Page 1 ORiNOCO AP-600 Access Point User Guide...
Page 2 Proxim Corporation. Trademarks ORiNOCO is a registered trademark, and Proxim, and the Proxim logo are trademarks of Proxim Corporation. All other trademarks mentioned herein are the property of their respective owners. OpenSSL License Note This product contains software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http:// www.openssl.org/) and that is subject to the following copyright and conditions:...
Page 3: Table Of Contents
Contents Introduction ........... .12 Document Conventions .
Page 4 Contents LED Indicators ............. 32 Viewing Status Information .
Page 5 Contents Procedure to Reset Configuration via the Serial Interface ......63 Filtering ............. . 64 Ethernet Protocol .
Page 6 Contents Configuring MAC Access ..........86 Security Profiles.
Page 7 Contents Help Link ............120 Troubleshooting the AP-2000 .
Page 8 Contents A Using the Command Line Interface (CLI)......132 General Notes ............132 Prerequisite Skills and Knowledge .
Page 9 Contents Set up Auto Configuration ..........147 Other Network Settings .
Page 10 Contents Proxy ARP Parameters ..........171 IP ARP Filtering Parameters .
Page 11 Electrical Specifications ..........185 Environmental Specifications .
Page 12: Introduction
The term, 802.11, is used to describe features that apply to the 802.11a, 802.11b, and 802.11g wireless standards. • A Single-radio AP is an Access Point that supports one IEEE radio standard. The AP-600 is a Single-radio AP. • An 802.11a AP is an Access Point that supports the IEEE 802.11a standard.
Page 13: Guidelines For Roaming
Introduction Figure 1-1 Typical wireless network access infrastructure Once initialized, the network administrator can configure each unit according to the network’s requirements. The AP functions as a wireless network access point to data networks. An AP network provides: • Seamless client roaming •...
Page 14: Ieee 802.11 Specifications
Introduction IEEE 802.11 Specifications In 1997, the Institute of Electrical and Electronics Engineers (IEEE) adopted the 802.11 standard for wireless devices operating in the 2.4 GHz frequency band. This standard includes provisions for three radio technologies: direct sequence spread spectrum, frequency hopping spread spectrum, and infrared. Devices that comply with the 802.11 standard operate at a data rate of either 1 or 2 Megabits per second (Mbits/sec).
Page 15: Snmp Management
802.11 MIB – ORiNOCO Enterprise MIB Proxim provides these MIB files on the CD included with each Access Point. You need to compile one or more of the above MIBs into your SNMP program’s database before you can manage an Access Point using SNMP. Refer to the documentation that came with your SNMP manager for instructions on how to compile MIBs.
Page 16: Getting Started
Getting Started • Prerequisites • Product Package • System Requirements • Hardware Installation • Initialization • Download the Latest Software • Additional Hardware Features Prerequisites Before installing an AP, you need to gather certain network information. The following section identifies the information you need.
Page 17: Product Package
Getting Started Product Package Each Single-radio AP comes with the following: • One metal base for ceiling or desktop mounting (includes two screws) • Mounting hardware – Four 3.5 mm x 40 mm screws – Four 6 mm x 35 mm plugs •...
Page 18: Hardware Installation
Getting Started Hardware Installation Follow these steps to install a Single-radio AP: 1. Unpack the Access Point and accessories from the shipping box. 2. If you intend to install the unit free-standing or if you intend to mount it to the ceiling, use a Phillips screwdriver to attach the metal base to the underside of the unit.
Page 19 Getting Started Figure 2-3 Remove Cable Cover 5. Remove the front cover (the side with the LED indicators) from the unit. Figure 2-4 Remove the Front Cover 6. Remove the back cover from the unit.
Page 20 Getting Started Figure 2-5 Remove the Back Cover 7. Connect one end of an Ethernet cable to the Access Point’s Ethernet port. The other end of the cable should not be connected to another device until after the installation is complete. •...
Page 21 Getting Started NOTE Once attached, the power cable locks into place. To disconnect the power cable, slide back the black plastic fitting and gently pull the cable from the connector. 9. Connect the free end of the Ethernet cable to a hub, switch, patch panel, Active Ethernet power injector, or an Ethernet port on a computer.
Page 22: Initialization
4. Insert the Installation CD into the CD-ROM drive of the computer that you will use to configure the AP. – Result: The installation program will launch automatically. 5. Follow the on-screen instructions to install the Access Point software and documentation. NOTE The ORiNOCO Installation program supports the following operating systems: • Windows 98SE • Windows 2000 •...
Page 23 Getting Started NOTE If your computer has more than one network adapter installed, you will be prompted to select the adapter that you want ScanTool to use before the Scan List appears. If prompted, select an adapter and click OK. You can change your adapter setting at any time by clicking the Select Adapter button on the Scan List screen.
Page 24: Setup Wizard
Getting Started Figure 2-9 Scan Tool Change Screen Set IP Address Type to Static. Enter a static IP Address for the AP in the field provided. You must assign the unit a unique address that is valid on your IP subnet. Contact your network administrator if you need assistance selecting an IP address for the unit.
Page 25 Getting Started Figure 2-10 Enter Network Password Figure 2-11 Setup Wizard 5. Click Setup Wizard to begin. If you want to configure the AP without using the Setup Wizard, click Exit and see Performing Advanced Configuration. The Setup Wizard supports the following navigation options: •...
Page 26 — Multicast Rate: Sets the rate at which Multicast messages are sent. This value is related to the Distance Between APs parameter (described previously). The table below displays the possible Multicast Rates based on the Distance between APs. This feature is available only if you are using an Orinoco Classic Gold card. See Multicast Rate for more information.
Page 27: Download The Latest Software
Getting Started Distance between APs Multicast Rate Large 1 and 2 Mbits/sec Medium 1, 2, and 5.5 Mbits/sec Small 1, 2, 5.5 and 11 Mbits/sec Minicell 1, 2, 5.5 and 11 Mbits/sec Microcell 1, 2, 5.5 and 11 Mbits/sec • The following options are available for an 802.11b/g AP: —...
Page 28: Setup Your Tftp Server
AP for backup or copying, and you can download the files for configuration and AP Image upgrades. The Solarwinds TFTP server software is located on the ORiNOCO AP Installation CD-ROM. You can also download the latest TFTP software from Solarwind’s Web site at http://www.solarwinds.net.
Page 29: Download Updates From Your Tftp Server Using The Cli Interface
Getting Started Download Updates from your TFTP Server using the CLI Interface 1. Download the latest software from http://www.proxim.com. 2. Copy the latest software updates to your TFTP server. 3. Open the CLI interface via Telnet or a serial connection. 4.
Page 30 Getting Started Figure 2-12 Attach the Back Cover to the Wall 13. Attach Ethernet and power cables to the AP unit, if necessary. 14. Snap the unit into the back cover. In the following example, the unit is mounted upside down and its antenna is facing down.
Page 31: Ceiling Mount
Getting Started 15. Replace the front cover. 16. Replace the cable cover. 17. Turn on the AP. Ceiling Mount Follow these steps to mount the AP to a ceiling: 1. Unplug the Access Point’s power supply, if necessary. 2. Use a Phillips screwdriver to attach the metal base to the underside of the AP, if necessary. See Attach the Metal Base for an illustration.
Page 32 Getting Started The AP has been certified under UL Standard 2043 and can be installed in the plenum only when the following conditions apply: • The unit uses Active Ethernet (AE) to receive power over a plenum-rated Category 5 Ethernet cable (the power cable must not be connected to the unit).
Page 33: Active Ethernet
Also see Hardware Specifications. NOTE The AP’s 802.3af-compliant Active Ethernet module is backwards compatible with all ORiNOCO Active Ethernet hubs that do not support the IEEE 802.3af standard. LED Indicators The AP has four LED indicators. The LEDs are identified in...
Page 34 Getting Started Power LED Ethernet Link LED Ethernet Activity LED Wireless Activity LED Figure 2-16 LED Indicators Illustrated...
Page 35: Related Topics
Getting Started Related Topics The Setup Wizard helps you configure the basic AP settings required to get the unit up and running. The AP supports many other configuration and management options. The remainder of this user guide describes these options in detail. –...
Page 36: Viewing Status Information
Viewing Status Information • Logging into the HTTP Interface • System Status Logging into the HTTP Interface Once the AP has a valid IP Address and an Ethernet connection, you may use your web browser to monitor the system status. Follow these steps to monitor an AP’s operating statistics using the HTTP interface: 1.
Page 37: System Status
Viewing Status Information System Status System Status is the first screen to appear each time you connect to the HTTP interface. You can also return to this screen by clicking the Status button. Figure 3-2 System Status Screen Each section of the System Status screen provides the following information: –...
Page 38: Performing Advanced Configuration
Performing Advanced Configuration • Configuring the AP Using the HTTP/HTTPS Interface • System: Configure specific system information such as system name and contact information. • Network: Configure IP settings, DNS client, DHCP server, and Link Integrity. • Interfaces: Configure the Access Point’s interfaces: Wireless and Ethernet. Also describes configuring a Wireless Distribution System (WDS).
Page 39 Performing Advanced Configuration Figure 4-1 Enter Network Password Screen 5. Click the Configure button located on the left-hand side of the screen. Figure 4-2 Configure Main Screen 6. Click the tab that corresponds to the parameter you want to configure. For example, click Network to configure the Access Point’s TCP/IP settings.
Page 40: System
Performing Advanced Configuration System You can configure and view the following parameters within the System Configuration screen: • Name: The name assigned to the AP. System name must be between 1-31 characters. Refer to the Dynamic DNS Support Access Point System Naming Convention sections for rules on naming the AP.
Page 41: Network
Performing Advanced Configuration Network The Network tab contains three sub-tabs. – IP Configuration – DHCP Server – Link Integrity IP Configuration You can configure and view the following parameters within the IP Configuration screen: NOTE You must reboot the Access Point in order for any changes to the Basic IP or DNS Client parameters take effect.
Page 42: Dhcp Server
Performing Advanced Configuration DHCP Server If your network does not have a DHCP Server, you can configure the AP as a DHCP server to assign dynamic IP addresses to Ethernet nodes and wireless clients. CAUTION Make sure there are no other DHCP servers on the network and do not enable the DHCP server without checking with your network administrator first, as it could bring down the whole network.
Page 43: Link Integrity
Performing Advanced Configuration You can configure and view the following parameters within the DHCP Server Configuration screen: • Enable DHCP Server: Place a check mark in the box provided to enable DHCP Server functionality. NOTE You cannot enable the DHCP Server functionality unless there is at least one IP Pool Table Entry configured. •...
Page 44: Interfaces
Performing Advanced Configuration Figure 4-4 Link Integrity Configuration Screen Interfaces The Interfaces tab contains the following sub-tabs: – Operational Mode – 8Wireless-A and Wireless-B – Ethernet From these sub-tabs, you configure the Access Point’s operational mode, wireless interface settings and Ethernet settings.
Page 45 Performing Advanced Configuration Operational Mode Operational Mode Selection You can configure and view the following parameters within the Operational Mode screen. • Operational Mode: the mode of communication between the wireless clients and the Access Point: • 802.11b only • 802.11g only •...
Page 46: Wireless A (802.11A)
Performing Advanced Configuration Configuring TX Power Control 1. Click Configure > Interfaces > Operational Mode. 2. Select Enable Transmit Power Control. 3. Select the transmit power level for interface A from the Wireless-A: Transmit Power Level drop-down menu. 4. Click OK. Figure 4-5 Operational Mode Wireless...
Page 47 Performing Advanced Configuration Abbildung 4-6 Wireless Interface Sub-tab NOTE You must reboot the Access Point before any changes to these parameters take effect. • Physical Interface Type: For an 802.11a AP, this field reports: “802.11a (OFDM 5 GHz).” OFDM stands for Orthogonal Frequency Division Multiplexing;...
Page 48 Performing Advanced Configuration NOTE You cannot disable Auto Channel Select for 802.11a products in Europe (see Dynamic Frequency Selection (DFS) for details). • Frequency Channel: When Auto Channel Select is enabled, this field is read-only and displays the Access Point’s current operating Channel.
Page 49: Wireless (802.11B)
Performing Advanced Configuration are the specified size or greater. You should not need to enable this parameter for most networks unless you suspect that the wireless cell contains hidden nodes. Wireless Service Status The user can shutdown (or resume) the wireless service on the wireless interface of the AP through the CLI, HTTP, or SNMP interface.
Page 50 The receiving radio reassembles the original packet once all fragments have been received. This feature is available only if you are using an Orinoco Classic Gold card. This option is disabled by default.
Page 51 Access Points). Note that this feature is available only if you are using an Orinoco Classic Gold card. Proxim recommends that you leave this parameter enabled, particularly if you have ORiNOCO clients on your wireless network (leaving this parameter enabled should not adversely affect the performance of any ORiNOCO ComboCards or non-ORiNOCO cards on your network).
Page 52 Performing Advanced Configuration CAUTION The distance between APs should not be approximated. It is calculated by means of a manual Site Survey, in which an AP is set up and clients are tested throughout the area to determine signal strength and coverage, and local limits such as physical interference are investigated.
Page 53: Wireless (802.11B/G)
The Distance Between APs must be set before the Multicast Rate, because when you select the Distance Between APs, the appropriate range of Multicast values automatically populates the drop-down menu. This feature is not available if you are using an ORiNOCO ComboCard or a non-ORiNOCO client with the AP. Wireless (802.11b/g) You can configure the following radio parameters for an 802.11b/g AP:...
Page 54 Performing Advanced Configuration • RTS/CTS Medium Reservation: This parameter affects message flow control and should not be changed under normal circumstances. Range is 0 to 2347. When set to a value between 0 and 2347, the Access Point uses the RTS/CTS mechanism for packets that are the specified size or greater.
Page 55: Wireless Distribution System (Wds)
Performing Advanced Configuration • Auto Channel Select: The AP scans the area for other Access Points and selects a free or relatively unused communication channel. This helps prevent interference problems and increases network performance. By default this feature is enabled. See 802.11a Channel Frequencies 802.11g Channel Frequencies for a list of...
Page 56 Performing Advanced Configuration AP 2 AP 1 Client 1 Client 2 Figure 4-9 WDS Example Bridging WDS Each WDS link is mapped to a logical WDS port on the AP. WDS ports behave like Ethernet ports rather than like standard wireless interfaces: on a BSS port, an Access Point learns by association and from frames; on a WDS or Ethernet port, an Access Point learns from frames only.
Page 57 Performing Advanced Configuration 2. Write down the MAC Address of the radio that you wish to include in the Wireless Distribution System. 3. Click on Interfaces > Wireless. 4. Scroll down to the Wireless Distribution System heading. 5. Click the Edit button to update the Wireless Distribution System (WDS) Table (see Figure 4-8).
Page 58: Ethernet
Performing Advanced Configuration 8. Click OK. 9. Enter the MAC Address that you wrote down in Step 2 in one of the Partner MAC Address field of the Wireless Distribution Setup window. 10. Set the Status of the device to Enable. 11.
Page 59: Management
Performing Advanced Configuration Management The Management tab contains five sub-tabs. – Passwords – IP Access Table – Services – Automatic Configuration (AutoConfig) – Hardware Configuration Reset (CHRP) Passwords The following passwords are configurable: • SNMP Read Community Password: The password for read access to the AP using SNMP. Enter a password in both the Password field and the Confirm field.
Page 60: Services
Performing Advanced Configuration Services You can configure the following management services: NOTE You must reboot the Access Point if you change the HTTP Port or Telnet Port. Secure Management Secure Management allows the use of encrypted and authenticated communication protocols such as SNMPv3, and Secure Socket Link (SSL), to manage the Access Point.
Page 61 Performing Advanced Configuration Figure 4-12 Management Services Configuration Screen...
Page 62: Telnet Configuration Settings
Performing Advanced Configuration Telnet Configuration Settings • Telnet Interface Bitmask: Select the interface (Ethernet, Wireless, All Interfaces) from which you can manage the AP via telnet. This parameter can also be used to Disable telnet management. • Telnet Port: The default port number for Telnet applications is 23. However, you can use this field if you want to change the Telnet port for security reasons (but your Telnet application also must support the new port number you select).
Page 63 Performing Advanced Configuration To manually generate or delete host keys on the AP: • Select Create to generate a new pair of host keys. • Select Delete to remove the host keys from the AP. If no host keys are present, the AP will not allows connections using SSH.
Page 64: Serial Configuration Settings
Performing Advanced Configuration Serial Configuration Settings The serial port interface on the AP is enabled at all times. See Setting IP Address using Serial Port for information on how to access the CLI interface via the serial port. You can configure and view following parameters: –...
Page 65: Automatic Configuration (Autoconfig)
4. Enter the IP address of the TFTP server in the TFTP Server Address field. NOTE The default filename is “config”. The default TFTP IP address is “169.254.128.133” for AP-600. 5. Click OK to save the changes. 6. Reboot the AP. When the AP reboots it receives the new configuration information and must reboot one additional time.
Page 66 Performing Advanced Configuration Figure 4-14 Automatic Configuration Screen Set up Automatic Configuration for Dynamic IP Perform the following procedure to enable and set up Automatic Configuration when you have a dynamic IP address for the TFTP server via DHCP. The Configuration filename and the TFTP server IP address are contained in the DHCP response when the AP gets its IP address dynamically from the DHCP server.
Page 67 Performing Advanced Configuration Figure 4-15 DHCP Options: Setting the Boot Server Host Name 4. Add the Boot Server Host Name and Boot Filename parameters to the Active Options list. 5. Set the value of the Boot Server Host Name Parameter to the host name or IP Address of the TFTP server. For example: 11.0.0.7.
Page 68: Hardware Configuration Reset (Chrp)
Performing Advanced Configuration Hardware Configuration Reset (CHRP) Hardware Configuration Reset Status is a parameter that defines the hardware configuration reset behavior of the AP (i.e., what effect pressing the reload button has on an AP operating in normal operating mode). If a user loses or forgets the AP’s HTTP/Telnet/SNMP password, the reset button on the AP provides a way to reset the AP to default configuration values to gain access to the AP.
Page 69: Configuring Hardware Configuration Reset
Performing Advanced Configuration Configuring Hardware Configuration Reset Perform the following procedure to configure Hardware Configuration Reset and to set the Configuration Reset Password. 1. Click Configure -> Management -> CHRD. 2. Check (enable) or uncheck (disable) the Enable Hardware Configuration Reset checkbox. 3.
Page 70: Filtering
Performing Advanced Configuration Filtering The Access Point’s Packet Filtering features help control the amount of traffic exchanged between the wired and wireless networks. There are four sub-tabs under the Filtering tab: – Ethernet Protocol – Static MAC – Advanced – TCP/UDP Port Ethernet Protocol The Ethernet Protocol Filter blocks or forwards packets based on the Ethernet protocols they support.
Page 71 Performing Advanced Configuration Taken together, a MAC Address/Mask pair specifies an address or a range of MAC addresses that the AP will look for when examining packets. The AP uses Boolean logic to perform an “AND” operation between the MAC Address and the Mask at the bit level.
Page 72: Static Mac Filter Examples
Performing Advanced Configuration Static MAC Filter Examples Consider a network that contains a wired server and three wireless clients. The MAC address for each unit is as follows: – Wired Server: 00:40:F4:1C:DB:6A – Wireless Client 1: 00:02:2D:51:94:E4 – Wireless Client 2: 00:02:2D:51:32:12 –...
Page 73: Advanced
Performing Advanced Configuration • Wired Mask: FF:FF:FF:FF:FF:FF • Wireless MAC Address: 00:00:00:00:00:00 • Wireless Mask: 00:00:00:00:00:00 Result: The Access Point does not forward any packets that have a destination address of 01:00:5E:00:32:4B to the wireless network. Advanced You can configure the following advanced filtering options: •...
Page 74: Editing Tcp/Udp Port Filters
Performing Advanced Configuration • All Interfaces 7. Click OK. Editing TCP/UDP Port Filters 1. Click Edit under the TCP/UDP Port Filter Table heading. 2. Make any changes to the Protocol Name or Port Number for a specific entry, if necessary. 3.
Page 75: Alarms
Performing Advanced Configuration Alarms This tab has three sub-tabs. – Groups – Alarm Host Table – Syslog – Rogue Access Point Detection (RAD) Groups The AP can be configured to generate and send alarms/notifications/traps as version 1 or a version 2c. Use the drop-down menu to select SNMP alarm type.
Page 76 Performing Advanced Configuration • Security Trap Group Trap Name Description Authentication Failure oriTrapAuthenticationFailure Unauthorized Manager Detected oriTrapUnauthorizedManagerDetected RAD Scan Complete oriTrapRADScanComplete RAD Scan Results oriTrapRADScanResults • Wireless Interface/Card Trap Group Trap Name Description Wireless Card Not Present oriTrapWLCNotPresent Wireless Card Failure oriTrapWLCFailure Wireless Card Removal oriTrapWLCRemoval...
Page 77 Performing Advanced Configuration Flash Memory Corrupted oriTrapFlashMemoryCorrupted Restoring Last Known Good Configuration File oriTrapFlashMemoryRestoringLastKnownGoodConfiguration • TFTP Trap Group Trap Name Description TFTP Operation Failure oriTrapTFTPFailedOperation TFTP Operation Initiated oriTrapTFTPOperationInitiated TFTP Operation Completed oriTrapTFTPOperationCompleted • Image Trap Group Trap Name Description Zero Size Image oriTrapZeroSizeImage Invalid Image...
Page 78: Severity Levels
Performing Advanced Configuration Severity Levels There are three severity levels for system alarms: – Critical – Major – Informational Critical alarms will often result in severe disruption in network activity or an automatic reboot of the AP Major alarms are usually activated due to a breach in the security of the system. Clients cannot be authenticated or an attempt at unauthorized access into the AP has been detected.
Page 79: Syslog Messages
Performing Advanced Configuration • Syslog Heartbeat Status: Enables or disables the sending of heartbeat messages from the AP to the configured Syslog servers. • Syslog Heartbeat Interval: Specifies the interval (in seconds) at which Syslog Heartbeat messages are sent to the configured Syslog servers.
Page 80: Rogue Access Point Detection (Rad)
Performing Advanced Configuration Rogue Access Point Detection (RAD) The Rogue AP Detection (RAD) feature provides an additional security level for wireless LAN deployments. Rogue AP detection provides a mechanism for detecting Rogue Access Points by utilizing the coverage of the trusted Access Point deployment.
Page 81: Configuring Rad
Performing Advanced Configuration Example Rogue AP Detection Deployment Figure 4-20 Example Rogue AP Detection Deployment Additionally, the RAD scan results are maintained in a table that can be queried via SNMP. The system administrator has to enable RAD on the Access Points in the wireless network and also configure the Trap Host on all these Access Points to the IP address of the management station.
Page 82 Performing Advanced Configuration Figure 4-21 Rogue Access Point Detection Screen...
Page 83: Bridge
Performing Advanced Configuration Bridge The AP is a bridge between your wired and wireless networking devices. As a bridge, the functions performed by the AP include: • MAC address learning • Forward and filtering decision making • Spanning Tree protocol used for loop avoidance Once the AP is connected to your network, it learns which devices are connected to it and records their MAC addresses in the Learn Table.
Page 84: Packet Forwarding (Pkt Fwd)
4. Click OK to save your changes. QoS (Quality of Service) This feature is not supported in the AP. Clicking on this tab displays the following message: “The Quality of Service (QoS) feature is not implemented on the AP-600 and AP-2000.”...
Page 85: Radius Profiles
Performing Advanced Configuration RADIUS Profiles Configuring RADIUS Profiles on the AP define a profile for RADIUS Servers used by the system or by a VLAN. The network administrator can define RADIUS Servers per Authentication Mode and per VLAN. The AP communicates with the RADIUS server defined in a profile to provide the following features: –...
Page 86: Radius-Based Vlan Assignment
Performing Advanced Configuration server used depends on whether the authentication is done for an 802.1x client or non-802.1x client. The clients in VLAN 2 are authenticated using a different set of authentication servers configured for authenticating users in VLAN 2. Authentication servers for each VLAN are configured as part of the configuration options for that VLAN.
Page 87: Adding Or Modifying A Radius Server Profile
Performing Advanced Configuration Adding or Modifying a RADIUS Server Profile Perform the following procedure to add a RADIUS server profile and to configure its parameters. 1. Click Add to create a new profile. To Modify an existing profile, select the profile and click Edit. To delete an existing profile, select the profile and click Delete.
Page 88: Mac Access Control Via Radius Authentication
Performing Advanced Configuration • Server Name/IP Address: Enter the server’s name or IP address. • Destination Port: Enter the port number which the AP and the server will use to communicate. By default, RADIUS servers communicate on port 1812. • Server VLAN ID: Indicates the VLAN that uses this RADIUS server profile.
Page 89: Radius Accounting
Performing Advanced Configuration RADIUS Accounting Using an external RADIUS server, the AP can track and record the length of client sessions on the access point by sending RADIUS accounting messages per RFC2866. When a wireless client is successfully authenticated, RADIUS accounting is initiated by sending an “Accounting Start”...
Page 90: Ssid/Vlan/Security
Performing Advanced Configuration SSID/VLAN/Security The AP provides several security features to protect your network from unauthorized access. Virtual Local Area Networks (VLANs) are logical groupings of network hosts. Defined by software settings, other VLAN members or resources appear (to clients) to be on the same physical segment, no matter where they are attached on the logical LAN or WAN segment.
Page 91 Performing Advanced Configuration Figure 4-25 Components of a typical VLAN VLAN Workgroups and Traffic Management Access Points that are not VLAN-capable typically transmit broadcast and multicast traffic to all wireless Network Interface Cards (NICs). This process wastes wireless bandwidth and degrades throughput performance. In comparison, VLAN-capable AP is designed to efficiently manage delivery of broadcast, multicast, and unicast traffic to wireless clients.
Page 92: Enabling/Disabling Vlan Protocol
Performing Advanced Configuration The three primary scenarios for using VLAN workgroups are as follows: 1. VLAN disabled: Your network does not use VLANs, and you cannot configure the AP to use multiple SSIDs. 2. VLAN enabled, each VLAN workgroup uses a different VLAN ID Tag 3.
Page 93: Mac Access
Performing Advanced Configuration MAC Access The MAC Access sub-tab allows you to build a list of stations, identified by their MAC addresses, authorized to access the network through the AP. The list is stored inside each AP within your network. Note that you must reboot the AP for any changes to the MAC Access Control Table to take effect.
Page 94: Security Profiles
Performing Advanced Configuration Security Profiles The AP supports the following Security features: • Encryption: The original encryption technique specified by the IEEE 802.11 standard. • 802.1x Authentication: An IEEE standard for client authentication. • Wi-Fi Protected Access (WPA): A new standard that provides improved encryption security over WEP. WEP Encryption The IEEE 802.11 standards specify an optional encryption feature, known as Wired Equivalent Privacy or WEP, that is designed to provide a wireless LAN with a security level equal to what is found on a wired Ethernet network.
Page 95: Wi-Fi Protected Access (Wpa)
Performing Advanced Configuration Authentication Process There are three main components in the authentication process. The standard refers to them as: supplicant (client PC) authenticator (Access Point) authentication server (RADIUS server) When using Authentication Mode to 802.1x, WPA, Mixed mode (802.1x and WEP), or 802.11i, you need to configure your RADIUS server for authentication purposes.
Page 96: Authentication Protocol Hierarchy
Performing Advanced Configuration – Each client uses a different key to encrypt and decrypt unicast packets exchanged with the AP – A client's key is different for every session; it changes each time the client associates with an AP – The AP uses a single global key to encrypt broadcast packets that are sent to all clients simultaneously –...
Page 97: Configuring Security Profiles
Performing Advanced Configuration Configuring Security Profiles Security policies can be configured and applied on the AP as a whole, or on a per VLAN basis. When VLAN is disabled on the AP, the user can configure a security profile for each interface of the AP. When VLANs are enabled and Security per SSID is enabled, the user can configure a security profile for each VLAN.
Page 98 Performing Advanced Configuration • Authentication Mode: 802.1x • Cipher: WEP • Encryption Key Length: 64 or 128 Bits. • If 802.1x is enabled simultaneously with WEP, the 802.1x Station’s encryption key length is determined by the WEP encryption key. • WPA Station: •...
Page 99 Performing Advanced Configuration Figure 4-29 Security Profile Table - Add Entries...
Page 100: Adding Or Modifying An Ssid/Vlan With Vlan Protocol Disabled
Performing Advanced Configuration Wireless Each SSID/VLAN can have its own Security Profile that defines its security mode, authentication mechanism, and encryption, so that customers can have multiple types of clients (non-WEP, WEP, 802.1x, WPA) on the same system, but separated per VLAN. Refer to the Security Profiles section for more information.
Page 101 Performing Advanced Configuration Figure 4-32 SSID/VLAN Edit Entries Screen (VLAN Protocol Disabled) 4. Enter a unique Network Name (SSID), between 1 and 32 characters. This parameter is mandatory. 5. Enter a unique VLAN ID. This parameter is mandatory. – You must specify a unique VLAN ID for each SSID on the interface. A VLAN ID is a number from -1 to 4094. A value of -1 means that an entry is “untagged.”...
Page 102 Performing Advanced Configuration Figure 4-33 SSID, VLAN, and Security Data Configuration (VLAN Protocol Disabled) 8. Enable or disable RADIUS accounting on the VLAN/SSID under the Accounting Status drop-down menu. 9. Enable or disable RADIUS MAC authentication status on the VLAN/SSID under the RADIUS Authentication Status drop-down menu.
Page 103: Adding Or Modifying An Ssid/Vlan With Vlan Protocol Enabled
Performing Advanced Configuration 13. Define the RADIUS Server Profile Configuration for the VLAN/SSID: • RADIUS MAC Authentication Profile • RADIUS EAP Authentication Profile • RADIUS Accounting Profile If 802.1x, WPA, or 802.11i security mode is used, the RADIUS EAP Authentication Profile must have a value. A RADIUS Server Profile for authentication for each VLAN shall be configured as part of the configuration options for that VLAN.
Page 104 Performing Advanced Configuration The Add Entry or Edit Entry screen appears. See Figure 4-33 below and Figure 4-34 on page Figure 4-35 SSID/VLAN Add Entries Screen (VLAN Protocol Enabled)
Page 105 Performing Advanced Configuration Figure 4-36 SSID/VLAN Edit Entries Screen (VLAN Protocol Enabled) 4. Enter a unique Network Name (SSID), between 1 and 32 characters. This parameter is mandatory. 5. Enter a unique VLAN ID. This parameter is mandatory. – You must specify a unique VLAN ID for each SSID on the interface. A VLAN ID is a number from -1 to 4094. A value of -1 means that an entry is “untagged.”...
Page 106: Broadcast Ssid And Closed System
Performing Advanced Configuration NOTE If you have two or more SSIDs per interface using a security Profile with a security mode of Non Secure, be aware that security being applied in the VLAN is not being applied in the wireless network. 13.
Page 107: Monitoring The Ap-2000
Monitoring the AP-600 • Logging into the HTTP Interface • Version: Provides version information for the Access Point’s system components. • ICMP: Displays statistics for Internet Control Message Protocol packets sent and received by the AP. • IP/ARP Table: Displays the AP’s IP Address Resolution table.
Page 108 Monitoring the AP-600 Figure 5-1 Enter Network Password Screen 5. Click the Monitor button located on the left-hand side of the screen. Figure 5-2 Monitor Main Screen 6. Click the tab that corresponds to the statistics you want to review. For example, click Learn Table to see the list of nodes that the AP has discovered on the network.
Page 109: Version
Monitoring the AP-600 Version From the HTTP interface, click the Monitor button and select the Version tab. The list displayed provides you with information that may be pertinent when calling Technical Support. With this information, your Technical Support representative can verify compatibility issues and make sure the latest software are loaded. This screen displays the following information for each Access Point component: •...
Page 110: Icmp
Monitoring the AP-600 ICMP This tab provides statistical information for both received and transmitted messages directed to the AP. Not all ICMP traffic on the network is counted in the ICMP (Internet Control Message Protocol) statistics. Figure 5-4 ICMP Monitoring Screen...
Page 111: Learn Table
There can be up 10,000 entries in the Learn Table. Figure 5-6 Learn Table IAPP This tab displays statistics relating to client handovers and communications between ORiNOCO Access Points. Figure 5-7 IAPP Screen...
Page 112: Radius
Monitoring the AP-600 RADIUS This tab provides RADIUS authentication, EAP/802.1x authentication, and accounting information for both the Primary and Backup RADIUS servers. NOTE RADIUS authentication and accounting must be enabled for this information to be valid. Figure 5-8 RADIUS Monitoring Screen...
Page 113: Interfaces
Monitoring the AP-600 Interfaces This tab displays statistics for the Ethernet and wireless interfaces. The Operational Status can be up, down, or testing. Figure 5-9 Wireless Interface Monitoring...
Page 114: Station Statistics
Monitoring the AP-600 Station Statistics This tab displays information on wireless clients attached to the AP and on Wireless Distribution System links. Enabling and Viewing Station Statistics To enable the monitoring of Stations Statistics, perform the following procedure: 1. Click on the Monitor tab on the left on the web page.
Page 115 Monitoring the AP-600 • Interface to which the Station is connected: The interface number on which the client is connected with the AP. For WDS links this is the interface on which the link is configured. • Station Type: The type of wireless client (STA or WDS).
Page 116: Performing Commands
Performing Commands • Logging into the HTTP Interface • Introduction to File Transfer via TFTP or HTTP: Describes the available file transfer methods. • Update AP via TFTP: Download files from a TFTP server to the AP. • Update AP via HTTP: Download files to the AP from HTTP.
Page 117 Performing Commands Figure 6-1 Enter Network Password Screen 5. Click the Commands button located on the left-hand side of the screen. Figure 6-2 Commands Main Screen 6. Click the tab that corresponds to the command you want to issue. For example, click Reboot to restart the unit.
Page 118: Introduction To File Transfer Via Tftp Or Http
A TFTP server must be running and configured to point to the directory containing the file. If you do not have a TFTP server installed on your system, install the TFTP server from the ORiNOCO CD. HTTP File Transfer Guidelines HTTP file transfer can be performed either with or without SSL enabled.
Page 119: Update Ap Via Tftp
Update AP via TFTP Command Screen If you do not have a TFTP server installed on your system, install the TFTP server from the ORiNOCO CD. You can either install the TFTP server from the CD Wizard or run OEM-TFTP-Server.exe found in the CD’s Xtras/SolarWinds sub-directory.
Page 120: Update Ap Via Http
Performing Commands Update AP via HTTP Use the Update AP via HTTP tab to download Configuration, AP Image, Bootloader files, and Certificate and Private Key files to the AP. Once on the Update AP screen, click on the via HTTP tab. Figure 6-4 Update AP via HTTP Command Screen The Update AP via HTTP tab shows version information and allows you to enter HTTP information as described...
Page 121 Performing Commands Figure 6-5 Warning Message Click OK to continue with the operation or Cancel to abort the operation. NOTE An HTTP file transfer using SSL may take extra time. If the operation completes successfully the following screen appears. Figure 6-6 Update AP Successful If the operation did not complete successfully the following screen appears, and the reason for the failure is displayed.
Page 122: Retrieve File Via Tftp
If you don’t have a TFTP server installed on your system, install the TFTP server from the ORiNOCO CD. You can either install the TFTP server from the CD Wizard or run OEM-TFTP-Server.exe found in the CD’s Xtras/SolarWinds sub-directory.
Page 123: Retrieve File Via Http
Performing Commands Retrieve File via HTTP Use the Retrieve File via HTTP tab to retrieve configuration files, CLI Batch Files, or CLI Batch Logs from the AP. Select the type of file (Config, CLI Batch File, or CLI Batch Log) from the File Type drop-down menu. For more information on CLI Batch Files and CLI Batch Logs refer to CLI Batch File.
Page 124 Performing Commands Figure 6-11 File Download Dialog Box On clicking the Save button the following Save As window displays, where the user is prompted to choose the filename and location where the file is to be downloaded. Select an appropriate filename and location and click OK. Figure 6-12 Retrieve File Save As Dialog...
Page 125: Reboot
Performing Commands Reboot Use the Reboot tab to save configuration changes (if any) and reset the AP. Entering a value of 0 (zero) seconds causes an immediate reboot. Note that Reset, described below, does not save configuration changes. CAUTION Rebooting the AP will cause all users who are currently connected to lose their connection to the network until the AP has completed the restart process and resumed operation.
Page 126: Reset
Performing Commands Reset Use the Reset tab to restore the AP to factory default conditions. The AP may also be reset from the RESET button located on the side of the unit. Since this will reset the Access Point’s current IP address, a new IP address must be assigned.
Page 127: Download
Add the AP’s management IP address into the Internet Explorer list of Trusted Sites. The ORiNOCO AP Help information is available in English, French, German, Italian, Spanish, and Japanese. The Help files are copied to your computer in one language only.

ORiNOCO AP-600 User Manual

1 Introduction

2 Getting Started

3 Viewing Status Information

4 Performing Advanced Configuration

5 Monitoring the AP-2000

6 Performing Commands

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ORiNOCO AP-600

Summary of Contents for ORiNOCO AP-600

Table of Contents