireless QoS EDCA profile.
•
STA CW Max: This parameter is used to configure the maximum value for CW for the wireless QoS EDCA profile.
•
STA AI FSN: This parameter is used for configure the AIFSN value for the wireless QoS EDCA profile.
•
STA TXOP: The parameter is used to configure TXOP value for wireless QoS EDCA profile.
•
STA ACM: This parameter is used to configure the status for ACM.
•
AP CW Min: This parameter is used to configure the minimum value for CW for the AP.
•
AP CW Max: This parameter is used to configure the maximum value for CW for the AP.
•
AP TXOP: This parameter is used to configure the TXOP value for the AP.
•
AP ACM: This parameter is used to configure the status of the APACM for the QoS EDCA profile.
802.1D to IP DSCP Mapping Table Features
•
801.1D to IPDSCP index: This parameter is used to specify the 802.1d priority.
•
Lower Limit: This parameter is used to specify IP DSCP lower limit.
•
Upper Limit: This parameter is used to specify IP DSCP upper limit.
802.1D to 802.1p Mapping Table Features
•
801.1D Priority: This parameter is used to specify the 802.1d priority and is used as the secondary index to the
802.1D to 802.1p mapping table.
•
802.1p Priority: The parameter is used to specify the 802.1D to be mapped to a 802.1p priority.
QoS Profile Features
•
QoS Profile Name: This parameter displays the name of the QoS profile name that been assigned.
•
Policy Name: This parameter displays the QoS Policy profile name.
•
EDCA Profile Name: This parameter displays the name of the QoS EDCA profile name.
•
QoS NACK Status: This parameter is used to configure the status of the QoS profile ACK status.
QoS Policy Features
•
Policy Name: This parameter displays the policy name.
•
Policy Type: This parameter is used to configure the QoS type. Policy type can be configured for the following;
Inbound Layer2, Inbound Layer3, Outbound Layer2, and Outbound Layer3.
•
Priority Mapping: This parameter is used for configuring the primary index to the QoS 802.1D to 802.1p mapping
table.
•
Marking Status: This parameter is used to enable or disable the QoS marking.
IP Configuration
The network (internet (TCP/IP)) settings for the Access Point can be either entered manually (static IP address, subnet
mask, and gateway IP address) or obtained automatically (dynamic).
43
Access Point Features
Configuring the Device
AP-800 User Guide
•
Address Type: Set this parameter to Dynamic to configure the Access Point as a Dynamic Host Configuration
Protocol (DHCP) client; the Access Point will obtain IP settings from a network DHCP server automatically during the
boot-up. If you do not have a DHCP server or if you want to manually configure the Access Point’s IP settings, set this
parameter to Static.
•
IP Address: This parameter represents the IP Address of the Access Point. When IP Address Assignment Type is
set to Dynamic, this field is read-only and reports the unit’s current IP address. The Access Point will default to
169.254.128.132, if it cannot obtain an address from a DHCP server.
•
Subnet Mask: The Access Point’s subnet mask. When Address Type is set to Dynamic, this field is read-only and
reports the unit’s current subnet mask. The subnet mask will default to 255.255.0.0 if the unit cannot obtain one from
a DHCP server.
•
Gateway IP Address: The IP address of the Access Point’s gateway. When Address Type is set to Dynamic, this field
is read-only and reports the IP address of the unit’s gateway. The gateway IP address will default to 169.254.128.133
if the unit cannot obtain an address from a DHCP server.
VLAN
Virtual Local Area Networks (VLANs) are logical groupings of network hosts. Defined by software settings, other VLAN
members or resources appear (to clients) to be on the same physical segment, no matter where they are attached on the
logical LAN or WAN segment. They simplify traffic flow between clients and their frequently-used or restricted resources.
VLANs now extend as far as the reach of the Access Point signal. Clients can be segmented into wireless sub-networks
via SSID and VLAN assignment. A Client can access the network by connecting to an AP configured to support its
assigned SSID/VLAN.
AP devices are fully VLAN-ready; however, by default VLAN support is disabled. Before enabling VLAN support, certain
network settings should be configured, and network resources such as a VLAN-aware switch, a RADIUS server, and
possibly a DHCP server should be available.
Once enabled, VLANs are used to conveniently, efficiently, and easily manage your network in the following ways:
•
Manage adds, moves, and changes from a single point of contact
•
Define and monitor groups
•
Reduce broadcast and multicast traffic to unnecessary destinations
–
•
Improve network performance and reduce latency
Increase security
–
Secure network restricts members to resources on their own VLAN
–
Clients roam without compromising security
VLAN tagged data is collected and distributed through an AP's wireless interface(s) based on Network Name (SSID). An
Ethernet port on the Access Point connects a wireless cell or network to a wired backbone. The Access Points
communicate across a VLAN-capable switch that analyzes VLAN-tagged packet headers and directs traffic to the
appropriate ports. On the wired network, a RADIUS server authenticates traffic and a DHCP server manages IP
addresses for the VLAN(s). Resources like servers and printers may be present, and a hub may include multiple APs,
extending the network over a larger area.
Access Points that are not VLAN-capable typically transmit broadcast and multicast traffic to all wireless Network
Interface Cards (NICs). This process wastes wireless bandwidth and degrades throughput performance. In comparison,
a VLAN-capable AP is designed to efficiently manage delivery of broadcast, multicast, and unicast traffic to wireless
clients.
The AP assigns clients to a VLAN based on a Network Name (SSID). The AP can support up to 4 SSIDs per radio, and
multiple SSIDs can have same VLAN Id.
NOTE: It is not required that each VAP should have unique VLAN ID.
44
Access Point Features
Configuring the Device
AP-800 User Guide
The AP matches packets transmitted or received to a network name with the associated VLAN. Traffic received by a
VLAN is only sent on the wireless interface associated with that same VLAN. This eliminates unnecessary traffic on the
wireless LAN, conserving bandwidth and maximizing throughput.
Typical User VLAN Configurations
VLANs segment network traffic into workgroups, which enable you to limit broadcast and multicast traffic. Workgroups
enable clients from different VLANs to access different resources using the same network infrastructure. Clients using the
same physical network are limited to those resources available to their workgroup.
The AP can segment users into a maximum of 4 different workgroups per radio, based on an SSID/VLAN grouping.
The VLANs are very useful to segment the LAN into different broadcast domains. This helps in reducing the broadcast
domain by separating the logical segments of a LAN. VLANs can operate in different modes based on the incoming
traffic.
VLAN on Ethernet port of AP is configured in the Transparent mode. When the VLAN status is disabled, then the bridge
will forward the frames received on wireless interface as it is.
Once the VLAN status is enabled, all the VAP ports are configured with a valid VLAN ID (1 to 4094) and all the ports will
act as an access port. All untagged packets received from clients will be tagged by VAP port with VAP VLAN ID and then
forwraded to its destination port.
The VLAN has a 32-bit VLAN Header format as mentioned below:
TPID
Priority
16
•
TPID - Tag Protocol Identifier
•
CFI - Canonical Format Identifier
•
Priority - 0 to 7 (value)
•
VID - VLAN ID (1 to 4094)
3
CFI
VID
1
12
VLAN Features
•
VLAN Status: This parameter is used to configure the VLAN status of the device.
•
Management VLAN ID: This parameter is used to configure the Management VLAN ID. The management stations
must tag the management frames they send to the device with the management VLAN ID.
Filtering
The Access Point’s Packet Filtering features help control the amount of traffic exchanged between the wired and wireless
networks. The Filtering feature supports the filtering for following protocol layers:
Ethernet Layer Filtering
Static MAC Filtering
The Static MAC Address filter optimizes the performance of a wireless (and wired) network. When this feature is properly
configured, the AP can block traffic between wired devices and wireless devices based on MAC address.
For example, you can set up a Static MAC filter to prevent wireless clients from communicating with a specific server on
the Ethernet network. You can also use this filter to block unnecessary multicast packets from being forwarded to the
wireless network.
NOTE: The Static MAC Filter is an advanced feature. You may find it easier to control wireless traffic via other filtering
options, such as Ethernet Protocol Filtering.
45
Access Point Features
Configuring the Device
AP-800 User Guide
Each static MAC entry contains the following fields:
•
Wired MAC Address
•
Wired MAC Mask
•
Wireless MAC Address
•
Wireless MAC mask
•
Comment
•
Status
Each MAC Address or Mask is comprised of 12 hexadecimal digits (0-9, A-F) that correspond to a 48-bit identifier. (Each
hexadecimal digit represents 4 bits (0 or 1)).
Taken together, a MAC Address/Mask pair specifies an address or a range of MAC addresses that the AP will look for
when examining packets. The AP uses Boolean logic to perform an “AND” operation between the MAC Address and the
Mask at the bit level. However, for most users, you do not need to think in terms of bits. It should be sufficient to create a
filter using only the hexadecimal digits 0 and F in the Mask (where 0 is any value and F is the value specified in the MAC
address). A Mask of 00:00:00:00:00:00 corresponds to all MAC addresses, and a Mask of FF:FF:FF:FF:FF:FF applies
only to the specified MAC Address.
For example, if the MAC Address is 00:20:A6:12:54:C3 and the Mask is FF:FF:FF:00:00:00, the AP will examine the
source and destination addresses of each packet looking for any MAC address starting with 00:20:A6. If the Mask is
FF:FF:FF:FF:FF:FF, the AP will only look for the specific MAC address (in this case, 00:20:A6:12:54:C3).
When creating a filter, you can configure the Wired parameters only, the Wireless parameters only, or both sets of
parameters. Which parameters to configure depends upon the traffic that you want to block:
•
To prevent all traffic from a specific wired MAC address from being forwarded to the wireless network, configure only
the Wired MAC Address and Wired Mask (leave the Wireless MAC Address and Wireless Mask set to all zeros).
•
To prevent all traffic from a specific wireless MAC address from being forwarded to the wired network, configure only
the Wireless MAC address and Wireless Mask (leave the Wired MAC Address and Wired Mask set to all zeros).
•
To block traffic between a specific wired MAC address and a specific wireless MAC address, configure all four
parameters.
•
To prevent all traffic from a specific wired Group MAC address from being forwarded to the wireless network,
configure only the Wired MAC Address and Wired Mask (leave the Wireless MAC Address and Wireless Mask set to
all zeros).
•
To prevent all traffic from a specific wireless Group MAC address from being forwarded to the wired network,
configure only the Wireless MAC address and Wireless Mask (leave the Wired MAC Address and Wired Mask set to
all zeros).
•
To block traffic between a specific wired Group MAC address and a specific wireless Group MAC address, configure
all four parameters.
•
To prevent the traffic between wired and wireless MAC and Group MAC address pair, configure any combination four.
A maximum of 200 entries can be created in the Static MAC filter table. To create an entry, click Add and enter the
appropriate MAC addresses and Masks to setup a filter. The entry is enabled automatically when saved.
NOTE: You can specify the MAC addresses and their Masks and also add or delete the entries. Wired and Wireless
MAC Address cannot have broadcast and multicast MAC address.
Ethernet Protocol Filtering
The Ethernet Protocol Filtering blocks or forwards packets based on the Ethernet protocols. The default table along with
the list of Ethernet protocols is made available. You can add, modify or delete the entries that you have created, but the
default values cannot be deleted. You have two options to set the filter status based on the protocol type:
•
Passthru: This filter status will allow the packets to pass through.
•
Block: This filter status will block the packets.
46
Access Point Features
Configuring the Device
AP-800 User Guide
You can enter a maximum number of 64 entries for a table.
Intra BSS Filtering
The wireless clients that associate with a certain AP from the Basic Service Set (BSS) of a network infrastructure. By
default, wireless subscribers in the same BSS can communicate with each other. However, some administrators may
wish to block traffic between wireless subscribers that are associated with the same AP to prevent unauthorized
communication and to conserve bandwidth. This feature enables you to prevent wireless subscribers within a BSS from
exchanging traffic.
Although this feature is generally enabled in public access environments, Enterprise LAN administrators use it conserve
wireless bandwidth by limiting communication between wireless clients. For example, this feature prevents peer-to-peer
file sharing or gaming over the wireless network.
•
If you select to block the traffic, then the wireless traffic between the clients associated with the same or different BSS
(Basic Service Set) will not be able to communicate with each other.
•
If you select to passthru, then the wireless traffic between the clients associated with the same or different BSS will be
able to communicate with each other.
IP Layer
IP Protocol Filtering
This filtering type is also known as Advanced Filtering. The device is provided with some known protocol entries. Using
this filter type you can block the specific IP Protocol traffic. You can enable or disable the entries as well the change the
direction of the traffic.
TCP/UDP Layer
Port-based filtering enables you to control wireless user access to network services by selectively blocking TCP/UDP
protocols through the AP. A user specifies a Protocol Name, Port Number, Port Type (TCP, UDP, or TCP/UDP), and
filtering interfaces (only Wireless, only Ethernet or Both) in order to block access to services, such as Telnet and FTP, and
traffic, such as NETBIOS and HTTP. You can enter up to maximum 64 entries for a table.
For example, an AP with the following configuration would discard frames received on its Ethernet interface with a UDP
destination port number of 137, effectively blocking NETBIOS Name Service packets.
Protocol Name
Port Number
Port Type
Filter Interface
Entry Status
(Enable/Disable)
NETBIOS Name Service
137
UDP
Ethernet
Enable
Filtering Features
•
Global Filter Flag: This parameter is used to enable or disable the filtering tag. If you disable this filtering tag, then the
no filtering feature will be applicable.
•
Intra BSS Filtering: This parameter is used configure wireless to wireless communication.
Protocol Filter
•
Filtering Control: This parameter is used to enable the interface either for Ethernet, Wireless or both.
•
Filtering Type: This parameter is used to configure the filtering type. If the specific protocol is not available on the
protocol filter table, then the filtering type would be performed on the packet that is being transmitted.
•
Protocol Name: This parameter represents the Ethernet protocol filtering name.
•
Protocol Number: This parameter represents the Ethernet protocol filtering number.
•
Filter Status: This parameter is used for configuring the status of the Ethernet protocol filtering.
47
Access Point Features
Managing the Device
AP-800 User Guide
Static MAC Address Filter
•
Wired MAC Address: This parameter represents the MAC address for the filter wired address.
•
Wired MAC Mask: This parameter represents the MAC address for the filter wired Mask.
•
Wireless MAC Address: This parameter represents the MAC address for the filter wireless address.
•
Wireless MAC Mask: This parameter represents the MAC address for the filter wireless Mask.
•
Comment: This parameter is used for entering the comment for the Static MAC filter table and this ia an optional
parameter.
Advanced Filtering
•
Protocol Name: This parameter is used to represent the protocol name that is to be filtered.
•
Direction: This parameter represents the direction of the individual entry in the advanced filter table. The direction can
be enabled either for Ethernet to Wireless, Wireless to Ethernet or both ways.
TCP/UDP Port Filter
•
Filter Control: This parameter is used for configuring the status for the TCP/UDP port filter.
•
Protocol Name: This parameter is used to configure the protocol name.
•
Port Number: This parameter represents the TCP/UDP port filter number.
•
Port Type: This parameter represents the port type for this TcpUdp Port filter table entry. The object can be either TCP
or UDP or TCP/UDP.
•
Filter Interface: This parameter is used to configure the interface. By default, the object is set to All Interfaces. The
filter can be enabled either for Ethernet, Wireless or All Interface.
For more information on how to configure the above mentioned features, refer the following chapters:
•
Using Web Interface: Using Web Interface to Manage the Access Point
•
Using SNMP Interface: Using SNMP Interface to Manage the Access Point
•
CLI Interface: Using CLI to Manage the Access Point
Managing the Device
Following features are available under Device Management:
System Information
This feature of the Access Point provides system specific information such as system name and contact information. It
also provides the inventory management information such as Access Point’s hardware, software, version and other
information about the AP’s installed components.
System Information Features
•
System Up-Time: This is a read-only field that displays how long the Access Point has been running since its last
reboot.
•
System Description: This parameter provides the description of the system. This is a read-only field that reports the
Access Point’s name, serial number, current image software version, and current bootloader software version.
•
System Name: This parameter provides the system name that is assigned. By default this displays the complete
domain name.
•
Email: The email address of the person responsible for the AP.
•
Phone Number: The phone number of the person responsible for the AP.
•
Location: The location where the AP is installed.
48
Access Point Features
Managing the Device
AP-800 User Guide
•
GPS Longitude: The longitude at which the AP is installed. Enter the value in the format required by your network
management system.
•
GPS Latitude: The latitude at which the AP is installed. Enter the value in the format required by your network
management system.
•
GPS Altitude: The altitude at which the AP is installed. Enter the value in the format required by your network
management system.
•
Country Code: The country in which the AP will be used. Setting the country makes the AP automatically compliant
with the rules of the regulatory domain in which it is used by configuring the allowed frequency bands, channels,
Dynamic Frequency Selection Status, Transmit Power Control status, and power levels.
System Inventory Management Table Features
•
Serial Number: This parameter identifies the system component serial number
•
Name: This parameter identifies the system component name.
•
Component ID: This parameter identifies the system component identification.
•
Variant: This parameter identifies the system component variant number.
•
Release Version: This parameter identifies the system component release version number.
•
Major Version: This parameter identifies the system component major version number.
•
Minor Version: This parameters identifies the system component minor version number.
Upgrading the Firmware
Using the File Management option you can manage your files through HTTP and TFTP.
The HTTP Interface (Web browser Interface) provides easy access to configuration settings and network statistics from
any computer on the network. You can access the HTTP Interface over your LAN (switch, hub etc) over the Internet, or
with a “cross-over” Ethernet cable connected directly to your computer.
Using the TFTP server you can transfer files across a network. You can upload files from the AP for backup or copying,
you can download the files for configuration and AP image upgrades.
File Management
Using the File Management category you can upgrade your device firmware:
•
Downloading files (Config, image) to the AP using one of the two methods is called Update Device.
•
Uploading files (Config, Event Log) from the AP is called Retrieve From Device.
TFTP File Transfer Guidelines
A TFTP server must be running and configured to point to the directory containing the file. If you do not have a TFTP
server on your system, install the TFTP server from the installation CD.
HTTP File Transfer Guidelines
HTTP file transfer can be performed either with or without SSL enabled. HTTP file transfers with SSL require enabling
Secure Management and Secure Management and Secure Socket Layer. HTTP transfers that use SSL may take
additional time.
Image Error Checking during File Transfer
The Access Point performs checks to verify that an image downloaded through HTTP or TFTP is valid. The following
checks are performed on the downloaded image:
•
Zero image size
•
Large image size
49
Access Point Features
Managing the Device
•
AP image
•
Digital signature verification
AP-800 User Guide
If any of the above checks fails on the download image, the Access Point deletes the download image and retains the old
image. Otherwise, if all checks pass successfully, the AP detects the old image and retains the download image.
These checks are to ensure that the AP does not enter an invalid image state. The storage of the two images is only
temporary to ensure the proper verification; the two images will not be stored in the AP permanently.
Update Device Using HTTP - Features
•
File Type: This parameter represents the typr of file being downloaded to the device.
•
File Name: This parameter represents the filename to be downloaded.
Update Device Using TFTP - Features
•
Server IP Address: This parameter represents the IP address for the TFTP server.
•
File Name: This parameter represents the filename to upload or download to the TFTP server.
•
File Type: This parameter represents the type of file being downloaded to the device.
•
Operation: This parameter represents the type of operation that has to be completed. The option that are provided
are: None, Update, and Update and Reboot.
Retrieve From Device Using HTTP - Features
•
File Type: This parameter represents the type of file being uploaded to the device.
Retrieve From Device Using TFTP - Features
•
Server IP Address: This parameter represents the IP address for the TFTP server.
•
File Name: This parameter represents the filename to upload or download to the TFTP server.
•
File Type: This parameter represents the type of file being uploaded to the device.
Password Management
The Management Services feature provides a consolidated page where you can configure all the required passwords for
the Access Point.
Services Features
HTTP Password: This parameter is used to set the HTTP login password. This password should be in alphanumeric with
minimum of 8 and maximum of 32 characters.
HTTP: This parameter represents the TCP/IP port by which the HTTP server will be accessile.
HTTPS: This parameter is used to enable or disable the HTTPS access to the device from any host.
Telnet/SSH Password: This parameter is used to set the Telnet/SSH login password. This password should be in
alphanumeric with minimum of 6 and maximum of 32 characters.
Telnet: This parameter is used to enable or disable the Telnet access to the device from any host.
SSH: This parameter is used to enable or disable the SSH access to the device from any host.
SNMP: This parameter allows to enable or disable the SNMP access.
SNMP Password: This parameter represents the read-only community name used in the SNMP protocol. It is sent along
with each SNMP Get-Request to allow or deny access to device. This password should be same as read password set at
the NMS or mib browser). This password should be in alphanumeric with minimum of 6 and maximum of 32 characters.
Trap Host IP Address: This parameter represents the IP address of the management station that will receive SNMP
traps from the device.
50
Access Point Features
Monitoring the Device
AP-800 User Guide
Management Access Control
The Management Access Control feature provides you an option of controlling the interface.
Management Access Control Feature Table Features:
•
Access Table Status: This parameter is used to enable or disable the Access Control Table. By default it is disabled.
Please check to enable and uncheck to disable. If this parameter is enabled the device can be managed only with
configured IP Address list.
•
IP Address: This parameter represents the IPv4 IP Address for which the traffic need to be passed.
For more information on how to configure the above mentioned features, refer the following chapters:
•
Using Web Interface: Using Web Interface to Manage the Access Point
•
Using SNMP Interface: Using SNMP Interface to Manage the Access Point
•
CLI Interface: Using CLI to Manage the Access Point
Monitoring the Device
Following features are available under Device Monitor:
System Log
The Syslog messaging system enables the AP to transmit event messages to a central server for monitoring and
troubleshooting. Syslog Events are logged according to the level of detail specified by the administrator. Logging only
urgent system messages will create a far smaller, more easily read log than a log of every event the system encounters.
If the SysLog server is configured, then System Log messages can be sent to other hosts.
System Log Features
•
Log Status: This parameter is used to configure the status for the SysLog. Select enable to enable the Syslog status
or disable to disable the syslog status.
•
Log Priority: This parameter is used to configure the priority for the syslog. Select 1 for emergency, 2 for alert, 3 for
critical, 4 for error, 5 for warning, 6 for notice, info for 7 and 8 for debug.
System Log Host Table Features
•
IP Address: This parameter is used to represent the IP address of the Sys Log table.
•
Port: This parameter is used to represents the host port for the Sys Log table.
•
Host Comment: This parameter is used to configure the status of the Syslog host entry table.
Event Log
The Event Log keeps track of events that occur during the operation of the device. The Event Log displays messages that
may not be captured by System Traps, such as the Transmit Power for the Frequency Channel selected.
Event Log Features
•
Log Priority: This parameter is used to configure the priority for the event log table. The options are: Emergency,
Alert, Critical, Error, Warning, Notice, Info, and Debug.
SNTP
SNTP allows a network entity to communicate with time servers in the network/internet to retrieve and synchronize time
of day information. When this feature is enabled, the AP will attempt to retrieve the time of day information from the
configured time servers (primary or secondary), and, if successful, will update the relevant time objects in the AP. If the
51
Access Point Features
Monitoring the Device
AP-800 User Guide
AP fails to retrieve the information after three attempts, the AP will use the system uptime and update the relevant time
objects. If this feature is disabled, the user cannot configure the date and time parameters.
SNTP Features
•
SNTP Status: This parameter is used to enable or disable the SNTP functionality.
•
Primary Server Name Or IP Address: This parameter is used for the primary SNTP server IP address name.
•
Secondary Server Name Or IPAddress: This parameter is used for the secondary SNTP server IP address name.
•
Time Zone: This parameter is used to specify the appropriate time zone.
Day Light Saving Time: This parameter is used to indicate the number of hours to adjust for Daylight Saving Time.
Interface Statistics
Statistics feature provides you the information about the various interfaces that are available for the Access Points. The
sub-features that are available are described below:
Station Statistics
Station Statistics display information on wireless clients attached to the AP.
•
VAP Number: The VAP number on which the client is connected with the AP.
•
MAC Address: The MAC address of the wireless client for which the statistics are gathered.
•
Rx Data Frames: The number of data frames that are received.
•
Tx Data Frames: The number of data frames that are transmitted.
•
RSSI: This represents the Received Signal Strength of the Station.
•
Tx Rate: This parameter represents the transmission rate of the station.
•
State: This parameter represents the present status of the station.
Wireless Statistics
Wireless Statistics display information on the wireless interface.
•
Description: Information about the interface (e.g., the name of the manufacturer, the product name and the version of
the hardware interface).
•
Type: This displays the type of interface.
•
MTU: Maximum Transfer Unit is the largest size of IP datagram which may be transferred using a speciifc data link
connection. The size of MTU may vary greatly between different links.
•
Physical Address: The wireless interface’s address at the protocol layer immediately below the network layer in the
protocol stack.
•
Operational Status: The current state of the interface: Up (ready to pass packets), Down (not ready to pass packets,
or Testing (testing and unable to pass packets).
•
Last Change: The value of the sysUpTime object at the time the interface entered its current operational state.
•
In Octets: The total number of octets received on the interface, including framing characters.
•
In Ucast Packets: The number of subnetwork unicast packets delivered to a higher-layer protocol.
•
In Nucast Packets: The number of non-unicast (i.e., subnetwork-broadcast or subnetwork-multicast) packets
delivered to a higher-layer protocol.
•
In Errors: The number of inbound packets that contained errors preventing them from being deliverable to a
higher-layer protocol.
•
Out Octets (bytes): The total number of octets transmitted out of the interface, including framing characters.
•
Out Ucast Packets: The total number of packets that higher-level protocols requested to be transmitted to a
subnetwork-unicast address, including those that were discarded or not sent.
52
Access Point Features
Monitoring the Device
AP-800 User Guide
•
Out Discards: The number of error-free outbound packets chosen to be discarded to prevent their being transmitted.
One possible reason for discarding such a packet could be to free up buffer space.
•
Out Errors: The number of outbound packets that could not be transmitted because of errors.
Ethernet Statistics
Ethernet Statistics display information on the Ethernet interface.
•
Description: Information about the interface (e.g., the name of the manufacturer, the product name and the version of
the hardware interface).
•
Type: This displays the type of interface.
•
MTU: Maximum Transfer Unit is the largest size of IP datagram which may be transferred using a speciifc data link
connection. The size of MTU may vary greatly between different links.
•
Physical Address: The wireless interface’s address at the protocol layer immediately below the network layer in the
protocol stack.
•
Operational Status: The current state of the interface: Up (ready to pass packets), Down (not ready to pass packets,
or Testing (testing and unable to pass packets).
•
Last Change: The value of the sysUpTime object at the time the interface entered its current operational state.
•
In Octets: The total number of octets received on the interface, including framing characters.
•
In Ucast Packets: The number of subnetwork unicast packets delivered to a higher-layer protocol.
•
In Nucast Packets: The number of non-unicast (i.e., subnetwork-broadcast or subnetwork-multicast) packets
delivered to a higher-layer protocol.
•
In Errors: The number of inbound packets that contained errors preventing them from being deliverable to a
higher-layer protocol.
•
Out Octets (bytes): The total number of octets transmitted out of the interface, including framing characters.
•
Out Ucast Packets: The total number of packets that higher-level protocols requested be transmitted to a
subnetwork-unicast address, including those that were discarded or not sent.
•
Out Discards: The number of error-free outbound packets chosen to be discarded to prevent their being transmitted.
One possible reason for discarding such a packet could be to free up buffer space.
•
Out Errors: The number of outbound packets that could not be transmitted because of errors.
Bridge
The AP is a bridge between the wired and the wireless networking devices. Bridge Statistics display information that is
available on the Bridge.
Bridge Statistics
•
Description: Information about the interface (e.g., the name of the manufacturer, the product name and the
version of the hardware interface).
•
Type: This displays the type of interface.
•
Mtu: Maximum Transfer Unit is the largest size of IP datagram which may be transferred using a speciifc data link
connection. The size of MTU may vary greatly between different links
•
Physical Address: The wireless interface’s address at the protocol layer immediately below the network layer in
the protocol stack.
•
Operational Status: The current state of the interface: Up (ready to pass packets), Down (not ready to pass
packets, or Testing (testing and unable to pass packets).
•
Last Change: The value of the sysUpTime object at the time the interface entered its current operational state.
•
In Octets: The total number of octets received on the interface, including framing characters.
•
In Ucast Packets: The number of subnetwork unicast packets delivered to a higher-layer protocol.
53
Access Point Features
Monitoring the Device
AP-800 User Guide
•
In Nucast Packets: The number of non-unicast (i.e., subnetwork-broadcast or subnetwork-multicast) packets
delivered to a higher-layer protocol.
•
In Errors: The number of inbound packets that contained errors preventing them from being deliverable to a
higher-layer protocol.
•
Out Octets (bytes): The total number of octets transmitted out of the interface, including framing characters.
•
Out Ucast Packets: The total number of packets that higher-level protocols requested be transmitted to a
subnetwork-unicast address, including those that were discarded or not sent.
•
Out Discards: The number of error-free outbound packets chosen to be discarded to prevent their being transmitted.
One possible reason for discarding such a packet could be to free up buffer space.
•
Out Errors: The number of outbound packets that could not be transmitted because of errors.
Network Layer
This page provides information of the IP ARP and for the received and transmitted messages.
RADIUS
Authentication Statistics
The feature description are:
•
Round Trip Time: This parameter represents the round trip time for messages exchanged between radius client
and authentication server since client startup.
•
Stats Requests: This parameter represents the number of RADIUS Access Requests messages transmitted from
the client to the server since client startup.
•
Retransmissions: This parameter represents the number of RADIUS Access Requests messages retransmitted
from the client to the server since client startup.
•
Access Accepts: This parameter indicates the number of RADIUS Access Accept messages received since
system startup.
•
Access Rejects: This parameter represents the number of RADIUS Access Rejects messages received since the
system startup.
•
Access Challenges: This parameter represents the number of RADIUS Access Challenges messages received
since the system startup.
•
Stats Responses: This parameter represents the total number of RADIUS Access messages received from the
authentication server since system startup.
•
Malformed Responses: This parameter represents the number of malformed RADIUS Access Response
messages received since system satrtup.
•
Bad Authenticators: This parameter represents the number of malformed RADIUS Access response messages
containing invalid authenticators received since system startup.
•
Timeouts: This parameter represents the total number of timeouts for RADIUS Access Request messages since
system startup.
•
Unknown Types: This parameter represents the number of messages with unknown Radius Message Code
since system startup.
•
Packets Dropped: This parameter represents the number of Radius message which do not contain any EAP
payloads or EAP State machine do not have any valid EAP state data since system startup.
Accounting Statistics
The feature description are:
•
Round Trip Time: This parameter represents the round trip time for messages exchanged between radius client
and accounting server since client startup.
54
Access Point Features
Monitoring the Device
AP-800 User Guide
•
Stats Requests: This parameter represents the number of RADIUS Access Requests messages transmitted from
the client to the server since client startup.
•
Retransmissions: This parameter represents the number of RADIUS Access Requests messages retransmitted
from the client to the server since client startup.
•
Stats Responses: This parameter represents the total number of RADIUS Access messages received from the
accounting server since system startup.
•
Malformed Responses: This parameter represents the number of malformed RADIUS Access Response
messages received since system satrtup.
•
Stats Timeouts: This parameter represents the total number of timeouts for RADIUS Access Request messages
since system startup.
•
Unknown Types: This parameter represents the number of messages with unknown Radius Message Code
since system startup.
•
Packets Dropped: This parameter represents the number of Radius message which do not contain any EAP
payloads or EAP State machine do not have any valid EAP state data since system startup.
For more information on how to configure the above mentioned features, refer to the following chapters:
•
Using Web Interface: Using Web Interface to Manage the Access Point
•
Using SNMP Interface: Using SNMP Interface to Manage the Access Point
•
CLI Interface: Using CLI to Manage the Access Point
55
AP-800 User Guide
Using Web Interface to Manage the Access Point
6
This chapter contains information on configuring and managing settings for the various features that are available for the
Access Point using the Web Interface. The Web Interface is categorized in three sections and each section provides you
information on how to configure and manage your Access Points:
•
Web Interface Overview
•
Error Message
•
Configuring the Device
•
Managing the Device
•
Monitoring the Device
To configure the AP using the Web interface, you must first log in to a web browser. See Logging In for instructions.
Web Interface Overview
There are four important buttons in the graphical interface of the software. They are described below.
•
Commit: Commit button affects the changes in the configuraion of different parameters of the software.
•
Reboot: Reboot button reboots the device after changing the configuration of parameters.
•
Home: Home button takes you to the Home page of the software.
•
Help: Help button shows you the context sensitive help for each and every new interface.
Figure 6-1 Commit (1), Reboot (2), Home (3) and Help (4) Buttons
Error Message
This error message, shown below, pops up when you try to configure a non-configurable parameter. This error message
asks you to verify your data to configure that particular parameter or warns you to a correct pathway.
Figure 6-2 Error Message
56
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
Configuring the Device
Using the web interface, you can configure the following features that are available for device:
Wireless: Configure the Access point’s wireless features, such as SSID, wireless properties and 11n properties.
Configure the blacklisted channel table.
Ethernet: Configure the Ethernet’s settings of the Access Point.
Security: Configure security features such as MAC Access Control, WPA, WPA2, WEP Encryption. Configure RADIUS
features such as RADIUS Access Control, Authorization and Accounting.
QoS: Configure Wireless Multimedia Enhancement/Quality of Service parameters QoS policies.
IP Configuration: Configure the IP, DNS client, DHCP server, DHCP Relay Agent, DHCP Relay Servers, Link Integrity
and SNTP settings.
VLAN: Configure VLAN for each interface.
Filtering: Configure Ethernet protocol filters, Static MAC address filters, advanced filters and Port filters.
1. Navigate in the left-hand side pane and click Configuration.
Figure 6-3 Configuration Main Page
2. Navigate and click the link that corresponds to the parameter you want to configure. For example, click Network to
configure the Access Point’s TCP/IP settings.
Each Configuration link is described in the remainder of this chapter.
Wireless
You can configure the following parameters within the Wireless Configuration page:
Interface 1
NOTE: By default both the Interfaces are active. If you want, you can change the default values for one Interface.
57
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
You can view and configure the following parameters for the Interface 1 and Interface 2:
VAP
1. Click Configuration > Interface 1 > VAP. The Wireless Interface - 1 VAP page will display as shown in the Figure
Figure 6-4 VAP Page
2. Click the radio button of the Index for which you want to make the changes, click Edit.
3. The Wireless Interface - 1 page is displayed. Using this page you can modify the Wireless VAP parameters.
Figure 6-5 Wireless VAP Parameters - Edit
4. Configure the following parameters:
•
Select the VAP Type. By default, the VAP Type is AP.
NOTE: You can configure up to 4 VAP.
•
Enter the SSID name (wireless network name).
•
The BSSID field is read-only parameter and it displays the MAC address of the device.
58
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
•
Enable the status of the Close Systems to broadcast the beacons.
•
Enter the Fragmentation Threshold. The Fragmentation Threshold value range is between 256 to 2346. By
default the Fragmentation Threshold is 2346, when the Fragmentation Threshold is disabled.
NOTE: If you configure the Fragmentation Threshold value between the said range, then only the fragmentation
of the packets takes place.
•
Enter the Security Profile Name.
•
Enter Radius Profile Name.
•
Enter the VAP VLAN ID.
NOTE: The valid range for VLAN ID is between 1 to 4094. If you select a value as -1, then this will disable the
VLAN Tagging.
•
Enter the VAP VLAN Priority. (You can enter the priority value between 0-7).
•
Enter the QoS Profile Name. Ensure that you select the name that you used for creating the QoS Profile. See
QoS Profile.
NOTE: If the QoS Profile Name is defined as NONE, then the QoS feature will be disabled by default.
•
Select the Local MAC Authentication status.
NOTE: If you have enabled this field, then do not enable the Radius MAC Authentication field.
•
Select the Radius MAC Authentication status.
•
Select the Radius Accounting status.
•
Enable the Entry Status for the radio. If you disable the radio, then you cannot configure the Wireless VAP for the
disabled radio.
5. Click OK.
Properties
Using this page, you can configure the properties of wireless interface.
1. Navigate to Configuration > Wireless > Interface 1 > Properties. The Wireless Interface - 1 Properties page will
display.
2. Configure the following parameters:
59
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
Figure 6-6 Wireless Properties Page
•
Status: Check the Status checkbox to enable the wireless interface properties.
•
Operational Mode: Select the Operational Mode. This field indicates the operational mode of the unit.
•
Current Channel Bandwidth: Select the channel bandwidth. By default it is set to 40 MHz.
•
Auto Channel selection: Enable or disable the auto channel selection for wireless interface.
•
Current Operating Channel: If you have enabled the auto channel selection option, then this field will select the
channel automatically and also list out the other channels that are available.
•
Auto Rate Selection: Enable or disable the auto rate selection. If you set it to enable, then it will automatically select
the rate at which the wireless interface will transmit.
•
Transmitted Rate: Use the drop-down menu to select a specific transmit rate for the AP. This field is valid only when
Auto Rate selection is set to Disable. If you select the Auto Rate Selection as Enable, then the Transmitted Rate
will always show 0.
•
RTS Threshold: Set RTS Threshold value to 2346 (the default setting). You set this value when RTS is disabled.
•
Beacon Interval: By default the value is set to 100ms. You can modify this value.
NOTE: If you increase the beacon interval value, then this will reduce the number of beacons transmitted. Due to this
the roaming and the associated clients may experience a delay in rate of beacons transmitted. Whereas if you
decrease the beacon interval value, then this will increase the rate of beacons transmitted.
•
TPC: By default, the unit lets you transmit at the maximum output power for the country or regulatory domain and
frequency selected.
•
Cell Size: Select the Cell Size.
•
DTIM: Set the DTIM value.
NOTE: If you set the DTIM for longer intervals, then this allows mobile station to sleep for longer hours thus
maximizing battery life. Whereas if shorter DTIM interval is set then frequent frame delivery takes place
reducing the power save efficiency of battery.
•
Click OK.
60
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
11n Properties
Using this page, you can configure 11n properties for wireless interface.
1. Navigate to Configuration > Wireless > Interface 1 > 11n Properties. This will display 11n Properties Table page.
Figure 6-7 11n Properties Page
2. Configure the following parameters:
•
11n AMPU Status: Set this to Enable.
•
AMPDU Max Num Frames: Enter a value. This field represents the AMPDU frames that are transmitted. It can
be configured up to 64 frames.
•
AMPDU Max FrameSize: Enter a value for the AMPDU frame size that can be transmitted. It is defined in bytes.
It can be configured up to 65535.
•
11n AMSDU Status: AMSDU (Aggregated MAC Service Data Unit) Enable this feature. When you enable this
feature, the device does aggregation at link layer which will help to increase the throughput. The entire AMSDU
frame is considered as one MPDU. It supports two values:
— 4K or 4096
— 8K or 8192
NOTE: Currently, our devices do not support AMSDU on the transmit side. The Access Point can receive only 4K
length of AMSDU.
•
Frequency Extension: Select the frequency extension for the wireless interface.
•
Guard Interval: Set the Guard Interval. The supported values for this field are: 400nsec and 800nsec. By default
the value set to 400nsec.
•
Tx Antennas and Rx Antennas: Select the Tx Antennas and Rx Antennas’ value.
•
Click Ok.
Ethernet
Perform the following procedure to configure the Ethernet Port:
1. Navigate to Configuration > Ethernet.
61
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
Figure 6-8 Ethernet Page
•
MAC Address: Defaults to the MAC ID of the device.
•
Speed: You can set the speed either One Gigabit, 10 Mbps, 100Mbps or Auto.
•
Transmit Mode: You can set the Transmit mode either to half Duplex, Full Duplex or Auto.
Security
Wireless Security
1. Navigate to Configuration > Security > Wireless Security.
Figure 6-9 Wireless Security Page
2. Click Add in the Wireless Security CFG table to create a new entry. The Wireless Security Create Row page
displays.
Figure 6-10 Wireless Security Create Row Page
62
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
3. Enter the Profile Name.
•
Authentication Mode: The WEP/PSK parameters are separately configurable for each authentication mode. To
enable a security mode in the profile (Non Secure Station, WEP Station, 802.1x Station, WPA Station, WPA-PSK
Station, 802.11i (WPA2) Station, 802.11i-PSK Station).
If the authentication mode selected in a profile is WEP, WPA-PSK, or 802.11i-PSK, then you must configure the WEP or
Pre-Shared Keys.
NOTE: If an 802.1x client that has already been authenticated attempts to switch to WEP, or if a WEP client that has
already been connected attempts to switch to 802.1x, the AP will not allow the client to switch immediately. If this
happens, either reboot the AP or disable the client/roam to a new AP for five minutes, and then attempt to
reconnect to the AP. If the client is still unable to connect after waiting five minutes, reboot the AP.
If you select WEP or TKIP, then the device will work on legacy rates not on 11n rates.
Configure one or more types of security modes that are allowed to access to the AP under the security profile. Select the
option from the Entry status drop-down box.
•
Authentication Mode: None, then the security will be disabled for that VAP.
Figure 6-11 Security - Authentication Mode - None
•
Authentication Mode: WEP
— WEP Key: Enter the Wep Key. The Key Length can be 64 or 128 Bits.
• For 64-bit encryption, an encryption key is 10 hexadecimal characters (0-9 and A-F) or 5 ASCII characters
see ASCII Character Chart).
• For 128-bit encryption, an encryption key is 26 hexadecimal characters or 13 ASCII characters.
— Encryption Type: Select the Encryption type as WEP.
— Enter the Status.
Figure 6-12 Security - Authentication Mode - WEP
•
Authentication Mode: Psk
63
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
— Encryption Type: WPA-TKIP, WPA2-AES, WPA-TKIP + WPA2-AES
— PSK : Enter the password. The limit for the passphrase is between 8 and 63 characters.
— Rekeying Interval: Enter the rekeying interval value. Re-key value is the interval at which AP will send Group
keys for all associated clients. by default the Rekeying Interval value is set to 900.
— Enter Status.
NOTE: When you select the encryption type as WPA-TKIP+WPA2-EAS, then the AP is considered to be in
Auto-Encryption mode, and the client will support both encryption type.
Figure 6-13 Security - Authentication Mode - Psk
•
Authentication Mode: 802.1x
— Encryption Type: WEP, WPA-TKIP, WPA2-AES, WPA-TKIP + WPA2-AES
— Rekeying Interval: Enter the rekeying interval value.
— Enter Status.
NOTE: When you select the encryption type as WPA-TKIP+WPA2-EAS, then the AP is considered to be in
Auto-Encryption mode, and the client will support both encryption type. This type of security is called Dynamic
WEP.
Figure 6-14 Security - Authentication Mode - Dot1x
4. When finished configuring all parameters, click Add.
5. If you have selected a security profile of 802.1x, then you must configure a RADIUS 802.1x/EAP server. See.
RADIUS.
64
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
RADIUS
A RADIUS server profile consists of a Primary and a Secondary RADIUS server that get assigned to act either as MAC
Authentication servers, 802.1x/EAP Authentication servers, or Accounting Servers in the VLAN configuration.
NOTE: You can configure only single RADIUS profile containing four server profiles viz. primary authentication server,
secondary authentication server, accounting server and secondary accounting server. The profile name is
common for all the four entries.
This page configures only the Primary RADIUS server associated with the profile.
1. Navigate to Configuration > Security > RADIUS.
2. Configure the folllowing parameters for the RADIUS Server profile:
Figure 6-15
•
Profile Name: Enter the profile name. This profile name is mapped to a VAP.
•
Max ReTransmissions: Enter the Retransmission value.
•
Message Response Time: Enter the Message Response time.
•
ReAuthentication Period: Enter the ReAuthentication Period.
•
Entry Status: Select the entry status for the profile.
Configure the following parameters for the radius servers:
•
Server Type: This is read only parameter and it displays the server type.
•
IP Address: Enter the server’s IP address.
•
Server Port: Enter the port number which the AP and the server will use to communicate. By default, RADIUS
Authentication/Accounting servers communicate on ports 1812/1813.
•
Shared Secret: Enter the password shared by the RADIUS server and the AP. The default password is “public.”
•
Status: Select Enable from the drop-down box to enable RADIUS server, if required.
3. Click OK.
65
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
MAC Access Control
MAC Access Control page allows you to build a list of authorized wireless stations that can register at the unit and access
the network. MAC Authentication is supported on the wireless interface and only wireless MAC addresses should be
entered in the list.
1. Click Configuration > Security > MAC Access Control.
2. Select the Operation Type.
NOTE: Based on the Operation type, you can allow/deny the association of the MAC ACL profile to an SSID.
3. Click OK.
Figure 6-16 MAC Access Control Page
4. To add entries, click Add, the MAC ACL Add Row page is displayed.
Figure 6-17 MAC ACL Add Row Page
5. Enter the MAC Address, Comment if you have any, and Entry Status of the MAC Address, then click Add. The
maximum number of MAC addresses that can be added is 64.
QoS
Perform the following procedure to configure the Station and AP EDCA tables:
EDCA
1. Navigate to Configuration > QoS > EDCA.
66
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
Figure 6-18 QoS EDCA Tables
2. Click Edit and configure the following parameters in each table:
•
Access Category: It is a read-only parameter and indicates the Access Category being defined:
— Background
— Best Effort
— Video
— Voice
Class of
Service
Back
Ground
Best
Effort
Video
Voice
Default EDCA Parameters for Station
CWMin
CWmax
AIFS
15
1023
15
7
3
Default EDCA Parameters for AP
CWMin
CWmax
AIFS
7
TXOP(unsigned
integer)
0
15
1023
7
TXOP(unsigned
integer)
0
1023
3
0
15
63
3
0
15
7
2
2
3.008 ms
1.504 ms
7
3
15
7
1
1
3.008 ms
1.504 ms
Figure 6-19 Default EDCA Parameters for Station and AP
•
CWMin: Minimum Contention Window.
— Configurable range for Station is between 0 to 32767
— Configurable range for AP is between 0 to 32767
67
Using Web Interface to Manage the Access Point
Configuring the Device
•
AP-800 User Guide
CWMax: Maximum Contention Window.
— Configurable range for Station is between 0 to 32767
— Configurable range for AP is between 0 to 32767
•
AIFSN: Arbitration IFS number per access category.
— Configurable range for Station is between 2 to 15
— Configurable range for AP is between 1 to 15
•
Tx OP: The Transmission Opportunity Limit (Tx OP) is an interval of the time during which particular QoS
enhanced client has the right to initiate a frame exchange sequence onto the wireless medium. The Tx OP Limit
defines the upper limit placed on the value of Tx OP a wireless entity can obtain for a particular access category.
— Configurable range for Station is between 0 to 8160
— Configurable range for AP is between 0 to 8160
•
ACM: The Admission Control Mandatory (ACM) defines if an Access Point accepts or rejects a request traffic
stream with certain QOS specifications, based on available channel capacity and link conditions. ACM can be
configured for each Access Category. Possible values are Enable or Disable.
802.1D to IPDSCP Map Tbl
Use this page to configure QoS 802.1D to IPDSCP priority mapping (for layer 3 policies). Custom entries can be added to
each table with different priority mapping:
1. Navigate to Configuration > QoS > Dot1D to IPDSCP Map Tbl
2. In the Dot1D To IPDSCP Mapping Table page, enter the IPDSCP Range (lower and Upper limit) for each 802.1D
priority row. Specify the DSCP value range between 0-63.
3. Click OK.
Figure 6-20 802.1D To IP DSCP Mapping Table Page
68
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
802.1D to 802.1p Map Tbl
Use this page to configure QoS 802.1D to 802.1p priority mapping (for layer 2 policies).
1. Navigate to Configuration > QoS > Dot1D to Dot1p Map Tbl
2. In the Dot1D to Dot1p Mapping Table page, enter the 802.1p Priority (from 0-7) for 802.1d Priorities 0-7.
3. Click OK.
Figure 6-21 802.1D to 802.1p Mapping Table Page
QoS Profile
Perform the following procedure to configure QoS Profile.
Figure 6-22 QoS Profile Page
1. Enter the QoS Profile Name.
2. Enter the Policy Name that you have defined in the QoS Policy Table.
3. Enter the EDCA Profile Name that you have defined in the EDCA Table.
4. Select the QoS NO ACK Status for the QoS Profile table.
5. Click Ok.
69
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
QoS Policy
Perform the following procedure to enable QoS and QoS Policies:
Figure 6-23 QoS Policy page
1. Navigate to Configuration > QoS > Policy
2. Enter the Policy Name. By default, the policy name is provided.
3. By default the Policy Type is displayed. Following Policy Types are available:
•
Inbound Layer 2: inbound traffic direction, Layer 2 traffic type
•
Outbound Layer 2: Outbound traffic direction, Layer 2 traffic type
•
Inbound Layer 3: Inbound traffic direction, Layer 3 traffic type
•
Outbound Layer 3: Outbound traffic direction, Layer 3 traffic type
4. Enter the Priority Mapping. For layer 2 policies, an index from the DOT1D to DOT1P mapping table should be
specified. For layer 3 policies, an index from the DOT1D to IP DSCP mapping table should be specified.
5. Select the QoS Marking Status.
6. Select the Entry Status for QoS table. This represents the entry status for the corresponding row in the table.
NOTE: If you want to customize a particular Policy Type, then the Entry Status for that Policy Type should be
Enabled.
7. Click OK.
IP Configuration
The Network IP Config is used to configure the internet (TCP/IP) settings for the Access Point.
These settings can be either entered manually static IP address, subnet mask, and gateway IP address or obtained
automatically (dynamic).
Network IP Config
You can configure and view the following parameters within the Network IP Config page:
NOTE: You must reboot AP in order for any changes to the IP parameters to take effect.
1. Navigate to Configuration > Network > Network IP Config. The Network IP Configuration page displays.
Configure the following parameters:
70
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
Figure 6-24 Network IP Config
•
Address Type: Select the Address Type Static or Dynamic from the drop-down list.
–
If you select the Address Type as Static, then you need to configure the following parameters and click OK:
— IP Address
— Subnet Mask
— Gateway IP Address
–
If you select the Address Type as Dynamic, then the following parameters will remain as read only:
— IP Address
— Subnet Mask
— Gateway IP Address
VLAN
VLANs segment network traffic into workgroups, which enable you to limit broadcast and multicast traffic. Workgroups
enable clients from different VLANs to access different resources using the same network infrastructure. Clients using the
same physical network are limited to those resources available to their workgroup.
The AP can segment users into a maximum of 4 different workgroups per radio. Therefore total of 8 different
workgroups/VLANs for dual radio.
Figure 6-25 VLAN Page
Management access to the AP can easily be secured by making management stations and hosts and the AP itself
members of a common VLAN. Simply configure a non-zero management VLAN ID and enable VLAN to restrict
management of the AP to members of the same VLAN.
71
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
CAUTION: If a non-zero management VLAN ID is configured then management access to the AP is restricted to wired
or wireless hosts that are members of the same VLAN. Ensure your management platform or host is a
member of the same VLAN before attempting to manage the AP.
NOTE: When VLAN is enabled ensure that all devices in the network share the same VLAN ID as this will ensure that
the all the Access Points are managed easily.
NOTE: In the case of Radius server authentication or EAP authentication, if the radius server is present on any VLAN,
then the Radius server should be the member of management VLAN ID of an AP.
1. Navigate to Configuration > VLAN.
2. Place a check mark in the Status box. This will enable the VLAN feature for the device.
NOTE: To Disable the VLAN, uncheck the Status checkbox and click COMMIT button to update the changes.
3. Set the VLAN Management Identifier to a value of between 1 and 4094. (A Value of -1 disables the VLAN Tagging).
4. Click OK.
5. Click COMMIT.
CAUTION: You need to click Commit button to update/reflect the changes. If you do not click Commit, then the device
will not be able tag the incoming wireless packets.
Filtering
The Access Point’s Packet Filtering features help control the amount of traffic exchanged between the wired and wireless
networks. If the global flag for Filtering is not enabled on the device, then none of the filtering configuration can be
applied.
There are four sub-headings under the Filtering heading:
•
Intra BSS Filtering
•
Protocol Filtering
•
Static MAC Address Filtering
•
Advanced Filtering
•
TCP/UDP Port Filtering
Intra BSS Filtering
Using the Filtering parameters available in the Filtering page, you can configure the Intra BSS Filtering Status:
1. Navigate to Configuration > Filtering.
Figure 6-26 Intra BSS Filtering Page
2. Select the status of the Global Filter Flag from the drop-down box. You need to Enable the Status for Filtering.
WARNING: If you Disable the Status for Filtering, then the configuration for Filtering parameter will not be applicable.
72
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
3. Select the Intra BSS Filtering. The Intra BSS Filtering parameter controls the wireless to wireless communication.
•
If set to Enable, then there will be no wireless to wireless communication.
•
If set toDisable, then wireless to wireless communication is possible.
4. Click OK.
Protocol Filtering
Follow these steps to configure the Protocol Filtering.
1. Navigate to Configuration > Filtering > Protocol Filter.
2. In the Protocol Filter page, configure the following fields:
•
Filtering Control: Select the interface or interfaces that will implement the filter from the Filtering Control
drop-down list:
— Ethernet: Packets are examined at the Ethernet interface.
— Wireless: Packets are examined at the Wireless interaface.
— All interfaces: Packets are examined at both interfaces.
— Disabled: The filter is not used.
•
Filtering Type: By default the Filtering type is set to Passthru. If you want to, then select the Filtering Type as
Block.
— In the Filtering Table, if the Entry Status of a particular entry is Enable, and the device will verify the Filter
Status of the particular entry and then perform the filtering process.
–
If the Filter Status is Enable, then the packets will be allowed to pass through.
–
If the Filter Status is Block, then the packets will be blocked.
— In the Filtering table, if the Entry Status of a particular entry is Disable or non-existing, then it will depend on
the Filtering Type that is selected.
73
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
Figure 6-27 Protocol Filter Page
3. Configure the Protocol Filter table. This table is pre-populated with existing Protocol Filters, however, you may enter
additional filters by specifying the appropriate parameters.
•
To add an entry, click Add, and then specify the following:
— Protocol Name: Enter the protocol name.
— Protocol Number: Enter the protocol number.
— Filter Status: Select the filter status, select either Block or Passthru from drop-down box.
NOTE: An entry’s status must be block in order for the protocol to be subject to the filter.
— Table Status: Select the Table Status
4. Click Add.
74
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
Figure 6-28 Protocol Filter - Add Entries
Static MAC Address Filtering
1. Navigate to Configuration > Filtering > Static MAC Address Filter.
Figure 6-29 Static MAC Address Filter Page
2. To add an entry, click Add. Enter the information as mentioned below as examples.
Figure 6-30 Static MAC Address Filter - Add Entries
Static MAC Filter Examples
Consider a network that contains a wired interface and three wireless clients. The MAC address for each unit is as
follows:
•
Wired Interface: 00:40:F4:1C:DB:6A
75
Using Web Interface to Manage the Access Point
Configuring the Device
•
Wireless Client 1: 00:02:2D:51:94:E4
•
Wireless Client 2: 00:02:2D:51:32:12
•
Wireless Client 3: 00:20:A6:12:4E:38
AP-800 User Guide
Prevent Two Specific Devices from Communicating
Configure the following settings to prevent the Wired Interface and Wireless Client 1 from communicating:
•
Wired MAC Address: 00:40:F4:1C:DB:6A
•
Wired Mask: FF:FF:FF:FF:FF:FF
•
Wireless MAC Address: 00:02:2D:51:94:E4
•
Wireless Mask: FF:FF:FF:FF:FF:FF
Result: Traffic between the Wired Interface and Wireless Client 1 is blocked. Wireless Clients 2 and 3 can still
communicate with the Wired Interface.
Prevent Multiple Wireless Devices from Communicating with a Single Wired Device
Configure the following settings to prevent Wireless Clients 1 and 2 from communicating with the Wired Interface:
•
Wired MAC Address: 00:40:F4:1C:DB:6A
•
Wired Mask: FF:FF:FF:FF:FF:FF
•
Wireless MAC Address: 00:02:2D:51:94:E4
•
Wireless Mask: FF:FF:FF:00:00:00
Result: When a bitwise “AND” is performed on the Wireless MAC Address and Wireless Mask, the result corresponds to
any MAC address beginning with the 00:20:2D prefix. Since Wireless Client 1 and Wireless Client 2 share the same
prefix (00:02:2D), traffic between the Wired Interface and Wireless Clients 1 and 2 is blocked. Wireless Client 3 can still
communicate with the Wired Interface since it has a different prefix (00:20:A6).
Prevent All Wireless Devices from Communicating with a Single Wired Device
Configure the following settings to prevent all three Wireless Clients from communicating with Wired Interface 1:
•
Wired MAC Address: 00:40:F4:1C:DB:6A
•
Wired Mask: FF:FF:FF:FF:FF:FF
•
Wireless MAC Address: 00:00:00:00:00:00
•
Wireless Mask: 00:00:00:00:00:00
Result: The Access Point blocks all traffic between Wired Interface 1 and all wireless clients.
Prevent a Wireless Device from Communicating with the Wired Network
Configure the following settings to prevent Wireless Client 3 from communicating with any device on the Ethernet:
•
Wired MAC Address: 00:00:00:00:00:00
•
Wired Mask: 00:00:00:00:00:00
•
Wireless MAC Address: 00:20:A6:12:4E:38
•
Wireless Mask: FF:FF:FF:FF:FF:FF
Result: The Access Point blocks all traffic between Wireless Client 3 and the Ethernet network.
3. Select the Status of Static MAC Address Filter row.
Advanced Filtering
1. Navigate to Configuration > Filtering > Advanced Filtering.
2. The following protocols are listed in the Advanced Filtering table:
•
Deny IPX RIP
76
Using Web Interface to Manage the Access Point
Configuring the Device
•
Deny IPX SAP
•
Deny IPX LSP
•
Deny IP Broadcasts
•
Deny IP Multicasts
AP-800 User Guide
Figure 6-31 Advanced Filtering Page
NOTE: The AP can filter these protocols in the wireless-to-Ethernet direction, the Ethernet-to-wireless direction, or in
both directions.
3. Click Edit and use:
•
Status field to Enable or Disable the filter status
•
Direction field to set the direction
77
Using Web Interface to Manage the Access Point
Configuring the Device
AP-800 User Guide
Figure 6-32 Advanced Filter Table - Edit Entries
TCP/UDP Port Filtering
1. Navigate to Configuration > Filtering > TCPUDP Filtering.
2. In the TCPUDP Port Filter page, select the Filter Control as Enable in the TCP/UDP Filter page.
Figure 6-33 TCP/UDP Filter Page
3. Click Add under the TCP/UDP Filter table.
4. In the TCP/UDP Port Filter Add Row page, enter the Protocol Name to filter.
5. Set the destination Port Number (a value between 0 and 65535) to filter. See the IANA web site at
http://www.iana.org/assignments/port-numbers for a list of assigned port numbers and their descriptions.
6. Set the Port Type for the protocol: TCP, UDP, or both (TCP/UDP).
7. Set the Interface to filter:
•
Only Ethernet
•
Only Wireless
•
Both
8. Set the Table Status:
•
Enable
•
Disable
78
Using Web Interface to Manage the Access Point
Managing the Device
AP-800 User Guide
9. Click Add.
Figure 6-34 TCP/UDP Port Filter Table - Add Entries
Managing the Device
Using the web interface you can manage the following features of the device:
System: Configure specific system information parameters, such as system name and contact details etc.
Upgrading the Firmware: Using the File Management option you can manage your files through HTTP and TFTP.
Password Management: Configure a system specific access password for the different interface through which you
manage your device.
Management Access Control: Using this option you can enable or disable various interfaces.
Figure 6-35 Device Management Page
79
Using Web Interface to Manage the Access Point
Managing the Device
AP-800 User Guide
System
System Information
You can configure and view the following parameters within the System Information page:
•
The following parameters are read-only and are displayed:
–
System Up-Time
–
System description
–
System Name
•
Email: Enter the email address of the person responsible for the AP.
•
Phone Number: Enter the contact number of the person responsible for the AP.
•
Location: Enter the location of the AP.
•
GPS Longitude: Enter the value in the format required by your network management system.
•
GPS Latitude: Enter the value in the format required by your network management system.
•
GPS Altitude: Enter the value in the format required by your network management system.
•
Country Code: The country in which the AP will be used.
NOTE: You must reboot the AP in order for country selection to take effect.
NOTE: Country selection is available only on APs with model numbers ending in -WD. If country selection is available,
however, it must be set before any interface parameters can be configured.
CAUTION: Romania is not supported in the 20 and 40 MHz band whereas UK is not supported in 40 MHz band. The
table below specifies the details:
Country allow 11g
allow11a turbo
allow11gturbo allow11ng20 allow11ng40 allow11na20 allowna40
Romania
Yes
No
Yes
Yes
Yes
No
No
UK
Yes
No
Yes
Yes
Yes
Yes
No
Click OK.
80
Using Web Interface to Manage the Access Point
Managing the Device
AP-800 User Guide
Figure 6-36 System Information Page
System Inventory Management Component
This page provides information about the device hardware, firmware, and software version information. For more
information, See Using CLI to Manage the Access Point.
Figure 6-37 System Inventory Management Page
Upgrading the Firmware
Update Device Using HTTP
Use the HTTP Download page to download config, image files to the device. In the HTTP Download page, perform the
following procedure to download the specific file:
Figure 6-38 Update Device using the HTTP Download Page
1. Select the File Type that needs to be updated from the drop-down box. Choices include:
–
Image for the AP Image (executable program).
–
Config for configuration, such as System Name, Contact Name and so on.
2. Use the Browse button or manually type in the name of the file to be downloaded (including the file extension in the
File Name field. If typing the file name, you must include the full path and the file extension in the file name text box.
3. To initiate the HTTP Update operation, click Update button.
NOTE: An HTTP file transfer using SSL may take extra time.
•
If the operation is completed successfully the device would provide the information about the successful update.
81
Using Web Interface to Manage the Access Point
Managing the Device
AP-800 User Guide
Figure 6-39 Update Device Using HTTP- Success Message
•
If the operation is not completed successfully the following screen appears, and the reason for the failure is
displayed.
Figure 6-40 Update Device Using HTTP- Failure Message
Update Device Using TFTP
Use the TFTP Download page to download config, image file to the device. A TFTP server must be running and
configured to pint to the directory containing the file.
If you do not have a TFTP server installed on your system, install the TFTP server from the installation CD. You can either
install the TFTP server from the CD Wizard or run OEM-TFTP-Server.exe found in the CD’s Xtras/SolarWinds
sub-directory.
Using the TFTP Download page to enter the following information as described below:
Figure 6-41 Update Device Using TFTP Server
•
Server IP Address: Enter the TFTP server IP Address.
–
Double-click the TFTP server icon on your desktop and locate the IP address assigned to the TFTP server.
NOTE: This is the IP address that will be used to point the Access Point to the AP Image file.
•
File Name: Enter the name of the file to be downloaded (including the file extension).
–
•
•
Copy the file to the TFTP server’s root folder.
File Type: Select the proper file type. Choices include:
–
Config: Configuration information, such as System name, contact name, and so on.
–
Image: AP image (executable program)
Operation: Select either Download or Download & Reboot. You should reboot the AP after downloading files.
NOTE: If you select None as Operation, then no operation will be performed.
82
Using Web Interface to Manage the Access Point
Managing the Device
AP-800 User Guide
Click OK to initiate the process.
•
If the operation is completed successfully the device would provide the information about the successful update.
Figure 6-42 Update Device Using TFTP- Success Message
•
If the operation is not completed successfully the following screen appears, and the reason for the failure is
displayed.
Figure 6-43 Update Device Using TFTP- Failure Message
Retrieve From Device Using HTTP
Use the HTTP Upload page to retrieve config files from device.
1. Select the type of file (config, event log) from the File Type drop-down box.
2. Click Retrieve button to initiate the process.
Figure 6-44 Retrieve File using HTTP
3. The Download page is displayed. Click Download to download the file.
83
Using Web Interface to Manage the Access Point
Managing the Device
AP-800 User Guide
Figure 6-45 Download Page
4. File Download window pops up. Click Save button to save the file.
Figure 6-46 File Download Page
5. Select an appropriate filename and location and click Save.
Retrieve From Device Using TFTP
Use the TFTP Upload to upload files from the AP to the TFTP server. The TFTP server must be running and configured
to point to the directory to which you want to copy the uploaded file. We suggest you assign the file a meaningful name.
If you don’t have a TFTP server installed on your system, install the TFTP server from the installation CD. You can either
install the TFTP server from the CD Wizard or run OEM-TFTP-Server.exe found in the CD’s Xtras/SolarWinds
sub-directory.
In the TFTP Upload page enter the following TFTP information as described below:
84
Using Web Interface to Manage the Access Point
Managing the Device
AP-800 User Guide
Figure 6-47 Retrieve From Device Using TFTP
•
Server IP Address: Enter the TFTP server IP Address.
–
Double-click the TFTP server icon on your desktop and locate the IP address assigned to the TFTP server.
•
File Name: Enter the name of the file to be uploaded.
•
File Type: Select the type of the file to be uploaded: Config file or Event Log.
Click Retrieve to initiate the procedure.
Password Management
Use the Services link to configure passwords and other service parameters. You can configure the following parameters
and click REBOOT to update the changes:
•
HTTP/HTTPS: The password for the Web browser HTTP interface. Enter a password in the Password field and enter
the Port number. The default password is “public”.
•
Telnet/SSH: The password for the CLI interface (via serial or Telnet). Enter a password between 6 and 32 characters
in the Password field. The default password is “public”.
•
SNMP: The password for Read/Write access to the AP using SNMP interface. Enter a password between 6 and 32
characters in the Password field. The default password is “public”.
NOTE: This password “public” is SNMP Read/Write Community string and is also applicable to SNMP Read
Community.
•
Trap Host IP Address: Enter the IP Address for which the traps needs to be delivered. By default, an IP Address will
be available, that you can change.
NOTE: For security purposes Proxim recommends changing ALL PASSWORDS from the default “public” immediately, to
restrict access to your network devices to authorized personnel.
•
Reset To Factory: Click on the Reset To Factory button to reset the unit to the factory settings.
CAUTION: Resetting the AP to its factory default configuration will permanently overwrite all changes that have made
to the unit. The AP will reboot automatically after this selection has been issued.
85
Using Web Interface to Manage the Access Point
Managing the Device
AP-800 User Guide
Figure 6-48 Management Services Page
Management Access Control
The Management Access Control provides option to control the interfaces as well as users who can access the device.
The users are controlled using the IP address, i.e., the traffic is allowed to the device from the IP addresses configured in
the access table.
If the Management Access Control is unchecked, the access control is not applied. You need to reboot the unit to update
the changes that you have made.
Navigate Management > Access Control. This displays the Access Control Table page.
Figure 6-49 Management Access Control Page
1. Place a check mark in the Management Access Control check-box. This will enable the Management Access
Control.
NOTE: You can disable this feature by unchecking the Management Access Control.
86
Using Web Interface to Manage the Access Point
Monitoring the Device
AP-800 User Guide
2. Click Add. This will display Management Access Table Add Row page.
3. Enter the IP Address of the device.
4. Select the Entry Status.
5. Click Add.
Figure 6-50 Management Access Control - Add Row Page
Monitoring the Device
Using the web interface you can monitor the following features:
System Log: The Syslog messaging system enables the AP to transmit event messages to a central server for monitoring
and troubleshooting.
Event Log: The event log messaging system enables the AP to transmit messages for event tracing and logging.
SNTP: SNTP allows a network entity to communicate with time servers in the network/internet to retrieve and
synchronize time of day information.
Interface Statistics: Using the Statistics page you can view information about the Ethernet and Wireless interface.
Bridge: Using this page, you can view bridge statistics information, such as packets sent, received etc and also about all
the available nodes that are available in the network.
Network Layer: This page provides information about the ARP and all the statistical information that are transmitted and
received.
RADIUS: This page provides information about the Radius client authentication and various retransmission and
malfunctions for the radius clients.
Navigate to Monitor link located on the left-hand side pane. The Device Monitor page will be displayed.
87
Using Web Interface to Manage the Access Point
Monitoring the Device
AP-800 User Guide
Figure 6-51 Monitor Page
System Log
You can configure the following System Log settings from the web interface:
•
Log Status: Enable the Status from the drop-down box, this will enable the system logging.
•
Log Priority: The AP will send event messages to the System Log server that correspond to the selected priority.
Figure 6-52 System Log Page
Click Show System Log button to display the System Log for a selected log priority.
NOTE: Click Clear System Log if you want to clear the log.
88
Using Web Interface to Manage the Access Point
Monitoring the Device
AP-800 User Guide
Figure 6-53 System Log Information
System Log Host
Using the System Log Host Table you can configure Syslog event Notifications. Configure the following information:
1. Navigate to Monitor > System Log > System Log Host. This displays the System Log Host Table page.
2. Click Add button.
Figure 6-54 System Log Host Table Page
•
IP Address: Enter the IP Address for the management host.
•
Host Port: This field is for host port number and it displays the port number (514) assigned for system logging.
•
Comment: Enter an optional comment such as the host name.
89
Using Web Interface to Manage the Access Point
Monitoring the Device
•
AP-800 User Guide
Entry Status: Select Create and Go to enable the system log table. You can also disable entries by changing this
field’s value.
Click Add. This will add the table to the System Log Host Table page.
NOTE: Click COMMIT button after deleting the table entries, before you add any new entries.
Figure 6-55 System Log Host Table Add Row Page
Event Log
1. Navigate to Monitor > Event Log. The Event Log page is displayed.
Figure 6-56 Event Log Page
2. Select the Log Priority from the drop-down box and click on Show Event Log button.
NOTE: Select Clear Event Log, if you want to clear the event log table.
90
Using Web Interface to Manage the Access Point
Monitoring the Device
AP-800 User Guide
Figure 6-57 Event Log Details
SNTP
You can configure and view the following parameters within the SNTP page:
•
Enable SNTP Status: Check the Enable SNTP status check-box. The selected status will determine which of the
parameters on the SNTP page are configurable.
•
Primary Server IP Address/Domain Name: If SNTP is enabled, enter the host name or IP address of the primary
SNTP server.
•
Secondary Server IP Address/Domain Name: If SNTP is enabled, enter the host name or IP address of the
secondary SNTP server.
•
Time Zone: Select the appropriate time zone from the drop-down box.
•
Day Light Saving Time: When SNTP is disabled, the following time-relevant objects are manually configurable.
When SNTP is enables, these objects are grayed out.
Click Ok.
91
Using Web Interface to Manage the Access Point
Monitoring the Device
AP-800 User Guide
Figure 6-58 SNTP Configuration
Interface Statistics
Using this page you can view information on wireless clients attached to the AP.
Ethernet
1. Navigate to Monitor > Interface Statistics > Ethernet. This displays the Ethernet Statistics page.
2. The following statistics are displayed for the wireless interface only. For more information refer Ethernet Statistics
Figure 6-59 Ethernet Statistics Page
92
Using Web Interface to Manage the Access Point
Monitoring the Device
AP-800 User Guide
Wireless
Station Statistics
This page displays information on wireless clients attached to the AP. If the clients are connected to the device, then the
statistics will be shown on the sceen. Click on the Refresh button to view the latest statistics. If any new clients associate
to the AP, then you can see the statistics of the new clients after you click the refresh button.
1. Navigate to Monitor > Interface Statistics > Wireless > Station Statistics. This displays the Station Statistics
page.
Figure 6-60 Station Statistics Page
2. The following statistics are displayed for the Station. For more information refer Station Statistics
.
Figure 6-61 Station Statistics Page
Interface Statistics
1. Navigate to Interface Statistics > Wireless > Interface 1.
2. Click the radio button against the index number that you want to view. Click Show button.
93
Using Web Interface to Manage the Access Point
Monitoring the Device
AP-800 User Guide
Figure 6-62 Wireless Interface Page
3. The following statistics are displayed for the wireless interface 1 or 2. For more information on features, refer Wireless
Statistics
NOTE: Navigate to Monitor > Interface Statistics > Wireless > Interface 1 page to view the details.
Figure 6-63 Wireless Statistics
Bridge
Bridge Statistics
1. Navigate to Monitor > Bridge > Bridge Statistics. This displays the Bridge Statistics page.
2. The following statistics are displayed for the wireless interface only. For more information, refer Bridge
94
Using Web Interface to Manage the Access Point
Monitoring the Device
AP-800 User Guide
Figure 6-64 Bridge Statistics
Learn Table
This page displays information relating to network bridging. It reports the MAC address for each node that the device has
learned is on the network and the interface on which the node was detected. There can be up to 10,000 entries in the
Learn Table.
Figure 6-65 Learn Table
95
Using Web Interface to Manage the Access Point
Monitoring the Device
AP-800 User Guide
Network Layer
IP ARP
This page provides information based on the Address Resolution Protocol (ARP), which relates Physical Address (MAC
Address) and Net Access (IP Addresses).
Figure 6-66 IP ARP Statistics Page
ICMP Statistics
This page provides statistical information for both received and transmitted messages directed to the AP. Not all ICMP
traffic on the network is counted in the ICMP (Internet Control Message Protocol) statistics.
1. Navigate Monitor > Network Layer > ICMP Statistics.
96
Using Web Interface to Manage the Access Point
Monitoring the Device
AP-800 User Guide
Figure 6-67 ICMP Statistics Page
RADIUS
This page provides information about Radius.
Authentication Statistics
This page provides information about RADIUS Authentication for both the Primary and backup servers for each RADIUS
server profile.
1. Navigate Monitor > Radius > Authentication Statistics.
2. The following descriptions are displayed for the Radius Client Authentication Status page. For more information on
features, refer Authentication Statistics
97
Using Web Interface to Manage the Access Point
Monitoring the Device
AP-800 User Guide
Figure 6-68 Radius Client Authentication Statistics
Accounting Statistics
This page provides information about RADIUS Accounting for both the Primary and backup servers for each RADIUS
server profile.
1. Navigate Monitor > Radius > Accounting Statistics.
2. The following descriptions are displayed for the Radius Client Accounting Status page. For more information on
features, refer Accounting Statistics
Figure 6-69 RADIUS Client Accounting Stats Page
98
AP-800 User Guide
Using SNMP Interface to Manage the Access Point
7
The Simple Network Management Protocol (SNMP) is an application-layer protocol designed to facilitate the exchange
of management information between network devices. It is a part of TCP/IP protocol and most of the network
administrators use it.
SNMP MIB (Management Information Base) is a collection of information that is organized hierarchically and it
comprises of managed objects which have one or more object instances which are variable. MIBs can be accessed
using a network-management protocol such as SNMP.
There are two types of managed objects:
•
Scalar Object: These are single object instance.
•
Tabular Object: These are multiple related objects that are grouped in MIB table.
SNMP is a client-server network management architecture. A server requests information from a client’s MIB. A
particular MIB defines some number of Object Identifiers (OIDs). These OIDs are what is used to request information
from a client.
NOTE: Refer to the supplemental document for MIB description to configure the AP-800.
Pre-requisites
Before you proceed with configuration, you need to confirm following information:
•
Proxim provides the MIB along with the CD. You need to ensure that you have configured the IP address in the MIB
browser.
NOTE: Proxim recommends using PVES to make configuration changes, If you want to browse the MIB, then
Proxim recommends to use NuDesign.
•
IP address
•
Version of SNMP: Select the V2c version of SNMP.
•
Port Number: By default the port number is set to 161.
•
Read Community Password
•
Read/Write Community Password
NOTE: To receive traps, MgmtSnmpTrapHostTablePassword should be same as MgmtSNMPTeadPassword.
Viewing the MIB Objects
1. Once you have configured the required information, open the MIB in the MIB browser. To open the MIB, you need to
provide a specific path and click Enter.
2. Navigate to the Proxim in private node.
•
To view all the objects that are available, right-click and select Walk. This will display all the default and
configured objects.
•
To view a particular object, select the object, right-click and click Get. This will display the selected configured
object.
99
Using SNMP Interface to Manage the Access Point
Configuring the MIB Objects
AP-800 User Guide
Configuring the MIB Objects
To Configure the Scalar Objects :
1. Select the object, right-click and click Set. This will display the existing value that is configured.
2. If you want to make modifications for the existing value, double-click the object.
3. This displays the list of values that can be used for configuration, select the required vlue and click Ok.
4. Click Execute, this will store the changes in the temporary buffer. Proceed to to SysMgmtCfgCommit table to Commit
the changes.
To Configure the Tabular Objects:
1. Slect the object, right-click and click Get Table. This displays the Table List.
2. From the menu, click Set and drag the table entry for which you want to make the changes to the Set window.
NOTE: You can configure table by configuring each entry that is available for the table or update the entire table as a
single entry.
3. Select the table, right-click, and click Set.
4. In the Set window, to add a row for a table, enter “0” and this will automatically create a row for a particular table.
5. Add the required parameters and configure those parameters.
6. Click Execute and proceed to SysMgmtCfgCommit table to Commit the changes.
To apply the changes to the flash memory:
1. Navigate to deviceMgmt > SysMgmtCfgCommit, right-click and click Set.
2. Set the value as 1 and click OK.
3. Click Execute, this would configure the new value to the flash memory.
100
AP-800 User Guide
Using CLI to Manage the Access Point
8
The Command Line Interface (CLI) is a primary interface that allows you to configure, manage and monitor the Access
Points. You can directly execute the CLI commands to manage the device.
•
CLI commands may be entered in real time through a keyboard or submitted with CLI scripts.
•
The CLI is available through both the Serial Port interface and over the Ethernet interface using Telnet.
NOTE: All CLI commands and parameters are case-sensitive.
This chapter describes the basic features of CLI and how to use them.
•
Global Configuration Mode
•
Command Line Interface Mode Overview
Global Configuration Mode
Using this mode, you can configure your device globally. Use the configure privileged Exec mode command to enter
global configuration mode.
[Device-Name] # configure (this command allows to you to move from privileged mode to configure
mode).
Press Enter.
(configure)#
The above command indicates that you are now in the global configuration mode. The prompt for global configuration
mode consists of Config and the pound sign (#).
Use the following command to view the possible completions that you have access to under this mode:
(configure)# ?
Possible completions:
dev-configure: Device Configuration
dev-management: Device Management
dev-monitor: Device Monitor
enable: Exit from configuration mode
exit: Exit from configuration mode
From this mode proceed to configure each feature that is available in your device.
General Notes
Prerequisite Skills and Knowledge
To use this document effectively, you should have a working knowledge of Local Area Networking (LAN) concepts,
network access infrastructures, and client-server relationships. In addition, you should be familiar with software setup
procedures for typical network operating systems and servers.
Notation Conventions
•
Computer prompts are shown as constant width type. For example: [Device-Name]>
•
Information that you input as shown is displayed in bold constant width type.
•
The names of keyboard keys, software buttons, and field names are displayed in bold type. For example: Click the
Configure button.
•
Screen names are displayed in bold italics.
101
Using CLI to Manage the Access Point
AP-800 User Guide
Important Terminology
•
Configuration Files - Database files containing the current Access Point configuration. Configuration items include the
IP Address and other network-specific values. Config files may be downloaded to the Access Point or uploaded for
backup or troubleshooting.
•
Download vs. Upload - Downloads transfer files to the Access Point. Uploads transfer files from the Access Point. The
TFTP client performs file transfers in both directions.
•
Group - A logical collection of network parameter information. For example, the System Group is composed of several
related parameters. Groups can also contain Tables. All items for a given Group can be displayed with a show
<Group> CLI Command.
•
Image File - The Access Point software executed from RAM. To update an Access Point you typically download a new
Image File. This file is often referred to as the “AP Image”.
•
Parameter - A fundamental network value that can be displayed and may be changeable. For example, the Access
Point must have a unique IP Address and the Wireless interface must be assigned an SSID. Change parameters with
the CLI Command Name and Parameter, and view them with the CLI show Command.
•
Table - Tables hold parameters for several related items. For example, you can add several potential managers to the
SNMP Table. All items for a given Table can be displayed with a show <Table> CLI Command.
•
TFTP - Refers to the both TFTP Server and clients, used for file transfers.
Navigation and Special Keys
This CLI supports the following navigation and special key functions to move the cursor along the prompt line.
Key Combination
Delete or Backspace
Ctrl-A
Ctrl-E
Ctrl-F
Ctrl-B
Ctrl-D
Ctrl-U
Tab
?
Operation
Delete previous character
Move cursor to beginning of line
Move cursor to end of line
Move cursor forward one character
Move cursor back one character
Delete the character the cursor is on
Delete all text to left of cursor
Complete the command line
List available commands
CLI Error Messages
The following table describes the error messages associated with improper inputs or expected CLI behavior.
Error Message
Unknown Command
Invalid Value
Error Message
Description
A non-existent command has been entered at the command prompt.
An invalid value has been entered at the command prompt.
An error message is displayed when a wrong parameter is configured.
Reboot Messages
For certain commands, the command prompt would ask for reboot of the device.
Help Message
When you type the command at the command prompt and then press Enter, this will list the value that you can use.
Rules for Table Objects
•
To create a Table
102
Using CLI to Manage the Access Point
•
•
–
The table index is required.
–
Entry status is required
AP-800 User Guide
Modification
–
The table index is required.
–
Entry status is required
Deletion
–
The table index is required.
–
Entry status is required
For example: (index 1 entry - status destroy or 6). Using this command you can delete a particular row.
Command Line Listing
Using this feature, you can view a list of commands or arguments when you type ? at the command prompt. When you
enter a particular character followed with ?, then the command prompt will display all the related commands or arguments
that match the character that you have typed. For example:
> enable
#show m?
monitor
management
Command Line Completion
When you enter a command and then press TAB, this will prompt the complete the command name that you were typing.
For example:
>enable
#con
NOTE: Press the TAB key. This will list the following:
#configure
103
Using CLI to Manage the Access Point
Configuring the AP using CLI Commands
AP-800 User Guide
Configuring the AP using CLI Commands
Log into the AP using HyperTerminal
1. Open your terminal emulation program (like HyperTerminal) and set the following connection properties:
•
Com Port: <COM1, COM2, etc., depending on your computer>
•
Baud rate: 115200
•
Data Bits: 8
•
Stop bits: 1
•
Flow Control: None
•
Parity: None
2. Under File > Properties > Settings > ASCII Setup, enable the Send line ends with line feeds option.
HyperTerminal sends a line return at the end of each line of code.
3. Enter the CLI password (default username is admin and password is public).
NOTE: Proxim recommends changing your default passwords immediately. To perform this operation using CLI
commands.
Log into the AP using Telnet
The CLI commands can be used to access, configure, and manage the AP using Telnet. Follow these steps:
1. Confirm that your computer’s IP address is in the same IP subnet as the AP.
NOTE: If you have not previously configured the Access Point’s IP address and do not have a DHCP server on
the network, the Access Point will default to an IP address of 169.254.128.132.
2. Go to the DOS command prompt on your computer.
3. Type telnet <IP Address of the unit>.
4. Enter the CLI password default username is admin and password is public).
Proxim recommends changing your default passwords immediately. To perform this operation using CLI commands.
Command Line Interface Mode Overview
The Command Line Interface (CLI) is divided into different command modes. Each command mode has its own set of
commands that manage the network operations. The commands that you use also depends on the mode that you are in.
CLI command prompt allows you to navigate from one command mode to another using certain specific commands.
They are:
User Exec Mode
You are in this mode when you start a session and you have limited access to commands that can be executed. The
moment you log into device, you are in the EXEC mode as you typically you login with Username and Password. Using
this mode you can access your device.
Username: admin
Password: public
104
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
User name and Password Command
NOTE: The username and password are case-sensitive. If you enter incorrect Password, then a message is displayed
stating that the password is incorrect.
In this mode, you can use the following command to view the list of possible completions:
[Device-Name]>?
Possible completions:
disable: Turn off the privileged mode
enable: Turn on the privileged mode
exit: Exit from EXEC
show: Show
Privileged Exec Mode
Using this mode you can configure the required parameters for your device. The Privileged EXEC mode consists of the
device name followed with a pound sign (#).
[Device-Name]#
Use the following command to access the privileged Exec mode:
[Device-Name]>enable (this command enables the privileged Exec mode).
To list the commands in the privileged Exec mode, enter ?. This lists the following:
[Device-Name]#?
Possible completions:
configure: Enter configuration mode
disable: Turn off the privileged mode
enable: Turn on the privileged mode
exit: Exit from EXEC
show: Show
When you enter “Show” command at the CLI Command prompt, this will list the following features that you can configure
or view:
105
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
Show Command Tree Structure Command
Show VLAN Command
Show MAC ACL Command
106
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
Show RADIUS Server Table Command
Show RADIUS Supported Profile Table Command
Show Security Wireless Config Table Command
107
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
Show QoS Profile and Policy Command
108
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
Show QoS EDCA Command
Show Wireless Properties Command
109
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
Show 11n Wireless Properties Command
Wireless VAP Command
110
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
Ethernet Interface Command
Network Configuration Command
Advaned Filter and Global Filter Command
111
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
TCP-UDP and Static MAC Address Table Commands
112
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
Protocl Filter, Filter Type and Filter Control Table Command
Access Control and HTTP, Telnet and TFTP Commands
113
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
SNMP Read, Read-Write Password and Trap Host Table Command
Country Code and Management Commands
114
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
System Information Command
System Inventory Management Command
115
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
Event Logand ICMP Commands
116
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
IP ARP Statistics and SNTP Command
Syslog configuration and RADIUS Client Authentication Table Commands
117
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
RADIUS Client Access Command
Interface Statistics Command
118
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
Wireless Station Statistics Command
IP Address, Subnet Mask and Gateway Command
Scalar Objects Commands
Table Entries Commands
For any dynamic row creation, set first the entry status and then other elements. Finally set the Entry status.
Example:
Set entry status for protocol filter table index
Filter-status
Protocol-name
Protocol-number
Again entry-status
NOTE: Adding the table entries the user has to set “index 0 values entry status 4”
119
Using CLI to Manage the Access Point
Command Line Interface Mode Overview
AP-800 User Guide
Table Entry Deletion Command
Table Entry Edition Command
VAP Table Commands
120
AP-800 User Guide
Troubleshooting
9
This chapter provides information on the following:
•
Troubleshooting Concepts
•
Symptoms and Solutions
•
Recovery Procedures
•
Related Applications
NOTE: This section helps you locate problems related to the AP device setup. For details about RADIUS, TFTP, serial
communication programs (such as HyperTerminal), Telnet applications, or web browsers, please see the
documentation that came with the respective application for assistance.
Troubleshooting Concepts
The following list identifies important troubleshooting concepts and topics. The most common initialization and
installation problems relate to IP addressing. For example, you must have valid IP addresses for both the AP and the
management computer to access the unit’s HTTP interface.
•
IP Address management is fundamental.
•
Factory default units are set for “Static” (DHCP) IP Address assignment. The default IP address for the AP is
169.254.128.132 if your network does not have a DHCP server. If you connect the AP to a network with an active
DHCP server, then use ScanTool to locate the IP address of your unit. If a DHCP server is not active on your subnet,
then use ScanTool to assign a static IP address to the unit.
•
The Trivial File Transfer Protocol (TFTP) provides a means to download and upload files. These files include
the AP Image (executable program) and configuration files.
•
If the AP password is lost or forgotten, you will need to reset to default values. The Soft Reset to Factory
Defaults or Hard Reset to Factory Defaults procedures reset the configuration, but do not change the current AP
Image.
•
The AP Supports a Command Line Interface (CLI). If you have trouble in locating your AP in the network, connect
to the unit directly using the serial interface and see Using CLI to Manage the Access Point for CLI command syntax
and parameter names.
•
ScanTool does not work over routers. You must be connected to the same subnet/physical LAN segment to use
ScanTool. Note that ScanTool also works over the wireless interface; you can run it on a wireless client connected to
the target AP or an AP connected to the same LAN segment/subnet.
•
If everything else fails. Use Forced Reload to load the image again from the bootloader.
121
Troubleshooting
Symptoms and Solutions
AP-800 User Guide
Symptoms and Solutions
Connectivity Issues
Connectivity issues include any problem that prevents you from powering up or connecting to the AP.
AP Unit Will Not Boot - No LED Activity
1. Make sure your power source is operating.
2. Make sure all cables are connected to the AP correctly.
3. If you are using Gigabit Ethernet PoE, make sure you are using a Category 5/Category 6, foiled, twisted pair cable to
power the AP.
Serial Link Does Not Work
1. Make sure you are using a standard, straight-through, 9-pin serial cable.
2. Double-check the physical network connections.
3. Make sure your PC terminal program (such as HyperTerminal) is active and configured to the following values:
–
Com Port: (COM1, COM2, etc. depending on your computer);
–
Baud rate: 115200; Data bits: 8; Stop bits: 1; Flow Control: None; Parity: None;
–
Line Feeds with Carriage Returns
(In HyperTerminal select: File > Properties > Settings > ASCII Setup > Send Line Ends with Line Feeds)
Ethernet Link Does Not Work
1. Double-check the physical network connections. Use a known-good unit to make sure the network connection is
present. Once you have the AP IP address, you can use the “Ping” command over Ethernet to test the IP Address. If
the AP responds to the Ping, then the Ethernet Interface is working properly.
2. By default, the Access Point will attempt to automatically detect the Ethernet settings. However, if you are having
problems with the Ethernet link, manually configure the Access Point’s Ethernet settings. For example, if your switch
operates at 100 Mbits/sec/Full Duplex, manually configure the Access Point to use these settings. If you cannot
access the unit over Ethernet, then use the CLI interface over the serial port to configure the Ethernet port (see Using
CLI to Manage the Access Point .
Basic Software Setup and Configuration Problems
Lost AP, Telnet, or SNMP Password
1. Perform the Soft Reset to Factory Defaults in this guide. This procedure resets system and network parameters, but
does not affect the AP Image. The default AP HTTP, Telnet, and SNMP usernames are “admin” and passwords are
“public”.
Client Computer Cannot Connect
1. Client computers should have the same Network Name and security settings as the AP.
2. Network Names should be allocated and maintained by the Network Administrator.
3. See the documentation that came with your client card for additional troubleshooting suggestions.
AP Has Incorrect IP Address
1. Default IP Address Assignment mode is static. If you do not have a DHCP server on your network, the default IP
Address is 169.254.128.132. If you have more than one unintialized AP connected to the network, they will all have
the same default IP address and you will not be able to communicate with them (due to an IP address conflict). In this
case, assign each AP a static IP address via the serial cable or turn off all units but one and change the IP address
using ScanTool one at a time.
122
Troubleshooting
Symptoms and Solutions
AP-800 User Guide
2. The AP only contacts a DHCP server during boot-up. If your network’s DHCP server is not available while the AP is
booting, the device will use the default IP address (169.254.128.132). Reboot the AP once your DHCP server is
on-line again or use the ScanTool to find the Access Point’s current IP address.
3. To find the unit’s current IP address if using DHCP, open the IP Client Table in the DHCP Server and match the
Access Point’s IP address to its MAC address (found on the product label). Alternatively, use ScanTool to identify an
Access Point’s current IP address.
4. Once you have the current IP address, use the HTTP or CLI Interface to change the unit’s IP settings, if necessary.
5. If you use static IP Address assignments, and cannot access the unit over Ethernet, use the Initializing the IP Address
using CLI procedure. Once the IP Address is set, you can use the Ethernet Interface to complete configuration. If the
AP contains the default or known IP and is not accessible, then you need to check the Management VLAN
configuration.
6. Perform the Soft Reset to Factory Defaults in this guide. This will reset the unit to “DHCP” mode. If there is a DHCP
Server on the network, the DHCP Server will assign an IP Address to the AP.
HTTP Interface or Telnet Interface Does Not Work
1. Make sure you are using a compatible browser:
–
Microsoft Internet Explorer 6 with Service Pack 1 or later
–
Netscape 7.1 or later
2. Make sure you have the proper IP address. Enter your Access Point’s IP Address in the browser address bar, similar
to this example:
http://192.168.1.100
When the Enter Network Password window appears, enter the User Name and enter the HTTP password in the
Password field. The default HTTP username is admin and password is public.
3. Use the CLI over the serial port to check the IP Access Table, which can be restricting access to Telnet and HTTP.
HTML Help Files Do Not Appear
1. Verify that the HTML Help files are installed in the default directory:
C:/Program Files/Proxim Wireless/AP-800/HTML.
If the Help files are not located in this folder, contact your network administrator to find out where the Help files are
located on your server.
2. Copy the entire folder to your Web server.
Telnet CLI Does Not Work
1. Make sure you have the proper IP Address. Enter your AP IP address in the Telnet connection dialog, from a DOS
prompt, type:
C:\> telnet <AP IP Address>
2. Use the CLI over the serial port to check the IP Access Table, which can be restricting access to Telnet and HTTP.
TFTP Server Does Not Work
1. Make sure the TFTP Server has been started.
2. Verify the IP address of the TFTP Server. The server may be local or remote, provided you can reach the device from
that.
3. Configure the TFTP Server to “point” to the folder containing the file to be downloaded (or to the folder in which the file
is to be uploaded).
4. Verify that you have entered the proper AP Image file name (including the file extension) and directory path (if
needed).
5. If you have a problem uploading a file, verify that the TFTP server is configured to allow uploads (typically the default
setting is to allow only downloads).
123
Troubleshooting
Symptoms and Solutions
AP-800 User Guide
Client Connection Problems
Client Software Finds No Connection
Make sure you have configured your client software with the proper Network Name and Security settings. Network
Names and WEP Keys are typically allocated and maintained by your network administrator.
Client PC Card Does Not Work
1. Make sure you are using the latest PC Card driver software.
2. Download and install the latest ORiNOCO client software from http://support.proxim.com.
Intermittent Loss of Connection
1. Make sure you are within range of an active AP.
2. You can check the signal strength using the signal strength gauge on your client software.
Client Does Not Receive an IP Address - Cannot Connect to Internet
1. If the AP is configured as a DHCP server, open the Web-browser Interface and select the Configure button and then
the Network tab to make sure the proper DHCP settings are being used.
2. If you are not using the DHCP server feature on the AP, then make sure that your local DHCP server is accessible
from the Access Point’s subnet.
3. If using Gigabit Ethernet PoE, make sure you are not using a crossover Ethernet cable between the AP and the hub.
VLAN Operation Issues
Verifying Proper Operation of the VLAN Feature
The correct VLAN configuration can be verified by “pinging” both wired and wireless hosts from both sides of the AP
device and the network switch. Traffic can be “sniffed” on the wired (Ethernet), if configured. Bridge frames generated by
wireless clients and viewed on one of the backbones should contain IEEE 802.1Q compliant VLAN headers or tags. The
VLAN ID in the headers should correspond to one of the VLAN User IDs configured for the AP.
VLAN Workgroups
The correct VLAN assignment can be verified by pinging the AP to ensure connectivity, by pinging the switch to ensure
VLAN properties, and by pinging hosts past the switch to confirm the switch is functional. Ultimately, traffic can be
“sniffed” on the Ethernet using third-party packages. Most problems can be avoided by ensuring that 802.1Q compliant
VLAN tags containing the proper VLAN ID have been inserted in the bridged frames. The VLAN ID in the header should
correspond to the user’s assigned network name.
What if network traffic is being directed to a nonexistent host?
•
All sessions are disconnected, traffic is lost, and a Forced Reload is necessary.
•
Workaround: you can configure the switch to mimic the nonexistent host.
I have just configured the Management ID and now I can't manage the AP?
•
Check to ensure your password is correct. If your password is incorrect or all inbound packets do NOT have the
correct tag, then a Forced Reload is necessary.
CAUTION: The Forced Reload procedure disconnects all users and resets all values to factory defaults.
124
Troubleshooting
Symptoms and Solutions
AP-800 User Guide
Gigabit Ethernet PoE
The AP Does Not Work
1. Verify that you are using a standard UTP Category 5/Category 6 cable.
2. Try a different port on the same Gigabit Ethernet PoE hub (remember to move the input port accordingly) – if it works,
there is probably a faulty port or bad RJ-45 port connection.
3. If possible, try to connect the AP to a different Gigabit Ethernet PoE hub.
4. Try using a different Ethernet cable – if it works, there is probably a faulty connection over the long cable, or a bad
RJ-45 connection.
5. Check power plug and hub.
6. If the Ethernet link goes down, check the cable, cable type, switch, and hub.
There Is No Data Link
1. Verify that the indicator for the port is “on.”
2. Verify that the Gigabit Ethernet PoE hub is connected to the Ethernet network with a good connection.
3. Verify that the Ethernet cable is Category 5 or better and is less than 100 meters (approximately 325 feet) in length
from the Ethernet source to the AP.
4. Try to connect a different device to the same port on the Gigabit Ethernet PoE hub – if it works and a link is
established, there is probably a faulty data link in the AP.
5. Try to re-connect the AP to a different output port (remember to move the input port accordingly) – if it works, there is
probably a faulty output or input port in the Gigabit Ethernet PoE hub or a bad RJ-45 connection.
“Overload” Indications
1. Verify that you are not using a cross-over cable between the Gigabit Ethernet PoE output port and the AP.
2. Verify that there is no short over any of the twisted pair cables.
3. Move the device into a different output port (remember to move the input port accordingly); if it works, there is
probably a faulty port or bad RJ-45 connection.
125
Troubleshooting
Recovery Procedures
AP-800 User Guide
Recovery Procedures
The most common installation problems relate to IP addressing. For example, without the TFTP server IP Address, you
will not be able to download a new AP Image to the AP. IP Address management is fundamental. We suggest you to
create a chart to document and validate the IP addresses for your system.
If the password is lost or forgotten, you will need to reset the AP to default values. The Soft Reset to Factory Defaults and
Hard Reset to Factory Defaults procedures reset configuration settings, but do not change the current AP Image.
If the AP has a corrupted software image, follow the Forced Reload procedure to erase the current AP Image and
download a new image.
Soft Reset to Factory Defaults
Use this procedure to reset the network configuration values, including the password, IP address, and subnet mask. The
current AP Image is not deleted.
1. Click Management Services > Factory Reset.
2. Click Reset to Factory Default; the device is reset to its factory default state.
3. If not using DHCP, use the ScanTool or use CLI over a serial connection to set the IP address, subnet mask, and other
IP parameters. See Using CLI to Manage the Access Point for CLI information.
If you do not have access to the HTTP or CLI interfaces, use the procedure described in Hard Reset to Factory Defaults.
Hard Reset to Factory Defaults
If you cannot access the unit or you have lost its password, you can reset the unit to the factory default settings using the
Reload button on the unit, as described below.
1. Using the end of a paper clip or pin, depress and hold the Reload button on the back of the unit for a minimum of 5
seconds but no more than 10 seconds. The configuration is deleted from the unit and the unit reboots, using a factory
default configuration.
NOTE: You need to use a pin or the end of a paperclip to press the button.
CAUTION: If you hold the Reload button for longer than 20 seconds, you may go into Forced Reload mode, which
erases the unit’s embedded software. This software must be reloaded through an Ethernet connection
with access to a TFTP server. See Forced Reload below for instructions.
2. If not using DHCP, use the ScanTool or use CLI over a serial connection to set the IP address, subnet mask, and other
IP parameters. See Using CLI to Manage the Access Point for CLI information.
Forced Reload
With Forced Reload, you bring the unit into bootloader mode by erasing the embedded software. Use this procedure only
as a last resort if the unit does not boot and the procedure did not help.
CAUTION: By completing this procedure, the embedded software in the AP will be erased. You will need to reload the
software before the unit is operational.
To do a forced reload:
1. While the unit is running, use a pin or the end of a paperclip to press the RESET button.
The AP reboots and the indicators begin to flash.
2. Press and hold the RELOAD button for about 7 seconds until the Wireless LED1 turns amber. The AP deletes the
current Image and sets the configuration parameter values to factory default.
126
Troubleshooting
Recovery Procedures
AP-800 User Guide
3. AP will try to load the AP image using the default factory configuration parameters. If this fails, then it will enter either
CLI mode or ScanTool mode as per the user’s choice, with a message on the serial console “Starting ScanTool
interface, press any key to enter CLI 5”. Follow one of the procedures below to load a new AP Image to the Access
Point:
–
Download a New Image Using ScanTool
–
Download a New Image Using the Bootloader CLI
Because the CLI option requires a physical connection to the unit’s serial port, Proxim recommends the ScanTool
option.
Download a New Image Using ScanTool
To download the AP Image, you will need an Ethernet connection to the computer on which the TFTP server resides and
to a computer that is running ScanTool (this is either two separate computers connected to the same network or a single
computer running both programs).
ScanTool detects if an Access Point does not have a valid software image installed. In this case, the TFTP Server and
Image File Name parameters are enabled in the ScanTool’s Change screen so you can download a new image to the
unit. (These fields are grayed out if ScanTool does not detect a software image problem.)
Preparing to Download the AP Image
Before starting, you need to know the Access Point’s IP address, subnet mask, the TFTP Server IP Address, and the AP
Image file name. Make sure the TFTP server is running and configured to point to the folder containing the image to be
downloaded.
Download Procedure
Follow these steps to use ScanTool to download a software image to an Access Point with a missing image:
1. Download the latest software from http://support.proxim.com.
1. Copy the latest software updates to your TFTP server.
2. Launch ScanTool.
3. Highlight the entry for the AP you want to update and click Change.
4. Set IP Address Type to Static.
NOTE: You need to assign static IP information temporarily to the Access Point since its DHCP client functionality is not
available when no image is installed on the device.
5. Enter an unused IP address that is valid on your network in the IP Address field. You may need to contact your
network administrator to get this address.
6. Enter the network’s Subnet Mask in the field provided.
7. Enter the network’s Gateway IP Address, if necessary. You may need to contact your network administrator to get
this address. You should only need to enter the default gateway address (169.254.128.133) if the Access Point and
the TFTP server are separated by a router.
8. Enter the IP address of your TFTP server in the field provided.
9. Enter the Image File Name (including the file extension). Enter the full directory path and file name. If the file is
located in the default TFTP directory, you need to enter only the file name.
10.Click OK.
The Access Point will reboot and the download will begin automatically. You should see downloading activity begins
after a few seconds within the TFTP server’s status screen.
11. Click OK when prompted that the device has been updated successfully to return to the Scan List screen.
12.Click Cancel to close the ScanTool.
13.When the download process is complete, configure the AP.
127
Troubleshooting
Recovery Procedures
AP-800 User Guide
Download a New Image Using the Bootloader CLI
To download the AP Image, you will need an Ethernet connection to the computer on which the TFTP server resides.
This can be any computer on the LAN or connected to the AP with a cross-over Ethernet cable.
You must also connect the AP to a computer with a standard serial cable and use a terminal client, such as
HyperTerminal. From the terminal, enter CLI Commands to set the IP address and download an AP Image.
Preparing to Download the AP Image
Before starting, you need to know the Access Point’s IP address, subnet mask, the TFTP Server IP Address, and the AP
Image file name. Make sure the TFTP server is running and configured to point to the folder containing the image to be
downloaded.
Download Procedure
1. Download the latest software from http://support.proxim.com.
2. Copy the latest software updates to your TFTP server’s default directory.
3. Use a cross-over serial cable to connect the Access Point’s serial port to your computer’s serial port.
4. Open your terminal emulation program (like HyperTerminal) and set the following connection properties:
•
Com Port: <COM1, COM2, etc., depending on your computer>
•
Baud rate: 115200
•
Data Bits: 8
•
Stop bits: 1
•
Flow Control: None
•
Parity: None
5. Under File > Properties > Settings > ASCII Setup, enable the Send line ends with line feeds option.
HyperTerminal sends a line return at the end of each line of code.
6. Press the RESET button on the AP.
The terminal display shows Power On Self Tests (POST) activity. After approximately 30 seconds, a message
indicates: Starting ScanTool interface, press any key to enter CLI 5”. After this message appears, press the any
key. Now a prompt appears as below:
Bootloader=>
7. Enter only the following statements:
Bootloader=> show (to view configuration parameters and values)
Bootloader=> set ipaddr <Access Point IP Address>
Bootloader=> set serverpipaddr <TFTP Server IP Address>
Bootloader=> set filename <AP Image File Name, including file extension>
Bootloader=> set gatewayip <Gateway Ip Address>
Bootloader=> set netmask <Network Mask>
Bootloader=> set ipaddrtype static
Bootloader=> show (to confirm your new settings)
Bootloader=> reboot
Example:
Bootloader=> show
Bootloader=> set ipaddr 169.254.128.132
Bootloader=> set serverpip 169.254.128.133
Bootloader=> set filename apimage_proxim.sei
Bootloader=> set gatewayip 169.254.128.133
128
Troubleshooting
Recovery Procedures
AP-800 User Guide
Bootloader=> set netmask 255.255.255.0
Bootloader=> set ipaddrtype static
Bootloader=> show
Bootloader=> reboot
The AP will reboot and then download the image file. You should see downloading activity begins after a few seconds
within the TFTP server’s status screen.
8. When the download process is complete, configure the AP.
Setting IP Address using Serial Port
Use the following procedure to set an IP address over the serial port using the CLI. The network administrator typically
provides the AP IP address.
Hardware and Software Requirements
•
Standard cross-over serial data (RS-232) cable (not included with shipment).
•
ASCII Terminal software, such as HyperTerminal.
Attaching the Serial Port Cable
1. Connect one end of the serial cable to the AP and the other end to a serial port on your computer.
2. Power on the computer and AP, if necessary.
Initializing the IP Address using CLI
After installing the serial port cable, you may use the CLI to communicate with the AP. CLI supports most generic terminal
emulation programs, such as HyperTerminal (which is included with the Windows operating systems). In addition, many
web sites offer shareware or commercial terminal programs you can download. Once the IP address has been assigned,
you can use the HTTP interface or the CLI over Telnet to complete configuration.
Follow these steps to assign the AP an IP address:
1. Open your terminal emulation program (like HyperTerminal) and set the following connection properties:
•
Com Port: <COM1, COM2, etc., depending on your computer>
•
Baud rate: 115200
•
Data Bits: 8
•
Stop bits: 1
•
Flow Control: None
•
Parity: None
2. Under File > Properties > Settings > ASCII Setup, enable the Send line ends with line feeds option.
HyperTerminal sends a line return at the end of each line of code.
3. Press the RESET button on the AP.
The terminal display shows Power On Self Tests (POST) activity, and then displays a CLI prompt, similar to the
example below. This process may take up to 90 seconds.
Bootloader=> Please enter password:
4. Enter the CLI password (default is public).
The terminal displays a welcome message and then the CLI Prompt:
Bootloader=>
5. Enter show ip. Network parameters appear:
129
Troubleshooting
Related Applications
AP-800 User Guide
6. Change the IP address and other network values using set and reboot CLI commands, similar to the example below
(use your own IP address and subnet mask). Note that IP Address Type is set to Dynamic by default. If you have a
DHCP server on your network, you should not need to manually configure the Access Point’s IP address; the Access
Point will obtain an IP address from the network’s DHCP server during boot-up.
After each entry the CLI reminds you to reboot; however wait to reboot until all commands have been entered.
Bootloader=> set ipaddrtype static
Bootloader=> set ipaddr <IP Address>
Bootloader=> set ipsubmask <IP Subnet Mask>
Bootloader=> set ipgw <Default Gateway IP Address>
Bootloader=> show ip (to confirm your new settings)
Bootloader=> reboot 0
7. After the AP reboots, verify the new IP address by reconnecting to the CLI and enter a show ip command.
Alternatively, you can ping the AP from a network computer to confirm that the new IP address has taken effect.
8. When the proper IP address is set, use the HTTP interface or CLI over Telnet to configure the rest of the unit’s
operating parameters.
Related Applications
RADIUS Authentication Server
If you enabled RADIUS Authentication on the AP, make sure that your network’s RADIUS servers are operational.
Otherwise, clients will not be able to log in. There are several reasons the authentication server services might be
unavailable, here are two typical things to check:
•
Make sure you have the proper RADIUS authentication server information setup configured in the AP. Check the
RADIUS Authentication Server’s Shared Secret and Destination Port number (default is 1812; for RADIUS
Accounting, the default is 1813).
•
Make sure the RADIUS authentication server RAS setup matches the AP.
TFTP Server
The “Trivial File Transfer Protocol” (TFTP) server allows you to transfer files across a network. You can upload
configuration files from the AP for backup or copying, and you can download configuration files or new software images.
The TFTP software is located on the installation CD.
If a TFTP server is not configured and running, you will not be able to download and upload images and configuration
files to/from the AP. Remember that the TFTP server does not have to be local, so long as you have a valid TFTP IP
address. Note that you do not need a TFTP server running unless you want to transfer files to or from the AP.
After the TFTP server is installed:
•
Check to see that TFTP is configured to point to the directory containing the AP Image.
•
Make sure you have the proper TFTP server IP Address, the proper AP Image file name, and that the TFTP server is
connected.
•
Make sure the TFTP server is configured to both Transmit and Receive files (on the TFTP server’s Security tab), with
no automatic shutdown or time-out (on the Auto Close tab).
130
AP-800 User Guide
A
ASCII Character Chart
You can configure WEP Encryption Keys in either Hexadecimal or ASCII format. Hexadecimal digits are 0-9 and A-F (not
case sensitive). ASCII characters are 0-9, A-F, a-f (case sensitive), and punctuation marks. Each ASCII character
corresponds to two hexadecimal digits.
The table below lists the ASCII characters that you can use to configure WEP Encryption Keys. It also lists the
Hexadecimal equivalent for each ASCII character.
ASCII
Hex
Charact Equival
er
ent
!
21
"
22
#
23
$
24
%
25
&
26
'
27
(
28
)
29
*
2A
+
2B
,
2C
2D
.
2E
/
2F
0
30
1
31
2
32
3
33
4
34
5
35
6
36
7
37
8
38
ASCII
Hex
Charact Equival
er
ent
9
39
:
3A
;
3B
<
3C
=
3D
>
3E
?
3F
@
40
A
41
B
42
C
43
D
44
E
45
F
46
G
47
H
48
I
49
J
4A
K
4B
L
4C
M
4D
N
4E
O
4F
P
50
ASCII
Hex
Charact Equival
er
ent
Q
51
R
52
S
53
T
54
U
55
V
56
W
57
X
58
Y
59
Z
5A
[
5B
\
5C
]
5D
^
5E
_
5F
`
60
a
61
b
62
c
63
d
64
e
65
f
66
g
67
h
68
ASCII
Hex
Charact Equival
er
ent
i
69
j
6A
k
6B
l
6C
m
6D
n
6E
o
6F
p
70
q
71
r
72
s
73
t
74
u
75
v
76
w
77
x
78
y
79
z
7A
{
7B
|
7C
}
7D
~
7E
131
AP-800 User Guide
B
Bootloader CLI
The Bootloader CLI is a minimal subset of the normal CLI used to perform initial confoguration of the AP. This interface
is only accessible via the serial interface if the AP does not contain a software image or a download image command
over TFTP has failed.
The Bootloader CLI provides you with the ability to configure the initial setup parameters as well as download a software
image to the device.
The Bootloader CLI supports the following functions:
•
factory_reset : Restore the factory settings
•
help: Print Online Help
•
reboot: Reboot the device
•
set: Set the parameters
•
show: Show the parameters
The parameters supported by the Bootloader CLI (for viewing and modifying) are:
•
ipaddr: IP Address
•
systemname: System Name
•
gatewayip: Gateway IP Address
•
serverip: Server IP Address
•
ipaddrtype: IP Address Type
•
netmask: Net Mask
•
filename: AP Image file name
If the Bootloader fails to load the image from flash, then it tries to get the image from the network. The default
configuration of the bootloader parameters are as follows:
Parameter
Value
ipaddr
169.254.128.132
netmask
255.255.255.0
gatewayip
169.254.128.133
systemname
systemname
serverip
169.254.128.133
filename
imagename
ipaddrtype
dynamic
If you want to load the image from the network, you can either:
1. Configure the device with the Scantool or
2. Entering into bootloader CLI with the serial interface
If the ipaddrtype is set to dynamic, run the BOOTP Server also. The device will get the IP address and Boot filename
from the BOOTP server. You need not to change any of the above parameters.
After BOOP is succeeded, the device will initiate a TFTP request with the filename it gets from BOOTP.
132
Bootloader CLI
AP-800 User Guide
If the ipaddrtype is set to static then you need to run the TFTP Server. In this case the TFTP request will be initiated with
the value taken from the parameter "filename". The TFTP request is sent to the IP address set to the parameter
"serverip". In this case the TFTP Server should be reachable to the device.
NOTE: If device fails in any of the above cases, it will bring up the Scantool Interface and wait for scan and change
requests forever.
If we want to access the device with Scantool, then the host running the scantool should also be in the same network as
the device.
Because the scantool broadcast requests will be discarded by the routers if the device and the host running the scantool
are in different network. This reveals that we can not reach the device with the scantool.
A device in bootloader can be recognized by looking at the system description. If the system description does not contain
any build no in braces, conclude that the device is in bootloader mode.
For example:
ORiNOCO AP-800
is the name of the board.
WD
is the Regulatory Domain
V1.0.0
is the Bootloader Version
SN-08UC39110110
is the Serial number of the device
Figure B-1 ScanTool View of a Device in Bootloader Mode
133
AP-800 User Guide
c
Specifications
This chapter provides information on the following topics:
•
Software Specifications
•
Hardware Specifications
•
Available Channels
Software Specifications
The table below lists the software features available on the AP-800.
•
Number of Stations per BSS
•
Management Functions
•
Advanced Bridging Functions
•
Medium Access Control (MAC) Functions
•
Security Features
•
Network Features
Number of Stations per BSS
Number of stations supported per radio is 64.
Management Functions
Features
Supported by AP-800 (Y/N)
Web User Interface
Y
Telnet/CLI
Y
SNMP Agent
Y
Serial CLI
Y
Secure Management
Y
SSh
Y
134
Specifications
Software Specifications
AP-800 User Guide
Advanced Bridging Functions
Feature
Supported by AP-800 (Y/N)
IEEE 802.1d Bridging
Y
Roaming
Y
Protocol Filtering
Y
Multicast/Broadcast Storm Filtering
Y
TCP/UDP Port Filtering
Y
Blocking Intra BSS Clients
Y
Packet Forwarding
Y
Medium Access Control (MAC) Functions
Feature
Supported by AP-800 (Y/N)
Automatic Channel Selection (ACS)
Y
Dynamic Frequency Selection (DFS)/Radar
Detection (RD)*
Y
Wireless Service Shutdown
Y
802.11d Support
Y
Tx Power Control
Y
Wireless Multimedia Enchancements/Quality
of Service (QoS)
Y
Broadcast Unique Beacon
Y
* DFS is required for 802.11a APs certified in the ETSI, TELEC, FCC, and IC regulatory domains and operating in the
middle frequency band. When ACS is disabled, available channels are limited to those on the lower frequency band.
Security Features
Feature
Supported by AP-800 (Y/N)
RADIUS Profiles per VLAN
Y
IEEE 802.11 WEP*
Y
MAC Access Control
Y
RADIUS MAC-based Access Control
Y
IEEE 802.1x Authentication†
Y
Wi-Fi Protected Access (WPA)/802.11i (WPA2)
Y
* Key lengths supported by 802.11a/4.9 GHz: 64-bit, 128-bit, and 152-bit.
Key lengths supported by 802.11b: 64-bit and 128-bit.
Key lengths supported by 802.11b/g: 64-bit, 128-bit, and 152-bit.
135
Specifications
Hardware Specifications
AP-800 User Guide
Network Features
Feature
Supported by AP-800 (Y/N)
System Logging (Syslog)
Y
RADIUS Accounting Support*
Y
DHCP Client
Y
TCP/IP Protocol Support
Y
Hardware Specifications
Category
Radio
Wireless Protocol
Frequency
Specification
•
Dual Radio Access Point with integrated radios: 802.11a/b/g/n + 802.11a/b/g/n
•
3x3 MIMO
•
802.11n draft 2.0
•
802.11a
•
802.11b
•
802.11g
•
5.15-5.85GHz*
•
2.4-2.483 GHz*
* Subject to Individual Country Regulations
Channel bandwidth
RF Modulation
•
20MHz and 40MHz for 802.11n
•
20MHz for 802.11a/b/g
•
MSC0 - MCS15 for 802.11n (6.5Mbps -300Mbps)
•
BPSK, QPSK, 16-QAM and 64-QAM for 802.11a and 802.11g (6Mbps - 54Mbps)
•
DSSS for 802.11b (1Mbps -11Mbps)
Device Interface
Ethernet: Auto-sensing 10/100/1000BASE-T Ethernet
Antenna Connector: 3RP-SMA connector per radio
Network Architecture
Type
Infrastructure
Transmit Power
For 2.4 GHz: 19dBm*
For 5 GHz : 17dBm*
* Varies with modulation scheme
Receive Sensitivity
For 2.4 GHz and 5 GHz: -75dBm*
* Varies with modulation scheme
Antennas
6Dual-Band reverse SMA connector Omni-Antenna with 3 dBi gain
Local Configuration
Support
RS-232 Serial port, DB9 Female
Message
Authentication
Intrusion detection
•
802.11i AES message authentication with 128 bit keys
•
TKIP with 128 bit Michael Message Integrity Check
Detect MIC intrusion attacks
136
Specifications
Available Channels
Easy Troubleshooting
AP-800 User Guide
•
Alarms
•
SNMP Traps
•
Bridge Statistics
•
wireless statistics
•
Wi-Fi station statistics per client per SSID
•
Learn table Statistics
•
ICMP statistics
•
IP ARP statistics
•
Radius statistics
•
Interface statistics
LEDs
Four indicators on the top panel indicate power, wireless traffic, Ethernet traffic, and
error conditions
Certifications
Wi-Fi Certification - Enterprise 802.11 a/b/g/n
Dimensions
8.25”x12.00”x1.5”
Weight
1.8 lb
Environmental
Operating
•
0 to 55ºC
•
5 to 95 percent (non-condensing)
Storage
Packaging Contents
•
20º to 75ºC
•
One AP-800
•
One 110/220V worldwide power adapter
•
One Wall/Ceiling mount kit
•
One cable security attachment
•
Six 2.4GHz/5GHz omni-directional antennas with reverse SMA connectors
•
One Quick Install Guide
•
One Documentation CD
MTBF
43,800 hrs
Warranty
One year parts/labor
Available Channels
Available channels vary based on radio, country, and frequency band. To verify which channels are available for your
product:
Locate theproduct model number on the underside of your AP unit or on the unit’s box
Country
Allowed Channels for 2.4 GHz
Allowed Channels for 5 GHz
Austria
36(5.18), 40(5.2), 44(5.22), 48 (5.24),
1(2.412), 2 (2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437), 7(2.442), 8(2.447),
9(2.452), 10(2.457), 11(2.462), 12(2.467);
13 (2.472).
Belgium
1(2.412), 2( 2.417), 3(2.422), 4(2.427), 5 36(5.18), 40(5.2), 44(5.22), 48(5.24),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
(2.432), 6(2.437), 7(2.442), 8(2.447),
9(2.452), 10(2.457), 11(2.462), 12(2.467),
13(2.472)
137
Specifications
Available Channels
AP-800 User Guide
Bulgaria
1(2.412), 2 (2.417), 3(2.422), 4(2.427),
5(2.432), 6(2.437), 7(2.442), 8( 2.447),
9(2.452), 10(2.457), 11(2.462), 12(2.467),
13 (2.472)
36(5.18), 40(5.2), 44(5.22), 48( 5.24),
52(5.26), 56(5.28), 100(5.5),
104(5.52), 108(5.54), 112 (5.56),
116(5.58), 120(5.6), 124(5.62),
128(5.64), 132(5.66), 136 (5.68),
140(5.7)
Canada
1(2.412), 2(2.417), 3(2.422), 4( 2.427),
5(2.432), 6(2.437), 7(2.442), 8(2.447),
9(2.452), 10(2.457), 11(2.462)
36(5.18), 40(5.2), 44(5.22), 48(5.24),
52(5.26), 56(5.28), 60( 5.3), 64(5.32),
100(5.5), 104(5.52), 108(5.54),
112(5.56), 116(5.58), 120( 5.6),
124(5.62), 128(5.64), 132(5.66),
136(5.68), 140(5.7), 149(5.745),
153(5.765)
Cyprus
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437), 7(2.442), 8(2.447),
9(2.452), 10(2.457), 11(2.462), 12(2.467),
13(2.472)
Czech
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437), 7(2.442), 8(2.447),
9(2.452), 10(2.457), 11(2.462), 12(2.467),
13(2.472)
Denmark
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422 ), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437), 7(2.442), 8(2.447),
9(2.452), 10(2.457), 11(2.462), 12(2.467),
13(2.472)
Estonia
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28),60(5.3), 64(5.32)
5(2.432), 6(2.437), 7(2.442), 8(2.447),
9(2.452), 10(2.457), 11(2.462), 12(2.467),
13(2.472)
Finland
36(5.18 ), 40(5.2), 44(5.22), 48(5.24),
1(2.412 ), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437), 7(2.442), 8(2.447),
9(2.452), 10(2.457), 11(2.462), 12(2.467),
13 (2.472)
France
36(5.18), 40(5.2), 44(5.22 ), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437), 7(2.442), 8(2.447),
9(2.452), 10(2.457), 11(2.462), 12(2.467),
13(2.472)
Germany
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437), 7(2.442), 8(2.447),
9(2.452), 10(2.457), 11(2.462), 12(2.467),
13(2.472)
Hungary
1(2.412), 2(2.417), 3(2.422), 4(2.427),
5(2.432), 6(2.437), 7(2.442), 8(2.447),
9(2.452), 10 (2.457), 11(2.462),
12(2.467), 13(2.472)
Ireland
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472)
36(5.18), 40(5.2), 44(5.22), 48(5.24),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
138
Specifications
Available Channels
AP-800 User Guide
Italy
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472)
Japan
36(5.18), 40(5.2), 44(5.22), 48(5.24)
1(2.412), 2(2.417), 3(2.422), 4(2.427),
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472), 14 (2.484)
Latvia
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472)
Lithuania
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472)
Luxemburg
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472)
Malta
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472)
Netherlands
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472)
Poland
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472)
Portugal
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472)
Slovakia
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472)
Slovenia
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472)
Spain
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472)
139
Specifications
Available Channels
AP-800 User Guide
Sweden
36(5.18), 40(5.2), 44(5.22), 48(5.24),
1(2.412), 2(2.417), 3(2.422), 4(2.427),
52(5.26), 56(5.28), 60(5.3), 64(5.32)
5(2.432), 6(2.437); 7(2.442), 8(2.447);
9(2.452); 10(2.457); 11(2.462), 12(2.467),
13(2.472)
Taiwan
1(2.412), 2(2.417), 3(2.422), 4(2.427),
5(2.432), 6(2.437), 7(2.442), 8(2.447),
9(2.452), 10 (2.457), 11(2.462)
56(5.28), 60(5.3), 64(5.32),
149(5.745), 153 (5.765), 157(5.785),
161(5.805)
US
1(2.412), 2(2.417), 3(2.422), 4(2.427),
5(2.432), 6(2.437), 7(2.442), 8(2.447),
9(2.452), 10(2.457), 11(2.462)
36(5.18), 40(5.2), 44(5.22), 48(5.24),
52(5.26), 56(5.28), 60(5.3), 64(5.32),
100(5.5), 104 (5.52), 108(5.54), 112
(5.56), 116 (5.58), 120(5.6),
124(5.62), 128 (5.64), 132(5.66),
136(5.68), 140(5.7), 149(5.745), 153
(5.765)
140
AP-800 User Guide
Technical Services and Support
D
Obtaining Technical Service and Support
If you are having trouble utilizing your Proxim product, please review this manual and the additional documentation
provided with your product. If you require additional support and would like to use Proxim’s free Technical Service to help
resolve your issue, please be ready to provide the following information before you contact Proxim’s Technical Services:
•
•
•
Product information:
–
Part number of suspected faulty unit
–
Serial number of suspected faulty unit
Trouble/error information:
–
Trouble/symptom being experienced
–
Activities completed to confirm fault
–
Network information (what kind of network are you using?)
–
Circumstances that preceded or led up to the error
–
Message or alarms viewed
–
Steps taken to reproduce the problem
Servpak information (if a Servpak customer):
–
•
Servpak account number
Registration information:
–
If the product is not registered, date when you purchased the product
–
If the product is not registered, location where you purchased the product
NOTE: If you would like to register your product now, visit the Proxim eService Web Site at http://support.proxim.com
and click on New Product Registration.
141
Technical Services and Support
Support Options
AP-800 User Guide
Support Options
Proxim eService Web Site Support
The Proxim eService Web site is available 7x24x365 at http://support.proxim.com.
On the Proxim eService Web Site, you can access the following services:
•
New Product Registration: Register your product to gain access to technical updates, software downloads, and free
technical support for the first 90 days from receipt of hardware purchase.
•
Open a Ticket or RMA: Open a ticket or RMA
•
Search Knowledgebase: Locate white papers, software upgrades, and technical information.
•
ServPak Support: Learn more about Proxim’s ServPak global suport service options .
•
Your Stuff: Track status of your tickets or RMAs and receive product update notifications.
•
Provide Feedback: Submit suggestions or other types of feedback.
•
Customer Survey: Submit an On-Line Customer Survey response.
Telephone Support
Contact technical support via telephone as follows:
•
US and Canada: 408-383-7700, 866-674-6626 (Toll Free)
Hours of Operations: 8.00AM-6.00PM Monday through Friday Pacific Time
•
APAC Countries: +91-40-23115490
Hours of Operations: 9.00AM-6.00PM Monday through Friday IST time (UTC +5:30 hrs)
•
International: 408-383-7700
Hours of Operations: 8.00AM-6.00PM Monday through Friday Pacific Time
ServPak Support
To provide even greater investment protection, Proxim Wireless offers a cost effective support program called ServPak.
ServPak is a program of enhanced service support options that can be purchased as a bundle or individually, tailored to
meet your specific needs. Whether your requirement is around the clock technical support or advance replacement
service, we are confident that the level of support provided in every service in our portfolio will exceed your expectations.
•
Advanced Replacement of Hardware: Can you afford to be down in the event of a hardware failure? Our
guaranteed turnaround time for return to factory repair is 30 days or less. Those customers who purchase this service
are entitled to advance replacement of refurbished or new hardware guaranteed to be shipped out by the Next
Business Day. Hardware is shipped Monday – Friday, 8:00AM – 2:00PM (PST).
•
Extended Warranty: Extend the life of your networking investment by adding 1, 2, or 3 years to your products
standard warranty. This service coverage provides unlimited repair of your Proxim hardware for the life of the service
contract. The cost of an extended warranty is far less than the cost of a repair providing a sensible return on your
investment.
•
7x24x365 Technical Support: This service provides unlimited, direct access to Proxim’s world-class Tier 3 technical
support engineers 24 hours a day, 7 days a week, 365 days a year including Holidays. Customers who purchase this
service can rest assured that their call for technical assistance will be answered and a case opened immediately to
document the problem, trouble shoot, identify the solution and resolve the incident in a timely manner or refer to an
escalation manager for closure.
142
Technical Services and Support
Support Options
AP-800 User Guide
•
8x5 Technical Support: This service provides unlimited, direct access to Proxim’s world-class technical support 8
hours a day, 5 days a week from 8:00AM - 5:00PM (Local Time). Technical Support is available at no charge for the
first 30 days from the purchase date. Beyond this period, a ServPak support agreement will be required for technical
support. Self-help will be made available by accessing Proxim’s extensive eService knowledgebase.
•
Software Maintenance: It's important to maintain and enhance security and performance of wireless equipment and
Proxim makes this easy by providing a Software Maintenance program that enables customers to access new feature
and functionality rich software upgrades and updates. Customers will also have full access to Proxim's vast
knowledgebase of technical bulletins, white papers and troubleshooting documents.
•
Priority Queuing Phone Support: This service provides customers with a one hour response time for technical
phone support. There is no waiting in line for those urgent calls for technical support.
ServPak Service
24x7Enhanced
8x5 Standard
(Bundled Serv.) (Bundled Serv.)
Extended
Warranty
Advance
Hardware
Replacement
Software
Maintenance
24x7
Technical
Support
Product Coverage
Duration
Renewable
Contracts
Renewable
Contracts
Renewable
Contracts
Renewable Contracts
No
Renewable
Contracts
Software Coverage
Duration
Renewable
Contracts
Renewable
Contracts
No
No
Renewable
Contracts
No
Proxim TAC Support
Yes
Yes
No
No
No
Yes
Software Updates &
Upgrades
Yes
Yes
No
No
Yes
No
Registered Access
to Proxim.com
Yes
Yes
Yes
Yes
Yes
Yes
Registered Access
to Knowledge Tool
Yes
Yes
Yes
Yes
Yes
Yes
Advance
Replacement
Yes
No
No
Yes
No
No
Depot Repair
No
Yes
Yes
No
No
No
To purchase ServPak support services, please contact your authorized Proxim distributor. To receive more information or
for questions on any of the available ServPak support options, please call Proxim Support at 408-383-7700 or send an
email to servpak@proxim.com.
143
AP-800 User Guide
Statement of Warranty
E
Warranty Coverage
Proxim Wireless Corporation warrants that its Products are manufactured solely from new parts, conform substantially to
specifications, and will be free of defects in material and workmanship for a Warranty Period of 1 year from the date of
purchase.
Repair or Replacement
In the event a Product fails to perform in accordance with its specification during the Warranty Period, Proxim offers
return-to-factory repair or replacement, with a thirty (30) business-day turnaround from the date of receipt of the
defective Product at a Proxim Wireless Corporation Repair Center. When Proxim Wireless has reasonably determined
that a returned Product is defective and is still under Warranty, Proxim Wireless shall, at its option, either: (a) repair the
defective Product; (b) replace the defective Product with a refurbished Product that is equivalent to the original; or (c)
where repair or replacement cannot be accomplished, refund the price paid for the defective Product. The Warranty
Period for repaired or replacement Products shall be ninety (90) days or the remainder of the original Warranty Period,
whichever is longer. This constitutes Buyer’s sole and exclusive remedy and Proxim Wireless’s sole and exclusive
liability under this Warranty.
Limitations of Warranty
The express warranties set forth in this Agreement will not apply to defects in a Product caused; (i) through no fault of
Proxim Wireless during shipment to or from Buyer, (ii) by the use of software other than that provided with or installed in
the Product, (iii) by the use or operation of the Product in an application or environment other than that intended or
recommended by Proxim Wireless, (iv) by modifications, alterations, or repairs made to the Product by any party other
than Proxim Wireless or Proxim Wireless’s authorized repair partners, (v) by the Product being subjected to unusual
physical or electrical stress, or (vii) by failure of Buyer to comply with any of the return procedures specified in this
Statement of Warranty.
Support Procedures
Buyer should return defective LAN1 Products within the first 30 days to the merchant from which the Products were
purchased. Buyer can contact a Proxim Wireless Customer Service Center either by telephone or via web. Calls for
support for Products that are near the end of their warranty period should be made not longer than seven (7) days after
expiration of warranty. Repair of Products that are out of warranty will be subject to a repair fee. Contact information is
shown below. Additional support information can be found at Proxim Wireless’s web site at http://support.proxim.com.
•
US and Canada: 408-383-7700, 866-674-6626 (Toll Free)
Hours of Operation: 8.00AM-6.00PM
•
APAC Countries: +91 40 23115490
Hours of Operation: 9.00AM-6.00PM
•
International: 408-383-7700
Hours of Operation: 8.00AM-6.00PM
When contacting the Customer Service for support, Buyer should be prepared to provide the Product description and
serial number and a description of the problem. The serial number should be on the product.
In the event the Customer Service Center determines that the problem can be corrected with a software update, Buyer
might be instructed to download the update from Proxim Wireless’s web site or, if that’s not possible, the update will be
144
Statement of Warranty
Other Information
AP-800 User Guide
sent to Buyer. In the event the Customer Service Center instructs Buyer to return the Product to Proxim Wireless fora
repair or replacement, the Customer Service Center will provide Buyer a Return Material Authorization (“RMA”) number
and shipping instructions. Buyer must return the defective Product to Proxim Wireless, properly packaged to prevent
damage, shipping prepaid, with the RMA number prominently displayed on the outside of the container.
Calls to the Customer Service Center for reasons other than Product failure will not be accepted unless Buyer has
purchased a Proxim Wireless Service Contract or the call is made within the first thirty (30) days of the Product’s invoice
date. Calls that are outside of the 30-day free support time will be charged a fee of $25.00 (US Dollars) per Support Call.
If Proxim Wireless reasonably determines that a returned Product is not defective or is not covered by the terms
of this Warranty, Buyer shall be charged a service charge and return shipping charges.
Other Information
Search Knowledgebase
Proxim Wireless stores all resolved problems in a solution database at the following URL: http://support.proxim.com.
Ask a Question or Open an Issue
Submit a question or open an issue to Proxim Wireless technical support staff at the following URL:
http://support.proxim.com/cgi-bin/proxim.cfg/php/enduser/ask.php.
Other Adapter Cards
Proxim Wireless does not support internal mini-PCI devices that are built into laptop computers, even if identified as
"ORiNOCO" devices. Customers having such devices should contact the laptop vendor's technical support for
assistance.
For support for a PCMCIA card carrying a brand name other than Proxim, ORiNOCO, Lucent, Wavelan, or Skyline,
Customer should contact the brand vendor's technical support for assistance.
145