Page 1 ORiNOCO AP-700 Access Point User Guide...
Page 2 Copyright © 2006 Proxim Wireless Corporation. All rights reserved. Covered by one or more of the following U.S. patents: 5,231,634; 5,875,179; 6,006,090; 5,809,060; 6,075,812; 5,077,753. This User Guide and the software described in it are copyrighted with all rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form by any means without the written permission of Proxim Wireless Corporation.
Page 3: Table Of Contents
AP-700 Hardware Description ........
Page 4 Contents AP-700 User Guide DHCP Server ................38 DHCP Relay Agent.
Page 5 Contents AP-700 User Guide Management VLAN ............... 103 Security Profile .
Page 6 Contents AP-700 User Guide Forced Reload Procedure ..............141 Setting IP Address using Serial Port .
Page 7 AP-700 Channels by Model Number ........
Page 8 AP-700 User Guide Adjusting Tx Output Power ............222...
Page 9: Introduction
• Management and Monitoring Capabilities Document Conventions • AP refers to an AP-700 Access Point. • 802.11 is used to describe features that apply to the 802.11a, 802.11b, and 802.11g wireless standards. • Blue underlined text indicates a link to a topic or Web address. If you are viewing this documentation on your computer, click the blue text to jump to the linked item.
Page 10: Guidelines For Roaming
Guidelines for Roaming • Typical voice network cell coverages vary based on environment. Proxim recommends having a site survey done professionally to ensure optimal performance. For professional site surveyors, Ekahau™ Site Survey software is included in the Xtras folder of the Installation CD.
Page 11: Management And Monitoring Capabilities
Introduction AP-700 User Guide Management and Monitoring Capabilities 802.11 direct sequence devices (that operate at 1 or 2 Mbits/sec). Available Frequency Channels vary by regulatory domain and/or country. See Available Channels for details. Also in 1999, the IEEE modified the 802.11 standard to support devices operating in the 5 GHz frequency band. This standard is referred to as 802.11a.
Page 12: Snmp Management
ORiNOCO Enterprise MIB Proxim provides these MIB files on the CD-ROM included with each Access Point. You need to compile one or more of the above MIBs into your SNMP program’s database before you can manage an Access Point using SNMP. See the documentation that came with your SNMP manager for instructions on how to compile MIBs.
Page 13 SSH server. IMPORTANT! The remainder of the User Guide discusses installing your AP-700 AP and managing it using the Web and CLI interfaces only. For information on how to manage devices using SNMP or SSH, see the documentation that came with your SNMP or SSH program.
Page 14: Installation And Initialization
The AP-700 includes a a power jack, a 10/100 base-T Ethernet port, and an RS-232 serial data communication port. The AP includes an optional security cover that can be installed to protect against access to the power and LAN cables and to the reset and reload buttons.
Page 15: Antennas
Figure 2-1 Rear Panel The AP-700 has been designed to rest horizontally on a flat surface, but can be wall- or ceiling- mounted with the long axis vertical. The unit includes screw slots in the bottom plastic for mounting to a flat wall or ceiling.
Page 16: Active Ethernet (Power Over Ethernet)
Active Ethernet (Power Over Ethernet) The AP-700 is equipped with an 802.3af-compliant Active Ethernet module. Active Ethernet (AE) delivers both data and power to the access point over a single Ethernet cable. If you choose to use Active Ethernet, there is no difference in operation;...
Page 17: Prerequisites
Blinking Red Rebooting. Prerequisites Before installing an AP-700, you need to gather certain network information. The following table identifies the information you need. Network Name (SSID of the You must assign the Access Point a Network Name before wireless users can wireless cards) communicate with it.
Page 18 Installation and Initialization AP-700 User Guide Prerequisites SNMPv3 Authentication If Secure Management is enabled, each Access Point requires a password for sending Password authenticated SNMPv3 messages. The default password is public. The default SNMPv3 username is administrator, with SHA authentication, and DES privacy protocol.
Page 19: Product Package
Installation and Initialization AP-700 User Guide Product Package Product Package Each AP-700 comes with the following: • AP-700 unit (with integrated 802.11a/b/g radio and Active Ethernet) • Power adapter • One ceiling or wall mounting plate • Security cover •...
Page 20: Hardware Installation
Hardware Installation Hardware Installation NOTE: AP-700 units using external antennas must be installed by a suitably trained professional installation technician or by a qualified installation service. NOTE: Before installing and using this product, see the Safety and Regulatory Compliance Guide and the Professional Installation section.
Page 21: Cabling The Ap-700
NOTE: You cannot connect an RS-232 cable to the AP-700 when a security cover is installed. 1. Slide the hinging end of the security cover into the hole on the rear panel of the AP-700 to the left of the connectors.
Page 22: Installing The Ap In A Plenum
Mounting the AP-700 to a Ceiling 1. Attach the mounting plate to the bottom of the AP-700 by lining up the keyholes and attaching it with two screws. 2. Snap the tabs onto the ceiling T-bar. Rotate the AP-700 until it snaps on to the T-bar.
Page 23: Initialization
Installation and Initialization AP-700 User Guide Initialization Initialization The following sections detail how to initialize the AP using ScanTool, log in to the HTTP interface, perform an initial configuration of the AP using the Setup Wizard, and download the required AP software.
Page 24 Installation and Initialization AP-700 User Guide Initialization change your adapter setting at any time by clicking the Select Adapter button on the Scan List screen. Note that the ScanTool Network Adapter Selection screen will not appear if your computer only has one network adapter installed.
Page 25: Logging In
Installation and Initialization AP-700 User Guide Initialization d. Enter a static IP Address for the AP in the field provided. You must assign the unit a unique address that is valid on your IP subnet. Contact your network administrator if you need assistance selecting an IP address for the unit.
Page 26: Using The Setup Wizard
Installation and Initialization AP-700 User Guide Initialization 4. Enter the HTTP password in the Password field. Leave the User Name field blank. For new units, the default HTTP password is public. If you are logging on for the first time the Setup Wizard will launch automatically.
Page 27 Installation and Initialization AP-700 User Guide Initialization Figure 2-10 Setup Wizard Setup Wizard Instructions 1. Click Setup Wizard to begin. If you do not wish to use the Setup Wizard, click Exit. The Setup Wizard supports the following navigation options: •...
Page 28 — Primary Network Name (SSID): Enter a Network Name (between 1 and 32 characters long) for the wireless network. You must configure each wireless client to use this name as well. Note that the AP-700 supports up to 16 SSIDs and VLANs. Please see the...
Page 29: Installing The Software
3. Use the Browse button to locate or manually type in the name of the file (including the file extension) you downloaded from the Proxim Knowledgebase. If typing the file name, you must include the full path and the file extension in the file name text box.
Page 30 Installation and Initialization AP-700 User Guide Initialization A warning message advises you that a reboot of the device will be required for changes to take effect. Figure 2-12 Warning Message 5. Click OK to continue with the operation or Cancel to abort the operation.
Page 31: Related Topics
Installation and Initialization AP-700 User Guide Related Topics 4. Enter the IP address of your TFTP server in the field provided. 5. Enter the File Name (including the file extension). If the file is located in the default TFTP directory, you need enter only the file name.
Page 32: System Status
AP-700 User Guide System Status The first screen displayed after Logging In is the System Status screen. You can always return to this screen by clicking the Status button. Figure 3-1 System Status Screen The System Status screen provides the following information: •...
Page 33: Advanced Configuration
AP-700 User Guide Advanced Configuration This chapter contains information on configuring settings in the following categories: • System: Configure specific system information such as system name and contact information. • Network: Configure IP, DNS client, DHCP server, DHCP Relay Agent, DHCP Relay Servers, Link Integrity, and SNTP settings.
Page 34 Advanced Configuration AP-700 User Guide Figure 4-1 Configure Main Screen 2. Click the tab that corresponds to the parameter you want to configure. For example, click Network to configure the Access Point’s TCP/IP settings. Each Configure tab is described in the remainder of this chapter.
Page 35: System
Advanced Configuration AP-700 User Guide System System You can configure and view the following parameters within the System Configuration screen: • Name: The name assigned to the AP. See the Dynamic DNS Support Access Point System Naming Convention sections for rules on naming the AP.
Page 36: Dynamic Dns Support
Advanced Configuration AP-700 User Guide System Dynamic DNS Support DNS is a distributed database mapping the user readable names and IP addresses (and more) of every registered system on the Internet. Dynamic DNS is a lightweight mechanism which allows for modification of the DNS data of host systems whose IP addresses change dynamically.
Page 37: Network
Advanced Configuration AP-700 User Guide Network Network The Network tab contains the following sub-tabs: • IP Configuration • DHCP Server • DHCP Relay Agent • Link Integrity • SNTP (Simple Network Time Protocol) IP Configuration This tab is used to configure the internet (TCP/IP) settings for the access point.
Page 38: Dhcp Server
• DNS Client Default Domain Name: The default domain name for the Access Point’s network (for example, “proxim.com”). Contact your network administrator if you need assistance setting this parameter. Advanced •...
Page 39 Advanced Configuration AP-700 User Guide Network Figure 4-4 DHCP Server Configuration Screen You can configure and view the following parameters within the DHCP Server Configuration screen: NOTE: You must reboot the Access Point before changes to any of these DHCP server parameters take effect.
Page 40: Dhcp Relay Agent
Advanced Configuration AP-700 User Guide Network NOTE: The Default Lease Time cannot be larger than the Maximum Lease Time. If you set the Maximum Lease Time, you should also set the Default Lease Time to ensure that the Default Lease Time is less than the Maximum.
Page 41: Link Integrity
Advanced Configuration AP-700 User Guide Network DHCP Server IP Address Table The AP supports the configuration of a maximum of 10 server settings in the DHCP Relay Agents server table. At least one server must be configured to enable DHCP Relay.
Page 42: Sntp (Simple Network Time Protocol)
Advanced Configuration AP-700 User Guide Network Figure 4-7 Link Integrity Configuration Screen SNTP (Simple Network Time Protocol) SNTP allows a network entity to communicate with time servers in the network/internet to retrieve and synchronize time of day information. When this feature is enabled, the AP will attempt to retrieve the time of day information from the configured time servers (primary or secondary), and, if successful, will update the relevant time objects in the AP.
Page 43 Advanced Configuration AP-700 User Guide Network Figure 4-8 SNTP Configuration Screen You can configure and view the following parameters within the SNTP screen: • SNTP Status: Select Enable or Disable from the drop-down menu. The selected status will determine which of the parameters on the SNTP screen are configurable.
Page 44 Advanced Configuration AP-700 User Guide Network – Year: Enter the current year. – Month: Enter the month in digits (1-12). – Day: Enter the day in digits (1-31). – Hour: Enter the hour in digits (0-23). – Minutes: Enter the minutes in digits (0-59).
Page 45: Interfaces
Advanced Configuration AP-700 User Guide Interfaces Interfaces From the Interfaces tab, you configure the Access Point’s operational mode settings, power control settings, wireless interface settings and Ethernet settings. You may also configure a Wireless Distribution System for AP-to-AP communications. The Interfaces tab contains the following sub-tabs: •...
Page 46 802.11g-wifi mode: The 802.11g-wifi mode has been defined for Wi-Fi testing purposes. It is not recommended for use in your wireless network environment. NOTE: In countries in which 802.11a (5 GHz) is not available for use, the AP-700 provides dual-band (802.11b and 802.11g) support only. 802.11a functionality covered in this User Guide is not supported.
Page 47 Advanced Configuration AP-700 User Guide Interfaces Configuring 802.11d Support Perform the following procedure to enable 802.11d support and select the country code: 1. Click Configure > Interfaces > Operational Mode. 2. Select Enable 802.11d. 3. Select the Country Code from the ISO/IEC 3166-1 CountryCode drop-down menu.
Page 48: Wireless (802.11A/B/G Radio)
Advanced Configuration AP-700 User Guide Interfaces Wireless (802.11a/b/g Radio) Figure 4-10 Wireless Interface...
Page 49 – For 802.11a mode: “802.11a (OFDM 5 GHz).” NOTE: In countries in which 802.11a (5 GHz) is not available for use, the AP-700 provides dual-band (802.11b and 802.11g) support only. 802.11a functionality covered in this User Guide is not supported.
Page 50 Advanced Configuration AP-700 User Guide Interfaces NOTE: Turbo mode is supported in 802.11a mode in the FCC regulatory domain only. If turbo mode is enabled, then this is displayed in the web UI and the transmit speeds and channels pull-down menus are updated with the valid values.
Page 51 Advanced Configuration AP-700 User Guide Interfaces – Belgium – Iceland – Poland – Brazil – Ireland – Portugal – Cyprus – Italy – Saudi Arabia – Denmark – Latvia – Spain – Estonia – Lithuania – Sweden – Finland – Luxembourg –...
Page 52 Advanced Configuration AP-700 User Guide Interfaces After wireless service resumes, the AP resumes beaconing, transmitting and receiving frames to/from the wireless interface and bridging the frames between the Ethernet and the wireless interface. Traps Generated During Wireless Service Shutdown (and Resume) The following traps are generated during wireless service shutdown and resume, and are also sent to any configured Syslog server.
Page 53 Advanced Configuration AP-700 User Guide Interfaces Figure 4-12 Channel Blacklist Table - Edit Screen Wireless Distribution System (WDS) A Wireless Distribution System (WDS) creates a link between two 802.11a, 802.11b, or 802.11b/g APs over their radio interfaces. This link relays traffic from one AP that does not have Ethernet connectivity to a second AP that has Ethernet connectivity.
Page 54 Advanced Configuration AP-700 User Guide Interfaces • There are separate security settings for clients and WDS links. The same WDS link security mode must be configured (currently we only support none or WEP) on each Access Point in the WDS and the same WEP key must be configured.
Page 55: Ethernet
Advanced Configuration AP-700 User Guide Interfaces Figure 4-15 Adding WDS Links 6. Select whether to use encryption in the WDS by checking the Enable WDS Security Mode checkbox. 7. If you enabled WDS Security Mode, enter the Encryption Key 0 used for encryption between the WDS links.
Page 56 Figure 4-16 Ethernet Sub-tab For best results, Proxim recommends that you configure the Ethernet setting to match the speed and transmission mode of the device the Access Point is connected to (such as a hub or switch). If in doubt, leave this setting at its default, auto-speed-auto-duplex.
Page 57: Management
Confirm field. This password must be between 6 and 32 characters. The default password is public. NOTE: For security purposes Proxim recommends changing ALL PASSWORDS from the default “public” immediately, to restrict access to your network devices to authorized personnel. If you lose or forget your password settings, you...
Page 58: Ip Access Table
Advanced Configuration AP-700 User Guide Management IP Access Table The Management IP Access table limits in-band management access to the IP addresses or range of IP addresses specified in the table. This feature applies to all management services (SNMP, HTTP, and CLI) except for CLI management over the serial port.
Page 59 SSL passphrase is public. NOTE: If you are upgrading from software version 3.1 or earlier, the default passphrase is proxim. To change the default passphrase to public, first upgrade to the current software version, and then reset the unit to factory defaults.
Page 60 Advanced Configuration AP-700 User Guide Management Figure 4-17 Management Services Configuration Screen...
Page 61 Advanced Configuration AP-700 User Guide Management Telnet Configuration Settings • Telnet Interface Bitmask: Select the interface (Ethernet, Wireless, All Interfaces) from which you can manage the AP via telnet. This parameter can also be used to Disable telnet management. •...
Page 62 Advanced Configuration AP-700 User Guide Management NOTE: When Secure Management is enabled on the AP, SSH will be enabled by default and cannot be disabled. Host keys must either be generated externally and uploaded to the AP (see Uploading Externally Generated Host Keys), generated manually, or auto-generated at the time of SSH initialization if SSH is enabled and no host keys are present.
Page 63 Serial Flow Control: Select either None (default) or Xon/Xoff (software controlled) data flow control. NOTE: To avoid potential problems when communicating with the AP through the serial port, Proxim recommends that you leave the Flow Control setting at None (the default value).
Page 64: Automatic Configuration (Autoconfig)
3. Enter the Configuration Filename. 4. Enter the IP address of the TFTP server in the TFTP Server Address field. NOTE: The default filename is “config”. The default TFTP IP address is 169.254.128.133 for AP-700. 5. Click OK to save the changes.
Page 65 Advanced Configuration AP-700 User Guide Management Figure 4-19 Automatic Configuration Screen Set up Automatic Configuration for Dynamic IP Perform the following procedure to enable and set up Automatic Configuration when you have a dynamic IP address for the TFTP server via DHCP.
Page 66: Hardware Configuration Reset (Chrd)
Advanced Configuration AP-700 User Guide Management Figure 4-20 DHCP Options: Setting the Boot Server Host Name 4. Add the Boot Server Hostname and Boot Filename parameters to the Available Options list. 5. Set the value of the Boot Server Hostname Parameter to the hostname or IP Address of the TFTP server. For example: 11.0.0.7.
Page 67 Advanced Configuration AP-700 User Guide Management AP is not protected, an unauthorized person could reset the AP to factory defaults and thus gain control of the AP. The user can disable the hardware configuration reset functionality to prevent unauthorized access.
Page 68 Advanced Configuration AP-700 User Guide Management 2. Check (enable) or uncheck (disable) the Enable Hardware Configuration Reset checkbox. 3. Change the default Configuration Reset Password in the “Configuration Reset Password” and “Confirm” fields. 4. Click OK. 5. Reboot the AP.
Page 69: Filtering
Advanced Configuration AP-700 User Guide Filtering Filtering The Access Point’s Packet Filtering features help control the amount of traffic exchanged between the wired and wireless networks. There are four sub-tabs under the Filtering heading: • Ethernet Protocol • Static MAC •...
Page 70 Advanced Configuration AP-700 User Guide Filtering Each MAC Address or Mask is comprised of 12 hexadecimal digits (0-9, A-F) that correspond to a 48-bit identifier. (Each hexadecimal digit represents 4 bits (0 or 1).) Taken together, a MAC Address/Mask pair specifies an address or a range of MAC addresses that the AP will look for when examining packets.
Page 71 Advanced Configuration AP-700 User Guide Filtering • Wireless Client 2: 00:02:2D:51:32:12 • Wireless Client 3: 00:20:A6:12:4E:38 Prevent Two Specific Devices from Communicating Configure the following settings to prevent the Wired Server and Wireless Client 1 from communicating: • Wired MAC Address: 00:40:F4:1C:DB:6A •...
Page 72: Advanced
Advanced Configuration AP-700 User Guide Filtering • Wired MAC Address: 01:00:5E:00:32:4B • Wired Mask: FF:FF:FF:FF:FF:FF • Wireless MAC Address: 00:00:00:00:00:00 • Wireless Mask: 00:00:00:00:00:00 Result: The Access Point does not forward any packets that have a destination address of 01:00:5E:00:32:4B to the wireless network.
Page 73 Advanced Configuration AP-700 User Guide Filtering 4. Set the destination Port Number (a value between 1 and 65535) to filter. See the IANA Web site at http://www.iana.org/assignments/port-numbers for a list of assigned port numbers and their descriptions. 5. Set the Port Type for the protocol: TCP, UDP, or both (TCP/UDP).
Page 74: Alarms
Advanced Configuration AP-700 User Guide Alarms Alarms The Alarms tab has the following sub-tabs: • Groups • Alarm Host Table • Syslog • Rogue Scan Groups Alarm groups can be enabled or disabled via the Web interface. Place a check mark in the box provided to enable a specific group.
Page 75 Advanced Configuration AP-700 User Guide Alarms Security Trap Group Trap Name Description Severity Level oriTrapInvalidEncryptionKey Invalid encryption key has been detected. Critical oriTrapAuthenticationFailure Client authentication failure has occurred. Major Authentication failures can range from: • MAC Access Control table •...
Page 76 Advanced Configuration AP-700 User Guide Alarms Trap Name Description Severity Level oriTrapDHCPFailed Response to the DHCP client request not Major received; device not dynamically assigned an IP address oriTrapDNSClientLookupFailure DNS client attempts to resolve a specified Major hostname (DNS lookup) and a failure occurs because either the DNS server is unreachable or there is an error for the hostname lookup.
Page 77 Advanced Configuration AP-700 User Guide Alarms Image Trap Group Trap Name Description Severity Level oriTrapZeroSizeImage Zero size image loaded onto device Major oriTrapInvalidImage Invalid image loaded onto device Major oriTrapImageTooLarge Image loaded on the device exceeds the size Major limitation of flash...
Page 78: Syslog
Advanced Configuration AP-700 User Guide Alarms Syslog The Syslog messaging system enables the AP to transmit event messages to a central server for monitoring and troubleshooting. The access point logs “Session Start (Log-in)” and “Session Stop (Log-out)” events for each wireless client as an alternative to RADIUS accounting.
Page 79 Advanced Configuration AP-700 User Guide Alarms • Syslog Lowest Priority Logged: The AP will send event messages to the Syslog server that correspond to the selected priority number and any priority numbers below it. For example, if set to 6, the AP will transmit event messages labeled priority 1 to 6 to the Syslog server.
Page 80 Advanced Configuration AP-700 User Guide Alarms Syslog Message Name Priority Severity Description Client Login Authentication Informational Client logs in/authenticates. Message includes: Status • Client MAC Address • Authentication Type = None, ACL, RADIUS MAC, 802.1X • Cipher Type = None, WEP, TKIP, AES •...
Page 81: Rogue Scan
Advanced Configuration AP-700 User Guide Alarms Syslog Message Name Priority Severity Description CLI Configuration File Execution Minor There is an error in execution of the CLI Errors configuration file. The message specifies the filename, line number, and error reason. SSH Initialization Failure...
Page 82 Advanced Configuration AP-700 User Guide Alarms The figure above shows Client 1 connected to a Trusted AP and Client 2 connected to a Rogue AP. The Trusted AP scans the networks, detects Client 2, and notifies the Network Manager. The Network Manager uses SNMP/CLI to query the wired switch to find the inbound switch port of Client 2’s packets.
Page 83 Advanced Configuration AP-700 User Guide Alarms • Channel: the working channel of the detected station • SNR: the SNR value of the last frame from the station as received by the AP • BSSID: the BSSID field stores the: –...
Page 84 Advanced Configuration AP-700 User Guide Alarms Figure 4-26 Rogue Scan Screen...
Page 85: Bridge
For more information on Spanning Tree protocol, please see Section 8.0 of the IEEE 802.1d standard. The Spanning Tree configuration options are advanced settings. Proxim recommends that you leave these parameters at their default values unless you are familiar with the Spanning Tree protocol.
Page 86: Storm Threshold
Advanced Configuration AP-700 User Guide Bridge Figure 4-27 Spanning Tree Sub-Tab Storm Threshold Storm Threshold is an advanced Bridge setup option that you can use to protect the network against data overload by: • Specifying a maximum number of frames per second as received from a single network device (identified by its MAC address).
Page 87: Intra Bss
Advanced Configuration AP-700 User Guide Bridge • Wireless Threshold: Enter the maximum allowed number of packets per second. Intra BSS The wireless clients (or subscribers) that associate with a certain AP form the Basic Service Set (BSS) of a network infrastructure.
Page 88: Qos
Advanced Configuration AP-700 User Guide Wireless Multimedia Extensions (WME)/Quality of Service (QoS) Introduction The AP supports Wireless Multimedia Enhancements, also known as Wi-Fi Multimedia (WMM), which defines an intermediate solution for QoS functionality until the IEEE 802.11e specification is formally approved. WME is based on a subset of the 802.11e standard, and defines enhancements to the MAC for wireless LAN applications with Quality of...
Page 89 Advanced Configuration AP-700 User Guide 3. Configure the QoS Maximum Medium Threshold for all Admission Controls. Admission will be granted if the new requested traffic stream and already admitted time is less than the medium maximum threshold. 4. To add a QoS Policy, click the Add button in the “QoS Policies Table” box. The Add Entries box appears.
Page 90: Priority Mapping
Advanced Configuration AP-700 User Guide 9. Click OK. Priority Mapping Use this page to configure QoS 802.1p to 802.1d priority mappings (for layer 2 policies) and IP DSCP to 802.1d priority mappings (for layer 3 policies). The first entry in each table contains the recommended priority mappings. Custom entries can be added to each table with different priority mappings.
Page 91: Enhanced Distributed Channel Access (Edca)
NOTE: Default recommended values for EDCA parameters have been defined; Proxim recommends not modifying EDCA parameters unless strictly necessary. Perform the following procedure to configure the Station and AP EDCA tables.
Page 92 Advanced Configuration AP-700 User Guide 1. Click Configure > QoS > EDCA. Figure 4-32 EDCA Tables 2. Click Edit and configure the following parameters in each table: NOTE: Changes to EDCA parameters require a reboot of the AP to take effect.
Page 93 Advanced Configuration AP-700 User Guide • Tx OP Limit: The Transmission Opportunity Limit. The Tx OP is an interval of time during which a particular QoS enhanced client has the right to initiate a frame exchange sequence onto the wireless medium. The Tx OP Limit defines the upper limit placed on the value of Tx OP a wireless entity can obtain for a particular access category.
Page 94: Radius Profiles
Advanced Configuration AP-700 User Guide Radius Profiles Radius Profiles Configuring Radius Profiles on the AP allows the administrator to define a profile for RADIUS Servers used by the system or by a VLAN. The network administrator can define RADIUS Servers per Authentication Mode and per VLAN.
Page 95: Configuring Radius Profiles
Advanced Configuration AP-700 User Guide Radius Profiles Figure 4-33 RADIUS Servers per VLAN This figure shows a network with separate authentication servers for each authentication type and for each VLAN. The clients in VLAN 1 are authenticated using the authentication servers configured for VLAN 1. The type of authentication server used depends on whether the authentication is done for an 802.1x client or a non-802.1x client.
Page 96 Advanced Configuration AP-700 User Guide Radius Profiles Figure 4-34 RADIUS Server Profiles Adding or Modifying a RADIUS Server Profile Perform the following procedure to add a RADIUS server profile and to configure its parameters. 1. Click Add to create a new profile. To Modify an existing profile, select the profile and click Edit. To delete an existing profile, select the profile and click Delete.
Page 97 Advanced Configuration AP-700 User Guide Radius Profiles Figure 4-35 Add RADIUS Server Profile • Server Profile Name: the profile name. This is the name used to associated a VLAN to the profile. See Configuring Security Profiles. The Server Profile Name is also used in the Configure > Management > Services page to specify the RADIUS profile to be used for RADIUS Based Management Access.
Page 98: Mac Access Control Via Radius Authentication
Advanced Configuration AP-700 User Guide Radius Profiles • Destination Port: Enter the port number which the AP and the server will use to communicate. By default, RADIUS servers communicate on port 1812. • Server VLAN ID: Indicates the VLAN that uses this RADIUS server profile. If VLAN is disabled, this field will be grayed out.
Page 99 Advanced Configuration AP-700 User Guide Radius Profiles NOTE: This feature requires RADIUS authentication using MAC Access Control or 802.1x. Wireless clients configured in the Access Point’s static MAC Access Control list are not tracked. Authentication and Accounting Attributes Additionally, the AP supports a number of Authentication and Accounting Attributes defined in RFC2865, RFC2866, RFC2869, and RFC3580.
Page 100 Advanced Configuration AP-700 User Guide Radius Profiles – Number of octets (bytes) received by subscriber. • Acct-Output-Octets – Number of octets (bytes) sent by subscriber. • Acct-Input-Packets – Number of packets received by subscriber. • Acct-Output-Packets – Number of packets sent by subscriber.
Page 101: Ssid/Vlan/Security
Advanced Configuration AP-700 User Guide SSID/VLAN/Security SSID/VLAN/Security The AP provides several security features to protect your network from unauthorized access. This section gives an overview of VLANs and then discusses the SSID/VLAN/Security configuration options in the AP: • VLAN Overview •...
Page 102 Advanced Configuration AP-700 User Guide SSID/VLAN/Security Figure 4-36 Components of a Typical VLAN VLAN Workgroups and Traffic Management Access Points that are not VLAN-capable typically transmit broadcast and multicast traffic to all wireless Network Interface Cards (NICs). This process wastes wireless bandwidth and degrades throughput performance. In comparison, a VLAN-capable AP is designed to efficiently manage delivery of broadcast, multicast, and unicast traffic to wireless clients.
Page 103: Management Vlan
Advanced Configuration AP-700 User Guide SSID/VLAN/Security Typical User VLAN Configurations VLANs segment network traffic into workgroups, which enable you to limit broadcast and multicast traffic. Workgroups enable clients from different VLANs to access different resources using the same network infrastructure. Clients using the same physical network are limited to those resources available to their workgroup.
Page 104: Security Profile
Advanced Configuration AP-700 User Guide SSID/VLAN/Security 3. Place a check mark in the Enable VLAN Tagging box. Provide Access to a Wireless Host in the Same Workgroup The VLAN feature can allow wireless clients to manage the AP. If the VLAN Management ID matches a VLAN User ID, then those wireless clients who are members of that VLAN will have AP management access.
Page 105 Advanced Configuration AP-700 User Guide SSID/VLAN/Security • EAP-Tunneled Transport Layer Security (TTLS): Certificate-based authentication (a certificate is required on the server; a client’s username/password is tunneled to the server over a secure connection); supports automatic key distribution • PEAP - Protected EAP with MS-CHAP: Secure username/password-based authentication; supports automatic key distribution Different servers support different EAP types and each EAP type provides different features.
Page 106 Advanced Configuration AP-700 User Guide SSID/VLAN/Security WPA is a replacement for Wired Equivalent Privacy (WEP), the encryption technique specified by the original 802.11 standard. WEP has several vulnerabilities that have been widely publicized. WPA addresses these weaknesses and provides a stronger security system to protect wireless networks.
Page 107 MAC and WPA-PSK settings are taken into consideration. VLANs and Security Profiles The AP-700 allows you to segment wireless networks into multiple sub-networks based on Network Name (SSID) and VLAN membership. A Network Name (SSID) identifies a wireless network. Clients associate with Access Points that share an SSID.
Page 108 Advanced Configuration AP-700 User Guide SSID/VLAN/Security Figure 4-39 Security Profile Configuration 2. Click Add in the Security Profile Table to create a new entry. To modify an existing profile, select the profile and click Edit. To delete an existing profile, select the profile and click Delete. You cannot delete a Security Profile used in an SSID.
Page 109 Advanced Configuration AP-700 User Guide SSID/VLAN/Security — For 152-bit encryption, an encryption key is 32 hexadecimal characters or 16 ASCII characters. • Encryption Transmit Key: select Key 0, Key 1, Key 2, or Key 3 • 802.1x Station: • Authentication Mode: 802.1x •...
Page 110 Advanced Configuration AP-700 User Guide SSID/VLAN/Security Figure 4-40 Security Profile Table - Add Entries...
Page 111: Mac Access
Advanced Configuration AP-700 User Guide SSID/VLAN/Security MAC Access The MAC Access sub-tab allows you to build a list of stations, identified by their MAC addresses, authorized to access the network through the AP. The list is stored inside each AP within your network. Note that you must reboot the AP for any changes to the MAC Access Control Table to take effect.
Page 112 Advanced Configuration AP-700 User Guide SSID/VLAN/Security the same system separated per VLAN. See the Security Profile section for more information. Each SSID can support a unique VLAN. In order for the AP to support multiple SSID/VLANs, VLAN Tagging must be enabled. These parameters are configurable on the Wireless screen.
Page 113 Advanced Configuration AP-700 User Guide SSID/VLAN/Security • Strict: RADIUS MAC ACL settings are enabled. If a higher-priority authentication protocol is also enabled, RADIUS MAC ACL settings will be applied in addition to the higher priority authentication protocol settings. See Authentication Protocol Hierarchy.
Page 114 Advanced Configuration AP-700 User Guide SSID/VLAN/Security Figure 4-43 SSID/VLAN Edit Entries Screen (VLAN Tagging Disabled) 9. Enter a unique Network Name (SSID) between 1 and 32 characters. This parameter is mandatory. NOTE: Do not use quotation marks (single or double) in the Network Name; this will cause the AP to misinterpret the name.
Page 115 Advanced Configuration AP-700 User Guide SSID/VLAN/Security NOTE: Enabling Broadcast SSID will lower the total throughput of the AP by 2-4%. NOTE: Enabling Broadcast SSID simultaneously with Rogue Scan will cause a drift in the beacon interval and the occasional missing of beacons.
Page 116 Advanced Configuration AP-700 User Guide SSID/VLAN/Security Figure 4-45 SSID/VLAN Edit Entries Screen (VLAN Tagging Enabled) 4. Enter a unique Network Name (SSID) between 1 and 32 characters. This parameter is mandatory. NOTE: Do not use quotation marks (single or double) in the Network Name; this will cause the AP to misinterpret the name.
Page 117 Advanced Configuration AP-700 User Guide SSID/VLAN/Security • Enable: The SSID is not advertised in the beacon, and the AP will respond to probe requests with an SSID only if the client has specified the SSID in the probe request. If the client sends a probe request with a null or “ANY”...
Page 118: Monitoring
AP-700 User Guide Monitoring This chapter discusses the following monitoring options: • Version: Provides version information for the Access Point’s system components. • ICMP: Displays statistics for Internet Control Message Protocol packets sent and received by the AP. • IP/ARP Table: Displays the AP’s IP Address Resolution table.
Page 119: Version
Monitoring AP-700 User Guide Version Version From the HTTP interface, click the Monitor button and select the Version tab. The list displayed provides you with information that may be pertinent when calling Technical Support. With this information, your Technical Support representative can verify compatibility issues and make sure the latest software are loaded.
Page 120: Icmp
Monitoring AP-700 User Guide ICMP ICMP This tab provides statistical information for both received and transmitted messages directed to the AP. Not all ICMP traffic on the network is counted in the ICMP (Internet Control Message Protocol) statistics. Figure 5-3 ICMP Monitoring Tab...
Page 121: Learn Table
Monitoring AP-700 User Guide Learn Table Learn Table This tab displays information relating to network bridging. It reports the MAC address for each node that the device has learned is on the network and the interface on which the node was detected. There can be up 10,000 entries in the Learn Table.
Page 122: Radius
Monitoring AP-700 User Guide RADIUS RADIUS This tab provides RADIUS authentication, EAP/802.1x authentication, and accounting information for both the Primary and Backup RADIUS servers for each RADIUS Server Profile. NOTE: Separate RADIUS servers can be configured for each RADIUS Server Profile.
Page 123: Interfaces
Monitoring AP-700 User Guide Interfaces Interfaces This tab displays statistics for the Ethernet and wireless interfaces. Figure 5-8 Interface Monitoring Tab (Ethernet) Description of Interface Statistics The following statistics are displayed for the Ethernet interface only, the wireless interface only, or for both the Ethernet and wireless interfaces: •...
Page 124 Monitoring AP-700 User Guide Interfaces • Duplicate Frame Count (Wireless): The number of duplicate frames received. • Ethernet Chipset (Ethernet): Identifies the chipset used to realize the interface. • Excessive Collisions (Ethernet): The number of frames for which transmission fails due to excessive collisions.
Page 125 Monitoring AP-700 User Guide Interfaces • Out Discards (Ethernet/Wireless): The number of error-free outbound packets chosen to be discarded to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space. •...
Page 126: Station Statistics
Monitoring AP-700 User Guide Station Statistics Station Statistics This tab displays information on wireless clients attached to the AP and on Wireless Distribution System links. Enable the Monitoring Station Statistics feature (Station Statistics are disabled by default) by checking Enable Monitoring Station Statistics and click OK.
Page 127 Monitoring AP-700 User Guide Station Statistics • Number of Clients: The number of stations and WDS links monitored. The following stations statistics are available through SNMP: • Octets Received: The number of octets received from the associated wireless station (or WDS link partner) by the •...
Page 128: Commands
AP-700 User Guide Commands This chapter contains information on the following Command functions: • Introduction to File Transfer via TFTP or HTTP: Describes the available file transfer methods. • Update AP: Download files via TFTP or HTTP to the AP.
Page 129: Tftp File Transfer Guidelines
Commands AP-700 User Guide Introduction to File Transfer via TFTP or HTTP TFTP File Transfer Guidelines A TFTP server must be running and configured to point to the directory containing the file. If you do not have a TFTP server installed on your system, install the TFTP server from the ORiNOCO CD.
Page 130: Update Ap
Commands AP-700 User Guide Update AP Update AP Update AP via TFTP Use the Update AP via TFTP tab to download Configuration, AP Image, License file, Bootloader files, Certificate and Private Key files, and CLI Batch File to the AP. A TFTP server must be running and configured to point to the directory containing the file.
Page 131: Update Ap Via Http
Commands AP-700 User Guide Update AP – CLI Batch File: a CLI Batch file that contains CLI commands to configure the AP. This file will be executed by the AP immediately after being uploaded. See CLI Batch File for more information.
Page 132: Retrieve File
Commands AP-700 User Guide Retrieve File A warning message gets displayed that advises the user that a reboot of the device will be required for changes to take effect. Figure 6-4 Warning Message 4. Click OK to continue with the operation or Cancel to abort the operation.
Page 133: Retrieve File Via Http
Commands AP-700 User Guide Retrieve File – Double-click the TFTP server icon on your desktop and locate the IP address assigned to the TFTP server. • File Name: Enter the name of the file to be uploaded. • File Type: Select the type of file to be uploaded: Config file, CLI Batch File, or CLI Batch (Error) Log.
Page 134 Commands AP-700 User Guide Retrieve File Click on the Retrieve File button to initiate the operation. Figure 6-8 Retrieve File via HTTP Command Screen A confirmation message is displayed, asking if the user wants to proceed with retrieving the file.
Page 135: Reboot
Commands AP-700 User Guide Reboot On clicking the Save button the Save As window displays, where the user is prompted to choose the filename and location where the file is to be downloaded. Select an appropriate filename and location and click OK.
Page 136: Help Link
Commands AP-700 User Guide Help Link Help Link Use the Help tab to configure the location of the AP Help files. During initialization, the AP on-line help files are downloaded to the default location: C:/Program Files/ORiNOCO/AP700/HTML/index.htm. To enable the Help button on each page of the Web interface to access the help files, however, copy the entire Help folder to a web server, then specify the new HTTP path in the Help Link box.
Page 137: Troubleshooting
AP-700 User Guide Troubleshooting This chapter provides information on the following: • Troubleshooting Concepts • Symptoms and Solutions • Recovery Procedures • Related Applications NOTE: This section helps you locate problems related to the AP device setup. For details about RADIUS, TFTP, serial communication programs (such as HyperTerminal), Telnet applications, or web browsers, please see the documentation that came with the respective application for assistance.
Page 138: Basic Software Setup And Configuration Problems
Troubleshooting AP-700 User Guide Symptoms and Solutions Serial Link Does Not Work 1. Make sure you are using a standard, straight-through, 9-pin serial cable. 2. Double-check the physical network connections. 3. Make sure your PC terminal program (such as HyperTerminal) is active and configured to the following values: –...
Page 139: Client Connection Problems
Troubleshooting AP-700 User Guide Symptoms and Solutions 6. Perform the Reset to Factory Default Procedure in this guide. This will reset the unit to “DHCP” mode. If there is a DHCP Server on the network, the DHCP Server will assign an IP Address to the AP.
Page 140: Vlan Operation Issues
802.1Q compliant VLAN headers or tags. The VLAN ID in the headers should correspond to one of the VLAN User IDs configured for the AP. NOTE: The AP-700 supports 16 VLAN/SSID pairs, each with a configured security profile. VLAN Workgroups The correct VLAN assignment can be verified by pinging the AP to ensure connectivity, by pinging the switch to ensure VLAN properties, and by pinging hosts past the switch to confirm the switch is functional.
Page 141: Recovery Procedures
Troubleshooting AP-700 User Guide Recovery Procedures 4. Try using a different Ethernet cable – if it works, there is probably a faulty connection over the long cable, or a bad RJ-45 connection. 5. Check power plug and hub. 6. If the Ethernet link goes down, check the cable, cable type, switch, and hub.
Page 142 Troubleshooting AP-700 User Guide Recovery Procedures 1. While the unit is running, press the RESET button. NOTE: You need to use a pin or the end of a paperclip to press a button. The AP reboots and the indicators begin to flash.
Page 143 Troubleshooting AP-700 User Guide Recovery Procedures 11. Click OK when prompted that the device has been updated successfully to return to the Scan List screen. 12.Click Cancel to close the ScanTool. 13.When the download process is complete, configure the AP as described in...
Page 144: Setting Ip Address Using Serial Port
Troubleshooting AP-700 User Guide Recovery Procedures [Device name]> show [Device name]> set ipaddrtype static [Device name]> set ipaddr 10.0.0.12 [Device name]> set ipsubmask 255.255.255.0 [Device name]> set tftpipaddr 10.0.0.20 [Device name]> set tftpfilename MyImage.bin [Device name]> set ipgw 10.0.0.30 [Device name]> show [Device name]>...
Page 145: Related Applications
Troubleshooting AP-700 User Guide Related Applications [Device name]> Please enter password: 4. Enter the CLI password (default is public). The terminal displays a welcome message and then the CLI Prompt: [Device name]> 5. Enter show ip. Network parameters appear: Figure 7-1 Result of “show ip” CLI Command 6.
Page 146 Troubleshooting AP-700 User Guide Related Applications If a TFTP server is not configured and running, you will not be able to download and upload images and configuration files to/from the AP. Remember that the TFTP server does not have to be local, so long as you have a valid TFTP IP address.
Page 147: A Command Line Interface (Cli)
AP-700 User Guide Command Line Interface (CLI) This section discusses the following: • General Notes • Command Line Interface (CLI) Variations • CLI Command Types • Using Tables and Strings • Configuring the AP using CLI commands • Set Basic Configuration Parameters using CLI Commands •...
Page 148: Navigation And Special Keys
Command Line Interface (CLI) AP-700 User Guide General Notes • Download vs. Upload - Downloads transfer files to the Access Point. Uploads transfer files from the Access Point. The TFTP server performs file transfers in both directions. • Group - A logical collection of network parameter information. For example, the System Group is composed of several related parameters.
Page 149: Command Line Interface (Cli) Variations
Command Line Interface (CLI) AP-700 User Guide Command Line Interface (CLI) Variations Command Line Interface (CLI) Variations Administrators use the CLI to control Access Point operation and monitor network statistics. The AP supports two types of CLI: the Bootloader CLI and the normal CLI. The Bootloader CLI provides a limited command set, and is used when the current AP Image is bad or missing.
Page 150: Cli Command Types
Command Line Interface (CLI) AP-700 User Guide CLI Command Types Figure A-2 Results of “show” bootloader CLI command CLI Command Types This guide divides CLI Commands into two categories: Operational and Parameter Controls. Operational CLI Commands These commands affect Access Point behavior, such as downloading, rebooting, and so on. After entering commands (and parameters, if any) press the Enter key to execute the Command Line.
Page 151 Command Line Interface (CLI) AP-700 User Guide CLI Command Types [Device-Name]>? Figure A-3 Result of “?” CLI command Example 2. Display specific Commands To show all commands that start with specified letters, enter one or more letters, then ? with no space between letters and ?.
Page 152 Command Line Interface (CLI) AP-700 User Guide CLI Command Types Example 3b. Display parameters based on letter sequence This example shows entries for parameters that start with the letter “i”. The more letters you enter, the fewer the results returned. Notice that there is no space between the letters and the question mark.
Page 153 Command Line Interface (CLI) AP-700 User Guide CLI Command Types Example: [Device-Name]>download 192.168.1.100 APImage2 img 2. Syntax to display help and usage information: [Device-Name]>download 3. Syntax to execute the download Command using previously set (stored) TFTP Parameters: [Device-Name]>download * help Displays instructions on using control-key sequences for navigating a Command Line and displays command information and examples.
Page 154: Parameter Control Commands
Command Line Interface (CLI) AP-700 User Guide CLI Command Types reboot Reboots Access Point after specified number of seconds. Specify a value of 0 (zero) for immediate reboot. [Device-Name]> reboot 0 [Device-Name]> reboot 30 search Lists the parameters supported by the specified table. This list corresponds to the table information displayed in the HTTP interface.
Page 155 Command Line Interface (CLI) AP-700 User Guide CLI Command Types Syntax: [Device-Name]>show <parameter> [Device-Name]>show <group> [Device-Name]>show <table> Examples: [Device-Name]>show ipaddr [Device-Name]>show network [Device-Name]>show mgmtipaccesstbl “set” CLI Command Sets (modifies) the value of the specified parameter. To see a definition and syntax example, type only set and then press the Enter key.
Page 156 Command Line Interface (CLI) AP-700 User Guide CLI Command Types Example 1 - Set the Access Point IP Address Parameter Syntax: [Device-Name]>set <parameter name> <parameter value> Example: [Device-Name]> set ipaddr 10.0.0.12 IP Address will be changed when you reboot the Access Point. The CLI reminds you when rebooting is required for a change to take effect.
Page 157 Command Line Interface (CLI) AP-700 User Guide CLI Command Types Example 5 - Show the Group Parameters This example illustrates how to view all elements of a group or table. Syntax: [Device-Name]> show <group name> Example: [Device-Name]>show network The CLI displays network group parameters. Note show network and show ip return the same data.
Page 158: Using Tables And Strings
Command Line Interface (CLI) AP-700 User Guide Using Tables and Strings Using Tables and Strings Working with Tables Each table element (or parameter) must be specified, as in the example below. [Device-Name]>set mgmtipaccesstbl 0 ipaddr 10.0.0.10 ipmask 255.255.0.0 Below are the rules for creating, modifying, enabling/disabling, and deleting table entries.
Page 159: Configuring The Ap Using Cli Commands
2. Under File > Properties > Settings > ASCII Setup, enable the Send line ends with line feeds option. HyperTerminal sends a line return at the end of each line of code. 3. Enter the CLI password (default is public). NOTE: Proxim recommends changing your default passwords immediately. To perform this operation using CLI commands, see Change Passwords.
Page 160 [Device-Name]>set snmpv3privpasswd <New Password> (SNMPv3 privacy password) [Device-Name]>reboot 0 CAUTION: Proxim strongly urges you to change the default passwords to restrict access to your network devices to authorized personnel. If you lose or forget your password settings, you can always perform the...
Page 161 Command Line Interface (CLI) AP-700 User Guide Set Basic Configuration Parameters using CLI Commands Figure A-13 Results of “show wif” CLI command for an AP Enable 802.11d Support and Set the Country Code Perform the following command to enable 802.11d IEEE 802.11d support for additional regulatory domains.
Page 162 Command Line Interface (CLI) AP-700 User Guide Set Basic Configuration Parameters using CLI Commands Country Code Country Code Country Code China Kuwait Spain Colombia Latvia Sweden Costa Rica Lebanon Switzerland Croatia Liechtenstein Syria Cyprus Lithuania Taiwan Czech Republic Luxembourg Thailand...
Page 163: Other Network Settings
Command Line Interface (CLI) AP-700 User Guide Other Network Settings Download an AP Configuration File from your TFTP Server Begin by starting your TFTP program. It must be running and configured to transmit and receive. [Device-Name]>set tftpfilename <file name> tftpfiletype config tftpipaddr <IP address of your TFTP server>...
Page 164 Command Line Interface (CLI) AP-700 User Guide Other Network Settings • Set Ethernet Speed and Transmission Mode • Set Interface Management Services • Configure Wireless Distribution System • Configure MAC Access Control • Set RADIUS Parameters • Set Rogue Scan Parameters •...
Page 165 [Device-Name]>set linkintstatus enable [Device-Name]>show linkinttbl (to confirm new settings) [Device-Name]>reboot 0 Change Wireless Interface Settings Interfaces for information on the parameters listed below. The AP-700 uses index 3. Operational Mode [Device-Name]>set wif <index> mode <see table> Mode Operational Mode dot11b-only...
Page 166 Command Line Interface (CLI) AP-700 User Guide Other Network Settings Set Load Balancing Maximum Number of Clients [Device-Name]>set wif <index> lbmaxclients <1–63> Set the Multicast Rate (802.11a) [Device-Name]>set wif 3 multrate <6, 12, 24 > (Mbits/sec) Set the Multicast Rate (802.11b/g) [Device-Name]>set wif 3 multrate <1, 2, 5.5, 11...
Page 167 Command Line Interface (CLI) AP-700 User Guide Other Network Settings Value Distance Between APs Large Medium Small Mini Micro Set Ethernet Speed and Transmission Mode [Device-Name]>set etherspeed <value> (see below) [Device-Name]>reboot 0 Ethernet Speed and Value Transmission Mode 10 Mbits/sec - half duplex...
Page 168 Command Line Interface (CLI) AP-700 User Guide Other Network Settings [Device-Name]>set sslstatus <enable/disable> The user must change the SSL passphrase when uploading a new certificate/private key pair, which will have a corresponding passphrase. [Device-Name]>set sslpassphrase <SSL certificate passphrase> [Device-Name]>show http (to view all HTTP configuration information including SSL.)
Page 169 Command Line Interface (CLI) AP-700 User Guide Other Network Settings Configure Wireless Distribution System Create/Enable WDS [Device-Name]>set wdstbl <Index> partnermacaddr <MAC Address> status enable Enable/Disable WDS [Device-Name]>set wdstbl <Index> status <enable/disable> NOTE: <Index> is 3.1–3.6. To determine the index, type show wdstbl at the prompt.
Page 170 Command Line Interface (CLI) AP-700 User Guide Other Network Settings [Device-Name]>set radiustbl 1.2 profname "MAC Authentication" seraddrfmt 1 sernameorip 20.0.0.30 port 1812 ssecret public responsetm 3 maxretx 3 acctupdtintrvl 0 macaddrfmt 1 authlifetm 900 radaccinactivetmr 5 vlanid 33 status enable [Device-Name]>show radiustbl...
Page 171 Command Line Interface (CLI) AP-700 User Guide Other Network Settings Set Rogue Scan Parameters Perform the following command to enable or disable Rogue Scan on a wireless interface and configure the scanning parameters. The cycletime parameter is only configured for background scanning mode.
Page 172: Cli Monitoring Parameters
Command Line Interface (CLI) AP-700 User Guide CLI Monitoring Parameters Set Security Profile Parameters Configure a Security Profile with Non Secure Security Mode [Device-Name]>set secprofiletbl <index> secmode nonsecure status enable Example: [Device-Name]>set secprofiletbl 2 secmode nonsecure status enable Configure a Security Profile with WEP Security Mode [Device-Name]>set secprofiletbl <index>...
Page 173: Parameter Tables
Command Line Interface (CLI) AP-700 User Guide Parameter Tables • statbridgetbl: Displays the Learn Table. • statiapp: Displays the IAPP statistics. • statradius: Displays the RADIUS Authentication statistics. • statif: Displays information and statistics about the Ethernet and wireless interfaces.
Page 174 Command Line Interface (CLI) AP-700 User Guide Parameter Tables – TFTP Server Parameters - Set up for file transfers; specify IP Address, file name, and file type – IP Access Table Parameters - Configure range of IP addresses that can access the AP –...
Page 175: System Parameters
Command Line Interface (CLI) AP-700 User Guide Parameter Tables System Parameters Name Type Value Access CLI Parameter System Group system Name DisplayString User Defined sysname Location DisplayString User Defined sysloc Country Identifier* DisplayString Country Identifiers sysworldcountrycode below Contact Name DisplayString...
Page 176 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Country Identifiers NOTE: All countries may not be available on your AP. Country Indoor/Outdoor Identifier Argentina Indoor Australia Indoor Outdoor Austria Indoor Outdoor Belgium Indoor Outdoor Bolivia Indoor Outdoor Brazil Indoor...
Page 177 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Country Indoor/Outdoor Identifier Hungary Indoor Outdoor Iceland Indoor Outdoor India Indoor Ireland Indoor Outdoor Italy Indoor Outdoor Jamaica Indoor Outdoor Latvia Indoor Outdoor Liechtenstein Indoor Outdoor Lithuania Indoor Outdoor Luxembourg Indoor...
Page 178: Network Parameters
Command Line Interface (CLI) AP-700 User Guide Parameter Tables Country Indoor/Outdoor Identifier Spain Indoor Outdoor South Korea Indoor/outdoor Sweden Indoor Outdoor Switzerland Indoor Outdoor Taiwan Indoor Outdoor United Arab Emirates Indoor United Kingdom Indoor Outdoor Inventory Management Information The inventory management commands display advanced information about the AP’s installed components. You may be asked to report this information to a representative if you contact customer support.
Page 179 Command Line Interface (CLI) AP-700 User Guide Parameter Tables DNS Client for RADIUS Name Resolution Name Type Value Access CLI Parameter DNS Client Group DNS Client status Integer enable dnsstatus disable (default) Primary DNS Server IP IpAddress User Defined dnspridnsipaddr...
Page 180 Command Line Interface (CLI) AP-700 User Guide Parameter Tables DHCP Relay Group The DHCP Relay Group allows you to enable or disable DHCP Relay Agent Status. Name Type Value Access CLI Parameter DHCP Relay Group Group dhcprelay Status Integer enable...
Page 181 Command Line Interface (CLI) AP-700 User Guide Parameter Tables SNTP Parameters Name Type Value Access CLI Parameter SNTP Group Group sntp SNTP Status Integer enable sntpstatus disable Primary Server Name or DisplayString 0 - 255 characters sntpprisvr IP Address Secondary Server Name...
Page 182: Interface Parameters
Command Line Interface (CLI) AP-700 User Guide Parameter Tables Interface Parameters Wireless Interface Parameters The wireless interface group parameter is wif. The wireless interface uses table index 3. Common Parameters to 802.11a, and 802.11/b/g Name Type Value Access CLI Parameter...
Page 183 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Distance Between Receive Sensitivity Transmit Defer Threshold Threshold (dBm) (dBm) Large Medium Small Mini Micro 802.11a Only Parameters Name Type Value Access CLI Parameter Operating Frequency Integer Varies by regulatory channel Channel domain and country.
Page 184 Command Line Interface (CLI) AP-700 User Guide Parameter Tables 802.11b Only Parameters Name Type Value Access CLI Parameter Operating Frequency Integer 1 - 14; available channel Channel channels vary by regulatory domain/country; see Available Channels Multicast Rate Integer 1 Mbits/sec (1)
Page 185 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Name Type Value Access CLI Parameter Transmit Rate Integer32 For 802.11b-only txrate mode: 0 (auto fallback; default) 1 Mbits/sec 2 Mbits/sec 5.5 Mbits/sec 11 Mbits/sec For 802.11g-only mode:* 0 (auto fallback; default)
Page 186 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Channel Blacklist Parameters Name Type Value Access CLI Parameter Wireless Interface Table wifchblklisttbl wdstbl Channel Blacklist Table Interface Index Integer ifindex Channel Number Integer Depends on regulatory channel domain Radar Detected...
Page 187 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Name Type Value Access CLI Parameter Security Profile Integer32 User defined secprofile RADIUS MAC Profile DisplayString User defined radmacprofile RADIUS EAP Profile DisplayString User defined radeapprofile RADIUS Accounting DisplayString User defined...
Page 188: Management Parameters
Command Line Interface (CLI) AP-700 User Guide Parameter Tables Management Parameters Secure Management Parameters Name Type Value Access CLI Parameter Secure Management Integer 1 (enable) securemgmtstatus 2 (disable) SNMP Parameters Name Type Value Access CLI Parameter SNMP Group snmp SNMP Management...
Page 189 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Telnet Parameters Name Type Value Access CLI Parameter Telnet Group telnet Telnet Management Interface Bitmask 0 or 2 = No interfaces telifbitmask Interface Bitmask (disable) 1 or 3 = Ethernet 4 or 6 = Wireless...
Page 190 Command Line Interface (CLI) AP-700 User Guide Parameter Tables SSH Parameters The following commands enable or disable SSH and set the SSH host key. Name Type Value Access CLI Parameter SSH Status Integer enable sshstatus disable SSH Public Host Key...
Page 191: Filtering Parameters
Command Line Interface (CLI) AP-700 User Guide Parameter Tables Name Type Value Access CLI Parameter TFTP File Type Integer tftpfiletype config bootloader sslcertificate sslprivatekey sshprivatekey sshpublickey clibatchfile (CLI Batch File) cbflog (CLI Batch Error Log) IP Access Table Parameters When creating table entries, you may either specify the argument name followed by argument value or simply enter the argument value.
Page 192 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Name Type Value Access CLI Parameter Protocol Name (optional) DisplayString protoname Status (optional) Integer enable (1) status disable (2) delete (3) NOTE: The filter Operation Type (passthru or block) applies only to the protocol filters that are enabled in this table.
Page 193 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Proxy ARP Parameters Name Type Value Access CLI Parameter Proxy ARP Group parp Status Integer enable parpstatus disable (default) IP ARP Filtering Parameters Name Type Value Access CLI Parameter IP ARP Filtering...
Page 194: Alarms Parameters
Command Line Interface (CLI) AP-700 User Guide Parameter Tables Name Type Value Access CLI Parameter Port Number Octet String User Defined portnum (there are also 4 pre-defined protocols: Index 1: NetBios Name Service - 137, Index 2: NetBios Datagram Service - 138, Index 3:...
Page 195 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Name Type Value Access CLI Parameter Syslog Status Integer enable syslogstatus disable (default) Syslog Port Octet String syslogport Syslog Lowest Priority Integer 1 = LOG_ALERT syslogpritolog Logged 2 = LOG_CRIT 3 = LOG_ERR...
Page 196: Bridge Parameters
Command Line Interface (CLI) AP-700 User Guide Parameter Tables Bridge Parameters Spanning Tree Parameters Name Type Value Access CLI Parameter Spanning Tree Group Spanning Tree Status Integer enable stpstatus disable (default) Bridge Priority Integer 0 - 65535 stppriority 32768 (default)
Page 197 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Storm Threshold Table Name Type Value Access CLI Parameter Storm Threshold Table Table stmthrestbl Table Index Integer 1 = Ethernet index 3 = Wireless Broadcast Threshold Integer 0 - 255 packets/sec...
Page 198: Radius Parameters
Command Line Interface (CLI) AP-700 User Guide Parameter Tables RADIUS Parameters General RADIUS Parameters Name Type Value Access CLI Parameter RADIUS Group radius Client Invalid Server Counter32 radcliinvsvradd Address RADIUS Server Configuration Parameters NOTE: Use a server name only if you have enabled the DNS Client functionality. See DNS Client for RADIUS Name Resolution.
Page 199: Security Parameters
Command Line Interface (CLI) AP-700 User Guide Parameter Tables Security Parameters MAC Access Control Parameters Name Type Value Access CLI Parameter MAC Address Control Group macacl Status Integer enable aclstatus disable (default) Operation Type Integer passthru (default) macacloptype block MAC Access Control Table...
Page 200 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Name Type Value Access CLI Parameter Hardware Configuration Integer enable (1) hwconfigresetstatus Reset Status disable (2) Configuration Reset DisplayString User Defined configresetpasswd Password Security Profile Table The Security Profile Table allows you to configure security profiles. A maximum of 16 security profiles are supported.
Page 201: Vlan/Ssid Parameters
Command Line Interface (CLI) AP-700 User Guide Parameter Tables Key Length Hexadecimal ASCII 128-bit 26 characters (0 - F) 13 alphanumeric characters 152-bit 32 characters (0 - F) 16 alphanumeric characters Each ASCII character corresponds to two hexadecimal digits. See...
Page 202 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Enabling QoS Name Type Value Access CLI Parameter QoS Status Object Status enable qosstatus disable (default) QoS Maximum Medium Integer 50 - 90 qosmaximummediumthresh Threshold Configuring QoS Policies The QoS group manages the QoS policies:...
Page 203 Command Line Interface (CLI) AP-700 User Guide Parameter Tables Specifying the Mapping between IP Precedence/DSCP Ranges and 802.1D Priorities The QoS IP DSCP to 802.1D Mapping Table specifies the mapping between IP Precedence/DSCP Ranges and 802.1D priorities. Name Type Value...
Page 204: Cli Batch File
Command Line Interface (CLI) AP-700 User Guide CLI Batch File Defining the QoS Policy used for a Wireless Interface SSID The QoS Policy object configures the QoS policy to be used per wireless interface SSID. This object is part of the Wireless Interface SSID Table;...
Page 205: Reboot Behavior
Command Line Interface (CLI) AP-700 User Guide CLI Batch File set ipaddr 11.0.0.66 set ipaddrtype static set ipsubmask 255.255.255.0 set ipgw 11.0.0.1 set wif 4 autochannel disable set wif 4 mode 1 set syslogstatus enable set sysloghbstatus enable set sysloghbinterval 5...
Page 206 Command Line Interface (CLI) AP-700 User Guide CLI Batch File...
Page 207: B Ascii Character Chart
AP-700 User Guide ASCII Character Chart You can configure WEP Encryption Keys in either Hexadecimal or ASCII format. Hexadecimal digits are 0-9 and A-F (not case sensitive). ASCII characters are 0-9, A-F, a-f (case sensitive), and punctuation marks. Each ASCII character corresponds to two hexadecimal digits.
Page 208: C Specifications
Specifications • Software Features • Hardware Specifications • Available Channels Software Features The tables below list the software features available on the AP-700. • Number of Stations per BSS • Management Functions • Advanced Bridging Functions • Medium Access Control (MAC) Functions •...
Page 209: Advanced Bridging Functions
Specifications AP-700 User Guide Software Features Advanced Bridging Functions Feature Supported by AP-700 IEEE 802.1d Bridging WDS Relay Roaming Protocol Filtering Multicast/Broadcast Storm Filtering Proxy ARP TCP/UDP Port Filtering Blocking Intra BSS Clients Packet Forwarding Medium Access Control (MAC) Functions...
Page 210: Security Functions
Specifications AP-700 User Guide Software Features Security Functions Feature Supported by AP-700 Security Profiles per VLAN RADIUS Profiles per VLAN IEEE 802.11 WEP* MAC Access Control RADIUS MAC-based Access Control † IEEE 802.1x Authentication ‡ Multiple Authentication Server Support per VLAN Rogue Scanning to Detect Rogue Access Points and Clients §...
Page 211: Hardware Specifications
Specifications AP-700 User Guide Hardware Specifications Hardware Specifications Physical Specifications Dimensions (H x W x L) = 1.1 x 4.8 x 7.1 in (28 x 122 x 180 mm) Weight = .65 lb (.295 kg) Electrical Specifications Voltage = 100 to 240 VAC (50-60 Hz) Current = 0.2 amp...
Page 212: Available Channels
1. Locate the product model number on the underside of your AP unit or on the unit’s box. 2. Note the alphanumeric code following the number 8675. (e.g., 8675-EU) 3. See the following table. NOTE: Country restrictions may apply. Please see Professional Installation. AP-700 Channels by Model Number Mode Frequency Channel Product Model Number Band 802.11b/g...
Page 213 Specifications AP-700 User Guide Available Channels Channel Allocation by Country Available channel bands in product models ending with -WD, -EU, and -UK depend on the selected country and mode of use (indoor/outdoor). See Frequency Bands for a list of channels in each band, and...
Page 214 Specifications AP-700 User Guide Available Channels Country Indoor/Outdoor 802.11a 802.11b/g Country .11d Country Mode Mode Identifier Code Germany Indoor L, M, H 1 - 13 Outdoor 1 - 13 Greece Indoor L, M, H 1 - 13 Outdoor 1 - 13...
Page 215 Specifications AP-700 User Guide Available Channels Country Indoor/Outdoor 802.11a 802.11b/g Country .11d Country Mode Mode Identifier Code Papua New Guinea Indoor L, M, U, ISM 1 - 11 Outdoor M, U, ISM 1 - 11 Poland Indoor L, M, H...
Page 216: D Technical Services And Support
If you are having trouble utilizing your Proxim product, please review this manual and the additional documentation provided with your product. If you require additional support and would like to use Proxim’s free Technical Service to help resolve your issue, please be ready to provide the following information before you contact Proxim’s Technical Services: •...
Page 217: Support Options
Priority Queuing: This service allows your product issue to be routed to the next available Customer Service Engineer. To purchase ServPak support services, please contact your authorized Proxim distributor. To receive more information or for questions on any of the available ServPak support options, please call Proxim Support at +1-408-542-5390 or send an email to servpak@proxim.com.
Page 218: E Statement Of Warranty
The express warranties set forth in this Agreement will not apply to defects in a Product caused; (i) through no fault of Proxim Wireless during shipment to or from Buyer, (ii) by the use of software other than that provided with or installed in...
Page 219: Other Information
Calls to the Customer Service Center for reasons other than Product failure will not be accepted unless Buyer has purchased a Proxim Wireless Service Contract or the call is made within the first thirty (30) days of the Product’s invoice date.
Page 220: F Professional Installation
NOTE: AP-700 models 8675-US2 and 8675-AU do not provide external antenna connectors. Figure F-1 Opening the Antenna Compartment 2. There are two antenna connectors in the AP-700, labeled 1 and 2. Connect the antenna cable to connector 1 (the connector closer to the LED panel in the compartment).
Page 221 Professional Installation AP-700 User Guide Installing External Antennas Figure F-2 AP-700 Antenna Connectors 3. If installing a second external antenna (not recommended), connect the antenna cable to connector 2. 4. Close the external antenna access compartment. 5. If desired, manually select which antenna(s) to use through the Command Line Interface. See Configure Antenna Diversity.
Page 222: Adjusting Tx Output Power
Professional Installation AP-700 User Guide Adjusting Tx Output Power Adjusting Tx Output Power Use the following formula in combination with the table of EIRP limits in US and EU countries to calculate system transmit power (based on EIRP limits) of these countries: Tx Power (dBm) = EIRP Limit (dBm) + FL (dB) –...

Proxim ORiNOCO AP-700 User Giude

1 Introduction

2 Installation and Initialization

3 System Status

4 Advanced Configuration

5 Monitoring

6 Commands

7 Troubleshooting

A Command Line Interface (CLI)

B ASCII Character Chart

C Specifications

D Technical Services and Support

E Statement of Warranty

F Professional Installation

Quick Links

Need help?

Questions and answers

Related Manuals for Proxim ORiNOCO AP-700

Summary of Contents for Proxim ORiNOCO AP-700

Table of Contents