ORiNOCO AP-2000 User Guide
Contents
1
Introducing the ORiNOCO AP-2000 device
Notes and Cautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Wireless Networking Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Management and Monitoring Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
HTTP Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Active Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
802.11b versus 802.11a Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Feature List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Cell Size and Coverage Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Auto Channel Select . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Installation and Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
2
Configuring the ORiNOCO AP-2000 device
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
ScanTool Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Set Basic Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Log Into the AP-2000 Unit using the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Set System Name, Location and Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Set a Static IP Address for the AP-2000 Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Set Network Names and Encryption Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Set WEP Encryption for each Wireless Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Change Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Download the Latest Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
Setup your TFTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
Download Updates to your TFTP Server from the Web Interface . . . . . . . . . . . . . . . . . . . . . . 2-8
Backup your AP-2000 Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Copy a Configuration File from Another AP-2000 Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Other Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10
Configure the AP-2000 Device as a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10
Maintain 802.11b Client Connections using Link Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Configure Link Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Disable Link Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
Change your Wireless Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
802.11a Wireless Interface Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
i
802.11b Wireless Interface Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
Auto Channel Select (ACS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14
Distance Between APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14
Multicast Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16
Ethernet Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17
Set Ethernet Speed and Transmission Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17
Configure your Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17
Set HTTP Interface Management Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18
Configure Serial Port Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18
Other Security Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18
Configure your MAC (Address) Access Control Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19
Add an Entry to the MAC Access Control Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19
Disable or Delete an Entry in the MAC Access Control Table . . . . . . . . . . . . . . . . . . . . . 2-19
RADIUS Authentication Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19
IEEE 802.1x Security Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20
Setting Up the AP-2000 using 802.1x Security Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22
802.1x Security and Wireless Distribution Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22
If You Encounter Problems... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22
3
Managing the ORiNOCO AP-2000 device
Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Monitoring Network Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
View Hardware/Software Component Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Monitoring ICMP Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Monitoring IP/ARP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Monitoring Learn Table Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Monitoring IAPP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Monitoring RADIUS Server Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Monitoring Interfaces Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Monitoring Remote Link Test Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Issuing System Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7
Download. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8
Upload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10
Help Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10
4
Configuring Advanced Features
Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Advanced DHCP Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
DHCP IP Pool Table Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Link Integrity Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Target IP Address Table Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
ii
VLAN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Typical VLAN Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
VLAN Workgroups and Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Typical User VLAN Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Setting Up Independent VLAN Workgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Setting Up Independent VLAN Workgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Setting Up One VLAN Workgroup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Typical VLAN Management ID Configuration Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Making the AP-2000 a VLAN Member to Control Management Access . . . . . . . . . . . . . . 4-8
Managing the AP-2000 from a Wireless Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
Management Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
Setting New Passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
Managing IP Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Configuring Management Service Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Setting Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Setting the Ethernet Protocol Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Advanced Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Alarms (SNMP Traps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
Alarm (Trap) Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
Alarm Host Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
Bridge Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14
MAC Address Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14
Static MAC Address Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14
Information Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
Broadcast Storms and Storm Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
Wireless Distribution System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16
WDS Setup Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16
Setup the 802.1x Security Mode Wireless Distribution System . . . . . . . . . . . . . . . . . . . . 4-17
Wireless Port Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17
Configuring the AP-2000 Unit as a Wireless Repeater . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
Advanced Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
Wireless Security - EAP Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
MAC Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19
MAC Access Control Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19
RADIUS Authentication Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19
RADIUS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20
5
Troubleshooting
Troubleshooting Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Symptoms and Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Connectivity Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
iii
AP-2000 Unit Will Not Boot - No LED Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Serial Link Does Not Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Ethernet Link Does Not Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Basic Software Setup and Configuration Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Lost AP-2000, Telnet, or SNMP Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Client Computer Cannot Connect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
AP-2000 Has Incorrect IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
HTTP (browser) or Telnet Interface Does Not Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
HTML Help Files Do Not Appear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Telnet CLI Does Not Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
TFTP Server Does Not Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Client Connection Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Client Manager Finds No Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Client PC Card Does Not Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Intermittent Loss of Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Client Does Not Receive an IP Address - Cannot Connect to Internet . . . . . . . . . . . . . . . 5-4
VLAN Operation Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Verifying Proper Operation of the VLAN Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
VLAN Workgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Active Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
The AP-2000 Unit Does Not Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
There Is No Data Link. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
“Overload” Indications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Recovery Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Reset to Factory Default Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Forced Reload Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Initialize the AP-2000 using the Bootloader CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Preparing to Download the AP Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Download Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Setting IP Address using Serial Port and Normal CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Hardware and Software Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Attaching the Serial Port Cable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Initializing the IP Address using Normal CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
System Alarms (Traps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Security Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Wireless Interface Card Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Operational Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
FLASH Memory Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
TFTP Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Image Alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Standard MIB-II (RFC 1213) Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Bridge MIB (RFC 1493) Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
iv
Related Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
RADIUS Authentication Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
TFTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
LED Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
6
Using the Command Line Interface
Prerequisite Skills and Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Notation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Navigation and Special Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
CLI Error Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
Command Line Interface (CLI) Variations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
Bootloader CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
CLI Command Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4
Operational CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4
? (List Commands) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4
done, exit, quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6
download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6
help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
passwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
search. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8
upload. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8
Parameter Control Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8
“set” and “show” Command Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8
Using Tables & User Strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10
Working with Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10
Using Strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
Configuring Objects that Require Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
“set” CLI Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
“show” CLI Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12
Configuring the AP-2000 Unit using CLI commands . . . . . . . . . . . . . . . . . . . . . . . . . 6-12
Log Into the AP-2000 Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12
Log Into the AP-2000 Unit using HyperTerminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12
Set Basic Configuration Parameters using CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . 6-13
Set System Name, Location and Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13
Set Static IP Address for the AP-2000 device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13
Set a Network Name for each Wireless Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13
Set WEP Encryption for each Wireless Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13
Change Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14
Download an AP-2000 Configuration File from your TFTP Server. . . . . . . . . . . . . . . . . . 6-14
Backup your AP-2000 Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14
v
Other Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
Configure the AP-2000 device as a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
Maintain 802.11b Client Connections using Link Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
Change your Wireless Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
Enable/Disable Interference Robustness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
Enable/Disable Closed System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Enable/Disable Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Enable/Disable Medium Density Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Autochannel Select (ACS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Set the Distance Between APs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Set the Multicast Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Set Ethernet Speed and Transmission Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Set Interface Management Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Enable/Disable Interface Management Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Set Communication Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Set Session Timeouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Configure Management Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Edit Management IP Access Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Configure Serial Port Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
MAC Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Setup MAC (Address) Access Control Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Add an Entry to the MAC Access Control Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Disable or Delete an Entry in the MAC Access Control Table . . . . . . . . . . . . . . . . . . . . . 6-18
RADIUS Authentication Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Set RADIUS Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Configure RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Parameter Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19
System Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20
Inventory Management Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20
Network Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20
Wireless Interface Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21
SNMP Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22
SNMP IP Access Table Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22
SNMP Table Host Table Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22
Primary and Backup RADIUS Server Table Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23
Telnet Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23
Serial Port Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24
TFTP Server Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24
HTTP (web browser) Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24
Link Integrity Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24
Link Integrity IP Target Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25
Wireless Interface Security Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25
Ethernet Filtering Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25
IAPP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26
vi
Static MAC Address Filter Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26
Spanning Tree Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26
Spanning Tree Priority and Path Cost for Each Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27
Storm Threshold Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27
Storm Threshold Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27
MAC Access Control Table Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27
DHCP Server Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-28
DHCP Server table for IP pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-28
SpectraLink VoIP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-28
7
Recording Your Configuration Settings
8
Specifications
Hardware Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Physical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Electrical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Environmental Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
PCMCIA Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Serial Port Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Active Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
HTTP Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Radio Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
802.11b Channel Frequencies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
802.11a Channel Frequencies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
Wireless Communication Range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4
vii
Introducing the ORiNOCO AP-2000 device
1
In This Chapter
Q
Q
Q
Q
Q
Wireless Networking Concepts
Management and Monitoring Capabilities
Active Ethernet
802.11b versus 802.11a Networks
Installation and Initialization
127(
Remember to review the contents of this manual, especially sections on information you need, before
performing an operation.
Notes and Cautions
127(
A Note indicates important information that helps youmake better use of your computer.
!
&$87,21
A Caution indicates either potential damage to hardware or loss of data and tells you how to avoid the
problem.
Wireless Networking Concepts
The AP-2000 provides wireless access to network infrastructures. As wireless clients move from one coverage cell to
another, AP-2000 units automatically allow client roaming within the same subnet.
To determine the best location for the Base Station units, we recommend conducting a Site Survey before placing the
devices in their final locations. For information about how to conduct a Site Survey, contact your local reseller.
Before the AP-2000 unit can be configured for your specific networking requirements, it must first be initialized.
Initialization consists of setting a static IP address and the appropriate IP mask for the AP-2000 unit so that you can
recognize it once it is located in your network.
Figure 1-1
Standalone wireless network access infrastructure
1-1
Management and Monitoring Capabilities
The network administrator can configure each unit according to the requirements for the network. The Access
Point 2000 (AP-2000) functions as a wireless network access point to data networks. AP-2000 networks provide:
Q
Q
Q
Q
Seamless client roaming
Easy installation and operation
Over-the-air encryption of data
High speed network links
To be fully operational, the AP-2000 needs at least one PC Card.
127(
PC Cards are not included with your kit and must be ordered as separate items.
Management and Monitoring Capabilities
To configure the AP-2000 for your needs, set your specific network, wireless interface, and bridge parameters. The
HTTP (web browser) Interface provides easy configuration and management.
Wireless clients (computers connected to your network through a radio PC Card) use Client Manager software for
network access. Once connected, users can roam from one coverage cell to another while maintaining their
connection.
There are three management and monitoring interfaces available to the network administrator to configure and
manage the AP-2000 device(s) in the network:
1.
2.
3.
HTTP Interface
Command Line Interface
Full SNMP configuration capabilities
HTTP Interface
The HTTP Interface (Web browser Interface) provides easy access to configuration settings and network statistics
from any computer in the network. Use the HTTP Interface through your LAN (switch, hub, etc.) through the Internet,
or with a "crossover" Ethernet cable connected directly to your computer’s Ethernet Port.
127(
The HTTP Interface is not backwards compatible with Access Point 1000 hardware. To manage AP-1000
devices, use the AP Manager software.
Command Line Interface
The Command Line Interface (CLI) represents a set of keyboard commands and parameters used for configuring and
managing the AP-2000.
Users enter Command Statements, composed of CLI Commands and their associated parameters. Statements may
be issued from the keyboard for real time control, or from scripts that automate configuration.
For example, when downloading a file, administrators enter the download CLI Command along with IP Address, file
name, and file type parameters.
Q
Q
If necessary, use the CLI with your computer serial port to initialize the proper IP address for your network.
The CLI provides configuration and management access for most generic Telnet and Terminal clients. Use the
CLI through your computer serial port, over your LAN, through the Internet, or with a "crossover" Ethernet
cable connected directly to your computer.
Details of the CLI commands used to manage the AP-2000 device along with syntax and specific parameters names
can be found in Using the Command Line Interface.
1-2
Active Ethernet
Active Ethernet
Some AP-2000 unit are equipped with an Active Ethernet module. Active Ethernet (AE) delivers both data and power
to the access point. There is no difference in operation; the only difference is in the power source.
–
–
–
–
–
The Active Ethernet (AE) integrated module adds ~48 VDC to unused (non-data) wires in standard Category 5
Ethernet cable.
The cable length between the Ethernet network source and the AP-2000 unit should not exceed 1,00 meter
(approx 3,25 ft.).
The AE module is not a repeater and does not amplify the Ethernet data signal.
AP-2000 devices with Active Ethernet should be connected to a grounding type AC outlet (100-240 VAC),
using the standard power cord supplied.
Output Power, per Port 11 Watts
Also see Electrical Specifications.
802.11b versus 802.11a Networks
The AP-2000 supports 802.11wireless connectivity through the use of an 802.11a-compliant 5 GHz and 802.11bcompliant 2.4 GHz radio technology. The IEEE 802.11a standard adds support for a high-speed wireless physical layer
in the 5 GHz band using Orthogonal Frequency Division Multiplexing (OFDM). The standard requires support for data
rates of 6, 12, 24, and 54 Mbits/s. The AP-2000 unit supports the following data rates: 6, 9, 12, 18, 24, 36, 54 Mbits/s.
The IEEE 802.11b standard supports wireless physical layer in the 2.4 GHz band using Direct Sequence Spread
Spectrum (DSSS). The standard provides for data rates of 1, 2, 5.5, and 11 Mbits/s.
Feature List
The IEEE standards that governs wireless communications are different for the 2.4 GHz band and the 5 GHz band.
The table below compares the software features supported for each type of card in the AP-2000 device:
Feature
Number of stations per BSS
2.4 GHz
5 GHz
up to 250
up to 50
HTTP Server
yes
yes
Telnet / CLI
yes
yes
SNMP Agent
yes
yes
VLAN Support (2 User VLANs)
yes
yes
Emergency Reset to Default Configuration
yes
yes
DHCP Client
yes
yes
DHCP Server
yes
yes
TFTP
yes
yes
RADIUS Access Control
yes
yes
802.1X (EAP-MD5, EAP-TLS and EAP-TTLS)
yes
yes
802.1d bridging
yes
yes
MAC Access Control Table
yes
yes
Protocol Filtering
yes
yes
Multicast/Broadcast Storm Filtering
yes
yes
Proxy ARP
yes
yes
Configuration Support for MAC Features
yes
yes
ICMP Echo Response
yes
yes
Hardware Watchdog Timer
yes
yes
Roaming
yes
yes
Link Integrity
yes
yes
Automatic Channel Select
yes
yes
WEP
yes
yes
WEP Plus (Weak Key Avoidance)
yes
WDS Relay
yes
Remote Link Test
yes
Link Test Responder
yes
Medium Density Distribution
yes
Distance between AP's
yes
Comments
No client support for 802.11a
No client support for 802.11a
1-3
802.11b versus 802.11a Networks
Feature
2.4 GHz
Ultra High Density
yes
Closed System
yes
Interference Robustness
yes
5 GHz
Comments
Load Balancing
yes
No client support for 802.11a
AP List
yes
No client support for 802.11a
SpectraLink VoIP Support
yes
Fragmentation
yes
The AP-2000 device can be used with any combination of 802.11a and 802.11b radio cards. Note however, that only
one 802.11a card with antenna adapter can be plugged into the AP-2000 unit at one time. You can have an 802.11a
and an 802.11b card present in the AP-2000 device at the same time and 2.4 GHz and 5 GHz clients will be supported
simultaneously.
Cell Size and Coverage Area
The coverage area achieved with the 2.4 GHz card type is larger than that of a 5 GHz radio card. The transmit rate is
higher in the smaller (2.4 GHz) cell than the larger (5 GHz cell). The following illustrations depict the difference in cell
sizes and the way that cell size affects coverage area.
Figure 1-2
802.11a (5 GHz) Cell Size
Figure 1-3
802.11a versus 802.11b Coverage Area
1-4
Installation and Initialization
Auto Channel Select
The Access Point selects its own frequency channel, based on interference situation, bandwidth usage and adjacent
channel use, using the Auto Channel Select feature. This is beneficial when deploying AP-2000 units in a new
environment or adding an AP-2000 unit in an existing environment.
The default channel for the 5 GHz radio card is 52 - 5260 MHz. When a second AP-2000 unit is turned on in the vicinity
of the currently active AP-2000 device, the Auto Channel Select feature changes the frequency channel of the second
unit so there is no interference between the units. Multiple AP-2000 units can be turned on simultaneously to establish
proper channel selection.
2.4 GHz
(802.11b)
5 GHz
(802.11a)
Physical Layer Type
(Modulation Type)
DSSS
(Direct Sequence Spread Spectrum)
ODFM
(Orthogonal Frequency Division Multiplexing)
Auto Channel Select
Enable (default)
Disable
Enable (default)
Disable
Frequency Channel
1 - 2.412 GHz
2 - 2.417 GHz
3 - 2.422 GHz (default FCC, ETSI, Japan)
4 - 2.427 GHz
5 - 2.432 GHz
6 - 2.437 GHz
7 - 2.422 GHz
8 - 2.447 GHz
9 - 2.452 GHz
10 - 2.457 GHz
11 - 2.462 GHz
36 - 5.180 GHz
40 - 5.200 GHz
44 - 5.220 GHz
48 - 5.240 GHz
52 - 5.260 GHz (default)
56 - 5.280 GHz
60 - 5.300 GHz
64 - 5.320 GHz
These channels are only valid in US/Canada,
and Japan at this time.
12 - 2.467 GHz (ETSI countries only)
13 - 2.472 GHz
14 - 2.477 GHz (Japan only)
For France, channels 10-13 only
Distance Between APs
Large (default)
Medium
Small
Minicell
Microcell
N/A
Multicast Rate
1 Mbit/sec
2 Mbits/sec
5.5 Mbits/sec (default)
11 Mbits/sec
0 - Auto Fallback (default)
6 Mbit/sec
9 Mbits/sec
12 Mbits/sec
18 Mbits/sec
24 Mbits/sec
36 Mbits/sec
48 Mbits/sec
54 Mbits/sec
Interference Robustness
Enable (default)
Disable
N/A
Closed System
Enable
Disable (default)
N/A
Load Balancing
Enable (default)
Disable
N/A
Medium Density Distribution
Enable (default)
Disable
N/A
Installation and Initialization
The AP-2000 is designed to support both 2.4 GHz (IEEE 802.11b) radio cards and 5 GHz (IEEE 802.11a) radio cards.
The ORiNOCO 5 GHz card for the AP-2000 has an antenna adapter which snaps into place on the existing wall
mounting bracket. Refer to the printed Quick Start Guide provided in you kit for instructions on installing the Base
Station hardware and initializing the unit for your network.
1-5
Configuring the ORiNOCO AP-2000 device
2
In This Chapter
Since each network is unique, the AP-2000 must be configured to operate in your network environment.
Most administrators use the HTTP Interface (web browser) for configuration; however, the Command Line Interface
(CLI) provides the same functionality by entering CLI Commands or scripts from Terminal and Telnet sessions. For
information about using the CLI, please refer to Using the Command Line Interface.
In some scenarios described in this chapter, you need to make configuration choices (for example, which radio
channel to use). This guide explains each choice. When in doubt, we suggest you accept the default values.
Q
Prerequisites
Q
ScanTool Program
Set Basic Configuration Parameters
Download the Latest Software
– Setup your TFTP Server
– Download Updates to your TFTP Server from the Web Interface
– Backup your AP-2000 Configuration File
– Copy a Configuration File from Another AP-2000 Unit
Other Network Settings
– Configure the AP-2000 Device as a DHCP Server
– Maintain 802.11b Client Connections using Link Integrity
Change your Wireless Interface Settings
– 802.11a Wireless Interface Card
– 802.11b Wireless Interface Card
– Auto Channel Select (ACS)
– Distance Between APs
– Multicast Rate
Ethernet Settings
– Set Ethernet Speed and Transmission Mode
Q
Q
Q
Q
Q
Q
Q
Q
Configure your Management Interfaces
– Set HTTP Interface Management Services
– Configure Serial Port Interface Settings
Other Security Configuration Settings
– Configure your MAC (Address) Access Control Table
– RADIUS Authentication Settings
– IEEE 802.1x Security Mode
If You Encounter Problems...
2-1
Prerequisites
Prerequisites
Before configuring the AP-2000, you need to gather certain network information. The following section identifies the
information you need. A form has been provided at the end of this guide for you to document the configuration settings
of each of the AP-2000 units in your network. Refer to Recording Your Configuration Settings.
Network Name (SSID of the wireless cards) Each wireless interface of your AP-2000 must be given a Network Name before users can
sign on. This is not the same as the System Name, which applies only to the AP-2000 unit.
This may apply to the isolated unit, the immediate, active network, or to multiple networks.
The network administrator typically provides the Network Name(s).
(HTTP) Password Each AP-2000 requires a read/write password to access the web interface. The default
password is "public".
Authentication Method A primary authentication server may be configured; a backup authentication server is also
optional. The network administrator typically provides this information.
Authentication Server Shared Secret This is a kind of password shared between the AP-2000 and the RADIUS authentication
server (so both passwords must be the same), and is typically provided by the network
administrator.
Authentication Server Authentication Port This is a port number (default is 1812) and is typically provided by the network
administrator.
Client IP Address Pool Allocation Scheme The AP-2000 can automatically provide IP addresses to clients as they sign on. The
network administrator typically provides the IP Pool range.
DNS Server IP Address The network administrator typically provides this IP Address.
127(
Client Manager software comes with the PC Cards used in wireless client computers. The current network
profile on the wireless client must contain a valid Network Name; in other words, one of the case-sensitive
Network Names defined in the AP-2000 PC Card "Wireless Interface" properties. For more information,
please refer to the PC Card documentation.
ScanTool Program
Use ScanTool to initialize units and download image files for any unit connected to the LAN subnet. You can set the IP
Address, IP Address Type (Static or Dynamic), and other values. The ScanTool.exe application is included on the
installation CD-ROM.
127(
ScanTool is very useful because units can be installed without prior bench initialization. To track units, you
must record the MAC Address and physical location of each unit during installation. Since ScanTool identifies
each unit by its MAC Address, you can install multiple units simultaneously and initialize them from ScanTool.
When sent from the factory, the AP-2000 is set for DHCP operation. If using DHCP, the unit requests an IP Address
from the DHCP server when rebooted or powered up. Since the IP Address could come from a large DHCP address
pool, it may be difficult to identify the IP Address assigned to the unit.
Use the following procedure to open ScanTool and set AP-2000 network parameters. You should have the AP-2000
unit(s) and your computer connected to the same LAN subnet.
1. Install the AP-2000 hardware and connect the unit(s) to the LAN.
2. Power up, reboot, or reset the AP-2000. Result: If set for DHCP, the unit requests an IP Address from the network
DHCP server.
3. Open ScanTool. Result: ScanTool scans the subnet and locates all AP-2000 units. The ScanTool Main screen
appears, similar to the example below, that shows a single unit in the factory default state
.
2-2
Set Basic Configuration Parameters
To re-scan the network and update the display after changing values, click the Rescan button. To change values or
download an AP Image, select the desired unit, and then click the Change button. Result: the ScanTool Change
screen appears, similar to the following example. Our example shows a unit with factory default settings.
You may perform the following operations. Note that certain options are available only when selecting Static IP
Address mode.
— MAC Address. This read-only field displays the MAC Address of the selected unit.
— Name. Enter the System Name of the unit. This is typically descriptive text, such as “Main Lobby”.
— IP Address Type. Select Static if you wish to enter the IP values manually. Select DHCP to force the unit to request
and IP Address from a DHCP server each time it is powered up or rebooted.
— IP Address. If you selected Static, then enter the IP Address.
— Subnet Mask. If you selected Static, then enter the Subnet Mask.
— Gateway IP Address. If you selected Static, then enter the IP Address of the Gateway.
— TFTP Server IP Address. If you wish to download a new AP Image file, then enter the IP Address of the TFTP
server.
— Image File Name. If you wish to download a new AP Image file, then enter the full directory path and file name. If
the file is located in the default TFTP directory, you need enter only the file name.
— Read/Write Password. Enter the read/write password. The default password is “public”.
To reboot the unit to make the changes effective, verify the entered values and then click the OK button. Result: The
unit will reboot and the new values will be in effect. To cancel the operation and return to the ScanTool Main screen,
click the Cancel button.
Set Basic Configuration Parameters
Once you have a valid IP Address assigned to your AP-2000 and an Ethernet connection, use your web browser to
configure the AP-2000 through the Web Interface.
Log Into the AP-2000 Unit using the Web Interface
1. Ensure any proxies are turned off. Open your browser and enter the IP Address. Press ENTER. Result: The
AP-2000 Login screen appears.
127(
Leave the User Name field empty
2. Enter public in the Password field. Result: The System Status screen appears.
3. Click the Configure operation button. Result: The System Configuration screen appears. Each tab contains
information for specific configuration categories.
2-3
Set Basic Configuration Parameters
1
2
Figure 2-1
3
Configuration through the Web Interface
You are now ready to configure each AP-2000 category, depending on your system. In some cases, you will not need
to make any changes. If you are in doubt about any setting, we recommend that you use the default values.
Figure 2-2
Configuration Options
To set properties for each category, click on the desired tab. Result: The selected configuration screen appears. Each
configuration screen allows you to select options, or enter, edit, and delete information.
In some cases, the AP-2000 reminds you that it must be rebooted for a change to take effect. In a given session, you
can wait to reboot until all changes have been made.
After entering or editing information on configuration screens, click OK to save changes, or click Cancel to restore
previous settings.
You will want to set up a few basic configuration parameters right away when you receive the AP-2000 unit. For
example:
–
–
–
–
–
–
System name and location
Contact information for network administrator
IP Address
Communication rules for your wireless interface(s)
Passwords for the different management interfaces (SNMP, Telnet, HTTP)
If you need to upload the latest software, you will also want to setup your TFTP server to communicate with
the AP-2000 device. This process is described in downloading the latest software, under Setup your TFTP
Server.
2-4
Set Basic Configuration Parameters
Set System Name, Location and Contact Information
Figure 2-3
1.
2.
System Configuration
From the web interface, start by clicking on the Configure button, then the System tab.
Enter the name of the AP-2000 device, its location within your network or its physical location, such as “Front
Lobby” or Engineering, the name, phone number and e-mail address of the person responsible for this device,
and click OK.
Set a Static IP Address for the AP-2000 Device
1.
2.
Click on the Network tab and select the IP Address Assignment Type to Static.
Then enter a fixed IP Address for your AP-2000 unit, along with the IP mask and default gateway IP Address
you want to use.
127(
The IP Mask of the AP-2000 unit needs to match the IP Mask of your network. If you are setting up the
AP-2000 device from a client station, check the IP mask of your computer before proceeding.
3.
Click OK when finished. The AP-2000 unit will need to be rebooted for the changes to take affect.
Figure 2-4
Network IP Configuration
2-5
Set Basic Configuration Parameters
Set Network Names and Encryption Options
1. Select Network Names (SSID) for the PC Cards in wireless Slots A and/or B in the AP-2000 device. Client stations
use the Network Name of the PC Card to connect to the network through the AP-2000 unit.
At power up or insertion of either a 2.4 GHz or 5 GHz radio card, the AP-2000 software will automatically detect the
card type. The Configuration and Monitoring parameters displayed in the HTTP Interface will be updated
accordingly. The default values will be assigned.
Figure 2-5
Wireless Interface Configuration
The AP-2000 device can be used with any combination of 2.4 GHz (802.11b) and 5 GHz (802.11a) radio cards.
Note however, that only one 802.11a adapter card can be plugged into the AP-2000 unit at one time. You can have
an 802.11a and an 802.11b card present in the AP-2000 device at the same time, and 2.4 GHz and 5 GHz clients
will be supported simultaneously.
127(
Not all software features available for the 802.11b cards are available for the 802.11a cards.
2-6
Set Basic Configuration Parameters
Set WEP Encryption for each Wireless Interface
Figure 2-6
1.
2.
3.
WEP Encryption
Click on the Security > Encryption tabs.
Click inside the check box to enable WEP encryption on a wireless card.
Type in an encryption key based on the type of card present in each slot.
127(
The AP-2000 device supports both 40- and 128-bit cards. 40-bit cards support key lengths of 5 alphanumeric
characters. 128-bit cards support key lengths of 13 alphanumeric characters.
4.
Select which key to use for WEP encryption. Client stations must have the same encryption key to be able to
communicate with the AP-2000 device.
Change Passwords
1.
Click on the Management tab and change the default passwords for the SNMP, Telnet/CLI, and HTTP
interfaces. The default passwords for each interface is public.
127(
We strongly urge your to change the default passwords to restrict access to your network devices to
authorized personnel. We also recommend that you document your AP-2000 configuration using the work
sheets provided for you in Recording Your Configuration Settings. If you lose or forget your password settings,
you can always perform the Reset to Factory Default Procedure.
2-7
Download the Latest Software
Download the Latest Software
There are three types of files that can be downloaded to the AP-2000 from a TFTP server:
—
—
—
img (AP software image or kernel)
config (configuration file)
bspbl (BSP/Bootloader firmware file)
The latest updates on software and documentation can be found on the Agere web site at:
<{WebLink}>http://www.orinocowireless.com. Also see SolarWind.net for the latest version of the TFTP server.
Setup your TFTP Server
The “Trivial File Transfer Protocol” (TFTP) server allows you to transfer files across a network. You can upload files
from the AP-2000 for backup or copying, and you can download the files for configuration and AP Image upgrades.
The TFTP software is located on the ORiNOCO AP-2000 Installation CD-ROM.
If a TFTP server is not configured and running, you will not be able to download and upload images and configuration
files to/from the AP-2000. Remember that the TFTP server does not have to be local, so long as you have a valid
TFTP IP Address. TFTP does not have to be running for AP-2000 operations that do not transfer files.
After the TFTP server is installed:
Q
Q
Q
Check to see that TFTP is configured to point to the directory containing the AP Image.
Make sure you have the proper TFTP server IP Address, the proper AP Image file name, and that the TFTP server
is connected.
Download Updates to your TFTP Server from the Web Interface
1.
2.
3.
4.
5.
6.
Make sure the TFTP server is running and pointing to the directory containing the desired file.
Open the web interface of the AP-2000 device.
Click on the Commands button; select the Download tab.
Type in the IP address of your TFTP server.
Type in the file name (including the file extension) and select the file type from the pull down menu.
The unit will need to be rebooted for the changes to take affect.
Figure 2-7
Download Software Image from TFTP Server
2-8
Download the Latest Software
Backup your AP-2000 Configuration File
1.
2.
3.
4.
5.
6.
7.
Make sure the TFTP server is running and pointing to the directory where you want to save the file.
Open the web interface of the AP-2000 device.
Click on the Commands button; select the Upload tab.
Type in the IP address of your TFTP server.
Type in a descriptive name for your configuration file.
Select the file type as config from the pull down menu.
Click OK to upload this information from your AP-2000 unit to the TFTP server, where it can be retrieved in the
event you reset your AP-2000 device to factory defaults at some time.
127(
Record the name of this configuration file and the IP address of the AP-2000 unit so you can easily find it if you
need to download it.
Copy a Configuration File from Another AP-2000 Unit
You can configure multiple units using the same configuration file by uploading the configuration file from one AP-2000
unit to the TFTP server, and then download the configuration file to other AP-2000 units.
!
&$87,21
Do not use a static IP address in this configuration file, otherwise you will end up with duplicate IP addresses
in your network!
1. Check to ensure Dynamic IP address is enabled by clicking the Configure button and selecting the IPConfig tab.
Then open the Web interface from the AP-2000 unit with the desired configuration and click the Commands button.
2. Select the Upload tab and enter the IP address of your TFTP server.
Figure 2-8
Upload Configuration File to TFTP Server
3. Enter the name of your configuration file and click OK.
4. Wait for the file to transfer from the AP-2000 device to the TFTP server.
5. Access the AP-2000 unit to which you will download the configuration. A system window will notify you when this
process is complete. Confirm by clicking OK.
6. Click on the Commands button, then select the Download tab.
7. Verify the IP address of your TFTP server and enter the name of the file you wish to transfer (refer to Step 3).
8. Set the file type to config, and click OK. Click Download.
9. The unit will need to be rebooted for the changes to take affect.
10. Repeat this procedure for all the AP-2000 units you want to configure using this specific file.
2-9
Other Network Settings
Other Network Settings
You may want to set other configuration parameters for your AP-2000 unit, such as:
—
—
—
—
—
Configure the AP-2000 device as a DHCP server
Maintain 802.11b client connections using Link Integrity checking
Change your Wireless Interface settings
Configure which physical interface will be used to manage the AP-2000 unit
Control access to the AP-2000 device using MAC Address authentication, WEP encryption or 802.1x
security settings
Refer to Configuring Advanced Features for more complex network settings.
Configure the AP-2000 Device as a DHCP Server
!
&$87,21
Make sure there is only one DHCP server on the network and do not enable the DHCP server without
checking with your network administrator first, as it could bring down the whole network.
Use DHCP configuration to provide dynamic client IP Addresses from one or more IP Pool Tables. Enable the DHCP
Server to allow the AP-2000 to assign clients IP Addresses from IP Pool Tables. Deselect the Status check box to
prevent client IP Address assignment from the AP-2000.
127(
You must have at least one entry in the DHCP Server client IP Address assignment table before you can
enable the DHCP Server Status feature.
Figure 2-9
Network Configuration Screens - DHCP Server
1. From the HTTP interface, click on the Configure button and select the Network > DHCP Server tabs.
2. Click on the Add button in the IP Pool Table.
3. Enter the following information:
— Start IP Address
— End IP Address
2-10
Other Network Settings
—
Default Lease Time (optional) - the default time value for clients to retain the assigned IP Address. DHCP
—
Maximum Lease Time (optional) - the maximum time value for clients to retain the assigned IP Address.
automatically renews IP Addresses without client notification. Default is 86400 seconds.
DHCP automatically renews IP Addresses without client notification. Default is 86400 seconds.
—
—
Comment (optional)
Status - IP Pools are enabled upon entry in the table. Use the Edit button to disable or delete existing
table entries.
4. Enter the Default Gateway IP Address, the Primary and Secondary DNS IP Addresses, and select the Enable
DHCP Server check box.
5. Reboot the AP-2000 unit for the changes to take affect.
Maintain 802.11b Client Connections using Link Integrity
127(
This feature is only applicable to 2.4 GHz (802.11b) cards.
The Link Integrity feature checks the link between the AP-2000 and the nodes on the backbone. These nodes are
listed by their IP address on the Link Integrity IP Address Table, and serve as backup. If the link goes down, the client
will connect to another AP-2000 in your network that still communicates with the server.
Figure 2-10
Link Integrity
Configure Link Integrity
1. From the HTTP interface, click on the Configure button and select the Network > Link Integrity tabs.
2. Click the Edit button in the Target IP Address Table.
3. Enter the IP Address of the host computer you want to check and add comments to identify the computer if you
wish. This Target IP Address is enabled as soon as it is entered in the table. Click OK.
4. Set the following parameters as needed:
– Poll Interval - the interval between link integrity checks. Range is 500 - 15000 ms in increments of 500 ms;
default is 500 ms.
– Poll Retransmissions - the number of times a poll should be retransmitted before the link is considered down.
5. Click to select the Enable Link Integrity check box.
2-11
Change your Wireless Interface Settings
Disable Link Integrity
Q
Q
To disable Link Integrity check for all clients, deselect the Enable Link Integrity check box.
To disable Link Integrity check to a certain host computer, click on the Edit button in the Target IP Address Table
and set the Status to Disable.
Change your Wireless Interface Settings
Depending on the type of wireless PC Card installed in the AP-2000 device, the configuration options will be different.
Some parameters are the same for 802.11a and 802.11b cards. Others are unique to each card type.
You can setup an AP-2000 unit using the following combinations of wireless cards:
1.
2.
3.
4.
single 802.11a card with the attached antenna adapter
single 802.11b card
two 802.11b cards (one in each slot)
one 802.11a card with attached antenna and one 802.11b card
802.11a Wireless Interface Card
Figure 2-11
–
–
–
–
–
–
802.11a Wireless Interface Options
Network Name. Enter a Network Name for each PC Card. This is the same name used on client machines to
connect using the Client Manager software.
Enable Auto Channel Select (ACS). By default this feature is enabled. The AP-2000 device will scan the area for
other AP-2000 devices and select a free or relatively unused communication channel. This helps prevent
interference problems and increases the performance of the network.
Frequency Channel. Use the pull-down menu to select the desired card frequency. Ensure nearby devices do not
use the same frequency. The Frequency Channels available will depend on the card type and the country of use.
Refer to Radio Specifications for details.
Transmit Rate. Use the pull-down menu to select a specific transmit rate for the 802.11a card. Choose between 6,
9, 12, 18, 24, 36, 48, 54 Mbits/s, or Auto Fallback. The Auto Fallback feature allows the AP-2000 unit to select the
best transmit rate based on the cell size.
DTIM Period. Deferred Traffic Indicator Map (DTIM) is used with clients that use power management. DTIM should
be left at the default value.
RTS/CTS Medium Reservation. This value affects message flow control, and should not be changed under normal
circumstances. Range is 2347 (on), 500 (off).
2-12
Change your Wireless Interface Settings
802.11b Wireless Interface Card
Figure 2-12
–
–
–
–
–
802.11b Wireless Interface Options
Network Name. Enter a Network Name for each PC Card. This is the same name used on client machines to
connect using the Client Manager software.
Enable Auto Channel Select (ACS). By default this feature is enabled. The AP-2000 device will scan the area for
other AP-2000 devices and select a free or relatively unused communication channel. This helps prevent
interference problems and increases the performance of the network. However, if you are setting up a Wireless
Distribution System (WDS), it must be disabled.
Frequency Channel. Use the pull-down menu to select the desired card frequency. Ensure nearby devices do not
use the same frequency. The Frequency Channels available will depend on the card type and the country of use.
Refer to Radio Specifications for details.
Distance Between APs. Set to Large, Medium, Small, Microcell or Minicell depending on the site survey for your
system. The distance value is related to the Multicast Rate (described next). In general, larger systems operate at
a slower average rate. This feature is only available for 802.11b wireless cards.
Multicast Rate. Set the rate at which Multicast messages may be sent. This value is related to the Distance
Between APs parameter (described previously). This feature is only available for 802.11b wireless cards.
Distance between APs Multicast Rate
Large
1 and 2 Mbits/sec
Medium
1, 2, and 5.5 Mbits/sec
Small
1, 2, 5.5 and 11 Mbits/sec
Minicell
1, 2, 5.5 and 11 Mbits/sec
Microcell
1, 2, 5.5 and 11 Mbits/sec
2-13
Change your Wireless Interface Settings
–
Enable Interference Robustness. Enable this option if other electrical devices in the 2.4 GHz range may be
interfering with the wireless signal. This feature is only available for 802.11b wireless cards.
Enable Closed System. Check this box to allow only clients configured with your specific Network Names to access
the AP-2000. When disabled, a client configured with the Network Name “ANY” can connect to the AP-2000. This
feature is only available for 802.11b wireless cards.
Enable Load Balancing. Enable this option so clients can evaluate which access point to associate with, based on
current AP loads, to more evenly balance the load between APs. This feature is only available for systems using
two 802.11b wireless cards.
Enable Medium Density Distribution. Enable this option to automatically notify client stations of roaming
thresholds for the nearby APs. This feature is only available for 802.11b wireless cards.
–
–
–
Auto Channel Select (ACS)
Auto Channel Select (ACS) tests available channels and selects one according to its signal strength. The channel
range is set by the regulatory agency responsible for your geographic region. Using a probe, the AP-2000 device
scans appropriate channels and selects the radio frequency channel with the best signal to noise ratio (i.e., signal
strength). ACS is enabled by default; however, if you plan to use WDS setup then you must disable ACS.
Disabling ACS
1.
2.
3.
From the Web interface, select Configuration then click on the Interfaces tab.
Deselect the check box to disable Auto Channel Select.
Select a frequency channel from the drop-down menu. The clients automatically sense the channel and will
configure themselves to reassociate on the new channel.
&$87,21
!
On changing the status you must reboot your AP-2000, which will disconnect all clients from the AP-2000.
Enabling ACS
1.
2.
!
From the Web interface, select Configuration then click on the Interfaces tab.
Select the check box to Enable Auto Channel Select.
&$87,21
On changing the status you must reboot your AP-2000, which will disconnect all clients from the AP-2000.
Distance Between APs
Cells
Distance Between APs defines how far apart (physically) your AP-2000 devices are located, which in turn determines
the size of your cell. Cells of different sizes have different capacities and therefore suit different applications. For
instance, a typical office has many stations requiring high bandwidth and transmit rates for complex, high-speed data
processing. In contrast, a typical warehouse has a few forklifts requiring low bandwidth and transmit rates for simple
transactions. Cell capacities are compared in the following table, which shows small cells suit most offices, while large
cells suit most warehouses:
Small Cell
Physically accommodates few stations
Large Cell
Physically accommodates many stations
High cell bandwidth per station
Lower cell bandwidth per station
High transmit rate
Lower transmit rate
2-14
Change your Wireless Interface Settings
Coverage
The number of access point units in a set area determines the network coverage for that area. A great number of
access point units covering a small area would be a high-density cell. Few access point units, or even a single unit
covering the same small area would result in a low-density cell, even though in both cases the actual area did not
change- only the number of access points covering the area changed.
In a typical office, smalls cells may have a ten foot (10’) diameter and an AP-2000 device every twenty feet (20’), which
would be considered high density. In contrast, large cells in a typical warehouse may have a ninety foot (90’) diameter
and an AP-2000 unit every two hundred feet (200’), considered low density.
Figure 2-13
Low Density vs. Ultra High Density Network
Set the Distance Between APs
1.
2.
3.
!
From the Web interface, click on the Configure button, select the Network > Interfaces tab.
Select the desired Wireless Slot tab.
Use the drop-down menu to set the Multicast rate for the appropriate card.The AP-2000 recognizes the
following five values for the Distance Between APs parameter (configurable for each Wireless NIC): Large,
Medium, Small, Minicell, and Microcell.
&$87,21
The distance between APs should not be approximated. It is calculated by means of a manual Site Survey, in
which an AP-2000 unit is set up and clients are tested throughout the area to determine signal strength and
coverage, and local limits such as physical interference are investigated.
From these measurements the appropriate cell size and density is determined, and the optimum distance
between APs is calculated to suit your particular business requirements.
The Site Survey is contained on the Installation CD included in your kit.
2-15
Change your Wireless Interface Settings
Multicast Rate
The multicast rate measures how quickly information is transmitted across your network. This rate is approximated for
a cell, since physical proximity to the AP increases throughput. Stations closer to an AP actually have higher multicast
rates than stations in the same cell that are located farther from the AP. In addition, a small cell with several stations
located close to the AP-2000 unit can actually transmit information faster than a larger cell with only a few stations
located farther from the AP-2000 device.
11 Mbits/s
1 Mbit/s
Figure 2-14
1 Mbits/s and 11 Mbits/s Multicast Rates
127(
There is an inter-dependent relationship between the Distance between APs and the Multicast Rate. In
general, larger systems operate at a lower average transmit rate.The variation between Multicast Rate and
Distance Between APs is presented in the following table:
1.0 Mbit/s
2.0 Mbits/s
yes
yes
Large
5.5 Mbits/s
11 Mbits/s
Medium
yes
yes
yes
Small
yes
yes
yes
yes
Minicell
yes
yes
yes
yes
Microcell
yes
yes
yes
yes
Set the Multicast Rate
1.
2.
From the Web interface, click on the Configure button, and select the Network > Interfaces tabs.
Select the Wireless - Slot A or Wireless - Slot B tab depending on where your 802.11b card is installed.
3.
Use the drop down menu to select a Multicast rate.
127(
The Distance Between APs must be set before the Multicast Rate, because when you select the Distance
Between APs, the appropriate range of Multicast values automatically populates the drop down menu.
2-16
Ethernet Settings
Ethernet Settings
Set Ethernet Speed and Transmission Mode
Figure 2-15
Ethernet Interface
Configuration. Select the desired speed and transmission mode from the pull down menu. Half-duplex means that
only one side can broadcast at a time, full-duplex allows both sides to transmit, while auto-duplex selects the best
transmission mode for the given configuration. The recommended setting is auto-speed-auto-duplex.
Choose between:
Q
Q
Q
Q
10 Mbit/s - half duplex, full duplex, or auto duplex
100 Mbit/s - half duplex, full duplex, or auto duplex
auto speed - half duplex
auto speed - auto duplex
Configure your Management Interfaces
Select which interfaces will be available through the Wireless, Ethernet, and Serial Port interfaces of the AP-2000 unit.
Figure 2-16
Management Interface Settings
2-17
Other Security Configuration Settings
Set HTTP Interface Management Services
From the drop-down menu, select which physical interface(s) can be used to manage the AP-2000 device using the
HTTP management interface.
Choose between:
—
—
—
Disabled (all interfaces)
Ethernet only enabled
Wireless A only enabled
—
—
Wireless B only enabled
All Interfaces enabled
Enter the HTTP communication port number. Default is 80.
Configure Serial Port Interface Settings
The serial port interface on the AP-2000 device is enabled at all times. You can set the following parameters as
needed:
–
–
Baud Rate. Select the serial port speed (bits per second). Choose between 2400, 4800, 9600, 19200, 38400, or
57600; the default Baud Rate is 9600.
Flow Control. Select either None (default) or Xon/Xoff (software controlled) data flow control.
127(
To avoid unexpected performance of your AP-2000, leave the setting Flow Control to its default value (none)
unless you are sure what this setting should be.
Other Security Configuration Settings
Control access to the AP-2000 device using MAC Address authentication, WEP encryption, or 802.1x security
settings.
Figure 2-17
Security Configuration Screen - MAC Authentication
2-18
Other Security Configuration Settings
Configure your MAC (Address) Access Control Table
The MAC Authentication tab allows you to build a list of stations, identified by their MAC addresses, authorized to
access the AP-2000 device within your network. The list is stored inside each AP-2000 within your network.
–
–
Enable MAC Access Control. Check this box to enable the Control Table.
Operation Type. Choose between Passthru and Block. This determines how the stations identified in the MAC
Access Control Table are filtered.
Add an Entry to the MAC Access Control Table
1.
2.
3.
Click the Add button in the MAC Access Control table.
Enter the MAC Address of the client station authorized to manage this AP-2000 device.
Add a comment as needed. Entries are automatically enabled.
Disable or Delete an Entry in the MAC Access Control Table
1.
2.
3.
Click the Edit button in the MAC Access Control Table.
Select the MAC Address you want to disable or delete.
Click OK.
127(
For larger networks that include multiple AP-2000 devices, you may prefer to maintain this list on a
centralized location using the RADIUS Authentication Settings.
RADIUS Authentication Settings
Also, if your network includes a RADIUS Server, you can use this tab to define the IP Address of the server that
contains a central list of MAC Address values that identify the authorized stations that may access the wireless
network. You must specify information for at least the Primary RADIUS server. The Backup RADIUS server is optional.
127(
Problems with RADIUS Server configuration or RADIUS Authentication should be referred to the RADIUS
Server developer.
–
Enable RADIUS MAC Access Control Status. Click inside the check box to provide authentication by the RADIUS
–
Authorization Lifetime (seconds). Enter the time, in seconds, each client session may be active before being
–
–
–
automatically re-authenticated. Range is 900 - 43200 sec; default is 900 sec.
Enable the Primary or Backup RADIUS Server. Click in the desired check box to enable the RADIUS Server.
IP Address.
Destination Port.
server. Deselect the check box to prevent use of the RADIUS server.
–
–
–
Shared Secret. The password for the user on the RADIUS Server must be the same as the Shared Secret.
Response time (seconds).
Maximum Retransmissions.
2-19
Other Security Configuration Settings
Figure 2-18
Security Configuration Screen - RADIUS Authentication
IEEE 802.1x Security Mode
IEEE 802.1x is a proposed standard that provides a means to authenticate and authorize network devices attached to
a LAN port. A port in the context of IEEE 802.1x is a point of attachment to the LAN, either a LAN jack for the case of a
desktop PC, or a laptop PC association with an Access Point device.
Authentication Process
There are three main components in the authentication process. The standard refers to them as:
1.
2.
3.
supplicant (client PC)
authenticator (Access Point)
authentication server (RADIUS server)
When using 802.1x Security Mode or Mixed mode (802.1x and WEP), you need to configure your Radius server for
authentication purposes.
Initially the unauthenticated client PC cannot send any data traffic through the AP-2000 device to other systems on the
LAN. Data traffic is always encrypted with a WEP key that the client PC receives after it has been authenticated. The
AP-2000 device inhibits all data traffic from a particular client PC until the client PC is authenticated. Regardless of its
authentication status, a client PC can always exchange 802.1x messages in the clear with the AP-2000 unit
2-20
Other Security Configuration Settings
The AP-2000 device acts as a pass-through device to facilitate communications between the client PC and the
RADIUS server. The AP-2000 unit and the client PC exchange 802.1x messages using an EAPOL protocol. Messages
sent from the client station are encapsulated by the AP-2000 device and transmitted to the RADIUS server using EAP
extensions.
Upon receiving a reply EAP packet from the RADIUS, the message is typically forwarded to the client PC, after
translating it back to the EAPOL format. Negotiations take place between the client PC and the RADIUS server. In
case of success, the RADIUS server sends a per-session key to the AP-2000 device.
127(
Currently, only the EAP type of EAP-TLS (smart card or certificate) is supported when using 802.1x security
mode only. In mixed mode, both the EAP-TLS and EAP-MD5 types are supported provided that the RADIUS
server is also configured to support both types.
Operating System
MD5
TLS
TTLS
Windows 98
9
9
8
Windows 98SE
9
9
8
Windows ME
9
9
8
Windows 2000
9
9
9
Windows XP
9
9
9
Click on the Encryption tab in the Security Configuration screen to set the 802.1x security mode for the AP-2000 and/
or to set the over-the-air encryption properties for each wireless card. In this procedure, “Slot A” refers to PC Card A,
and “Slot B” refers to PC Card B.
The AP-2000 software offers several methods for configuring security settings:
1.
Set the 802.1x Security Mode to none and make sure the Encryption status is set to disable for both wireless
interface cards.
2.
WEP encryption is the wireless equivalent of the security level available through a wired network. Select the
802.1x Security Mode to none and enable the Encryption status for one or both wireless PC Cards.
Depending on the card type, the Encryption Key Length will be 40- or 128-bits. This will determine the number
of characters allowed for each the Encryption Key. Select the encryption key length from the drop-down menu.
You can specify up to four encryption keys between 5 and 12 alphanumeric characters depending on the key
length supported by the PC Card in each slot. However, you will only use one key to encrypt data to be
transmitted.
3.
!"#$%
&
When you decide to use the 802.1x security mode, you must first configure the RADIUS server to receive an
authentication response. Your computer operating system must also be configured to receive and send
authenticated packets.
4.
'()(
(
With 802.1x security mode, an Encryption Key entry is not required, since this mode creates keys dynamically.
In Mixed mode, Encryption Keys 2-4 are not required.
5.
'()((*+"
%
The rekey feature determines how often your encryption key is changed (the interval between changes) and
can be set to any value between 60 - 65535 seconds. Compared with re-authentication, rekeying frustrates
hacking attempts without taxing system resources. Setting a fairly frequent rekey value (900 seconds=15
minutes) effectively protects against intrusion without disrupting network activities.
2-21
If You Encounter Problems...
Setting Up the AP-2000 using 802.1x Security Mode
1.
2.
3.
4.
5.
6.
7.
8.
9.
From the Web interface, select Security, then click on the Encryption tab.
Set the 802.1x Security Mode to 802.1x and click OK. Ignore the reboot message - this can be done when the
entire procedure is finished.
Select the RADIUS Authentication tab.
Enter the RADIUS server password in the Shared Secret and Confirm Shared Secret fields.
Enable the Primary RADIUS server.
Enter the IP Address for the Primary RADIUS server.
Enter the Destination Port. The default is 1812, however your RADIUS server provider may have another
communication port defined.
Define the Response Time and Response Maximum Retransmission values.
Reboot the AP-2000 device for these changes to take affect.
Figure 2-19
Security Configuration Screen - 802.1x Security Mode
802.1x Security and Wireless Distribution Systems
Wireless distribution systems are setup using specific ports on the AP-2000 unit and frequency channels in the
wireless interface cards. To use 802.1x with WDS, you need to set the 802.1x Security Mode to Mixed (WEP and
802.1x), to make sure that the AP-2000 and the clients share the same encryption key (Key 1).
IT managers can install AP-2000 access points with Wi-Fi radios and gradually migrate to the 802.11a radios without
replacing their access points or client devices. As 802.11a radios become available, they can simply pop out one of the
Wi-Fi radios from one of the dual slots and replace it with an 802.11a radio.
If You Encounter Problems...
Q
Cannot Associate with a Network. When the Client Manager starts, it automatically looks for a network. If it cannot
associate with a network, you will see a message reminding you to update the case-sensitive Network Name in the
current Client Manager Configuration Profile.
127(
Ask your network administrator for the correct Network Name, and then edit the profile by opening Client
Manager. Select Actions -> Add/Edit Configuration Profile -> Edit Profile -> Basic. Enter the Network Name
and then click OK. For more information, please refer to your PC Card documentation.
Q
Q
If the Network Name is the same in both the client and the AP-2000 device, then verify the settings in the Security
Properties table, which includes encryption settings.
Other Errors. Systematically double-check the AP-2000 unit settings, especially the IP Addresses and the client IP
Address Pool.
For more information, please refer to Troubleshooting in this guide.
2-22
Managing the ORiNOCO AP-2000 device
3
In This Chapter
Q
Q
Q
Management Interface
Monitoring Network Statistics
– View Hardware/Software Component Information
– Monitoring ICMP Statistics
– Monitoring IP/ARP Statistics
– Monitoring Learn Table Statistics
– Monitoring IAPP Statistics
– Monitoring RADIUS Server Statistics
– Monitoring Interfaces Statistics
– Monitoring Remote Link Test Statistics
Issuing System Commands
– Download
– Upload
– Reboot
– Reset
– Help Link
Management Interface
Once you have a valid AP-2000 IP Address and an Ethernet connection, you may use your web browser to issue
commands and monitor network statistics.
The Command Line Interface (CLI) also provides a method for issuing commands and viewing network statistics using
Telnet and Terminal clients. This section covers only use of the HTTP Interface. For more information about issuing
commands and viewing network statistics with the CLI, refer to Using the Command Line Interface.
3-1
Management Interface
1
2
Figure 3-1
Login to HTTP Interface
1. Open your browser and enter the IP Address in the address bar. Press the ENTER key. Result: The AP-2000 Login
screen appears.
127(
Leave the User Name field empty
2. Enter your password in the Password field (default is “public”).
3. Each section of the System Status screen provides the following information.
– System Status. This area provides system level information, including the AP-2000 IP Address and contact
information.
– System Traps. System traps (if any) appear in this area. Each trap identifies a specific severity level.
3-2
Monitoring Network Statistics
Monitoring Network Statistics
To observe the AP-2000 network statistics, click the Monitor button. Result: The Monitor screen appears. Each tab
contains information for monitoring specific statistics.
Figure 3-2
Monitor Screen
View Hardware/Software Component Information
Figure 3-3
Hardware/Software Component Information
From the HTTP interface, click on the Monitor button and select the Version tab. The list displayed provides you with
information that may be pertinent when calling Technical Support. With this information, your Technical Support
representative can verify compatibility issues and make sure the latest software and drivers are loaded.
3-3
Monitoring Network Statistics
Monitoring ICMP Statistics
This tab provides message related information for both received and transmitted messages directed to the AP-2000
device. Not all network traffic is counted in ICMP statistics.
Monitoring IP/ARP Statistics
This tab provides information based on the Address Resolution Protocol (ARP), which relates MAC Address and IP
Addresses.
3-4
Monitoring Network Statistics
Monitoring Learn Table Statistics
This tab displays information relating to network bridging, specifically, the MAC Address and interface number. There
can be up 2000 entries in the Learn Table.
Monitoring IAPP Statistics
This tab displays statistics relating to client handovers and communications between Access Points.
Monitoring RADIUS Server Statistics
This tab provides RADIUS authentication information for both the Primary and Backup RADIUS servers.
127(
RADIUS authentication must be enabled for this information to be valid.
3-5
Monitoring Network Statistics
Monitoring Interfaces Statistics
This tab displays information for the Ethernet interface, as well as each PC Card interface. The Operational Status can
be: 1 = up, 2 = down, 3 = testing.
Monitoring Remote Link Test Statistics
This tab displays information on the quality of the wireless link to clients and other AP-2000 units in the Wireless
Distribution System.
127(
The Remote Link Test feature is only available for 2.4 GHz (802.11b) clients.
3-6
Issuing System Commands
To find wireless clients connected to the AP-2000 device, click Explore, then the Refresh button. To test the link quality,
select a station, and then click Link Test. Quality is measured in terms of Signal strength, Noise strength, and the
Signal to Noise Ratio (SNR).
Issuing System Commands
To issue commands, click on the Commands operation button. Result: The Commands screen appears. Each tab
allows a specific operation.
3-7
Issuing System Commands
Download
Figure 3-4
Commands Screen - Download
Use the Download tab to download Configuration, AP Image, and Bootloader files to the AP-2000. A TFTP server
must be running and configured to point to the directory containing the file.
If you don’t have a TFTP server installed on your system, install the TFTP server from the CD. Select the “Xtras/
SolarWinds” sub-directory, double-click “OEM-TFTP-Server.exe”, and follow the directions given to complete the
installation.
The Download tab shows version information and allows you to enter TFTP information as described below.
–
–
–
–
Server IP Address. Enter the TFTP server IP Address.
Double-click on the TFTP server icon on your desktop and locate the IP address assigned to the TFTP server.
Note: This is the IP address that will be used to point the Access Point to the AP Image file.
File Name. Enter the name of the file to be downloaded.
Copy the updated AP Image file to the shared TFTP server folder. The default AP Image is located at C:/Program
Files/ORiNOCO/AP/.
File Type. Select the proper file type. Choices include:
– Config for configuration information, such as System Name, Contact Name, and so on.
– Img for the AP Image (executable program).
– BspBl for the Bootloader software.
File Operation. Select either Download, or Download & Reboot. You should reboot the AP-2000 after
downloading files.
3-8
Issuing System Commands
Upload
Use the Upload tab to upload Configuration files from the AP-2000. The TFTP server must be running, and configured
to point to the directory that is to contain the uploaded file. We suggest you assign the file a meaningful name, which
may include version or location information.
If you don’t have a TFTP server installed on your system, install the TFTP server from the CD. Select the “Xtras/
SolarWinds” sub-directory, double-click “OEM-TFTP-Server.exe”, and follow the directions given to complete the
installation.
–
–
–
–
Server IP Address. Enter the TFTP server IP Address.
Double-click on the TFTP server icon on your desktop and locate the IP address assigned to the TFTP server.
Note: This is the IP address that will be used to point the Access Point to the AP Image file.
File Name. Enter the name of the file to be uploaded.
Copy the updated AP Image file to the shared TFTP server folder. The default AP Image is located at C:/Program
Files/ORiNOCO/AP/.
File Type. Select Config.
File Operation. Select Upload.
Reboot
Use the Reboot tab to save configuration changes (if any) and reset the AP-2000. Entering a value of 0 (zero) seconds
causes an immediate reboot.
Note that Reset, covered below, does not save configuration changes.
3-9
Issuing System Commands
Reset
Use the Reset tab to restore the AP-2000 to factory default conditions. The AP-2000 may also be reset from the
RESET button on indicator side of the unit. Since this will reset the current AP-2000 IP Address, a new IP Address
must be assigned. Also refer to Recovery Procedures.
Help Link
To open Help, click the Help button on any display screen.
During initialization, the AP-2000 on-line help files are downloaded to the default location: C:\Program
Files\ORiNOCO\AP\Help\<language>\. The ORiNOCO AP-2000 Help information is available in Ebglish, French,
German, Italian, Spanish, and Japanese.
If you want to place these files on a shared drive, copy the Help Folder to the new location, and then specify the new
path in the Help Link box.
3-10
Configuring Advanced Features
4
In This Chapter
Some of the more complex networking configurations are described in this chapter:
Network Settings
Advanced DHCP Server Configuration
DHCP IP Pool Table Settings
Link Integrity Settings
•
•
•
Set parameters for DHCP server including the IP Pool table. Configure
Link Integrity settings and Target IP Address table.
VLAN Support
Setup a VLAN network.
• Typical VLAN Configurations
• VLAN Workgroups and Traffic Management
• Typical User VLAN Configurations
• Typical VLAN Management ID Configuration Scenarios
Management Settings
• Setting New Passwords
• Managing IP Access
• Configuring Management Service Interfaces
Configure system management settings such as passwords,
management IP Access table, and services’ parameters (SNMP,
Telnet, HTTP, Serial).
Setting Filters
• Setting the Ethernet Protocol Filter
• Advanced Filtering
Set AP-2000 device filters including Ethernet filters, Static MAC
address filters, and other advanced filters.
Alarms (SNMP Traps)
• Alarm (Trap) Groups
• Alarm Host Table
Set alarms (SNMP Traps) including enabling alarm groups and the
alarm host table.
Bridge Configuration Settings
• Spanning Tree Protocol
• Broadcast Storms and Storm Thresholds
Setup the AP-2000 device as a simple bridge or a wireless repeater,
setup loop avoidance through the Spanning Tree protocol and Storm
Threshold protection.
Wireless Distribution System (WDS)
• WDS Setup Procedure
• Wireless Port Mapping
Establish point-to-point connections with other access points (the
wireless backbone).
Advanced Security Settings
• Wireless Security - EAP Overview
• MAC Access
• RADIUS Authentication Tab
Configure advanced security settings including MAC access control,
RADIUS MAC access control, RADIUS servers, and 802.1x
parameters.
4-1
Network Settings
Network Settings
Advanced DHCP Server Configuration
Configure DHCP to provide dynamic client IP Addresses from one or more IP Pool Tables. Create IP Pool Tables by
specifying a Start IP Address and an End IP Address.
–
DHCP Server Status. Select Enable to allow the AP-2000 to assign clients IP Addresses from IP Pool Tables.
Select Disable to prevent client IP Address assignment from the AP-2000.
127(
You must have at least one entry in the DHCP Server IP Address Pool table before you can enable the DHCP
Server feature.
–
–
–
IP Mask. Read-only value of the AP-2000 mask.
–
Secondary DNS IP Address. Enter the Domain Name Server IP Address.
Gateway IP Address. Enter the default Gateway IP Address.
Primary DNS IP Address. Enter the Domain Name Server IP Address.
DHCP IP Pool Table Settings
To add an entry, click Add, and then specify the start and end IP Address.
–
–
–
–
Start IP Address. Enter the starting IP Address for this IP Pool Table.
End IP Address. Enter the ending IP Address for this IP Pool Table.
Comment. Enter related information.
Status. Shows enabled/disabled status.
To edit or delete an entry, click Edit. Edit the information, or select Enable, Disable, or Delete from the Status pull-down
menu.
4-2
Network Settings
Link Integrity Settings
This feature checks the link between the AP-2000 and connected network server(s). If the link goes down then the
client will connect to another AP-2000 in your network that still communicates with the server.
–
–
–
Link Integrity Status. Select Enable to activate the Link Integrity feature.
Poll Interval. Set the interval (minimum 500ms and in increments of 500ms) between polls.
Poll Retransmissions. Set the number of times a poll should be retransmitted before the link is considered down.
Target IP Address Table Settings
To add an Target IP Address entry, click Add, and then specify the IP Address of the servers you want to check.
–
–
–
Target IP Address. Enter the IP Address
Comments. Enter related information.
Status. Shows enabled/disabled status. A disabled status only means that the AP-2000 is not checking the link, for
example, when the network server is being serviced.
To edit or delete an entry, click Edit. Edit the information, or select Enable, Disable, or Delete from the Status pulldown menu.
4-3
VLAN Support
VLAN Support
Virtual Local Area Networks (VLANs) are logical groupings of network resources. Defined by software settings, VLAN
resources appear (to clients) to be in the same room, no matter where they are attached on the physical LAN segment.
They simplify traffic flow between clients and their frequently-used or restricted resources.
VLANs now extend as far as the access point signal reaches; clients can connect from anywhere in the broadcast
area. The broadcast area is defined by the network name configured for the wireless card on the access point device.
AP-2000 devices are fully VLAN-ready; however, by default VLAN support is disabled. Before enabling VLAN support,
certain network settings should be configured, and network resources such as a VLAN-aware switch, a RADIUS
server, and possibly a DHCP server should be available.
Once enabled, VLANs are used to more conveniently, efficiently, and easily manage your network.
Q
Q
Q
Q
Manage adds, moves, and changes from a single point of contact
Define and monitor groups
Reduce broadcast and multicast traffic to unnecessary destinations
– Improve network performance and reduce latency
Increase security
– Secure network restricts members to resources on their own workgroup
– Clients roam without compromising security
Typical VLAN Configurations
VLANs collect and distribute data through wireless AP-2000 network interface cards (NIC). An Ethernet port on the
access point typically connects a wireless cell to a wired backbone. They communicate across a VLAN-capable switch
that reviews packet headers and directs traffic to the appropriate ports. On the wired network, a RADIUS server
authenticates traffic and a DHCP server manages IP addresses. Resources like servers and printers may be present,
and a hub may include multiple APs, extending the network over a larger area.
Figure 4-1
1.
2.
3.
4.
5.
6.
7.
Components of a typical VLAN
VLAN-enabled access point
VLAN-aware switch (IEEE 802.1Q uplink)
AP-2000 management via wired host (SNMP, Web interface or CLI)
DHCP Server
RADIUS Server
VLAN 1 (Wireless Card A)
VLAN 2 (Wireless Card B)
4-4
VLAN Support
VLAN Workgroups and Traffic Management
Traditional, dual-slot access point devices that are not VLAN-capable typically broadcast and multicast traffic on
wireless Network Interface Cards (NICs). This process wastes wireless bandwidth and degrades throughput
performance. In comparison, the dual-slot, VLAN-capable AP-2000 device is designed to efficiently manage delivery of
broadcast, multicast, and unicast traffic to wireless clients.
The AP-2000 device assigns clients to one of two VLANs designated by a network name. First, each one of the
wireless NICs in the AP-2000 device is configured with a unique network name and an 802.1Q-compliant VLAN
identifier. Each NIC represents a VLAN.
Each network client is then assigned one of the two wireless NIC network names. The AP-2000 device matches
packets transmitted or received to a network name with the associated VLAN. Traffic received by a VLAN is only sent
on the wireless NIC associated with that same VLAN. This eliminates unnecessary traffic on the wireless LAN,
conserving bandwidth and maximizing throughput.
Traffic Management
In addition to enhancing wireless traffic management, the VLAN-capable AP-2000 device supports easy assignment of
wireless users to workgroups. In a typical scenario, each user VLAN represents a workgroup; for example, one VLAN
could be used for an EMPLOYEE workgroup and the other, for a GUEST workgroup.
In this scenario, the AP-2000 device would assign every packet it accepted to a VLAN. Each packet would then be
identified as EMPLOYEE or GUEST, depending on which wireless NIC received it. The AP-2000 device would insert
VLAN headers or “tags” with identifiers into the packets transmitted on the wired backbone to a network switch.
Finally, the switch would be configured to route packets from the EMPLOYEE workgroup to the appropriate corporate
resources such as printers and servers. Packets from the GUEST workgroup transmitted on the same network as
packets from the EMPLOYEE workgroup, could, in contrast, be restricted to a gateway that allowed access to only the
Internet. A member of the GUEST workgroup could send and receive e-mail and access the Internet, but would be
prevented from accessing servers or hosts on the local corporate network.
Typical User VLAN Configurations
VLANs segment network traffic into workgroups, which enable you to limit broadcast and multicast traffic. Workgroups
enable clients from different VLANs to access different resources using the same network infrastructure. Clients using
the same physical network are limited to those resources available to their workgroup. The three primary scenarios for
use of the VLAN support feature are detailed as follows.
–
–
–
Scenario 1: Setting Up Independent VLAN Workgroups (“Tagged” User VLANs)
Scenario 2: Setting Up Independent VLAN Workgroups (Tagged & Untagged User VLANs)
Scenario 3: Setting Up One VLAN Workgroup (One Tagged VLAN)
Setting Up Independent VLAN Workgroups
The AP-2000 tags all traffic received from wireless clients transmitted on either the wired or the wireless backbone
(see description of Wireless Distribution System (WDS) feature in this User Guide) with a header identifying each
packet as belonging to one VLAN workgroup, or another.
To configure this scenario, set up two different workgroups with separate VLAN Identifiers (IDs).
Q
Q
VLAN ID for Wireless NIC in Slot A = a number between 1 and 4094 (per the IEEE 802.1Q standard)
VLAN ID for Wireless NIC in Slot B = a number between 1 and 4094
127(
The number configured for the wireless NIC in Slot A must be different than the number configured
for the wireless NIC in Slot B.
4-5
VLAN Support
1.
2.
3.
4.
5.
6.
7.
Open your browser and enter the IP address of your access point. Type in your password. Click OK.
Click the Configure button at the left and select the Interfaces tab.
Enter a unique Network Name (SSID) for each wireless network interface card (NIC).
Select the Network > VLAN tab.
Set a unique VLAN User ID for each wireless NIC (enter a value between 1 and 4094)
Set VLAN Status to Enable.
Configure the wireless client with one of the two Network Names based on VLAN membership.
Setting Up Independent VLAN Workgroups
The VLAN-capable AP-2000 supports configuration of both “tagged” and “untagged” user VLANs.
A “tagged” user VLAN is created when a VLAN ID between 1 and 4094 (per the 802.1Q standard) is configured for one
of the wireless NICs and VLAN is enabled. The AP-2000 applies a VLAN header to tag traffic from wireless clients
(members of a “tagged” VLAN) and transmits the traffic as appropriate, on either the wired or wireless backbone.
An “untagged” User VLAN is created when a VLAN ID of 0 is configured for one of the wireless NICs and VLAN is
enabled.Traffic received from wireless clients (members of an “untagged” VLAN) is transmitted as appropriate, on
either the wired or wireless backbone. “Untagged” User VLANs enable VLANs to coexist on networks with non-VLAN
capable devices such as legacy servers.
To configure this scenario, set up only one workgroup by configuring one VLAN and untagged traffic:
Q
Q
VLAN ID for Wireless NIC in Slot A = 0 or a number between 1 and 4094
VLAN ID for Wireless NIC in Slot B = 0 or a number between 1 and 4094
127(
Either the wireless NIC in Slot A or the wireless NIC in Slot B must be set to 0.
4-6
VLAN Support
1.
2.
3.
4.
5.
6.
7.
8.
Open your browser and enter the IP address of your access point. Type in your password. Click OK.
Click the Configure button at the left and Select the Interfaces tab.
Enter a unique Network Name (SSID) for each NIC.
Select the Network > VLAN tab.
Set the VLAN UserID for one NIC to 0.
Set the VLAN User ID for the other NIC to a value between 1 and 4094.
Set VLAN Status to Enable.
Configure the wireless client with one of the two Network Names based on VLAN membership.
Setting Up One VLAN Workgroup
The VLAN feature enables all wireless clients that access the network through the same AP-2000, to be configured as
members of the same VLAN. In this scenario, each wireless NIC is configured with the same VLAN ID. The same
VLAN header or tag is then applied to all traffic received from wireless clients and transmitted on the wired or wireless
backbone. All wireless clients become members of the same VLAN.
To configure this scenario, set up one, large workgroup:
Q
VLAN ID for Wireless NIC in Slot A = 0 or a number between 1 and 4094
VLAN ID for Wireless NIC in Slot B = 0 or a number between 1 and 4094
1.
2.
3.
4.
5.
6.
7.
8.
Open your browser and enter the IP address of your access point. Type in your password. Click OK.
Click the Configure button at the left and Select the Interfaces tab.
Enter a unique Network Name (SSID) for each wireless network interface card (NIC).
Select the Network > VLAN tab.
Set the VLAN UserID for the NIC in Slot A to a value between 1 and 4094.
Set the VLAN UserID for the NIC in Slot B to the same value configured for the NIC in Slot A.
Set VLAN status to Enable.
Configure the wireless client with one of the two Network Names based on VLAN membership.
Q
4-7
VLAN Support
Typical VLAN Management ID Configuration Scenarios
Making the AP-2000 a VLAN Member to Control Management Access
Management access to the AP-2000 can easily be secured by making management stations or hosts and the AP-2000
device itself members of a common VLAN. Simply configure a non-zero management VLAN ID and enable VLAN to
restrict management of the AP-2000 device to members of the same VLAN.
1.
2.
3.
4.
Open your browser and enter the IP address of your access point. Type in your password. Click OK.
Click the Configure button at the left and Select the Network>VLAN tab
Set the VLAN Management ID to a value between1 and 4094 (a value of 0 disables VLAN management).
Set VLAN Status to Enable.
127(
If a non-zero management VLAN ID is configured then management access to the AP-2000 is restricted to
wired or wireless hosts that are members of the same VLAN. Ensure your management platform or host is a
member of the same VLAN before attempting to manage the AP-2000 device.
Managing the AP-2000 from a Wireless Host
The VLAN feature enables wireless clients to manage the AP-2000. If the VLAN ManagementID matches a VLAN
UserID, then those wireless clients who are members of both VLANs will have AP-2000 management access.
1.
2.
3.
4.
5.
6.
7.
Open your browser and enter the IP address of your access point. Type in your password. Click OK.
Click the Configure button at the left and Select the Interfaces tab.
Enter a unique Network Name (SSID) for each wireless NIC
Select the Network > VLAN tab
Set the VLAN UserID for the wireless NICs in Slot A and Slot B to values between 1 and 4094
Set the VLAN Management ID to a value equivalent to one of the VLAN UserIDs
Set VLAN Status to Enable
!
&$87,21
Once a VLAN ManagementID is configured and is equivalent to one of the VLAN UserIDs on the AP-2000, all
members of the User VLAN will have management access to the AP-2000. Be careful to restrict VLAN
membership to those with legitimate access to the AP-2000 device.
4-8
Management Settings
Management Settings
Configure system management settings, including interface access passwords, destination port numbers, and service
timeouts. Select new passwords during initial configuration.
Setting New Passwords
–
SNPMP Read Password, Confirm. Enter each password in both the Read Password field and the Confirm field.
The default password is “public”.
–
–
–
SNMP Read/Write Password, Confirm. Enter the password in both the Read Password field and the Confirm field.
The default password is “public”.
Telnet (CLI) Password, Confirm. Enter the password in both the Read Password field and the Confirm field. The
default password is “public”.
HTTP (Web) Password, Confirm. Enter the password in both the Read Password field and the Confirm field. The
default password is “public”.
127(
For security purposes we recommend changing ALL PASSWORDS from the default “public,” immediately.
4-9
Management Settings
Managing IP Access
The Management IP Access table is used to specify station(s) that is (are) authorized to manage the AP-2000 device
through available management services (SNMP, HTTP [Web], and Telnet [CLI]). To configure this table, click Add and
set the following parameters:
–
IP Address. Enter the IP Address for the management station.
–
–
IP Mask. Enter a mask that will act as a filter to limit access to a range of IP Addresses.
Comment. Enter an optional comment such as the station name.
127(
The IP mask 255.255.255.255 would authorize the single station defined by the IP Address to configure the
Access Point device. The Access Point device would ignore commands from any other IP address. In
contrast, the IP mask 255.255.255.0 would authorize anyone on the subnet shared by the IP Address to
configure the Access Point device.
Configuring Management Service Interfaces
SNMP-Based Management Interface Bitmask
Configure the interface or interfaces (Disabled, Ethernet, Wireless-A, Wireless-B, All Interfaces) from which you will
manage the AP-2000 device via SNMP. This parameter can also be used to Disable SNMP-based management.
4-10
Setting Filters
HTTP-Based Management Interface Bitmask
Configure the HTTP port from which you will manage the AP-2000 device via Web interface.
Telnet Configuration Settings
Use the Services tab to set the Telnet port, timeout, and session parameters as well as the number of Telnet sessions,
password, and other values.
–
Telnet Server Interface Bitmask. Select the interface(s) (Disabled, Ethernet, Wireless A, Wireless B, All Interfaces)
from which you can manage the AP-2000 device via telnet. This parameter can also be used to Disable telnet
management. Reboot the AP-2000 for this setting to take effect.
–
–
Telnet Port. Enter the Telnet Port. The default port number is 23.
–
Login Idle Timeout (seconds). Enter the number of seconds the system will wait for a login attempt. The AP-2000
terminates the session when it times out.
Session Idle Timeout (seconds). Enter the number of seconds the system will wait during a session while there is
no activity. The AP-2000 will terminate the session on timeout.
Setting Filters
Setting protocol filters through the Ethernet protocol Filter and the Advanced Filtering interface can impact the
performance of your network by limiting the amount of unnecessary traffic received from unsupported protocols.
Various filters can be set up through the Static MAC Address Table to control the interaction between network devices
and to control the types of protocol packets distributed by your network.
4-11
Setting Filters
Setting the Ethernet Protocol Filter
Use the Ethernet Protocol tab to set filters
–
–
–
Enable Ethernet Filter Status If set to Disable then the Ethernet protocols listed in the Filter Table will be disabled.
This can be set for all interfaces, or for each individual interface.
Filter Operation Type If set to Passthru, only the enabled Ethernet Protocols listed in the Filter Table will pass
through the bridge. If set to Block, the bridge will block enabled Ethernet Protocols listed in the Filter Table.
Ethernet Protocol Filtering Interface Bitmask. Configure the interface or interfaces (Disabled, Ethernet, Wireless A,
Wireless B, and All Interfaces) that will filter the Ethernet protocols you use. This parameter can also be used to
disable filtering.
Ethernet Protocol Filter Table
This table is pre-populated with existing Ethernet Protocol Filters, however, you may enter additional filters by
specifying th eappropriate parameters.
To add an entry, click Add, and then specify the Protocol Number and a protocol name in the Comment field.
–
–
–
Protocol Number. Enter the protocol number.
Protocol Name. Enter related information, typically the protocol name.
Status. Select Enable, Disable, or Delete.
To edit or delete an entry, click Edit and change the information, or select Enable, Disable, or Delete from the Status
pull-down menu.
Advanced Filtering
–
–
–
–
Enable Proxy ARP. Select Enable to allow the Access Point to respond to Address Resolution Protocol (ARP)
requests for wireless clients. If Disable is selected, the Access Point will bridge ARP requests for wireless clients to
the wireless LAN, unless Disable is selected to prevent proxy ARP. Proxy ARP answers ARP requests for wireless
stations without actually forwarding the (broadcast) ARP request to the wireless network.
Enable IP/ARP Filtering. Select Enable to allow filtering, or Disable to prevent filtering.
IP/ARP Filtering Address. Enter the Network filtering IP Address.
IP/ARP IP Mask. Enter the Network Mask IP Address.
4-12
Alarms (SNMP Traps)
The following advanced filtering protocols can filter in the wireless-to-Ethernet direction, the Ethernet-to-wireless
direction, or in both directions. Use the Status field to Enable or Disable the filter.
Deny IPX RIP
Deny IPX SAP
Deny IPX LSP
Deny IP Broadcasts
Deny IP Multicasts
Q
Q
Q
Q
Q
Alarms (SNMP Traps)
Alarm (Trap) Groups
–
–
Enable Configuration Alarms. Select Enable or Disable to control this trap group.
–
–
–
–
–
Enable Wireless Alarms. Select Enable or Disable to control this trap group.
Enable Security Alarms. Select Enable or Disable to control this trap group.
Enable Operational Alarms. Select Enable or Disable to control this trap group.
Enable Flash Memory Alarms. Select Enable or Disable to control this trap group.
Enable TFTP Alarms. Select Enable or Disable to control this trap group.
Enable Image Alarms. Select Enable or Disable to control this trap group.
Alarm Host Table
To add an entry and enable the AP-2000 to send SNMP trap messages to a Trap Host, click Add, and then specify the
IP Address and Password for the Trap Host.
IP Address. Enter the Trap Host IP Address.
–
–
–
–
Password, Confirm.
Enter the password in the Password field and the Confirm field.
Comment. Enter an optional comment, such as the alarm (trap) host station name.
To edit or delete an entry, click Edit. Edit the information, or select Enable, Disable, or Delete from the Status pulldown menu.
–
!
&$87,21
An error in configuring the IP Access Table entries may result in loss of management access to the AP-2000
device. If this occurs, then the AP-2000 can only be managed from the serial (console) port.
Refer also to System Alarms (Traps).
4-13
Bridge Configuration Settings
Bridge Configuration Settings
The AP-2000 device can be set up as a simple bridge between your wired and wireless network devices. As a bridge,
the functions performed by the AP-2000 device include:
—
—
—
Figure 4-2
MAC address learning
Forward and filtering decision making
Spanning Tree protocol used for loop avoidance
Simple Bridge Setup
MAC Address Learning
Once the AP-2000 unit is connected to your network, it learns which devices are connected to it by recording the MAC
addresses of each device to which it sends packets during the course of a normal session. To view the Learn Table,
click on the Monitor button in the web interface and select the Learn Table tab. The AP-2000 device can learn up to two
thousand entries.
Static MAC Address Filter
You can use the Static MAC Address filter to optimize the performance of a wireless (and wired) network. The filter is
an advanced Bridge setup parameter for AP-2000 devices. It enables you to deny data traffic between two specific
devices via the wireless interface(s) of the AP-2000 bridge.
For example, to prevent redundant traffic from being transmitted over the wireless network, you could deny traffic
between two particular servers, identified by their MAC Address and their location as perceived by the AP-2000 (on the
‘wired’ or wireless’ port of the bridge).
4-14
Bridge Configuration Settings
In most situations, however, it is easier to control redundant traffic via other filtering options, such as Protocol Filtering.
–
–
–
–
–
Wired MAC Address. Enter the device MAC Address.
Wired Mask. Enter the Wired Mask value.
Wireless MAC Address. Enter the device MAC Address.
Wireless Mask. Enter the Wireless Mask value
Comment. Enter related information.
Information Masks
The MAC Address combines with the Bit Mask to create a filter. Wired MAC Addresses and their associated masks,
and wireless MAC Addresses and their associated masks are known generically as “information masks” and are
written in the following format:
MAC Address:
Bit Mask:
00 02 10 12 34 56
FF FF FF FF 00 00
In this example, all MAC Addresses starting with 00 02 10 12 are filtered.
Spanning Tree Protocol
A Spanning Tree is used to avoid redundant communication loops in networks with multiple bridging devices. Bridges
do not have any inherent mechanism to avoid loops, because having redundant systems is a necessity is certain
networks. However, redundant systems can cause Broadcast Storms, multiple frame copies and MAC address table
instability problems.
Complex network structures can create multiple loops within a network. The Spanning Tree configuration blocks
certain ports on AP-2000 devices to control the path of communication within the network, avoiding loops and following
a spanning tree structure.
127(
For more information on Spanning Tree protocol, please see Section 8.0 of the IEEE 802.1d standard.
Broadcast Storms and Storm Thresholds
Storm Threshold is an advanced Bridge setup option that you can use to protect the network against data overload by:
Q
Q
Specifying a maximum number of frames per second as received from a single network device (identified by its
MAC address).
Specifying an absolute maximum number of messages per port.
The ‘Storm Threshold’ parameters allow you to specify a set of thresholds for each port of the AP-2000, identifying
separate values for the number of broadcast messages/second and Multicast messages/second.
When the number of frames for a port or identified station exceeds the maximum value per second, the AP-2000 will
ignore all subsequent messages issued by the particular network device, or ignore all messages of that type.
–
Address Threshold. Enter the maximum allowed number of packets per second.
–
–
–
Interface 1 Threshold Enter the maximum allowed number of packets per second.
Interface 2 Threshold Enter the maximum allowed number of packets per second.
Interface 3 Threshold Enter the maximum allowed number of packets per second.
4-15
Wireless Distribution System
Wireless Distribution System
Figure 4-3
Traffic flow between AP-2000 devices with WDS
Each wireless card can support up to six WDS links - each link is mapped to a logical port on the bridge (WDS ports)
If you are only using one card, always place it in Slot A
All WDS ports behave like Ethernet ports do on the bridge
All BSS ports are handled differently than Ethernet/WDS ports
Bridge learns on BSS ports by association - Bridge learns on WDS/Ethernet ports from frames
AP-2000 Ports:
1. Ethernet Port
2. BSS Port (Wireless Card A)
3-8. WDS ports for Wireless Card A
9. BSS Port (Wireless Card B)
10-15. WDS Ports for Wireless Card B
SNMP Configuration Issues
Q
WDS ports states in the bridge/spanning tree can be controlled from two places:
802.11 MIB WDS table
Bridge MIB port table
Q
Q
Q
Q
Spanning tree determines the port states if WDS configurations are correct
If there is no partner MAC address configured i the WDS table, the WDS port remains disabled
No two partner MAC address should be the same for WDS ports on the same card
Channel settings on the cards should be the same
WDS Setup Procedure
The Wireless Distribution System (WDS) allows you to set up a wireless backbone between AP-2000 devices. To
setup a wireless backbone follow the steps below for each AP-2000 that you wish to include in the wireless distribution
system.
127(
WDS and ACS cannot be Enabled at the same time on the same card.
1. Write down the PC Card slot number (A or B) of the AP-2000 device that you wish to setup for the wireless
backbone link.
2. Write down the MAC Address of the PC Card inside that slot (this value is printed on a label on the back of the
PC Card).
4-16
Wireless Distribution System
3. In the HTTP Interface, click on the Configure button and select the Wireless Slot tab that matches the slot value
you registered in Step 1 above.
4. Click on the Add or Edit button to update the WDS Table.
5. Enter the MAC Address that you registered in Step 2 in the Partner MAC Address field of the Wireless Distribution
Setup window.
6. Set the Status for the device to Enable.
Setup the 802.1x Security Mode Wireless Distribution System
If you want to set up a Wireless Distribution System (WDS) with 802.1x security mode, set the AP-2000 unit in mixed
mode and give each card the same encryption key 1 as described hereafter.
1. In the Web Interface, click on the Configure button and select the Security tab.
2. In the 802.1x Security Mode field, select Mixed (802.1x and WEP) from the pull-down menu.
3. Select a key length from the pull-down menu. A 40-bit card has a key length of 5 alphanumeric characters, while a
128-bit card has a key length of 13 characters.
4. Encryption keys will be generated automatically, but you need to specify which key to use for encryption.
127(
Make sure that your client cards are setup with the same encryption method, or they will not be able to
communicate with the AP-2000 device.
5. Click OK.
6. The AP-2000 unit will need to be rebooted for the changes to take affect.
Wireless Port Mapping
The following information details the wireless port mapping for the AP-2000 device when using the Spanning Tree.
Wireless Distribution System (WDS) is a wireless method of configuring a network backbone, and functions much like
Ethernet. Using wireless cards, WDS allows you to configure up to six (6) point-to-point links between Access Point
devices. When configuring a WDS link, you must first configure the MAC address of the wireless card to which the
wireless link will be established. Data transmitted on the WDS port goes directly, via point-to-point link, to the MAC
address of the wireless card you configure.
127(
Since six (6) WDS ports can be configured for each card, you need a way to map the paths from WDS ports to
mutually exclusive wireless port designations for Spanning Tree.
Wireless Port
Map to
1
Wired Ethernet
2
Card A - Association of Clients
3
WDS -Card A -Port 1
4
WDS -Card A -Port 2
5
WDS -Card A -Port 3
6
WDS -Card A -Port 4
7
WDS -Card A -Port 5
8
WDS -Card A -Port 6
9
Card B - Association of Clients
10
WDS -Card B -Port 1
11
WDS -Card B -Port 2
12
WDS -Card B -Port 3
13
WDS -Card B -Port 4
14
WDS -Card B -Port 5
15
WDS -Card B -Port 6
4-17
Advanced Security Settings
Configuring the AP-2000 Unit as a Wireless Repeater
This configuration requires at least 3 AP-2000 devices. A dedicated wireless AP-2000 unit should be configured with
Slot A and Slot B of the AP-2000 device wireless distribution link. This AP-2000 unit should not be connected to a
wired interface. Please note: A slot may repeat up to six wired links.
Two wired AP-2000 units should be configured so that one slot partners with the Wireless WDS partner.
Additional Information: The AP-2000 unit should only allow client associations on those channels and network names
that are configured for a WDS link.
Result: The wireless AP-2000 unit functions as a repeater.
Using WDS as a repeater
This configuration requires at least two AP-2000 devices.
Two wired AP-2000 units should be configured so that one slot partners on the other.
Additional Information: The AP-2000 should only allow client associations
Advanced Security Settings
To enhance wireless security, you may wish to create a list of authorized wireless computers that have access to the
wireless network. These authorized stations will be identified by the unique MAC Address of their wireless interface.
Two options facilitate this type of authentication:
—
—
MAC Access
RADIUS Authentication Tab
Wireless Security - EAP Overview
802.1x uses the Extensible Authentication Protocol (EAP) as a standards-based authentication framework, and
supports dynamic WEP keys for enhanced security. The EAP-based authentication framework can easily be upgraded
to keep pace with future EAP types, which. can easily be added to the access point device. EAP currently supports
three authentication methods:
Q
EAP-Message Digest 5 (MD5)
Q
EAP-Transport Layer Security (TLS)
EAP-Tunneled Transport Layer Security (TTLS)
Q
EAP-MD5 is a user name and password base method. EAP-TLS requires the use of certificates on both the access
point and the client. EAP-TTLS is a username and password-based method that requires download of a certificate to
the access point device.
4-18
Advanced Security Settings
MAC Access
The MAC Authentication tab allows you to build a list of authorized stations that will be stored inside each AP-2000
within your network.
–
Enable MAC Access Control . Click to check the boxSelect Enable to allow MAC Address authentication, or select
Disable to turn off the MAC Address authentication feature.
–
Operation Type. Select Passthru to permit access by only the devices specified in the MAC Access Control Table.
In contrast, select Block to prevent access by devices listed in the MAC Access Control Table. This only takes
effect when the MAC Access Control Status is enabled.
127(
For larger networks that include multiple AP-2000 devices, you may prefer to maintain this list on a centralized
location using a RADIUS Server.
MAC Access Control Table
To add an entry, click Add, and then specify the MAC Address and related comment.
–
–
MAC Address. Enter the MAC Address of the device.
Comment. Enter related information such as the device name or location.
To edit or delete an entry, click Edit. Edit the information, or select Enable, Disable, or Delete from the Status pulldown menu.
RADIUS Authentication Tab
If your network includes a RADIUS Server, you can use this tab to define the IP Address of the server that contains a
central list of MAC Address values that identify the authorized stations that may access the wireless network.
You must specify information for at least the Primary RADIUS server. The Backup RADIUS server is optional.
127(
Problems with RADIUS Server configuration or RADIUS Authentication should be referred to the RADIUS
Server developer.
4-19
Advanced Security Settings
–
Enable RADIUS MAC Access Control . Click to select the box to provide authenbtication by the RADIUS server.
–
Authorization Lifetime (seconds). Enter the time, in seconds, each client session may be active before being
Click to clear the box or leave the box empty to prevent use of the RADIUS server.
automatically re-authenticated. Default value is 900 seconds.
RADIUS Server
–
–
–
–
–
–
–
Enable Primary RADIUS Server. Click to select this box in order to enable the Primary RADIUS Server.
Enable Secondary RADIUS Server. Click to select this box in order to enable the Secondary RADIUS Server.
IP Address. Enter the IP Address of the RADIUS server. The AP-2000 will send the client MAC Address to the
RADIUS Server as the “User Name”, using the following format: 00601D - 123456. That is, the first six characters
of the MAC Address, then the remaining six characters separated by a dash.
Destination Port. Enter the RADIUS Authentication port. The default value is 1812.
Shared Secret, Confirm Shared Secret. Enter the password in both fields. The password for the user on the
RADIUS Server must be the same as the Shared Secret.
Response Time (seconds). Enter the maximum time, in seconds, to wait for RADIUS to respond with
authentication status.
Maximum Retransmissions. Enter the maximum number of times an authentication may be retransmitted.
4-20
Troubleshooting
5
In This Chapter
Q
Q
Troubleshooting Concepts
Symptoms and Solutions
Q
Connectivity Issues
Q
AP-2000 Unit Will Not Boot - No LED Activity
Q
Serial Link Does Not Work
Q
Ethernet Link Does Not Work
Q
Basic Software Setup and Configuration Problems
Q
Lost AP-2000, Telnet, or SNMP Password
Q
Client Computer Cannot Connect
Q
AP-2000 Has Incorrect IP Address
Q
HTTP (browser) or Telnet Interface Does Not Work
Q
HTML Help Files Do Not Appear
Q
Telnet CLI Does Not Work
Q
TFTP Server Does Not Work
Q
Client Connection Problems
Q
Client Manager Finds No Connection
Client PC Card Does Not Work
Intermittent Loss of Connection
Q
Client Does Not Receive an IP Address - Cannot Connect to Internet
Q
VLAN Operation Issues
Q
Active Ethernet
Q
The AP-2000 Unit Does Not Work
Q
There Is No Data Link
Q
“Overload” Indications
Recovery Procedures
Q
Reset to Factory Default Procedure
Q
Forced Reload Procedure
Q
Initialize the AP-2000 using the Bootloader CLI
Q
Q
Q
Setting IP Address using Serial Port and Normal CLI
System Alarms (Traps)
Q
Security Alarms
Q
Wireless Interface Card Alarms
Q
Operational Alarms
Q
FLASH Memory Alarms
Q
TFTP Alarms
Q
Image Alarms
Q
Standard MIB-II (RFC 1213) Alarms
Q
Bridge MIB (RFC 1493) Alarms
Related Applications
Q
RADIUS Authentication Server
Q
TFTP Server
LED Indicators
Q
Q
Q
Q
5-1
Troubleshooting Concepts
127(
This section helps you locate problems related to the AP-2000 device setup. For details about RADIUS, TFTP,
Serial communications program (such as HyperTerminal), Telnet applications or web browsers, please refer to
their respective documentation.
Troubleshooting Concepts
The following list identifies important troubleshooting concepts and topics. The most common initialization and
installation problems relate to IP Addressing. For example, you must have valid IP Addresses for both the AP-2000
device and the TFTP server before you can transfer files over Ethernet.
Q
Q
Q
Q
Q
Q
IP Address management is fundamental. Refer to the “Documenting Your Configuration” section
Factory default units are set for “Dynamic” (DHCP) IP Address assignment. The default IP Address for the
AP-2000 is 10.0.0.1. If you connect the AP-2000 unit to a network with an active DHCP server, then use ScanTool
to locate the IP Address of your unit. If a DHCP server is not active on your subnet, then the ScanTool can be used
to configure your AP-2000.
The Trivial File Transfer Protocol (TFTP) provides a means to download and upload files. These files include
the AP-2000 Image (executable program) and configuration files.
If the AP-2000 password is lost or forgotten, you will need to reset to default values. The Reset to Factory
Default Procedure resets configuration, but does not change the current AP Image.
If all else fails… The Forced Reload Procedure erases the current AP-2000 Image and sets the unit to factory
default values. Then you can download a new image and configure the unit.
AP-2000 Supports a Command Line Interface (CLI). If you are having trouble locating your AP-2000 on the
network, connect to the unit directly using the serial interface and refer Using the Command Line Interface, for CLI
command syntax and parameter names.
Symptoms and Solutions
Connectivity Issues
Connectivity issues include any issues that prevent you from powering up or connecting to the AP-2000 device.
AP-2000 Unit Will Not Boot - No LED Activity
1. Make sure your power source is operating.
2. Make sure all cables are connected to the AP-2000 unit correctly.
3. With Active Ethernet, make sure you are using a Category 5, foiled, twisted pair cable to power the AP-2000 unit.
Serial Link Does Not Work
1. Make sure you are using the proper serial port cable.
2. Double-check the physical network connections.
3. Make sure your PC terminal program (such as HyperTerminal) is active and configured to the following values:
– Com Port: (COM1, COM2, etc. depending on your computer);
– Baud rate: 9600; Data bits: 8; Stop bits: 1; Flow Control: None; Parity: None;
–
Line Feeds with Carriage Returns
(In HyperTerminal select:
File -> Properties -> Settings -> ASCII Setup -> Send Line Ends with Line Feeds.)
Ethernet Link Does Not Work
1. Double-check the physical network connections. Use a known-good unit to Make sure the network connection is
present. Once you have the AP-2000 IP Address, you can use the “Ping” command over Ethernet to test the IP
Address. If the AP-2000 responds to the Ping, then the Ethernet Interface is working properly.
2. Perform network infrastructure troubleshooting (check switches, routers, etc.).
5-2
Symptoms and Solutions
Basic Software Setup and Configuration Problems
Lost AP-2000, Telnet, or SNMP Password
1. Perform the Reset to Factory Default Procedure in this guide. This procedure resets system and network
parameters, but does not affect the AP-2000 Image.
The default AP-2000 password is “public”, and the default Telnet password is also “public”.
2. Document your password(s) in the form provided in Recording Your Configuration Settings.
Client Computer Cannot Connect
1. Each wireless PC Card in the AP-2000 unit should have a unique Network Name. This Network Name must match
the active Network Name on client machines. For example the ORiNOCO Client Manager software allows you to
store Network Names in configuration profiles, then you can select a profile to fit your location.
2. Network Names should be allocated and maintained by the Network Administrator.
3. Refer to the ORiNOCO Client Manager Troubleshooting Guide.
AP-2000 Has Incorrect IP Address
1. Default IP Address Assignment mode is dynamic (DHCP). If you do not have a DHCP server on your network, the
default IP Address is 10.0.0.1.
2. If the DHCP server in your network is not available for some reason while the AP-2000 unit reboots, the device will
retain the last IP Address it had. Reboot the AP-2000 device once your DHCP server is on-line again or use the
ScanTool to find the current IP Address of the AP-2000 unit in question.
3. To find the current IP Address using DHCP, check the IP Client Table in the DHCP Server to find the current
AP-2000 IP Address, match to the AP-2000 MAC Address in the table to the one on your unit.
4. Or use ScanTool to locate the current AP-2000 IP Address. Once you have the current IP Address, use the
HTTP or CLI Interface to either set the unit to DHCP mode or assign a static IP Address.
5. If you use static IP Address assignments, and cannot access the unit over Ethernet, use the Initializing the IP
Address using Normal CLI procedure. Once the IP Address is set, you can use the Ethernet Interface to complete
configuration.
6. Perform the Reset to Factory Default Procedure in this guide. This will reset the unit to “DHCP” mode. If there is a
DHCP Server on the same subnet, the DHCP Server will assign an IP Address to the AP-2000.
HTTP (browser) or Telnet Interface Does Not Work
1. Make sure you are using a compatible browser: Microsoft Internet Explorer 5.0 or better (preferred), or Netscape 6
or higher.
2. Make sure you have the proper IP Address. Enter your AP-2000 IP Address in the browser address bar, similar to
this example:
http://192.168.1.100
When the AP-2000 Login window appears, leave the User Name field empty and enter public in the
Password field.
3. Use the CLI over the serial port to check the SNMP Table, which can be restricting access to Telnet and HTTP.
HTML Help Files Do Not Appear
1. Verify that the HTML Help files are installed in the default directory:
C:\Program Files\ORiNOCO\AP\Help\<language>
2. If the Help files are not located in this folder, contact your network administrator to find out where the Help files are
located on your server.
3. Perform the following steps to verify or enter the pathname for the Help files:
a. Click the Commands button in the Web Interface.
b. Select the Help tab located at the top of the screen.
c. Enter the pathname where the Help files are located in the Help Link box.
d. Click OK when finished.
5-3
Symptoms and Solutions
Telnet CLI Does Not Work
1. Make sure you have the proper IP Address. Enter your AP-2000 IP Address in the Telnet connection dialog, from a
DOS prompt, type:
C:\> telnet <AP-2000 IP Address>
2. Use the CLI over the serial port to check the SNMP Table, which can be restricting access to Telnet and HTTP.
AP-2000.
TFTP Server Does Not Work
1. Make sure the TFTP Server has been started.
2. Verify the IP Address of the TFTP Server. The server may be local or remote, so long as it has a valid IP Address.
3. Configure the TFTP Server to “point” to the folder containing the file to be downloaded (or to the folder in which the
file is to be uploaded).
4. Verify that you have the proper AP-2000 Image file name and directory path.
Client Connection Problems
Client Manager Finds No Connection
Q
Make sure you have configured your Client Manager software with the proper Network Name(s).
Network Names are typically allocated and maintained by your network administrator.
Client PC Card Does Not Work
1. Make sure you are using the latest PC Card driver software.
2. Download and install the latest ORiNOCO Client Manager and PC Card Driver software from
<{WebLink}>http://www.orinocowireless.com.
Intermittent Loss of Connection
1. Make sure you are within range of an active AP-2000 device.
2. You can check the signal strength using the signal strength gauge on your ORiNOCO Client Manager.
Client Does Not Receive an IP Address - Cannot Connect to Internet
1. If the AP-2000 device is configured as a DHCP server, open the Web-browser Interface and select the Configure
button and then the Network tab to make sure the proper DHCP settings are being used. Check the DHCP Server
log (if possible) for error messages.
2. If you are not using the DHCP feature on the AP-2000 unit, then make sure that your local DHCP server is
operating on the same subnet as your AP-2000 device.
3. From the client computer, use the “ping” network command to test the connection with the AP-2000 unit. If the
AP-2000 device responds, but you still cannot connect to the Internet, there may be a physical network
configuration problem (contact your network support staff).
4. For units with Active Ethernet, make sure you are not using a crossover type Ethernet cable between the AP-2000
unit and the hub.
5-4
Symptoms and Solutions
VLAN Operation Issues
Verifying Proper Operation of the VLAN Feature
The correct VLAN configuration can be verified by “pinging” both wired and wireless hosts from both sides of the
AP-2000 device and the network switch. Traffic can be “sniffed” on both the wired (Ethernet) and wireless (WDS)
backbones (if configured). Bridge frames generated by wireless clients and viewed on one of the backbones should
contain IEEE 802.1Q compliant VLAN headers or tags. The VLAN ID in the headers should correspond to one of the
VLAN UserIDs configured for the AP-2000 device.
VLAN Workgroups
The correct VLAN assignment can be verified by pinging the AP-2000 to ensure connectivity, by pinging the switch to
ensure VLAN properties, and by pinging hosts past the switch to confirm the switch is functional. Ultimately, traffic can
be “sniffed” on the Ethernet or WDS interfaces (if configured) using third-party packages. Most problems can be
avoided by ensuring that 802.1Q compliant VLAN tags containing the proper VLAN ID have been inserted in the
bridged frames. The VLAN ID in the header should correspond to users assigned network name.
What if network traffic is being directed to a nonexistent host?
–
–
All sessions are disconnected, traffic is lost, and a manual override is necessary
Workaround: you can configure the switch to mimic the nonexistent host
I have just configured the Management ID and now I can't manage the AP?
–
Check to ensure your password is correct. If your password is incorrect or all inbound packets do NOT have the
correct tag then a manual override is necessary.
!
&$87,21
The manual override process disconnects all users and resets all values to factory defaults.
Active Ethernet
The AP-2000 Unit Does Not Work
1. Verify that you are using a standard UTP Cat. 5 cable, including all 8 wires (4 pairs).
2. Try to move the same load into a different port on the same AE hub – if it works, there is probably a faulty port or
bad RJ-45 port connection.
3. If possible, try to connect the load device into a different AE hub.
4. Try using a different Ethernet cable – if it works, there is probably a faulty connection over the long cable, or a bad
RJ45 connection.
5. Check power plug and hub.
6. If Ethernet link goes down, check cable, cable type, switch, hub.
There Is No Data Link
1. Verify that the indicator for the port is “on.”
2. Verify that the AE is connected to the Ethernet network with a good connection.
3. Verify that the Ethernet cable is Category 5 or better, and is less than 100 meters (approx. 3.25 ft.) in length from
the Ethernet source to the AP-2000.
4. Try to connect a different device over the same port – if it works and link is established, there is probably a faulty
data link in the load.
5. Try to re-connect the load into a different output port (remember to move the input port accordingly) – if it works,
there is probably a faulty output or input port in the AE or a bad RJ45 connection.
“Overload” Indications
1. Verify that you are not using any cross-over cable between the AE output port to the AP-2000 device.
2. Verify that there is no short over any of the twisted pair cable or the RJ45 connector.
3. Move the device into a different output port – if it works, there is probably a faulty port or bad RJ45 connection.
5-5
Recovery Procedures
Recovery Procedures
The most common installation problems relate to IP Addressing. For example, without the TFTP server IP Address,
you will not be able to download the AP Image to the AP-2000. IP Address management is fundamental. We suggest
you create a chart to document and validate the IP addresses for your system. You can also use the form provided in
Recording Your Configuration Settings.
If the password is lost or forgotten, you will need to reset the AP-2000 to default values. The Reset to Factory Default
Procedure resets configuration settings, but does not change the current AP Image. The Forced Reload Procedure
erases the current AP Image if you need to download a new image.
Reset to Factory Default Procedure
Use this procedure to reset the network configuration values, including the AP-2000 IP Address, IP Mask, and so on.
The current AP Image is not deleted. This procedure may required if the AP-2000 password is forgotten.
1. Press and hold the RELOAD button for about 10 seconds. Result: The AP-2000 reboots, and the factory default
network values are restored.
2. If not using DHCP, use the ScanTool or normal CLI to set the AP-2000 IP Address, IP Mask, and so on. Please
refer to the “Command Line Interface Reference Manual” for CLI information.
Forced Reload Procedure
Use this procedure to force the AP-2000 back to default network configuration values and download a new AP Image.
This procedure may be required when the password is forgotten or the current AP Image is missing or corrupted.
In this procedure, use the Bootloader CLI over the serial port to set the IP Address and download a new AP Image.
1. While the AP Image is running, press the RESET button. Result: The AP-2000 reboots and the indicators begin
to flash.
127(
By completing Step 2, the firmware in the Agere AP-2000 will be erased. A serial cable, a cross-over Ethernet
cable, and a TFTP server will be required to reload firmware.
2. Press and hold the RELOAD button for about 20 seconds until the POWER LED turns amber. Result: The AP-2000
deletes the current AP Image and Configuration files. The Bootloader CLI becomes active. The following
procedure describes how to use the Bootloader CLI to assign an IP Address and download a new AP Image.
Initialize the AP-2000 using the Bootloader CLI
In some cases, specifically when a bad AP Image prevents successful booting, you may need to use the Bootloader
CLI to download a new executable AP Image. If you need to force the AP-2000 to factory default state, use the Reset
to Factory Default Procedure above.
To download the AP Image, you will need an Ethernet connection to the computer on which the TFTP server resides.
This can be any computer on the LAN, or connected to the AP-2000 with a “crossover” Ethernet cable.
You must also connect the AP-2000 to a computer with a standard serial cable and use a terminal client, such as
HyperTerminal. From the terminal, enter CLI Commands to set the IP Address and download an AP Image.
Preparing to Download the AP Image
Before starting, you need to know the AP-2000 IP Address, IP Mask, the TFTP Server IP Address, and the AP Image
file name. Make sure the TFTP sever is running and configured to point to the folder containing the image to be
downloaded.
5-6
Recovery Procedures
Download Procedure
1. Connect the computer serial cable to the AP-2000 serial port.
2. Start TFTP Server, and Make sure the new AP Image file is in the TFTP directory. In this procedure, TFTP
downloads an AP Image to the AP-2000.
3. Open your terminal emulator, set the following connection properties, and then connect.
Q
Com Port: <COM1, COM2, etc., depending on your computer>
Q
Baud rate: 9600
Q
Data Bits: 8
Q
Stop bits: 1
Q
Flow Control: None
Q
Parity: None
4. Enable the “ASCII Setup” settings by selecting “Send line ends with line feeds”. Result: HyperTerminal sends a line
return at the end of each line of code.
5. Press the RESET button on the AP-2000. Result: The terminal display shows Power On Self Tests (POST) activity.
After approximately 30 seconds, a message indicates: Sending Traps to SNMP manager periodically. After this
message appears, press the ENTER key repeatedly until the following prompt appears.
[Device name]>
6. Enter only the following statements.
[Device name]> set ipaddr <Access Point IP Address>
[Device name]> set ipsubmask <IP Mask>
[Device name]> set ipaddrtype static
[Device name]> set tftpipaddr <TFTP Server IP Address>
[Device name]> set tftpfilename <AP Image File Name>
[Device name]> set ipgw <Gateway IP Address>
[Device name]> reboot 0
Example:
[Device
[Device
[Device
[Device
[Device
name]> set
name]> set
name]> set
name]> set
name]> set
ipaddr 10.0.0.12
ipsubmask 255.255.255.0
ipaddrtype static
tftpipaddr 10.0.0.20
tftpfilename MyImage
[Device name]> set ipgw 10.0.0.30
[Device name]> reboot 0
Result: The AP-2000 will reboot and then download the image file. Observe the TFTP display and you should see
downloading activity begin after a few seconds. When downloading has stopped, the AP-2000 is ready for
configuration, providing the AP-2000 IP Address is correct.
7. Once the AP-2000 image is downloaded and you have a valid AP-2000 IP Address, configure the AP-2000 as
described in Configuring the ORiNOCO AP-2000 device.
Setting IP Address using Serial Port and Normal CLI
Use the following procedure to set an IP Address over the serial port using the normal CLI. The network administrator
typically provides the AP-2000 IP Address.
Hardware and Software Requirements
Q
Q
Standard serial data (RS-232) cable with a female DB-9 connector at each end or a standard serial cable and the
Mini-DIN8 to DB-9 adapter included in your kit.
ASCII Terminal software, such as HyperTerminal.
Attaching the Serial Port Cable
1. Remove power from the AP-2000 and your computer.
2. Connect the serial port cable to the back of the AP-2000 unit and to your computer.
3. Restart the computer and power up the Access Point device.
5-7
Recovery Procedures
Initializing the IP Address using Normal CLI
After installing the serial port cable, you may use the CLI to communicate with the AP-2000. You may use most generic
terminal programs, such as HyperTerminal. Once the IP Address has been assigned, use the HTTP Interface or the
CLI to complete configuration. Many web sites offer shareware or commercial terminal programs you can download.
Use the following procedure to initialize the AP-2000 IP Address.
1. Open your terminal emulator, and then set the following connection properties:
Q
Com Port: <COM1, COM2, etc., depending on your computer>
Q
Baud rate: 9600
Q
Data Bits: 8
Q
Stop bits: 1
Q
Flow Control: None
Q
Parity: None
2. Enable the “ASCII Setup” settings by selecting “Send line ends with line feeds”. Result: HyperTerminal sends a line
return at the end of each line of code.
3. Press the RESET button on the AP-2000 (located on the LED Indicator side of the unit). Result: The terminal
display shows Power On Self Tests (POST) activity, and then displays a CLI prompt, similar to the example below.
This process may take up to 90 seconds.
[Device name]> Please enter password:
4. Enter the password (default is "public"). Result: The terminal displays a welcome message and then the CLI
Prompt:
[Device name]>
5. Enter show ip. Result: Network parameters appear:
[Device name]> show ip
IP Address: 10.0.0.1
IP Mask: 255.0.0.0
Default Router: 10.0.0.1
Default TTL: 64
Address Type: 1
6. Change the IP Address and other network values using set and reboot CLI commands, similar to the example
dialog below (use your own IP Address and IP Mask). Result: After each entry the CLI reminds you to reboot;
however wait to reboot until all commands have been entered.
[Device name]> set ipaddrtype static
[Device name]> set ipaddr <IP Address>
[Device name]> set ipsubmask <IP Mask>
[Device name]> set ipgw <Default Gateway IP Address>
[Device name]> reboot 0
7. After the AP-2000 reboots, verify the new IP Address by reconnecting, and then entering a show ip CLI statement
(as in Step 5). Alternatively, you can use the ping network command from networked computers to test the new IP
Address.
8. When the proper IP Address is set, use CLI or the HTTP Interface over the LAN to complete configuration and
manage operations.
5-8
System Alarms (Traps)
System Alarms (Traps)
Security Alarms
oriTrapAuthenticationFailure
Wireless Card (A and/or B) incompatible vendor detected
oriTrapUnauthorizedManagerDetected
Wireless Card (A and/or B) firmware download failure detected
Wireless Interface Card Alarms
oriTrapWLCNotPresent
Wireless Card (A and/or B) not present
oriTrapWLCFailure
Wireless Card (A and/or B) general failure
riTrapWLCRemoval
Wireless Card (A and/or B) removal
oriTrapWLCIncompatibleFirmware
Wireless Card (A and/or B) incompatible firmware detected
oriTrapWLCVoltageDiscrepancy
Wireless Card (A and/or B) voltage discrepancy detected
oriTrapWLCIncompatibleVendor
Wireless Card (A and/or B) incompatible vendor detected
oriTrapWLCFirmwareDownloadFailure
Wireless Card (A and/or B) firmware download failure detected
Operational Alarms
oriTrapWatchDogTimerExpired
Watch Dog Timer has expired
oriTrapRADIUSServerNotResponding
RADIUS Server is not responding or error communicating with RADIUS Server
oriTrapModuleNotInitialized
Module has not been initialized
oriTrapDeviceRebooting
Device is rebooting
oriTrapTaskSuspended
Task suspension has been detected
oriTrapBootPFailed
BootP failure detected (no response from BootP Server)
oriTrapDHCPFailed
DHCP Client failure detected (no response from DHCP server)
FLASH Memory Alarms
oriTrapFlashMemoryEmpty
Flash memory card detected empty
oriTrapFlashMemoryCorrupted
Flash memory data corrupted
TFTP Alarms
oriTrapTFTPFailedOperation
FTP (upload or download) failure detected
oriTrapTFTPOperationInitiated
TFTP (upload or download) operation initiated
oriTrapTFTPOperationCompleted
TFTP (upload or download) operation completed
Image Alarms
oriTrapZeroSizeImage
Zero size image has been downloaded to device
oriTrapInvalidImage
Invalid image has been downloaded to device
oriTrapImageTooLarge
Image downloaded to device is too big
oriTrapIncompatibleImage
Incompatible image has been downloaded to device
Standard MIB-II (RFC 1213) Alarms
coldStart
Device has been cold started
warmStart
Device has been warm started
linkUp
Device Link is up (Ethernet interface is up)
linkDown
Device Link is down (Ethernet interface is down)
Bridge MIB (RFC 1493) Alarms
newRoot
New root has been added to Bridge
topologyChange
Network Topology change has been detected
5-9
Related Applications
Related Applications
RADIUS Authentication Server
If the RADIUS authentication server is selected for authentication during configuration, Make sure RADIUS is
configured and running. Otherwise, clients will not be able to log in. There are several reasons the authentication
server services might be unavailable, here are two typical things to check.
Q
Q
Make sure you have the proper RADIUS authentication server information setup configured in the AP-2000. Check
the RADIUS server IP Address authentication Port number (default is 1812), and Shared Secret.
Make sure the RADIUS authentication server RAS setup matches the AP-2000.
TFTP Server
The “Trivial File Transfer Protocol” (TFTP) server allows you to transfer files across a network. You can upload files
from the AP-2000 for backup or copying, and you can download the files for configuration and AP Image upgrades.
The TFTP software is located on the ORiNOCO AP-2000 Installation CD-ROM.
If a TFTP server is not configured and running, you will not be able to download and upload images and configuration
files to/from the AP-2000. Remember that the TFTP server does not have to be local, so long as you have a valid
TFTP IP Address. TFTP does not have to be running for AP-2000 operations that do not transfer files.
After the TFTP server is installed:
Q
Q
Q
Check to see that TFTP is configured to point to the directory containing the AP Image.
Make sure you have the proper TFTP server IP Address, the proper AP Image file name, and that the TFTP server
is connected.
LED Indicators
POWER
ETHERNET
PC CARD A
PC CARD B
INIDICATION
Green
Green flash
with data activity
Green flash
with data activity
Green flash
with data activity
Normal Operation
Amber
n/a (not applicable)
Amber
Amber
Rebooting
Amber
n/a
n/a
n/a
Missing or bad AP Image if amber after reboot
Red
Red
n/a
n/a
Power On Self Test (POST) running
n/a
n/a
Red
Red
PC Card incompatible on indicated interface
n/a
n/a
Red
Red
PC Card failure on indicated interface
Green
n/a
Amber
Amber
Indicated interface in Administrative State
n/a
n/a
Off
Off
PC Card not present
5-10
Using the Command Line Interface
6
In This Chapter
This section provides details for the Command Line (CLI) Interface used to manage an ORiNOCO AP-2000 device.
CLI commands can be used to initialize, configure, and manage network operation of the Access Point.
Q
Q
CLI commands may be entered in real time through a keyboard, or submitted with CLI scripts.
The CLI is available through both the Serial Port Interface and the Ethernet Interface.
127(
All CLI commands and parameters are case-sensitive.
Q
Q
Q
Q
Q
Q
– Prerequisite Skills and Knowledge
– Notation Conventions
– Important Terminology
– Navigation and Special Keys
– CLI Error Messages
Command Line Interface (CLI) Variations
– Bootloader CLI
CLI Command Types
– Operational CLI Commands
– Parameter Control Commands
Using Tables & User Strings
– Working with Tables
– Using Strings
Configuring the AP-2000 Unit using CLI commands
– Configuring Objects that Require Reboot
– “set” CLI Command
– “show” CLI Command
Other Network Settings
– Set Basic Configuration Parameters using CLI Commands
– Configure the AP-2000 device as a DHCP Server
– Maintain 802.11b Client Connections using Link Integrity
– Change your Wireless Interface Settings
– Set Interface Management Services
– RADIUS Authentication Settings
Parameter Tables
Prerequisite Skills and Knowledge
To use this document effectively, you should have a working knowledge of Local Area Networking (LAN) concepts,
network access infrastructures, and client-server relationships. In addition, you should be familiar with software setup
procedures for typical network operating systems and servers.
6-1
Notation Conventions
Q
Q
Computer prompts are shown as constant width type. For example: [Device name]>
Information that you input as shown is displayed in bold constant width type. For example: [Device name]> set
ipaddr 10.0.0.12
Q
Q
The names of keyboard keys, software buttons, and field names are displayed in bold type. For example: Click the
Configure button
Screen names are displayed in bold italics. For example, the System Status screen.
Important Terminology
Q
Q
Q
Q
Q
Q
Q
Config Files - Database files containing the current Access Point configuration. Configuration items include the IP
Address and other network-specific values. Config files may be downloaded to the Access Point or uploaded for
backup or troubleshooting.
Download Vs. Upload - Downloads transfer files to the Access Point. Uploads transfer files from the Access Point.
The TFTP server performs file transfers in both directions.
Group - A logical collection of network parameter information. For example, the System Group is composed of
several related parameters. Groups can also contain Tables. All items for a given Group can be displayed with a
“show” <Group> CLI Command.
Image File - The Access Point software executed from RAM. To update an Access Point you typically download a
new Image File. This file is often referred to as the "AP Image".
Parameter - A fundamental network value that can be displayed and may be changeable. For example, the Access
Point must have a unique IP Address and the Radio PC Cards must know which channel to use. Change
parameters with the CLI set Command, and view them with the CLI show Command
Table - Tables hold parameters for several related items. For example, you can add several potential managers to
the SNMP Table. All items for a given Table can be displayed with a show <Table> CLI Command.
TFTP - Refers to the TFTP Server, used for file transfers.
Navigation and Special Keys
This CLI supports the following navigation and special key functions to move the cursor along the prompt line.
Key Combination
Operation
Delete or Backspace
Delete previous character
Ctrl-A
Move cursor to beginning of line
Ctrl-E
Move cursor to end of line
Ctrl-F
Move cursor forward one character
Ctrl-B
Move cursor back one character
Ctrl-D
Delete the character the cursor is on
Ctrl-U
Delete the entire line
Ctrl-P
Go to the previous line in the history buffer
Ctrl-N
Go to the next line in the history buffer
Tab
Complete the command line
?
List available commands
6-2
Command Line Interface (CLI) Variations
CLI Error Messages
The following table describes the error messages associated with improper inputs or expected CLI behavior.
Error Message
Description
% Syntax error
Invalid syntax entered at the command prompt.
% Invalid command
A non-existent command has been entered at the command prompt.
% Invalid parameter name
An invalid parameter name has been entered at the command prompt.
% Invalid parameter value
An invalid parameter value has been entered at the command prompt.
% Invalid table index
An invalid table index has been entered at the command prompt.
% Invalid table parameter
An invalid table parameter has been entered at the command prompt.
% Invalid table parameter value
An invalid table parameter value has been entered at the command prompt.
% Read only parameter
User is attempting to configure a read-only parameter.
% Incorrect password
An incorrect password has been entered in the CLI login prompt.
% Download unsuccessful
The download operation has failed due to incorrect TFTP server IP Address or file name.
% Upload unsuccessful
The upload operation has failed due to incorrect TFTP server IP Address or file name.
Command Line Interface (CLI) Variations
Administrators use the CLI to control Access Point operation and monitor network statistics. The AP-2000 supports
two types of CLI: the Bootloader CLI and the normal CLI. The Bootloader CLI provides a limited command set, and is
used when the current AP Image is bad or missing. The Bootloader CLI allows you to assign an IP Address and
download a new image. Once the image is downloaded and running, the Access Point uses the normal CLI. This guide
covers the normal CLI unless otherwise specified.
Bootloader CLI
The Bootloader CLI is a minimal subset of the normal CLI used to perform initial configuration of the AP-2000 device.
This interface is only be accessible via the serial interface if the AP-2000 unit does not contain an image (binary) or the
TFTP operation has failed as result of the download command for an image.
The Bootloader CLI provides you with the ability to configure the initial setup parameters as well as download an
image (binary) to the device.
The functions that shall be supported by the Bootloader CLI are:
–
–
–
–
configuration of initial device parameters using the set command
show command to view the device’s configuration parameters
help command to provide additional information on all commands supported by the Bootloader CLI
reboot command to reboot the device.
The parameters supported by the Bootloader CLI (for viewing and modifying) are:
–
–
–
–
–
–
System Name
IP Address Assignment Type
IP Address
IP Mask
Gateway IP Address
TFTP Server IP Address
–
Image (binary) File Name
The following lists display the results of using the help and show commands in the Bootloader CLI:
[DeviceName]>help
Command List
=============
set
show
reboot
help
Description
===========
Set system parameters
Show running system information
Reboots the system
Description of commands, command usage, and parameters
6-3
CLI Command Types
Command Usage
=============
set <parameter name> <parameter value> <CR>
show <CR>
reboot <number f seconds> <CR>
help <CR>
Parameter List
==============
sysname
ipaddrtype
ipaddr
ipsubmask
ipgw
tftpipaddr
tftpfilenameImage or
Description
===========
System Name
System IP Address Assignment Type
System IP Address
System IP Mask
System Default Gateway IP Address
TFTP Server IP Address
Binary File Name
[DeviceName]>show
sysname
ipaddrtype
ipaddr
ipsubmask
ipgw
tftpipaddr
tftpfilename
<value
<value
<value
<value
<value
<value
<value
of
of
of
of
of
of
of
sysname>
ipaddrtype>
ipaddr>
ipsubmask>
ipgw>
tftpipaddr>
tftpfilename>
CLI Command Types
This guide divides CLI Commands into two categories: Operational and Parameter Control.
Operational CLI Commands
This type affects Access Point behavior, such as downloading, rebooting, and so on. After entering commands (and
parameters if any) press the Enter key to execute the Command Line.
Operational commands include.
Q
Q
Q
Q
Q
Q
Q
Q
Q
? - (Question Mark) Lists CLI Commands or parameters, depending on usage.
done, exit, quit - Terminates the CLI session
download - Uses TFTP server to download "image", "config", or “bootloader upgrade” files to Access Point.
help - Displays general CLI help information or command help information, such as command usage and syntax
history - Remembers commands to help avoid re-entering complex statements
passwd - Sets the Access Point CLI password
reboot - Reboots the Access Point in specified time
search - Lists the parameters in a specified Table
upload - Uses TFTP server to upload "config" files from Access Point to TFTP default directory or specified path.
? (List Commands)
This command has varied uses to display commands and parameters, depending on the operation in which it is used.
The following table lists each operation and provides a basic example. Following the table are detailed examples and
display results for each operation.
Operation
Basic Example
Display the Command List (Example 1)
[Device Name]>?
Display commands that start with specified letters (Example 2)
[Device Name]>s?
Display parameters for set and show Commands (Examples 3a and 3b)
[Device Name]>show?
[Device Name]>show ipa?
Prompt to enter successive parameters for Commands (Example 4)
[Device Name]>download?
6-4
CLI Command Types
Example 1. Display Command list
To display the Command List, enter "?"
[Device Name]>?
show
set
download
upload
reboot
passwd
help
quit
done
exit
history
search
Example 2. Display specific Commands
To show all commands that start with specified letters, enter one or more letters, then "?" with no space between letters
and "?".
[Device Name]>s?<CR>
show
set
search
Example 3. Display parameters for set and show
Example 3a allows you to see every possible parameter for the set (or show) commands. Notice from example 3a that
the list is very long. Example 3b shows how to display a subset of the parameters based on initial parameter letters.
Example 3a. Display every parameter that can be changed
[Device Name]>set?<CR>
sysctemail
sysctphone
etherspeed
ipaddrtype
.
.
.
iparpfltipaddr
Example 3b. Display parameters based on letter sequence
This example shows entries for parameters that start with the letter "i". The more letters you enter, the fewer the results
returned. Notice that there is no space between the letters and the question mark.
[Device Name]> show i?<CR>
ipaddrtype
ip
ipgw
iappannreqstart
iparpstatus
iparpfltsubmsk
iappstatus
iapphandtout
iapp
ipaddr
iparpfltstatus
iparp
[Device Name]> show ip?<CR>
ipaddrtype
ip
ipttl
ipaddr
iparpstatus
iparpfltstatus
iparpfltsubmsk
iparp
[Device Name]> show ipa?<CR>
ipaddrtype
ipaddr
iparpfltstatus
iparpfltipaddr
iparp
[Device Name]> show ipar?<CR>
iparpstatus
iparpfltstatus
iparpfltsubmsk
iparp
iappannint
iapphandretx
ipttl
ipsubmask
iparpfltipaddr
ipgw
ipsubmask
iparpfltipaddr
iparpstatus
iparpfltsubmsk
iparpfltipaddr
6-5
CLI Command Types
Example 4. Display Prompts for Successive Parameters
Enter the command, a space, and then "?". Then, when the parameter prompt appears, enter the parameter value.
Result: The parameter is changed and a new CLI line is echoed with the new value (in the first part of the following
example, the value is the IP Address of the TFTP server).
After entering one parameter, you may add another "?" to the new CLI line see the next parameter prompt, and so on
until you enter all parameters. The following example shows how this is used for the "download" Command. The last
part of the example shows the completed download Command ready for execution.
[Device Name]> download?<CR>
<TFTP IP Address>
[Device Name]> download 10.0.0.2?<CR>
<File Name>
[Device Name]> download 10.0.0.2 apimage?<CR>
<file type (config/bin/bspbl)>
[Device Name]> download 10.0.0.2 apimage bin
done, exit, quit
Each command disconnects the CLI Session.
[Device Name]> done
[Device Name]> exit
[Device Name]> quit
download
Downloads the specified file from TFTP server to the Access Point. Executing 'download' in combination with the
asterisks character, “*”, will make use of the previously set TFTP parameters. Executing download without parameters
will display command help and usage information. To see a list of available files to download, enter a question mark (?)
after download (example: download?).
1. Syntax to download a file:
Device Name]>download <tftp server address> <path and filename> <file type>
Example:
[Device Name]>download 192.168.1.100 APImage2 bin
2. Syntax to display help and usage information:
[Device Name]>download
3.
Syntax to execute the download Command using previously set (stored) TFTP Parameters:
[Device Name]>download *
6-6
CLI Command Types
help
Displays instructions on using control-key sequences for navigating a Command Line, and displays command
information and examples.
1. Using help as the only argument:
[Device Name]>help
Special keys supported:
Arrow Keys
DEL, BS.... delete previous character
Ctrl-A.... go to beginning of line
Ctrl-E.... go to end of line
Ctrl-F.... go forward one character
Ctrl-B.... go backward one character
Ctrl-D.... delete current character
Ctrl-U, X. delete to beginning of line
Ctrl-K.... delete to end of line
Ctrl-W..... delete previous word
Ctrl-T..... transpose previous character
Ctrl-P.... go to previous line in history buffer
Ctrl-N.... go to next line in history buffer
Tab .... will attempt command completion
? .... will provide command listing
Examples:
'?'
list all the supported commands and brief description
'sh?'
list all commands that start with sh
'show?'
list all arguments to the show command
'sh<TAB>'
complete the 'show' command
2. Complete command description and command usage can be provided by:
[Device Name]>help <command name>
[Device Name]><command name> help
history
Shows content of Command History Buffer. The Command History Buffer stores command statements entered in the
current session. To avoid re-entering long command statements, use the keyboard "up arrow" and "down arrow" keys
to recall pervious statements from the Command History Buffer. When the desired statement reappears, press the
"Enter" key to execute, or you may edit the statement before executing it.
[Device Name]> history
passwd
Changes the CLI Password.
[Device Name]> passwd oldpassword newpassword newpassword
reboot
Reboots Access Point after specified number of seconds. Specify a value of 0 (zero) for immediate reboot.
[Device Name]> reboot 0
[Device Name]> reboot 30
6-7
CLI Command Types
search
Lists the members of the specified table. This list corresponds to the table information displayed in the HTTP Interface.
In this example, the CLI returns the same SNMP table items displayed in the HTTP Interface SNMP Access Table.
[Device Name]> search snmpipaccesstbl
The supported elements are:
index
ipaddr
submask
if
cmt
status
upload
Uploads the specified file from AP-2000 to TFTP Server directory. Executing ‘upload” with the asterisks, “*”, character
will make use of the previously set/stored TFTP parameters. Executing 'upload' without parameters will display
command help and usage information.
1. Syntax to upload a file:
[Device Name]>upload <tftp server address> <path and filename> <filetype>
Example:
[Device Name]>upload 192.168.1.100 APImage2 bin
2. Syntax to display help and usage information:
[Device Name]>help upload
3. Syntax to execute the upload command using previously set (stored) TFTP Parameters:
[Device Name]>upload *
Parameter Control Commands
The following sections cover each CLI Command, and include several tables showing parameter properties. The two
Parameter Control Commands are show and set. These allow you to view (show) all parameters and statistics, and to
change (set) parameters.
Q
Q
show - To see any Parameter or Statistic values, you specify a single parameter, a Group, or a Table. Fore more
details, refer to "set and show command examples" later in this guide.
set - Use this CLI Command to change parameter values. You can use a single CLI Statement to modify Tables, or
modify each parameter separately. Fore more details, refer to "set and show command examples" later in this
guide.
“set” and “show” Command Examples
In general, you will use the CLI "show" Command to view current parameter values, and use the CLI "set" Command
to change parameter values. As shown in the following six examples, parameters may be set individually, and all
parameters for a given table can be set with a single statement.
Example 1 - Set the Access Point IP Address Parameter
Syntax:
[Device Name]>set <parameter name> <parameter value>
Example:
[Device Name]> set ipaddr 10.0.0.12
Result: IP Address will be changed when you reboot the Access Point. The CLI reminds you when rebooting is
required for a change to take effect. To reboot immediately, enter reboot 0 (zero) at the CLI prompt.
6-8
CLI Command Types
Example 2 - Create a table entry or row
Use 0 (zero) as the index to the table when creating an entry. When creating a table row, only the mandatory table
elements are required (comment is usually an optional table element). There are other optional table elements, which,
if not entered, the default value applies.
Syntax:
[Device Name]>set <table name> <table index> <element 1> <value 1> …
<element n> <value n>
Example:
[Device Name]> set snmpipaccesstbl 0 ipaddr 10.0.0.10 submask 255.255.0.0
Result: The SNMP Table (Index 0) "IP Address" and "IP Mask" parameters are assigned 10.0.0.10 and
255.255.0.0, respectively.
Example 3 - Modify a table entry or row
Use the index to be modified and the table elements you would like to modify. For example, suppose the SNMP IP
Access table has one entry and you wanted to modify the IP Address:
[Device Name]>set snmpipaccesstbl 1 ipaddr 10.0.0.11
You can also modify several elements in the table entry. Enter the index number and specific table elements you would
like to modify. Hint: Use the search Command to see the elements that belong to the table.
[Device Name]>set snmpipaccesstbl 1 ipaddr 10.0.0.12 submask 255.255.255.248
cmt “First Row”
Example 4 - Enable, Disable, or Delete a table entry or row
In this example you would like to manage the second table row/entry.
Syntax:
[Device Name]>set <Table> index status <enable, disable, delete>
[Device Name]>set <Table> index status <1=enable, 2=disable, 3=delete>
Example:
[Device
[Device
[Device
[Device
Name]>set
Name]>set
Name]>set
Name]>set
snmpipaccesstbl
snmpipaccesstbl
snmpipaccesstbl
snmpipaccesstbl
2
2
2
2
status
status
status
status
enable
disable
delete
2
Example 5 - Show the Group Parameters
In this example you can view all elements of a group or table.
Syntax:
[Device Name]> show <group name>
Example:
[Device Name]>show network
Result: The CLI displays network group parameters. Note that show network and show ip work the same.
6-9
Using Tables & User Strings
Example 6 - Show Individual and Table Parameters
1. View a single parameter
Syntax:
[Device Name]>show <parameter name>
Example:
[Device Name]> show ipaddr
Result: Displays the Access Point IP Address.
2. View all parameters in a table
Syntax:
[Device Name]> show <table name>
Example:[Device Name]> show snmpipaccesstbl
Result: Displays the Access Point SNMP IP Access Table and its entries.
Using Tables & User Strings
Working with Tables
Each member of the table must be specified, as in the example below.
[Device Name]>set snmpipaccesstbl 0 submask 255.255.0.0 ipaddr 10.0.0.10
Below are the rules for creating, modifying, enabling/disabling, and deleting table entries.
Q
Q
Q
Creation
– The table name is required.
– The table index is required – for table entry/instance creation the index is always zero (0).
– The order in which the table arguments or objects are entered in not important.
– Parameters that are not required can be omitted, in which case they will be assigned the default value as
specified in the MIB or product functional specification document.
Modification
– The table name is required.
– The table index is required – for table modification the index should be the index of the entry to be modified.
– Only the table objects that are to be modified need to be specified. Not all the table objects are required.
– If multiple table objects are to be modified the order in which they are entered is not important.
– If the entire table entry is to be modified, all the table objects have to be specified.
Enabling/Disabling
–
–
Q
The table name is required.
The table index is required – for table enabling/disabling the index should be the index of the entry to be
enabled/disabled.
– The reserved word enable or disable are required.
Deletion
– The table name is required.
– The table index is required – for table deletion the index should be the index of the entry to be deleted.
– The reserved word delete is required.
6-10
Using Tables & User Strings
Using Strings
Since there are several string objects supported by the AP-2000 device, a string delimiter is required for the strings to
be interpreted correctly by the command line parser. For this CLI implementation, the single quote or double quote
character can be used at the beginning and at the end of the string.
For example:
[Device Name]> set sysname Lobby - Does not need quote marks
[Device Name]> set sysname "Front Lobby" - Requires quote marks.
The scenarios supported by this CLI are:
“My Desk in Nieuwegein”
Double Quotes
‘My Desk in Nieuwegein’
Single Quotes
“My ‘Desk’ in Nieuwegein”
Single Quotes within Double Quotes
‘My “Desk” in Nieuwegein’
Double Quotes within Single Quotes
“Daniel’s Desk in Nieuwegein”
One Single Quote within Double Quotes
‘Daniel”s Desk in Nieuwegein’
One Double Quote within Single Quotes
The string delimiter does not have to be used for every string object. The single quote or double quote only has to be
used for string objects that contain blank space characters. If the string object being used does not contain blank
spaces, then the string delimiters, single or double quotes, mentioned in this section are not required.
Configuring Objects that Require Reboot
Certain objects supported by ORiNOCO devices require the device to be rebooted in order for the changes to take
effect. In order to inform the end-user of this behavior, the CLI shall provide informational messages when the user has
configured an object or object(s) that requires the device to be rebooted. The following message shall be displayed as
a result of the configuring such object or objects.
Example 1: Configuring objects that require the device to be rebooted
The following message is displayed every time the user has configured an object that requires the device to be
rebooted.
[Device Name]>set ipaddr 135.114.73.10
In order for this change to take effect, the device is required to be rebooted.
Example 2: Executing the exit, quit, or done commands when an object that requires reboot has been
configured
In addition to the above informational message, the CLI also provides a message as a result of the exit, quit, or done
command if changes have been made to objects that require reboot. If you make changes to objects that require
reboot and execute the exit command the following message is displayed:
[Device Name]>exit<CR> OR quit<CR> OR done<CR>
Modifications have been made to parameters that require the device to be rebooted. These changes will only take
effect after the next reboot.
“set” CLI Command
Sets (modifies) the value of given parameter. To see a definition and syntax example, type only set and then press the
Enter key. To see a list of available parameters, enter a space, then a question mark (?) after set (example: set?).
Syntax:
[Device
[Device
Example:
[Device
[Device
Name]>set <parameter> <value>
Name]>set <table> <index> <argument 1> <value 1> ... <argument N> <value N>
Name]>set sysloc "Main Lobby"
Name]>set snmpipaccesstbl 0 ipaddr 10.0.0.10 submask 255.255.0.0
6-11
Configuring the AP-2000 Unit using CLI commands
“show” CLI Command
Displays the value of specified parameter, or displays all parameter values of a specified group (parameter table).
Groups contain Parameters and Tables. Tables contain parameters for a series of similar entities.
To see a definition and syntax example, type only show and then press the Enter key. To see a list of available
parameters, enter a question mark (?) after show (example: show ?).
Syntax:
[Device Name]>show
[Device Name]>show
[Device Name]>show
Examples:
[Device Name]>show
[Device Name]>show
[Device Name]>show
<parameter>
<group>
<table>
ipaddr
network
snmpipaccesstbl
Configuring the AP-2000 Unit using CLI commands
Log Into the AP-2000 Unit
The CLI commands can be used to access, configure, and manage your AP-2000 device using Telnet or a terminal
emulation application, such as HyperTerminal. Log into the AP-2000 unit using Telnet:
1.
2.
3.
Go to the DOS command prompt on your computer.
Type in telnet <IP Address of the unit>.
Enter the Telnet password (default is public).
127(
We recommend changing your default passwords immediately. To perform this operation using CLI
commands, refer to Change Passwords.
Log Into the AP-2000 Unit using HyperTerminal
1.
Launch HyperTerminal from the Start > Programs menu. Open an existing connection or create a new one
with the following settings:
Q
Com Port: <COM1, COM2, etc., depending on your computer>
Q
Baud rate: 9600
Q
Data Bits: 8
Q
Stop bits: 1
Q
Flow Control: None
Q
Parity: None
2.
Enable the “ASCII Setup” settings by selecting “Send line ends with line feeds”.
(Result: HyperTerminal sends a line return at the end of each line of code.)
Enter the Telnet password (default is public).
3.
127(
We recommend changing your default passwords immediately. To perform this operation using CLI
commands, refer to Change Passwords.
6-12
Configuring the AP-2000 Unit using CLI commands
Set Basic Configuration Parameters using CLI Commands
There are a few basic configuration parameters that you will want to setup right away when you receive the AP-2000
unit. For example:
–
–
–
–
–
–
–
–
–
Contact information for network administrator
Set System Name, Location and Contact Information
Set a Static IP Address for the AP-2000 device
Set Network Names and Encryption options
Set WEP Encryption for each Wireless Interface
Change Passwords for the different management interfaces (SNMP, Telnet, HTTP)
Download an AP-2000 configuration file from your server
Copy an AP-2000 configuration file from another AP-2000 device
Communication rules for your wireless interface(s)
Set System Name, Location and Contact Information
[Device
[Device
[Device
[Device
[Device
[Device
Name]>set sysname <system name>
Name]>set sysloc <Unit Location>
Name]>set sysctname <Contact Name (person responsible for system)>
Name]>set sysctphone <Contact Phone Number>
Name]>set sysctemail <Contact E-mail address>
Name]>show system<CR>
Set Static IP Address for the AP-2000 device
[Device
[Device
[Device
[Device
[Device
Name]>set ipaddrtype static
Name]>set ipaddr <fixed IP address of unit>
Name]>set ipsubmask <IP Mask (default = 255.0.0.0)>
Name]>set ipgw <gateway IP address (default = 10.0.0.1)>
Name]>show network<CR>
127(
The IP Mask of the AP-2000 unit needs to match the IP Mask of your network. If you are setting up the
AP-2000 device from a client station, check the IP mask of your computer before proceeding.
Set a Network Name for each Wireless Interface
–
3 = wireless card in Slot A
–
4 = wireless card in Slot B
[Device Name]>set wif 3 netname <Network Name (SSID) for wireless card in Slot A>
[Device Name]>set wif 4 netname <Network Name (SSID) for wireless card in Slot B>
[Device Name]>show wif<CR>
Set WEP Encryption for each Wireless Interface
–
–
3 = wireless card in Slot A
4 = wireless card in Slot B
!
&$87,21
Client stations must have the same encryption key to be able to communicate with the AP-2000 device.
6-13
Configuring the AP-2000 Unit using CLI commands
For the wireless card in Slot A
You can set up to four encryption keys. This example describes setting encryption Key 1 on the wireless card in Slot A.
[Device Name]>set wifsec 3 encrypt enable encryptkey 1
<WEP key (5-13 characters long depending on card type)> encryptkeytx 1
[Device Name]>show wifsec<CR>
For the wireless card in Slot B
You can set up to four encryption keys. This example describes setting encryption Key 2 on the wireless card in Slot B.
[Device Name]>set wifsec 4 encrypt enable encryptkey 2
<WEP key (5-13 characters long depending on card type)> encryptkeytx 2
[Device Name]>show wifsec<CR>
Change Passwords
[Device
[Device
[Device
[Device
!
Name]>set telpasswd <Old Password> <New Password> <Confirm Password>
Name]>set httppasswd <Old Password> <New Password> <Confirm Password>
Name]>set snmppasswd <Old Password> <New Password> <Confirm Password>
Name]>reboot 0
&$87,21
We strongly urge your to change the default passwords to restrict access to your network devices to
authorized personnel. We also recommend that you document your AP-2000 configuration using the work
sheets provided for you in the chapter, Recording Your Configuration Settings. If you lose or forget your
password settings, you can always perform the Reset to Factory Default Procedure.
Download an AP-2000 Configuration File from your TFTP Server
Begin by starting your TFTP program. It must be running and configured to transmit and receive.
[Device Name]>set tftpfilename <file name> tftpfiletype config
tftpipaddr <IP address of your TFTP server>
[Device Name]>show tftp (ensure the filename, file type, and the IP address are
correct)
[Device Name]>download *
[Device Name]>reboot 0
After doing this once, you can backup your current file (so long as all the parameters are the same), with the following
command:
[Device Name]>download *
Backup your AP-2000 Configuration File
Begin by starting your TFTP program. It must be running and configured to transmit and receive.
[Device Name]>upload <TFTP Server IP address> <tftpfilename (such as “config.sys”)> config
[Device Name]>show tftp (ensure the filename, file type, and the IP address are correct)
After doing this once, you can backup your current file (so long as all the parameters are the same), with the following
command:
[Device Name]>upload *
6-14
Other Network Settings
Other Network Settings
There are other configuration settings that you may want to set for your AP-2000 unit. Some of them are listed below.
–
–
–
–
–
–
Download an AP-2000 configuration file from your server
Configure your AP-2000 device as a DHCP server
Maintain 802.11b client connections using Link Integrity checking
Change your Wireless Interface settings
Configure the physical interface that will be used to manage the AP-2000 unit
Control access to the AP-2000 device using MAC Address authentication, WEP encryption or 802.1x security
settings
127(
Refer to Configuring Advanced Features for more complex network settings.
Configure the AP-2000 device as a DHCP Server
127(
You must have at least one entry in the DHCP Server client IP Address assignment table before you can
enable the DHCP Server Status feature.
[Device Name]>set dhcpstatus disable
[Device Name]>set dhcpippooltable 0 startipaddr <start ip address>
endipaddr <end ip address>
[Device Name]>set dhcppridnsipaddr <primary dns ip address>
[Device Name]>set dhcpsecdnsipaddr <secondary dns ip address>
[Device Name]>set dhcpstatus enable
[Device Name]>reboot 0
Maintain 802.11b Client Connections using Link Integrity
127(
This feature is only applicable for 2.4 GHz (802.11b) cards.
[Device Name]>show linkinttbl (this shows the current links)
[Device Name]>set linkinttbl <1-4 (depending on what row in the table you wish
to address)> ipaddr <ip address of the host computer you want to check>
[Device Name]>set linkintpollint <the interval between link integrity checks>
[Device Name]>set linkintpollretx <number of times to retransmit before
considering the link down>
[Device Name]>set linkintstatus <enable>
[Device Name]>reboot 0
Change your Wireless Interface Settings
Enable/Disable Interference Robustness
–
–
3 = wireless card in Slot A
4 = wireless card in Slot B
[Device Name]>set wif <3 or 4> interrobust <enable/disable>
6-15
Other Network Settings
Enable/Disable Closed System
–
–
3 = wireless card in Slot A
4 = wireless card in Slot B
[Device Name]>set wif <3 or 4> closedsys <enable/disable>
127(
When disabled, a client configured with the Network Name “ANY” can connect to the AP-2000. This feature is
only available for 802.11b wireless cards.
Enable/Disable Load Balancing
–
–
3 = wireless card in Slot A
4 = wireless card in Slot B
[Device Name]>set wif <3 or 4> ldbalance <enable/disable>
Enable/Disable Medium Density Distribution
–
–
3 = wireless card in Slot A
4 = wireless card in Slot B
[Device Name]>set wif <3 or 4> meddendistrib <enable/disable>
Autochannel Select (ACS)
ACS is enabled by default. In order to disable ACS, disable the cards in slots A and B and reboot.
–
–
3 = wireless card in Slot A
4 = wireless card in Slot B
[Device Name]>set wif <3 or 4> autochannel disable
[Device Name]>reboot 0
Re-enable ACS
–
–
3 = wireless card in Slot A
4 = wireless card in Slot B
[Device Name]>set wif <3 or 4> autochannel enable
[Device Name]>reboot 0
Set the Distance Between APs
[Device Name]>set distaps <large, medium, small, minicell, microcell>
[Device Name]>reboot 0
127(
The distance between APs should not be approximated. It is calculated by means of a manual Site Survey, in
which an AP-2000 unit is set up and clients are tested throughout the area to determine signal strength and
coverage, and local limits such as physical interference are investigated.
From these measurements the appropriate cell size and density is determined, and the optimum distance
between APs is calculated to suit your particular business requirements.
The Site Survey is contained on the Installation CD included in your kit.
Set the Multicast Rate
[Device Name]>set multrate <1,2,5.5,11 (Mbps)>
127(
The Distance Between APs must be set before the Multicast Rate.
6-16
Other Network Settings
Set Ethernet Speed and Transmission Mode
[Device Name]>set etherspeed <value (see below)>
[Device Name]>reboot 0
Ethernet Speed and Transmission Mode
Value
10 Mbit/s - half duplex
10half
10 Mbit/s - full duplex
10full
10 Mbit/s - auto duplex
10auto
100 Mbit/s - half duplex
100half
100 Mbit/s - full duplex
100full
Auto Speed - half duplex
autospeedhalf
Auto Speed - auto duplex
autospeedauto (recommended)
Set Interface Management Services
Enable/Disable Interface Management Services
[Device Name]>set httpstatus <enable/disable>
[Device Name]>set telstatus <enable/disable>
[Device Name]>set snmpstatus <enable/disable>
Set Communication Ports
[Device Name]>set httpport <HTTP port number (default is 80)>
[Device Name]>set telport <Telnet port number (default is 23)>
[Device Name]>set snmpport <SNMP port number (default is 161)>
Set Session Timeouts
[Device Name]>set tellogintout <time in seconds>
[Device Name]>set telsessiontout <time in seonds>
Configure Management Ports
[Device Name]>set snmpifbitmask <0, 1, 4, 8, 15 (see below)>
[Device Name]>set httpifbitmask <0, 1, 4, 8, 15 (see below)>
[Device Name]>set telifbitmask <0, 1, 4, 8, 15 (see below)>
Choose from the following values:
Interface bitmask
Description
0 = disable (all interfaces)
All management channels disabled
1 = ethernet if
Ethernet only enabled
4 = pcCardA if
Wireless A only enabled
8 = pcCardB if
Wireless B only enabled
15 = allInterfaces
All management channels enabled
Edit Management IP Access Table
[Device Name]>set mgmtipaccesstbl <index> ipaddr <IP address> ipsubmask <subnet mask>
6-17
Other Network Settings
Configure Serial Port Interface
[Device Name]>set serbaudrate <2400, 4800, 9600, 19200, 38400, 57600>
serflowctrl <none, xon/xoff>
[Device Name]>show serial
127(
To avoid unexpected performance of your AP-2000, leave the setting Flow Control to its default value (none)
unless you are sure what this setting should be.
MAC Access Control
Setup MAC (Address) Access Control Table
[Device Name]>set macaclstatus <enable> macacloptype <passthru, block>
[Device Name]>reboot 0
Add an Entry to the MAC Access Control Table
[Device Name]>set macacltbl <index> macaddr <MAC Address, such as 00:12:34:56:78:ab>
status <enable>
[Device Name]>show macacltbl
Disable or Delete an Entry in the MAC Access Control Table
[Device Name]>set macacltbl <index> status <disable/delete>
[Device Name]>show macacltbl
127(
For larger networks that include multiple AP-2000 devices, you may prefer to maintain this list on a centralized
location using the RADIUS Authentication Settings.
RADIUS Authentication Settings
Set RADIUS Parameters
[Device
[Device
[Device
[Device
Name]>set radmacaccctrl <enable>
Name]>set radiustbl <index> ipaddr <RADIUS IP address>
Name]>set radauthlifetm <900-43200 milliseconds (in 60 sec increments)>
Name]>show radiustbl
Configure RADIUS server
[Device Name]>set radiustbl <index> status <enable> ipaddr <RADIUS IP address>
port <user defined> ssecret <user defined> responsetm <1 to 4 seconds>
maxretx <1 to 10 times> type <authentication, accounting>
[Device Name]>show radiustbl
[Device Name]>reboot 0
6-18
Parameter Tables
Parameter Tables
Objects contain groups that contain both parameters and parameter tables.
Use the following Tables to configure the Access Point. The Access Point CLI is under development as this document
is being prepared; therefore, some table cells are blank where a feature has not yet been implemented or information
needs validation. Columns used on the tables include:
—
—
—
—
—
Name - Parameter, Group, or Table Name
Type - Data type
Values - Value range, and default value, if any
ACC. - Indicates access type. R = Read Only (show), RW = Read-Write, can be "set", W = Write Only
CLI Parameter - Parameter name as used in the Access Point
Access Point network objects are associated with Groups. The network objects are listed below and associated
parameters are described in the following Parameter Tables:
Q
System Parameters - Access Point system information
Inventory Management Information - Hardware, firmware and software version information
Network Parameters - IP and Ethernet information
Wireless Interface Parameters - Wireless Interface (or you can say Wireless Card) Information
Autochannel Select (ACS) - Management information
Q
SNMP IP Access Table Parameters Q
SNMP Table Host Table Parameters Q
Q
Q
Q
Q
Q
Q
Q
Q
Q
Q
Q
Q
Q
Q
Q
Q
Q
Q
Primary and Backup RADIUS Server Table Parameters - RADIUS Authentication and Accounting information
Telnet Parameters - Telnet Port setup
Serial Port Parameters - Serial Port setup
TFTP Server Parameters - Set up for file transfers. Specify IP Address, file name, and file type.
HTTP (web browser) Parameters - Use the graphical web browser interface
Link Integrity Group - Monitor link status
Q
Link Integrity IP Target Table Wireless Interface Security Table - Security settings
Ethernet Filtering Table - Enable and disable specific addresses
IAPP Parameters - Enable or disable the Inter-Access Point Protocol
Static MAC Address Filter Table - Enable and disable specific addresses
Spanning Tree Parameters - Used to help prevent network loops
Storm Threshold Parameters - Set multicast rate
MAC Access Control Table Parameters - Control access my Media Access Control number
DHCP Server Parameters - Enable or disable dynamic host configuration
Q
DHCP Server table for IP pools SpectraLink VoIP Parameters - Enable or disable SpectraLink Voice over IP feature
6-19
Parameter Tables
System Parameters
Name
Type
Values
System
Group
N/A
ACC.
Name
DisplayString
User Defined
RW
Location
DisplayString
User Defined
RW
sysloc
Contact Name
DisplayString
User Defined
RW
sysctname
Contact E-mail
DisplayString
User Defined
RW
sysctemail
Contact Phone
DisplayString
User Defined
RW
sysctphone
FLASH Backup Interval
Integer
R
CLI Parameter
system
sysname
Seconds
RW
sysflashbckint
Flash Update
0
1
RW
sysflashupdate
Emergency Restore to defaults
Resets all parameters to
default factory values
RW
sysresettodefaults
Descriptor
DisplayString
N/A
R
none
Up Time
Integer
dd:hh:mm:ss
dd – days
hh – hours
mm – minutes
ss – seconds
R
none
Inventory Management Information
Name
Type
Values
Inventory Management
Group
N/A
ACC.
R
CLI Parameter
sysinvmgmt
Serial Number
DisplayString
N/A
R
N/A
Name
DisplayString
N/A
R
N/A
ID
Integer
N/A
R
N/A
Major Version
Integer
N/A
R
N/A
Minor Version
Integer
N/A
R
N/A
Name
Type
Values
Network
Group
N/A
IP Address
IpAddress
User Defined
IP Mask
IpAddress
User Defined
RW
ipsubmask
Default Router IP Address
IpAddress
User Defined
RW
ipgw
Default TTL
Integer
User Defined
RW
ipttl
Address Type
Integer
static (default)
dynamic (future release)
RW
ipaddrtype
Network Parameters
ACC.
R
RW
CLI Parameter
network
ipaddr
127(
The IP Address Assignment Type (ipaddrtype) must be set to static before the IP Address (ipaddr), IP Mask
(ipsubmask) or Default Gateway IP Address (ipgw) values can be entered.
6-20
Parameter Tables
Wireless Interface Parameters
Since the AP-2000 devices support two PC Card slots, we differentiate the two cards by using the table index:
—
—
Slot A = index 3
Slot B = index 4
The wireless interface group parameter is wif, which displays the objects associated with both PC Cards A and B.
Name
Type
Values
Wireless Interfaces
Group
N/A
ACC.
R
wif
Wireless Interface A
N/A
N/A
R
wif 3
Wireless Interface B
N/A
N/A
Network Name
DisplayString
2 – 31 characters
RW
netname
Distance between APs
Integer
Large
Medium
Small
Minicell
Microcell
RW
distaps
Auto Channel Select (ACS)
Integer
enable (default)
disable
RW
autochannel
Interference Robustness
Integer
enable (default)
disable
RW
interrobust
DTIM Period
Integer
1 – 65535 sec
RW
dtimperiod
Operating Frequency Channel
Integer
Depends on Card
Support
RW
channel
RTS/CTS Medium Reservation
Integer
0 – 2347
RW
medres
Multicast Rate
Integer
1 Mbit/sec
2 Mbit/sec
5.5 Mbit/sec
11 Mbit/sec
RW
multrate
Closed Wireless System
Integer
enable
disable
RW
closedsys
Load Balancing
Integer
enable
disable
RW
ldbalance
Medium Distribution
Integer
enable
disable
RW
meddendistrib
MAC Address
PhyAddress
12 hex digits
R
R
CLI Parameter
wif 4
macaddr
127(
There is an inter-dependent relationship between the Distance between APs and the Multicast Rate. In
general, larger systems operate a lower average transmit rates.
Distance between APs
Multicast Rate
Large
1 and 2 Mbits/sec
Medium
1, 2, and 5.5 Mbits/sec
Small
1, 2, 5.5 and 11 Mbits/sec
Minicell
1, 2, 5.5 and 11 Mbits/sec
Microcell
1, 2, 5.5 and 11 Mbits/sec
6-21
Parameter Tables
SNMP Parameters
Name
Type
Values
SNMP
Group
N/A
ACC.
R
CLI Parameter
snmpstatus
Read Password
DisplayString
User Defined
public (default)
W
snmprpasswd
Read/Write Password
DisplayString
User Defined
public (default)
W
snmprwpasswd
SNMP Trap Host Table
N/A
N/A
RW
snmptraphosttbl
SNMP IP Access Table
N/A
N/A
RW
snmpipaccesstbl
SNMP IP Access Table Parameters
When creating table entries, you may either specify the argument name followed by argument value or simply entering
the argument value. When only the argument value is specified, then enter the values in the order depicted by the
following table. CLI applies default values to the omitted arguments. Due to the nature of the information, the only
argument that can be omitted is the “comment” argument.
Name
Type
Values
SNMP IP Access Table
Table
N/A
ACC.
Table Index
Integer
User Defined
N/A
IP Address
IpAddress
User Defined
RW
ipaddr
IP Mask
IpAddress
User Defined
RW
submask
Interface
Integer
1 = Ethernet
3 = PC Card A
4 = PC Card B
RW
if
Comment (optional)
DisplayString
User Defined
RW
cmt
Status
Integer
enable
disable
delete
RW
status
R
CLI Parameter
snmpipaccesstbl
index
SNMP Table Host Table Parameters
When creating table entries, you may either specifying the argument name followed by argument value. CLI applies
default values to the omitted arguments. Due to the nature of the information, the only argument that can be omitted is
the “comment” argument.
Name
Type
Values
SNMP Trap Host Table
Table
N/A
ACC.
CLI Parameter
R
snmptraphosttbl
Table Index
Integer
User Defined
N/A
index
IP Address
IpAddress
User Defined
RW
ipaddr
Password
DisplayString
User Defined
W
Comment (optional)
DisplayString
User Defined
RW
cmt
Status
Integer
enable
disable
delete
RW
status
passwd
6-22
Parameter Tables
Primary and Backup RADIUS Server Table Parameters
ORiNOCO devices that use RADIUS authentication and/or accounting support both primary and backup RADIUS
servers. The configuration parameters and statistics are the same for both primary and backup servers. The CLI
differentiates the primary and backup RADIUS parameters by using the table index.
Name
Type
Values
RADIUS
Table
N/A
R
radiustbl
Primary RADIUS
N/A
N/A
R
(index) 1
R
(index) 2
Backup RADIUS
N/A
N/A
RADIUS Server Status
Integer
enable
disable (default)
Service Type
Integer
Authentication (default)
Accounting
Auth & Accounting
Server IP Address
IpAddress
ACC.
RW
R
CLI Parameter
status
type
User Defined
RW
ipaddr
Authentication Life Time Integer
900-43200 sec in 60 sec
increments
900 sec (default)
RW
radauthlifetm
MAC Access Control
Integer
enable
disable (default)
Authentication Port
Integer
User Defined
1812 (default)
RW
pauth
Accounting Port
Integer
User Defined
1813 (default)
RW
port
Shared Secret
DisplayString
User Defined
public (default)
W
Response Time (sec)
Integer
1 – 4 seconds
3 sec (default)
RW
responsetm
Maximum
Retransmissions
Integer
1 – 10
3 (default)
RW
maxretx
Name
Type
Values
Telnet
Group
N/A
R
Telnet Sessions
Integer
3-5
RW
telsessions
Telnet Port
Integer
User Defined
23 (default)
RW
telport
Telnet Login Inactivity
Time-out
Integer
1 – 60 seconds
30 sec (default)
RW
tellogintout
Telnet Session Idle
Time-out
Integer
1 - 900 seconds
900 sec (default)
RW
telsessiontout
Telnet Session Bitmask
Value
disable
ethernetIf
pcCardAIf
pcCardBIf
allInterfaces
RW
telifbitmask
radmacaccctrl
ssecret
Telnet Parameters
ACC.
CLI Parameter
telnet
127(
The Telnet Sessions (telsessions) parameter is the maximum number of concurrent management interface
sessions allowed (Telnet, SNMP, HTTP and Serial port).
6-23
Parameter Tables
Serial Port Parameters
Name
Type
Values
Serial
Group
N/A
Baud Rate
Integer
2400, 4800,
9600 (default),
19200, 38400, 57600
Data Bits
Integer
Parity
Integer
Stop Bits
Integer
1
Flow Control
Value
none (default)
xon/xoff
ACC.
R
CLI Parameter
serial
RW
serbaudrate
8
R
serdatabits
none
R
serparity
R
serstopbits
RW
serflowctrl
TFTP Server Parameters
These parameters relate to upload and download commands.
When a user executes an upload and/or download Command, the specified arguments are stored in TFTP parameters
for future use. If nothing is specified in the command line when issuing subsequent upload and/or download
commands, the stored arguments are used.
Name
Type
Values
TFTP
Group
N/A
ACC.
R
CLI Parameter
tftp
TFTP Server IP Address IpAddress
User Defined
RW
tftpipaddr
TFTP File Name
DisplayString
User Defined
RW
tftpfilename
TFTP File Type
Integer
bin (image)
config
bspbl
RW
tftpfiletype
HTTP (web browser) Parameters
Name
Type
Values
HTTP
Group
N/A
ACC.
HTTP Server Status
Integer
enable (default)
disable
HTTP Password
DisplayString
User Defined
W
HTTP Port
Integer
User Defined
Default = 80
RW
httpport
HTTP Session Bitmask
Value
disable
ethernetIf
pcCardAIf
pcCardBIf
allInterfaces
RW
httpifbitmask
Name
Type
Values
Link Integrity
Group
N/A
Link Integrity Status
Integer
enable (default)
disable
RW
linkintstatus
Link Integrity Poll
Interval
Integer
User Defined
500 ms (default)
RW
linkintpollint
Link Integrity Poll
Retransmissions
Integer
User Defined
RW
linkintpollretx
Link Integrity IP Target
Table
N/A
N/A
R
RW
CLI Parameter
http
httpstatus
httppasswd
Link Integrity Group
ACC.
R
R
CLI Parameter
linkint
linkinttbl
6-24
Parameter Tables
Link Integrity IP Target Table
Name
Type
Values
Link Integrity IP Target
Table
Table
N/A
ACC.
R
CLI Parameter
linkinttbl
Table Index
Integer
User Defined
N/A
index
Target IP Address
IpAddress
User Defined
RW
targetipaddr
Comment (optional)
DisplayString
User Defined
RW
cmt
Status
Integer
enable
disable
delete
RW
status
Wireless Interface Security Table
The following table details the specific wireless interface parameters for the AP-2000.
Name
Type
Security Table
Table
Values
ACC.
Index
Integer
3 = PC Card A
4 = PC Card B
N/A
N/A
Enable Encryption
Integer
enable
disable
RW
encrypt
Encryption Key 1
DisplayString
User Defined
W
encryptkey1
Encryption Key 2
DisplayString
User Defined
W
encryptkey2
Encryption Key 3
DisplayString
User Defined
W
encryptkey3
Encryption Key 4
DisplayString
User Defined
W
Deny non-encrypted
Data
Integer
enable
disable
RW
encryptallowdeny
Data Transmission
Encryption Key Usage
Integer
Key 1 (default)
Key 2
Key 3
Key 4
RW
encryptkeytx
R
CLI Parameter
wifsec
encryptkey4
Ethernet Filtering Table
Identify the different filters by using the table index.
Name
Type
Values
Ethernet Filtering Table
Table
N/A
Table Index
N/A
Operation Type
Ethernet Filtering
Protocol
Octet String
N/A
ACC.
CLI Parameter
R
etherflttbl
R
index
Allow
Deny
RW
etherfltoptype
N/A
RW
proto
Filter Comment
DisplayString
2- 31 characters
RW
cmt
Filter Status
Integer
enable (default)
disable
RW
status
127(
The filter Operation Type (allow or deny) applies only to the protocol filters that are enabled in this table.
6-25
Parameter Tables
IAPP Parameters
Name
Type
Values
IAPP
Group
N/A
ACC.
IAPP Status
Integer
enable (default)
disable
RW
iappstatus
Periodic Announce
Interval
Integer
1 - 4 seconds
RW
iappannint
Announce Response
Time
Integer
2 seconds
Handover Time-out
Integer
Max. Handover
Retransmissions
Send Announce
Request on Startup
R
CLI Parameter
iapp
R
iappannresp
410 ms
512 ms (default)
614 ms
717 ms
819 ms
RW
iapphandtout
Integer
1 - 10
RW
iapphandretx
Integer
enable (default)
disable
RW
iappannreqstart
Static MAC Address Filter Table
Name
Type
Values
Static MAC Address
Filter Table
Table
N/A
ACC.
CLI Parameter
Table Index
N/A
N/A
Static MAC Address on
Wired Network
PhysAddress
User Defined
RW
Static MAC Address
Mask on Wired Network
PhysAddress
User Defined
RW
Static MAC Address on
Wireless Network
PhysAddress
User Defined
RW
Static MAC Address
Mask on Wireless
Network
PhysAddress
User Defined
RW
Comment (optional)
DisplayString
2 – 31 characters
RW
cmt
Status (optional)
Integer
enable (default)
disable
RW
status
R
staticmactbl
R
index
wiredmacaddr
wiredmask
wirelessmacaddr
wirelessmask
Spanning Tree Parameters
Name
Type
Values
Spanning Tree
Group
N/A
ACC.
Spanning Tree Status
Integer
enable
disable (default)
RW
stpstatus
Bridge Priority
Integer
User Defined
RW
stppriority
Maximum Age
Integer
User Defined
RW
stpmaxage
Hello Time
Integer
User Defined
RW
stphellotime
Forward Delay
Integer
User Defined
RW
stpfwddelay
R
CLI Parameter
stp
6-26
Parameter Tables
Spanning Tree Priority and Path Cost for Each Interface
Name
Type
Values
Spanning Tree Table
Table
N/A
ACC.
R
CLI Parameter
stpbl
Table Index
N/A
N/A
R
index
Interface
Integer
1 = Ethernet
2 = PC Card A
3 = PC Card B
RW
if
Priority
Integer
User Defined
RW
priority
Path Cost
Integer
User Defined
RW
pathcost
Storm Threshold Parameters
Name
Type
Values
Storm Threshold
Group
N/A
ACC.
N/A
CLI Parameter
stmthres
Broadcast Threshold
Integer
4 – 250 packets/sec
RW
stmbrdthres
Multicast Threshold
Integer
4 – 250 packets/sec
RW
stmmultithres
Storm Threshold Table
Name
Type
Values
Storm Threshold Table
Table
N/A
ACC.
R
stmthrestbl
CLI Parameter
Table Index
Integer
1 = Ethernet
2 = PC Card A
3 = PC Card B
R
index
Broadcast Threshold
Integer
4 – 250 packets/sec
RW
bcast
Multicast Threshold
Integer
4 – 250 packets/sec
RW
mcast
MAC Access Control Table Parameters
Name
Type
Values
MAC Address Control
Table
Table
N/A
ACC.
Table Index
N/A
N/A
MAC Address
PhysAddress
User Defined
RW
macaddr
Comment (optional)
DisplayString
User Defined
RW
cmt
Status
Integer
enable (default)
disable
RW
status
R
R
CLI Parameter
macacltbl
index
6-27
Parameter Tables
DHCP Server Parameters
Name
Type
Values
DHCP Server
Group
N/A
ACC.
DHCP Server Status
Integer
enable (default)
disable
RW
dhcpstatus
Default Router IP
Address
IpAddress
User Defined
RW
dhcpgw
Default Lease Time
Integer32
>0
86400 sec (default)
RW
dhcpdefleasetm
Maximum Lease Time
Integer32
>0
86400 sec (default)
RW
dhcpmaxleasetm
R
CLI Parameter
dhcp
127(
The DHCP Server (dhcpstatus) can only be enabled after a DHCP IP Pool table entry has been created.
DHCP Server table for IP pools
Name
Type
Values
DHCP Server IP
Address Pool Table
Table
N/A
ACC.
R
CLI Parameter
dhcpippooltbl
Table Index
Integer
User Defined
N/A
Start IP Address
IpAddress
User Defined
RW
index
startipaddr
End IP Address
IpAddress
User Defined
RW
endipaddr
Width
Integer
User Defined
RW
width
Comment (optional)
DisplayString
User Defined
RW
cmt
Status
Integer
enable
disable
delete
RW
status
ACC.
SpectraLink VoIP Parameters
Name
Type
Values
Spectralink VoIP
Group
N/A
Spectralink VoIP Status
Integer
disable (default)
enable
R
RW
CLI Parameter
spectralink
speclinkstatus
6-28
Recording Your Configuration Settings
7
We recommend keeping a copy of the configuration settings for each of the AP-2000 devices in your network. The
information below is hard-coded in your system and can be viewed from the Web Interface pages by clicking the Status
button or by viewing the Inventory management Table information form the CLI using:
> show sysinvmgmt to see the entire table, or
> show sysinvmgmtcmptbl to see the Component Table, or
> show sysinvmgmtcmpiftbl to see the Component Interface Table only.
MAC Address of the AP-2000 unit
AP software image version
BSP/Bootloader firmware version
Hardware revision level
MAC Address of the PC Card in Slot A
Driver version of the PC CArd in Slot A
MAC Address of the PC Card in Slot B
Driver version of the PC Card in Slot B
In the web interface, click the Monitor button and select the Version tab. The table displays the Object ID and version
numbers for each piece of hardware. For the Hardware Revision Level, the following information may be useful when
contacting Technical Support:
Type
Object ID
AP-2000 with Mini-DIN8 serial port adapter
97
AP-2000 converted to AS-2000 with Mini-DIN8 serial port adapter
96
Use the following pages to document your configuration. You can use this information to easily recover your network
settings if necessary.
7-1
> set dhcpippooltbl <index> endipaddr <Ending IP Address in the Range>
End IP Address
Comment (optional)
> set dhcpippooltbl <index> cmt “Optional Comment”
(sec) > set dhcpippooltbl <index> maxleasetm <Time in Seconds>
(sec) > set dhcpippooltbl <index> defleasetm <Time in Seconds>
> set dhcpippooltbl <index> startipaddr <Starting IP Address in the Range>
Start IP Address
86400
> show dhcpippooltbl
Network Parameters - DHCP Server - IP Pool Table
86400
> set dhcpsecdnsipaddr <DNS Server IP Address>
Secondary DNS IP Address
Maximum Lease Time
> set dhcppridnsipaddr <DNS Server IP Address>
Primary DNS IP Address
Default Lease Time
> set dhcpgw <Default Gateway IP Address>
Gateway IP Address
> show dhcp
> set ipttl <number of hops to destination>
> set dhcpstatus <1=enable, 2=disable>
2 (disable)
64
Default TTL (Time to Live)
> set ipgw <Default Gateway IP Address>
DHCP Server Status
10.0.0.1
Default Router IP Address
(Gateway IP Address)
> set ipsubmask <IP Mask IP Address>
> set ipaddr <IP Address>
If the IP Address Assignment type is set to dynamic, no other information is required. The
AP-2000 device will act as a DHCP client to the server in your network.
Network Parameters - DHCP Server
10.0.0.1
255.0.0.0
IP Mask
> set ipaddrtype <static, dynamic>
IP Address (static)
> show network OR > show network ip
> set sysctphone “Contact Phone Number”
Contact Phone
dynamic (DHCP)
> set sysctnemail “name@organization.com”
IP Address Assignment Type
> set sysctname “Contact Name”
Contact E-mail
Network Parameters - IP Configuration
> set sysloc “Unit Location”
Contact Name
> set sysname <System Name>
AP-2000
Location
Name
CLI Parameter Syntax
> show system
My System Values
System Parameters
Factory Default Values
Configurable Parameters
Configurable Parameter
Table 7-1
In the table below, record the configuration settings for each of your AP-2000 units. The shaded cells indicate the location of the parameters within the HTTP web interface. The first
column in the table indicates the parameter name, the second column indicates the default value of each parameter (when applicable). Use the third column to record your settings.
The last column is an aide which indicates the CLI command syntax required to define the configuration parameters in case you need to re-enter data through the Command Line
Interface.
(721
7-2
Factory Default Values
CLI Parameter Syntax
500
5
Poll Interval
Poll Retransmissions
> show linkinttbl
> set linkinttbl <index> targetipaddr
Target IP Address
> show vlanidtbl
> set <index> id <VLAN ID>
> show wif OR show wif 3
> show wif 3 phytype
My Wireless Network A
enable
US/CAN: 52 - 5260 MHz
Japan: 34 - 5170
2347 (disable)
1
0 - Auto Fallback
VLAN ID (wireless interfaces)
Interfaces Parameters - Wireless Slot A with 5 GHz (802.11a) card
OFDM
Network Parameters - VLAN ID Table
Physical Layer Type
Network Name
Auto Channel Select
Frequency Channel
RTS/CTS Medium Reservation
DTIM Period
Transmit Rate
MHz > show wif 3 suppchannels
> set wif 3 channel <in the US: 36, 40, 44, 48, 52, 56, 60, 64 - in Japan: 34,38,42,46>
>set wif 3 autoselect <enable, disable>
> set wif 3 netname “Network Name for PC Card in Slot A”
> set vlanmgmtid <VLAN ID for AP-2000 device>
Management ID
> set vlan status <enable, disable>
disable
Status
> set linkinttbl <index> status <1=enable, 2=disable>
> show vlan
Network Parameters - VLAN
> set linkinttbl <index> cmt <Optional Comment>
Status
2 (disable)
Comment (optional)
0.0.0.0
Network Parameters - Link Intergrity - Target IP Address Table
> set linkintpollretx <Number of Times to Retransmit>
(sec) > set linkintpollint <Time in Seconds>
> set linkintstatus <1=enable, 2=disable>
> set dhcpippooltbl <index> status <1=enable, 2=disable>
> show linkint
My System Values
2 (disable)
2 (disable)
Link Integrity Status
Configurable Parameter
Configurable Parameters (Continued)
Network Parameters - Link Intergrity
Status
Table 7-1
DSSS
My Wireless Network A
enable
Physical Layer Type
Network Name
Auto Channel Select
When setting up WDS, Auto Channel Select must be disabled.
(721
>set wif 3 autoselect <enable, disable>
> set wif 3 netname “Network Name for PC Card in Slot A”
> show wif OR show wif 3
> show wif 3 phytype
Interfaces Parameters - Wireless Slot A with 2.4 GHz (802.11b) card
> show wif 3 suppdatarates
(Mbits/s) > set wif 3 txrate <6, 9, 12, 18, 24, 36, 48, 54>
(sec) > set wif 3 dtimperiod <1 - 65355>
> set wif 3 medres <500=enable - 2347=disable)
When setting up WDS, Auto Channel Select must be disabled.
(721
7-3
enable
1
disable
enable
Large
2 Mbits/s
RTS/CTS Medium Reservation
Interference Robustness
DTIM Period
Closed System
Load Balancing
Distance Between APs
Multicast Rate
00.00.00.00.00.00
disable
00.00.00.00.00.00
disable
00.00.00.00.00.00
disable
1.Partner MAC Address
Status
2.Partner MAC Address
Status
3.Partner MAC Address
Status
CLI Parameter Syntax
> show wif 3 suppchannels
MHz > set wif 3 channel <Frequency Channel>
When setting up WDS, Auto Channel Select must be disabled.
> set wif 3 distaps <Large, Medium, Small>
> set wif 3 ldbalancing <enable, disable>
>set wif 3 closedsys <enable, disable>
(sec) > set wif 3 dtimperiod <1 - 65355>
>set wif 3 interrobust <enable, disable>
> set wif 3 medres <500=enable - 2347=disable)
The Distance between APs and the Multicast Rate are inter-dependent. As you increase the
distance between APs, the Multicast rate drops.
> show wdstbl 3
> show wif 3 suppdatarates
(Mbits/s) > set wif 3 multrate <1, 2, 5.5, 11>
My System Values
Interfaces Parameters - Wireless Slot A with 2.4 GHz (802.11b) card- Wireless Distribution System
2347 (disable)
Frequency Channel
Factory Default Values
3 - 2422 MHz
11 - 2462 MHz (France)
Configurable Parameter
> set wdstbl 3.3 status <1=enable, 2=disable>
OR
> set wdstbl 3.3 <enable, disable>
> set wdstbl 3.3 partnermacaddr <MAC Address>
> set wdstbl 3.2 status <1=enable, 2=disable>
OR
> set wdstbl 3.2 <enable, disable>
> set wdstbl 3.2 partnermacaddr <MAC Address>
> set wdstbl 3.1 status <1=enable, 2=disable>
OR
> set wdstbl 3.1 <enable, disable>
> set wdstbl 3.1 partnermacaddr <MAC Address>
When setting up WDS, Auto Channel Select must be disabled.
The WDS table index uses two digits - the first represent the wireless interface card (3 = Slot A
and 4 = Slot B), the second digit represents the channel numbers 1-6.
(721
Configurable Parameters (Continued)
(721
Table 7-1
(721
7-4
3 - 2422 MHz
11 - 2462 MHz (France)
2347 (disable)
enable
1
disable
enable
Frequency Channel
RTS/CTS Medium Reservation
Interference Robustness
DTIM Period
Closed System
Load Balancing
>set wif 3 autoselect <enable, disable>
> set wif 4 netname “Network Name for PC Card in Slot A”
My Wireless Network B
enable
Network Name
Auto Channel Select
> show wif OR show wif 4
> show wif 4 suppdatarates
(Mbits/s) > set wif 4 txrate <6, 9, 12, 18, 24, 36, 48, 54>
> show wif 4 phytype
Transmit Rate
> set wif 4 medres <500=enable - 2347=disable)
(sec) > set wif 4 dtimperiod <1 - 65355>
DSSS
0 - Auto Fallback
DTIM Period
Physical Layer Type
1
RTS/CTS Medium Reservation
>set wif 4 autoselect <enable, disable>
> show wif 4 suppchannels
MHz > set wif 4 channel <36, 40, 44, 48, 52, 56, 60, 64>
Interfaces Parameters - Wireless Slot B with 2.4 GHz (802.11b) card
52 - 5260 MHz
2347 (disable)
Frequency Channel
enable
Auto Channel Select
> set wif 4 netname “Network Name for PC Card in Slot A”
My Wireless Network A
> set wdstbl 3.6 status <1=enable, 2=disable>
OR
> set wdstbl 3.6 <enable, disable>
> set wdstbl 3.6 partnermacaddr <MAC Address>
Network Name
disable
Status
> show wif OR show wif 4
0.0.0.0
6.Partner MAC Address
> set wdstbl 3.5 status <1=enable, 2=disable>
OR
> set wdstbl 3.5 <enable, disable>
> set wdstbl 3.5 partnermacaddr <MAC Address>
> show wif 4 phytype
disable
Status
OFDM
0.0.0.0
5.Partner MAC Address
> set wdstbl 3.4 status <1=enable, 2=disable>
OR
> set wdstbl 3.4 <enable, disable>
> set wdstbl 3.4 partnermacaddr <MAC Address>
CLI Parameter Syntax
Physical Layer Type
disable
Status
My System Values
Interfaces Parameters - Wireless Slot B with 5 GHz (802.11a) card
00.00.00.00.00.00
4.Partner MAC Address
Factory Default Values
Configurable Parameters (Continued)
Configurable Parameter
Table 7-1
> set wif 4 ldbalancing <enable, disable>
>set wif 4 closedsys <enable, disable>
(sec) > set wif 4 dtimperiod <1 - 65535>
>set wif 4 interrobust <enable, disable)
> set wif 4 medres <500=enable - 2347=disable)
> show wif 4 suppchannels
MHz > set wif 4 channel <Frequency Channel>
When setting up WDS, Auto Channel Select must be disabled.
(721
7-5
00.00.00.00.00.00
disable
00.00.00.00.00.00
disable
5.Partner MAC Address
Status
6.Partner MAC Address
Status
00.00.00.00.00.00
disable
Status
Status
4.Partner MAC Address
00.00.00.00.00.00
disable
3.Partner MAC Address
00.00.00.00.00.00
disable
Status
Status
2.Partner MAC Address
00.00.00.00.00.00
disable
1.Partner MAC Address
CLI Parameter Syntax
> set wif 4 distaps <Large, Medium, Small>
The Distance between APs and the Multicast Rate are inter-dependent. As you increase the
distance between APs, the Multicast rate drops.
> show wdstbl 4
> show wif 4 suppdatarates
(Mbits/s) > set wif 4 multrate <1, 2, 5.5, 11>
My System Values
Interfaces Parameters - Wireless Slot B with 2.4 GHz (802.11b) card - Wireless Distribution System
2 Mbits/s
Multicast Rate
Factory Default Values
Large
Distance Between APs
Configurable Parameter
Configurable Parameters (Continued)
> set wdstbl 4.6 status <1=enable, 2=disable>
OR
> set wdstbl 4.6 <enable, disable>
> set wdstbl 4.6 partnermacaddr <MAC Address>
> set wdstbl 4.5 status <1=enable, 2=disable>
OR
> set wdstbl 4.5 <enable, disable>
> set wdstbl 4.5 partnermacaddr <MAC Address>
> set wdstbl 4.4 status <1=enable, 2=disable>
OR
> set wdstbl 4.4 <enable, disable>
> set wdstbl 4.4 partnermacaddr <MAC Address>
> set wdstbl 4.3 status <1=enable, 2=disable>
OR
> set wdstbl 4.3 <enable, disable>
> set wdstbl 4.3 partnermacaddr <MAC Address>
> set wdstbl 4.2 status <1=enable, 2=disable>
OR
> set wdstbl 4.2 <enable, disable>
> set wdstbl 4.2 partnermacaddr <MAC Address>
> set wdstbl 4.1 status <1=enable, 2=disable>
OR
> set wdstbl 4.1 <enable, disable>
> set wdstbl 4.1 partnermacaddr <MAC Address>
When setting up WDS, Auto Channel Select must be disabled.
The WDS table index uses two digits - the first represent the wireless interface card (3 = Slot A
and 4 = Slot B), the second digit represents the channel numbers 1-6.
(721
Table 7-1
(721
7-6
> set httppasswd <Old Password> <New Password> <Confirm Password>
9600
None
Serial Baud Rate
Serial Flow Control
Telnet Port Number
30
23
Telnet Status
450
enable
HTTP Port
Telnet Session Idle Time-out
80
HTTP Status
> set serflowctrl <xon/xoff, none>
>set serbaudrate <2400, 4800, 9600, 19200, 38400, 57600>
(sec) > set telsessiontout <0 - 36000>
(sec) > set tellogintout <0 - 300 >
> set telport <0 - 65535>
> set telstatus <enable, disable>
> set httpport <0 - 65535>
We recommend leaving this setting at its default value.
(721
Telnet Login Time-out
> set snmpstatus <enable, disable>
enable
SNMP Status
> set httpstatus <enable, disable>
> show snmp OR show http OR show telnet OR show serial
disable
Management Parameters - Services
> set mgmtipaccesstbl <index> status <enable, disable>
enabled with entry
Status (optional)
> set mgmtipaccesstbl <index> if <1=Ethernet, 3=SlotA, 4=SlotB, all>
> set mgmtipaccesstbl <index> cmt <Optional Comment>
Interface (optional)
Comment (optional)
> set mgmtipaccesstbl <index> submask <IP Address>
IP Mask
all
> set mgmtipaccesstbl <index> ipaddr <IP Address>
IP Address
enable
> set mgmtpipaccesstblstatus <enable, disable>
HTTP (AP-2000) Password
> set telpasswd <Old Password> <New Password> <Confirm Password>
Management IP Access Table Status
public
Telnet/CLI Password
> set snmprpasswd <Old Password> <New Password> <Confirm Password>
> set snmprwpasswd <Old Password> <New Password> <Confirm Password>
> show mgmtipaccesstbl
public
SNMP Read/Write Password
10 and 100 indicate the transmission speed in Mbps.
Management Parameters - IP Access Table
public
public
SNMP Read Password
Management Parameters - Passwords
> set etherspeed <10halfduplex, 10fullduplex, 10autoduplex, 100halfduplex, 100fullduplex, autohalfduplex,
autospeedauto>
autospeedauto
Configuration
CLI Parameter Syntax
> show ethernet
My System Values
Interfaces Parameters - Ethernet (speed and transmission mode)
Factory Default Values
Configurable Parameters (Continued)
Configurable Parameter
Table 7-1
(721
7-7
disable
disable
disable
18 - 80:35 RARP Reverse ARP
19 - 81:4C SNMP Over Ethernet
20 - 08:88 Xyplex
Parameters - Static MAC Address Table
disable
IP/ARP Filtering Status
IP/ARP IP Mask
IP/ARP Filtering Address
disable
Proxy ARP Status
Filtering Parameters - Advanced Filtering
Refer to Filtering
Filtering Parameters - Static MAC Address Filter Table
disable
disable
disable
15 - 08:00 IP
17 - 81:37 Novell (ECONFIG E)
disable
14 - 80:D5 IBM SNA Services
16 - 08:06 IP-ARP
disable
disable
13 - 80:05 HP Probe Control
disable
11 - 60:02 DEC MOP Rem Cons
12 - 80:40 DEC Netbios
disable
disable
disable
8 - 60:04 DEC LAT
10 - 60:01 DEC MOP Dump/Load
disable
7 - 60:05 DEC Diagnostics
9 - 60:07 DEC LAVC
disable
disable
4 - 0B:AD Banyan VINES
6 - 60:03 Decnet Phase IV
disable
3 - 80:F3 Apple Talk ARP 1 and 2
5 - 0B:AF Banyan VINES Echo
disable
disable
2 - 80:09 Apple Talk 1 and 2
disable
1 - 80:19 Apollo Domain Status
Filtering Parameters - Ethernet Protocol Filter Table
> set etherfltstatus <enable, disable>
Operation Type
>set iparpfltsubmask <Network Mask IP Address>
>set iparpfltipaddr <Network filter IP Address>
>show iparp
>set iparp status <enable, disable>
>show parp
>setparp status <enable, disable>
To enable or disable a protocol filter:
> set etherflttbl <index> enable
OR
> set etherflttbl <index> protonumber <Protocol Number> status <enable, disable, delete>
To add a filter to the table:
> set etherflttbl <index> protonumber <Protocol Number> protoname <(Optional) Protocol Name> status
<(Optional) enable, disable, delete> cmt <Optional Comment>
The Ethernet Protocol Filter Table contains a list of common protocol filters. You can add filters
to this table as needed. The Filter Operation (passthru or block) applies only to the
protocols enabled in this table.
> show etherflttbl
> set etherfltoptype <passthru, block>
enable
block
Status
CLI Parameter Syntax
> show etherflt
My System Values
Filtering Parameters - Ethernet Protocol Filter
Factory Default Values
Configurable Parameters (Continued)
Configurable Parameter
Table 7-1
(721
7-8
7-9
2000
200
1500
Max Age
Hello Time
Forward Delay
Parameters - Spanning Tree - Priority Path and Cost Table
0
Multicast Wireless - Slot B Threshold
0
Broadcast Wireless - Slot A Threshold
0
0
Multicast Ethernet Threshold
0
0
Broadcast Ethernet Threshold
Broadcast Wireless - Slot B Threshold
0
Multicast Address Threshold
Multicast Wireless - Slot A Threshold
0
Broadcast Address Threshold
Bridge Parameters - Storm Threshold Table
Refer to Bridge
Bridge Parameters - Spanning Tree - Priority and Path Cost Table
32768
Bridge Priority
(packets/sec) >set stmthrestbl 4 mcast <0 - 9999>
(packets/sec) >set stmthrestbl 4 bcast <0 - 9999>
(packets/sec) >set stmthrestbl 3 mcast <0 - 9999>
(packets/sec) >set stmthrestbl 3 bcast <0 - 9999>
(packets/sec) >set stmthrestbl 1 mcast <0 - 9999>
(packets/sec) >set stmthrestbl 1 bcast <0 - 9999>
(packets/sec) >set stmmultithres <0 - 255>
(packets/sec) >set stmbrdthres <0 - 255>
>show stmthres
(1/100 sec) > set sptfwddelay <0 - 65535>
(1/100 sec) >set sptbridgehellotime <0 - 65535>
(1/100 sec) > set sptmaxage <0 - 65535>
> set stppriority <0 - 65535>
> set sptstatus <enable, disable>
enable
Spanning Tree Status
> set snmptraphosttbl <index> status <enable, disable>
Status (optional)
> show spt
> set snmptraphosttbl <index> cmt <Optional Comment>
Comment (optional)
Bridge Parameters - Spanning Tree
> set snmptraphosttbl <index> passwd <Old Password> <New Password> <Confirm Password>
Password
enabled with entry
> set snmptraphosttbl <index> ipaddr <IP Address>
IP Address
> set oriTrapsImageStatus <enable, disable>
> set oriTFTPTrapsStatus <enable, disable>
> set oriFlashMemoryTrapsStatus <enable, disable>
> set oriOperationalTrapsStatus <enable, disable>
> set oriWirelessIfTrapsStatus <enable, disable>
> set oriConfigurationTrapsStatus <enable, disable>
> set oriConfigurationTrapsStatus <enable, disable>
CLI Parameter Syntax
> show snmptraphosttbl
enable
Image Trap Status
My System Values
Alarms Parameters - Trap Host Table
enable
Operational Trap Status
enable
enable
Wireless Interface Trap Status
TFTP Trap Status
enable
Security Trap Status
Flash Memory Trap Status
enable
enable
Configuration Trap Status
Alarms Parameters - Groups
Factory Default Values
Configurable Parameters (Continued)
Configurable Parameter
Table 7-1
7-10
block
MAC Access Control Operation
> set macacltbl <index> macaddr <MAC address>
> set macacltbl <index> cmt <Optional Comment>
> set macacltbl <index> status <enable, disable, delete>
MAC Address
Comment (optional)
Status (optional)
disable
900
RADIUS MAC Access Control Status
Authorization Lifetime
> set radiustbl 1 status <enable, disable>
Status
none
Max. Retransmissions (optional)
Encryption Status (Wireless Slot A)
---
---
802.1x Security Mode
Encryption Status (Wireless Slot B)
Security Parameters - Encryption - None - Wireless Slot B
---
---
802.1x Security Mode
disable
none
disable
Response Time (optional)
Security Parameters - Encryption - None - Wireless Slot A
3
3
Destination Port
> set wifsec 4 encryptstatus disable
> set secconfig none
> set wifsec 3 encryptstatus disable
> set secconfig none
> set radiustbl 2 maxretx <Number of Times to Retransmit 1- 4>
(sec) > set radiustbl 2 responsetm <1 - 10>
> set radiustbl 2 ipaddr <IP Address>
> set radiustbl 2 port <1 - 65535>
1813
Server IP Address
disable
> set radiustbl 2 status <enable, disable>
> set radiustbl 1 maxretx <Number of Times to Retransmit 1 - 4>
(sec) > set radiustbl 1 responsetm <1 - 10>
> show radiustbl 2
Max. Retransmissions (optional)
Status
Response Time (optional)
> set radiustbl 1 ssecret <Password>
Security Parameters - RADIUS Authentication - Backup RADIUS Server
3
3
Shared Secret
> set radiustbl 1 port <Port Number>
1812
public
Port (optional)
> set radiustbl 1 ipaddr <IP Address>
Server IP Address
disable
> show radiustbl
Security Parameters - RADIUS Authentication - Primary RADIUS Server
(sec) > set radauthlifetm <90 - 43200>
> show radius
> set radmacaccctrl <enable, disable>
Security Parameters - RADIUS MAC Authentication
enable on entry
> show macacltbl
Security Parameters - MAC Access Control Table
> set macacloptype <passsthru, block>
> set macaclstatus <enable, disable>
disable
MAC Access Control Status
CLI Parameter Syntax
> show macacl
My System Values
Security Parameters - MAC Access Control
Factory Default Values
Configurable Parameters (Continued)
Configurable Parameter
Table 7-1
7-11
Encryption Status
Encryption Status
> set wifsec 4 encrypt <enable, disable>
1
Encrypt Date Transmissions Using
disable
Encryption Status (Wireless Slot A)
Encryption Status (Wireless Slot B)
Encryption Key 1
generated automatically
---
Encryption Status
Key Length
Mixed (WEP and 802.1x)
enable
802.1x Security Mode
---
(bits) >set secenckeylentbl 3 enckeylen <40 or 128>
> set wifsec 3 encryptstatus enable
> set secconfig mixed
(sec) > set secrekeyinterval <60 - 65535>
Rekeying Interval
Security Parameters - Encryption - Mixed (WEP and 802.1x) - Slot A
(bits) >set secenckeylentbl 4 enckeylen <40 or 128>
Key Length (Wireless Slot B)
> set wifsec 4 encryptstatus disable
(bits) >set secenckeylentbl 3 enckeylen <40 or 128>
Key Length (Wireless Slot A)
3600 seconds
> set secconfig 802.1x
disable
802.1x Security Mode
> set wifsec 3 encryptstatus disable
> show security
802.1x
Security Parameters - Encryption - 802.1x only
> set wifsec 4 encryptkeytx <Key Number 1-4>
> set wifsec 4 encryptkey4 <Encryption Key>
enable
> set wifsec 4 encryptkey3 <Encryption Key>
Encryption Key 3
Deny Non-Encrypted Data
> set wifsec 4 encryptkey2 <Encryption Key>
Encryption Key 2
Encryption Key 4
> set wifsec 4 encryptkey1 <Encryption Key>
(bits) > set wifsec 3 enckeylen <40, 128>
> set wifsec 4 encryptstatus enable
> set secconfig none
Encryption Key 1
Encryption Key Length
none
enable
802.1x Security Mode
Security Parameters - Encryption - WEP only - Slot B
> set wifsec 3 encrypt <enable, disable>
1
Encrypt Date Transmissions Using
> set wifsec 3 encryptkeytx <Key Number 1-4>
> set wifsec 3 encryptkey4 <Encryption Key>
enable
> set wifsec 3 encryptkey3 <Encryption Key>
Deny Non-Encrypted Data
> set wifsec 3 encryptkey2 <Encryption Key>
Encryption Key 3
Encryption Key 4
> set wifsec 3 encryptkey1 <Encryption Key>
(bits) > set wifsec 3 enckeylen <40, 128>
> set wifsec 3 encryptstatus enable
> set secconfig none
CLI Parameter Syntax
Encryption Key 2
enable
none
My System Values
Encryption Key 1
Encryption Key Length
---
---
802.1x Security Mode
Security Parameters - Encryption - WEP only - Slot A
Factory Default Values
Configurable Parameters (Continued)
Configurable Parameter
Table 7-1
3600 seconds
Rekeying Interval
Key 1
---
---
---
---
Key 1
3600 seconds
Encrypt Date Transmissions Using
Rekeying Interval
---
Key 1
---
(sec) > set secrekeyinterval <60 - 65535>
---
---
---
---
---
> show spectralink
> set spectralinkstatus <enable, disable>
This command requires you to re-enter the command for confirmation. The following message
will be displayed:
WARNING: This command will reset the device configuration parameters to factory
default values. Please re-enter this command in order to proceed with execution.
SpectraLink VoIP Status
disable
> set sysresettodefaults 1
SpectraLink VoIP (Voice over IP)
Reset to Factory Defaults
---
> set tftpipaddr <IP Address>
> upload <TFTP IP Address> <File Name> config
Commands - Reset
> show tftp
Server IP Address
10.0.0.2
Commands - Upload - TFTP Server
> set tftpipaddr <IP Address>
> download <TFTP IP Address> <File Name> <config, bin, bspbl>
disable
Deny Non-Encrypted Data
---
---
---
> show tftp
---
Encryption Key 4
10.0.0.2
---
Encryption Key 3
---
(bits) >set secenckeylentbl <index> enckeylen <40 or 128>
> set wifsec 4 encryptstatus enable
> set secconfig mixed
(sec) > set secrekeyinterval <60 - 65535>
---
---
---
---
Server IP Address
---
Encryption Key 2
---
CLI Parameter Syntax
---
Commands - Download - TFTP Server
generated automatically
Encryption Key 1
Key Length
Mixed (WEP and 802.1x)
enable
Encryption Status
My System Values
802.1x Security Mode
Security Parameters - Encryption - Mixed (WEP and 802.1x) - Slot B
disable
Key 1
---
Encryption Key 4
Encrypt Date Transmissions Using
---
Encryption Key 3
Deny Non-Encrypted Data
---
Encryption Key 2
Factory Default Values
Configurable Parameters (Continued)
Configurable Parameter
Table 7-1
(721
7-12
7-13
Wireless MAC Address
Wireless Mask
Comment (optional)
> show staicmactbl
> set staticmactbl <index> wiredmacaddr <wired MAC address>
> set staticmactbl <index> wiredmask <wired mask MAC address>
> set staticmactbl <index> wirelessmacaddr <wireless MAC address>
> set staticmactbl <index> wirelessmask <wireless mask MAC address>
> set staticmactble <index> cmt <Optional Comment>
> set staticmactbl status <enable, disable (optional - enabled with entry in table)>
Use the following commands to enter information into the Static MAC Address Table:
Wired Mask
Filtering Parameters - Static MAC Address Table
Wired MAC Address
Table 7-2
Status (optional)
Table 7-3
Port
Bridge Parameters - Spanning Tree - Priority Path and Cost Table
Priority
Path Cost
Status
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Use the following commands to enter information into the Priority Path and Cost Table:
> show stptbl
> set stptbl <index 1 - 15> priority <0 - 255>
> set stptbl <index> pathcost <1 - 65535>
> set stptbl <index> status <enable, disable, delete>
7-14
Specifications
8
In This Chapter
Q
Q
Hardware Specifications
Radio Specifications
– 802.11b Channel Frequencies
– 802.11a Channel Frequencies
– Wireless Communication Range
Hardware Specifications
Physical Specifications
AP-2000 Unit
Dimensions (H x W x L) = 5 x 18.5 x 26 cm (2 x 7.25 x 10.25 in.)
Weight = 1.75 Kg (3.5 lb.)
802.11a Antenna Adapter
Dimensions (H x W x L) = 11.3 x 2.10 x 26.2 cm (4.5 x 0.83 x 10.3in.)
Weight = 0.18kg (0.4lb)
Electrical Specifications
Without Active Ethernet Module
Voltage = 100 to 240 VAC (50-60 Hz)
Current = 0.2 amp
Power Consumption = 20 Watts
With Active Ethernet Module
Input Voltage = 42 to 60 VDC
Output Current = 200mA at 48V
Power Consumption = 9-10 Watts
Environmental Specifications
AP-2000 Unit
Operating = 0° to 40°C (32° to 104 °F) @ 20 to 90% relative humidity
Transport = -40° to 60°C (-40° to 140°F) @ 15 to 95% relative humidity (no condensation allowed)
Storage = -10° to 60°C (14° to 140°F) @ 10 to 90% relative humidity (no condensation allowed)
802.11a Antenna Adapter
Operating = 0° to 70°C (32° to 158 °F) @ 20 to 90% relative humidity
Transport = -40° to 75°C (-40° to 167 °F) @ 15 to 95% relative humidity
Storage = -20° to 75°C (-4° to 167 °F) @ 10 to 95% relative humidity
8-1
Hardware Specifications
Ethernet Interface
10/100 Base-T, RJ-45 female socket
PCMCIA Interface
PC Card Slot (A & B) = Standard PC Card slot for PC Card
Serial Port Interface
Connector Type = DB9, male
Serial Cable = Standard RS-232C serial data cable, with a female DB-9 connector at each end or a standard serial
cable and the Mini-DIN8 to DB-9 adapter included in your kit.
Active Ethernet Interface
Category 5, foiled, twisted pair cables must be used to ensure compliance with FCC Part 15, subpart B,
Class B requirements
Standard 802.3af pin assignments
HTTP Interface
Microsoft Internet Explorer 5.0 or better (preferred), or Netscape 4 or higher.
8-2
Radio Specifications
Radio Specifications
802.11a radio certification is currently available in the US/Canada (FCC) and Japan (VCCI) only at this time.
802.11b radio certification is available in the US/Canada (FCC), Japan (VCCI) , Europe (ETSI), and France.
802.11b Channel Frequencies
The following table shows the channel allocations that vary from country to country. Values listed in bold font indicate
default channels and frequencies.
Channel ID
FCC/World
(MHz)
ETSI
(MHz)
France
(MHz)
Japan
(MHz)
1
2412
2412
-
2412
2
2417
2417
-
2417
3 (default - most countries)
2422
2422
-
2422
4
2427
2427
-
2427
5
2432
2432
-
2432
6
2437
2437
-
2437
7
2442
2442
-
2442
8
2447
2447
-
2447
9
2452
2452
-
2452
10
2457
2457
2457
2457
11 (default-France)
2462
2462
2462
2462
12
-
2467
2467
2467
13
-
2472
2472
14
Table 8-1
2472
2484
802.11a Channel Frequencies
802.11a Channel Frequencies
The following table shows the channel allocations that vary from country to country. Values listed in bold font indicate
default channels and frequencies.
Channel ID
Table 8-2
FCC/World
(MHz)
ETSI
(MHz)
France
(MHz)
Japan
(MHz)
5170
34
-
-
-
36
5180
-
-
-
38
-
-
-
5190
40
5200
-
-
-
42
-
-
-
5210
44
5220
-
-
-
46
-
-
-
5230
48
5240
-
-
-
52
5260
-
-
-
56
5280
-
-
-
60
5300
-
-
-
64
5320
-
-
-
802.11a Channel Frequencies
8-3
Radio Specifications
Wireless Communication Range
The range of the wireless signal is related to the composition of objects in the radio wave path, and the transmit rate of
the wireless communication. Communications at a lower transmit range may travel longer distances.
127(
The range values listed in the Communications Range Chart are typical distances as measured at the
development laboratories. These values provide a rule of thumb and may vary according to the actual radio
conditions at the location where the product is used.
The range of your wireless devices can be affected when the antennas are placed near metal surfaces and solid highdensity materials. Ranges for outdoor antenna installations are related to type of outdoor antennas used, and length of
antenna cables. Range is also impacted due to "obstacles" in the signal path of the radio that may either absorb or
reflect the radio signal.
In Open Office environments, antennas can "see" each other (no physical obstructions between them). In Semi-open
Office environments, workspace is divided by shoulder-height, hollow wall elements; antennas are at desktop level. In
a Closed Office environment, solid walls and other obstructions may affect signal strength.
The following tables show typical range values for various environments.
Range
11 Mbs
5.5 Mbs
2 Mbs
1 Mbs
Open Office
160 m
(525 ft.)
270 m
(885 ft.)
400 m
(1300 ft.)
550 m
(1750 ft.)
Semi-Open Office
50 m
(165 ft.)
70 m
(230 ft.)
90 m
(300 ft.)
115 m
(375 ft.)
Closed Office
25 m
(80 ft.)
35 m
(115 ft.)
40 m
(130 ft.)
50 m
(165 ft.)
-82 dBm
-87 dBm
-91 dBm
-94 dBm
65 ns
225 ns
400 ns
500 ns
Receiver Sensitivity
Delay Spread
(at FER of <1%)
Table 8-3
802.11b Wireless communication ranges
Range
54 Mbs
48 Mbs
36 Mbs
24 Mbs
18 Mbs
12 Mbs
9 Mbs
6 Mbs
Open Office
19 m
(62 ft. )
35 m
(115 ft. )
74 m
(243 ft. )
112 m
(367 ft. )
153 m
(502 ft. )
189 m
(620 ft. )
232 m
(761 ft. )
258 m
(846 ft. )
Semi-Open Office
17 m
(56 ft. )
29 m
(95 ft. )
34 m
(111 ft. )
49 m
(161 ft. )
63 m
(206 ft. )
76 m
(249 ft. )
90 m
(295 ft. )
99 m
(325 ft. )
Closed Office
15 m
(49 ft. )
24 m
(79 ft. )
27 m
(88 ft. )
36 m
(118 ft. )
45 m
(147 ft. )
52 m
(170 ft. )
60 m
(197 ft. )
64 m
(210 ft. )
-65 dBm
-69 dBm
-73 dBm
-77 dBm
-80 dBm
-82 dBm
-84 dBm
-85 dBm
Receiver Sensitivity
Table 8-4
802.11a Wireless communication ranges
8-4
Download PDF
Similar pages