Page 1 ORiNOCO AP-2500 Access Point Public Access AP User Guide...
Page 2 5,875,179; 6,006,090; 5,809,060; 6,075,812; 5,077,753. This user’s guide and the software described in it are copyrighted with all rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form by any means without the written permission of Proxim Corporation.
Page 3: Table Of Contents
ORiNOCO AP-4000 User Guide Contents Introduction ........... .14 Introducing the AP-2500 .
Page 4 Contents Configure the Ethernet Interface ..........37 Set WEP Encryption for each Wireless Interface (optional) .
Page 5 Contents VLAN ..............70 Typical VLAN Configurations .
Page 6 Contents Home Page Redirection (HPR) ......... . . 101 Authentication, Authorization, and Accounting (AAA) .
Page 7 Contents Enabling Cookie Support ........... . 162 Changing the Login Screen Logos .
Page 8 Contents HTTP (browser) or Telnet Interface Does Not Work ......188 HTML Help Files Do Not Appear ......... . . 189 Telnet CLI Does Not Work .
Page 9 Contents A Using the Command Line Interface ....... .199 Prerequisite Skills and Knowledge ........200 Notation Conventions .
Page 10 Contents Enable/Disable Interference Robustness ........217 Enable/Disable Closed System .
Page 11 Contents Home Page Redirection Parameters ......... . . 236 AAA Parameters .
Page 12 Sample command XML (X over Y Plan): ........259 Response for the User Add Command.
Page 13 Wireless Communication Range ..........273 F Technical Support .
Page 14: Introduction
Active Ethernet Introducing the AP-2500 The ORiNOCO AP-2500 is an all-in-one wireless access point and access gateway specifically designed for public hotspot providers and enterprises. It is a cost-effective solution for small and medium public hotspots, such as coffee shops, hotels, and airport lounges, and it enables enterprises to offer corporate visitors immediate wireless network access regardless of their existing network or ISP settings.
Page 15 Introduction • VPN Passthrough: The AP-2500 can support multiple PPTP and IPsec VPN sessions for subscribers. See VPN/iNAT (Intelligent Address Translation) for details. • Support for Application Level Gateways (ALGs): The AP-2500 supports Application Level Gateways (ALGs) providing transparent access to subscribers for popular Web-based applications that do not work in typical Network Address Translation (NAT) environments (see Dynamic Address Translation (DAT) for details).
Page 16: Dynamic Address Translation (Dat)
Introduction • Session Rate Limiting: Reduces the risk of “Denial of Service” attacks by allowing administrators to limit the number of sessions one user can take over a given time period and, if necessary, then block malicious users. See Session Rate Limiting for details.
Page 17: Ieee 802.11 Specifications
Introduction Figure 1-1 Sample AP-2500 Hotspot Configuration The AP-2500 supports the full set of wireless networking features that are typically available with traditional access points (that is, access points that do not supply hotspot connectivity), including: • Easy installation and operation •...
Page 18: Limitations On Roaming
Introduction Figure 1-2 802.11a versus 802.11b Coverage Area Limitations on Roaming Roaming is the ability of a wireless client to move from one Access Point to another while maintaining an uninterrupted connection to the network. Most traditional Access Points support this feature. While the AP-2500 supports seamless roaming from a radio perspective, in practice it does not support seamless roaming for subscribers from AP-2500 to AP-2500 in a hotspot environment.
Page 19 Introduction Feature 2.4 GHz 5 GHz Comments (802.11b) (802.11a) DHCP Client DHCP Server TFTP 802.1d bridging MAC Access Control Table Ethernet Protocol Filtering ICMP Echo Response (i.e., responds to pings) Hardware Watchdog Timer Automatic Channel Select Key lengths supported: 64-bit and 128-bit (Note: Some products refer to 64-bit as “40-bit”...
Page 20: The Product Package
Introduction The following table provides detailed information on the differences between the 802.11a and 802.11b feature sets. 2.4 GHz 5 GHz (802.11b) (802.11a) Physical Layer Type DSSS ODFM (Modulation Type) (Direct Sequence Spread Spectrum) (Orthogonal Frequency Division Multiplexing) Auto Channel Select enable (default) enable (default) disable...
Page 21: Minimum System Requirements
Introduction • One power supply (if you purchased the Power Supply model) • One power cord (if you purchased the Power Supply model) • One ORiNOCO Installation CD-ROM that contains the following: – Software Installation Wizard – ScanTool – Solarwinds TFTP software –...
Page 22: Snmp Management
IEEE 802.11 MIB Proxim provides these MIB files on the AP-2500 CD. You need to compile one or more of the above MIBs into your SNMP program’s database before you can manage the AP-2500. Refer to the documentation that came with your SNMP manager for instructions on how to compile MIBs.
Page 23: Active Ethernet
Introduction The Nomadix MIB controls the following settings: • All of the Public Space features found under the PublicSpace and Subscriber headings within the Web browser interface (described in Public Space Parameters). • The following Network parameters: — IP Configuration —...
Page 24: Installation & Basic Configuration
ORiN Installation & Basic Configuration This chapter describes how to install the AP-2500 hardware and perform basic configuration operations. • Prerequisites • Hardware Installation • Initialization (ScanTool) • Basic Configuration • Download the Latest Software • Back-up the AP’s Configuration Files Prerequisites Before installing an AP-2500, you need to gather certain network information.
Page 25: Hardware Installation
Installation & Basic Configuration Hardware Installation Refer to the steps below that correspond to your configuration: • AP-2500 with Active Ethernet • AP-2500 with Power Supply • Installing a Card in Slot B • 5 GHz Kit Installation • Installing the AP-2500 in a Plenum AP-2500 with Active Ethernet Follow these installation steps if you purchased an AP with Active Ethernet: 1.
Page 26: Ap-2500 With Power Supply
Connect an Ethernet cable from an AE hub to the AP 6. Determine the best location for your device. NOTE: Proxim recommends that you perform a Site Survey prior to determine the installation location for your AP-2500. For information about how to conduct a Site Survey, contact your local reseller.
Page 27 Installation & Basic Configuration 1. Clip the power supply into the mounting bracket. 2. Plug the AC power cord into the power supply. Figure 2-5 Install the power supply 3. Slide the AP module onto the mounting bracket. Make sure it is properly seated. 4.
Page 28 Power LED turns green when the unit is operational 9. Determine the best location for your device. NOTE: Proxim recommends that you perform a Site Survey prior to determine the installation location for your AP-2500. For information about how to conduct a Site Survey, contact your local reseller.
Page 29: Installing A Card In Slot B
Installation & Basic Configuration 10. Once you have chosen a final location for your unit, mount the wall bracket and the processor module and place the cover onto the unit as shown. Figure 2-9 Wall mounting the AP Installing a Card in Slot B The AP-2500 ships with a metal faceplate that covers Slot B, shown below.
Page 30 Installation & Basic Configuration Figure 2-11 Remove the AP cover 4. Remove the power and Ethernet cables from the unit. 5. Position the antenna adapter, card inward, facing the top of the unit (see diagram) and insert the 5 GHz card into the available card slot.
Page 31: Installing The Ap-2500 In A Plenum
Installation & Basic Configuration Figure 2-13 Insert antenna 8. Position the antenna for best reception: • at a 90° angle for flat surface mounts • at a 180° angle for wall mounts 9. Re-attach the power and Ethernet cabling. 10. Re-install the cover and mount the AP back in place. 11.
Page 32: Initialization (Scantool)
Installation & Basic Configuration Initialization (ScanTool) ScanTool is a software utility that is included on the installation CD-ROM. The tool automatically detects the Access Points installed on your network, regardless of IP address, and lets you configure each unit’s IP settings. In addition, you can use ScanTool to download new software to an AP that does not have a valid software image installed (see Download a New Image Using...
Page 33 Ethernet after turning it on). • Proxim recommends that you assign the AP-2500 a static public IP address (that is, an address that is routable on the Internet). Some of the Public Space features will not work properly if the AP’s IP address changes at a later date.
Page 34: Basic Configuration
Installation & Basic Configuration Basic Configuration Once you have a valid IP Address assigned to your AP-2500 and you can communicate with it over an Ethernet network, use your web browser to configure the AP-2500. This section describes how to perform some basic functions and configure some of the AP’s basic settings to get you started.
Page 35: Set System Name, Location And Contact Information
Installation & Basic Configuration Figure 2-18 Web Interface’s System Status Screen Set System Name, Location and Contact Information Figure 2-19 System Configuration 1. Click Configure > System. 2. Enter a name for the AP, its location within your network or its physical location (such as “Front Lobby” or Engineering), and the name, phone number, and e-mail address of the person responsible for this device.
Page 36: Set The Access Point's Ip Address
2. Set the IP Address Assignment Type (Dynamic or Static). NOTE: For best results, Proxim recommends that you assign the AP-2500 a static public IP address that is routable on the Internet. If you use a dynamic IP address, some of the Public Space features may not work properly if the IP address changes at a later date.
Page 37: Configure The Ethernet Interface
Installation & Basic Configuration The AP includes a feature called Closed System for 802.11b cards that prevents clients with a Network Name of “any” from communicating with the AP. If you want to enable Closed System, keep in mind that you will need to inform subscribers of the Network Name and they will need to change this setting on their computer before gaining access to the network.
Page 38: Set And Change Passwords
Installation & Basic Configuration • You can enter the Encryption Keys in either hexadecimal or ASCII format. • You need to configure your wireless clients to use the same Keys in order for the clients and the AP to communicate. Subscribers that do not have the same encryption settings will be unable to login at the hotspot. 4.
Page 39: Configure The Date And Time
This is the password for the HTTP Web browser interface. The default password is “public”. 6. Click OK. NOTE: For security purposes Proxim recommends that you change ALL PASSWORDS from the default “public” immediately to restrict access to authorized personnel. If you lose or forget your password settings, you can...
Page 40: Reboot The Ap
Download the Latest Software Proxim periodically releases updated software for the AP on its Web site at http://www.proxim.com/. Proxim recommends that you check the Web site for the Web site for the latest updates after you have installed and initialized the unit.
Page 41: Download Updates From Your Tftp Server Using The Cli Interface
Installation & Basic Configuration Download Updates from your TFTP Server using the CLI Interface 1. Download the latest software at http://www.proxim.com/. 2. Copy the latest software updates to your TFTP server. 3. Open the CLI interface via Telnet or a serial connection. (See...
Page 42: Downloading Configuration Files
Installation & Basic Configuration Downloading Configuration Files Follow these steps to download configuration files to the AP: 1. Copy config.sys and current.txt to your TFTP server’s root directory (if necessary). 2. Login to the AP’s Web browser interface. 3. Click Commands > Download. 4.
Page 43: Ap-2500 Authentication Methods
ORiN AP-2500 Authentication Methods This chapter discusses the authentication methods used by the AP-2500. • Authentication Overview • Internal Authentication • Internal Authentication with RADIUS • External Authentication The AP-2500 is a versatile Access Point for hotspot locations that supports multiple authentication methods. The unit includes all of the features necessary for a user to set up a hotspot quickly and easily without requiring servers or advanced Web design skills.
Page 44: Internal Authentication
AP-2500 Authentication Methods Markup Language) commands. This configuration is intended for advanced users who have some background in Web design. The following sections provide detailed information and step-by-step configuration instructions for each of the authentication methods described above (except for the “no authentication” option). Internal Authentication In this configuration, the AP-2500 provides all authentication services to subscribers using its Internal Web Server (IWS).
Page 45: End User Experience
AP-2500 Authentication Methods End User Experience The following procedure details the experience of the typical customer if you configure the AP-2500 to use internal authentication: 1. Customer enters the hotspot and turns on his laptop that has a wireless card installed. •...
Page 46: Configuration Instructions
AP-2500 Authentication Methods Configuration Instructions Follow these steps to configure an AP-2500 to perform internal authentication: 1. Configure the AP-2500’s basic settings. This includes the AP’s IP address, System parameters, and management passwords. See Basic Configuration for details. 2. If not already open, access the AP’s Web browser interface. (See Logging into the Web Interface for instructions.) 3.
Page 47 AP-2500 Authentication Methods Figure 3-2 AAA Configuration 12. To enable the Origin Server (OS) parameter, place a check mark in the Enable Origin Server Encoding box. The Block ICMP Packets (from pending) box allows you to block all ICMP traffic from "pending" (non-authenticated) users that is destined to addresses other than those defined in the pass-through list.
Page 48 — Authorize.net’s WebLink solution (U.S.) -- http://www.authorize.net/ — As of the release of this documentation, Authorize.net is discontinuing support for WebLink. Proxim is working to provide support for Authorize.net’s Simple Integration Solution (SIM) method in the next AP-2500 firmware release.
Page 49 If you want properly configured subscribers to send mail without being redirected, enable only the Misconfigured option. In general, Proxim recommends that you enable both options. Also, you should never enable Properly Configured and disable Misconfigured (this combination defeats the purpose of SMTP Redirection).
Page 50 AP-2500 Authentication Methods • A default logo appears on the subscriber login page for new units. You will want to replace this logo with your own. See Changing the Login Screen Logos for detailed instructions. 36. If you want to manually add customers to the Authorized Subscribers Table, click the Authorized tab.
Page 51: Internal Authentication With Radius
AP-2500 Authentication Methods Internal Authentication with RADIUS In this configuration, the AP-2500 provides all of the authentication services described in Internal Authentication, but it also communicates with a Remote Authentication Dial-In User Service (RADIUS) server on the network to determine if a user is valid.
Page 52: Notes Concerning Radius
AP-2500 Authentication Methods 8. RADIUS server sends an acknowledgment back to the AP that the accounting message was successfully received. • This assumes that RADIUS accounting is enabled. • In addition to sending an accounting “start” message when a subscriber logs in, the AP also sends an accounting “stop”...
Page 53 AP-2500 Authentication Methods 1. Install the RADIUS application on your network server, if necessary. • IAS is included with Windows 2000 Server. If you want to install IAS, follow these steps: Click Start > Control Panel. Double-click the Add/Remove Programs icon. Click the Add/Remove Windows Components option.
Page 54 AP-2500 Authentication Methods 16. Return to the Internet Authentication Services window and right-click the Remote Access Policies entry in the navigation tree. 17. Select New Remote Access Policy from the drop-down menu. 18. Enter a Policy friendly name in the field provided and click Next. 19.
Page 55: Configure The Ap-2500
AP-2500 Authentication Methods Click OK twice. 10. Enter additional VSAs or click OK to continue. 11. Click Close. 12. Click OK twice. Configure the AP-2500 After you have installed and configured your RADIUS server, you need to configure your AP to communicate with the RADIUS server and provide internal authentication.
Page 56 AP-2500 Authentication Methods • First identify the default RADIUS service profile. Note that you must first configure a RADIUS service profile on the Public Space > AAA > Profile tab. • Place a check mark in the AAA Radius box to enable the feature. •...
Page 57: External Authentication
AP-2500 Authentication Methods External Authentication The External Web Server (EWS) interface was designed for customers who want to develop and use their own content. It allows for more customization than if using the Internal Web Server (IWS). By using an EWS (External Web Server) you can authenticate subscribers externally;...
Page 58: Configuration Instructions
AP-2500 Authentication Methods • The customer must try to access a valid Web site to initiate a redirect. Entering an unreachable URL or invalid Web address will not initiate a redirect to the External portal page. • Customers who try to access e-mail first will not have a connection. Customers need to login via a Web browser first.
Page 59 AP-2500 Authentication Methods • Some applications require a public IP address to function properly over the Internet (such as certain VPN applications, on-line gaming, and Web hosting). Customers who require a public IP address may be willing to a premium for this service. •...
Page 60 If you want properly configured subscribers to send mail without being redirected, enable only the Misconfigured option. In general, Proxim recommends that you enable both options. Also, you should never enable Properly Configured and disable Misconfigured (this combination defeats the purpose of SMTP Redirection).
Page 61: Network Parameters
ORiN Network Parameters This chapter describes all of the network operating parameters that can be configured using the Access Point’s Web browser interface (that is, the parameters accessible after clicking the Configure button). • System: Configure specific system information such as system name and contact information. •...
Page 62: Network
Access Point’s IP settings, set this parameter to Static. NOTE: For best results, Proxim recommends that you assign the AP-2500 a static public IP address that is routable on the Internet. If you use a dynamic IP address, some of the Public Space features may not work properly if the IP address changes at a later date.
Page 63: Overview Of Dhcp Server Parameters
Network Parameters Overview of DHCP Server Parameters The following parameters are available from the DHCP Server Configuration screen: • Enable DHCP Server: When enabled, the AP acts as a DHCP server and assigns subscribers IP addresses. • Enable DHCP Server IP Upsell: When enabled, the AP assigns subscribers private IP addresses before authentication and public IP addresses after authentication.
Page 64 Network Parameters Private IP Address Assignment vs. IP Upsell The AP-2500 will provide a DHCP lease for any subscriber with DHCP client enabled. Typically this will be a private IP address assigned from the AP’s primary DHCP address pool. However, some customers my require a public, routable IP address to support all of their Internet programs.
Page 65 Network Parameters 2. Place a check mark in the Enable DHCP Server box to enable. 3. Remove the check mark from the Enable DHCP Server IP Upsell box to disable. 4. Remove the check mark from the Enable DHCP Relay box. 5.
Page 66 Network Parameters Enabling IP Upsell with External DHCP Servers (IP Upsell Relay) Follow these steps to enable IP Upsell with the AP providing private IP addresses before authentication and an external DHCP Server providing public IP addresses after authentication: 1. Login to the AP’s Web browser interface. 2.
Page 67: Dhcp Pool
Network Parameters DHCP Pool You can configure multiple public and private DHCP Pools for the same physical LAN. Figure 4-2 DHCP Pool Configuration Screen Follow these steps to configure the DHCP Pool settings: 1. Login to the Web interface. 2. Click Configure > Network > DHCP Pool. The default private DHCP IP address pool is the first entry in the DHCP Pools table.
Page 68 Network Parameters DHCP Pool parameters are dependent on which DHCP Server Configuration you use. See DHCP Server Configuration Options for information. The following parameters are configurable: • Server IP Address: Specifies the IP address to which DHCP clients send DHCP requests. The server responds to the client request with an offer message containing the DHCP lease address.
Page 69: Dns Server
Network Parameters DNS Server The Domain Name System (DNS) maps a host name to its IP address on the Internet. The AP redirects DNS resolution requests to a local DNS server on behalf of subscribers. The AP must have valid DNS settings and be able to communicate with a DNS server to provide Internet access to customers.
Page 70: Vlan
Network Parameters VLAN Virtual Local Area Networks (VLANs) are logical groupings of network resources. Defined by software settings, VLAN resources appear (to clients) to be in the same room, no matter where they are attached on the physical LAN segment. They simplify traffic flow between clients and their frequently-used or restricted resources.
Page 71: Vlan Workgroups And Traffic Management
Network Parameters VLAN Workgroups and Traffic Management Traditional, dual-slot access point devices that are not VLAN-capable typically broadcast and multicast traffic over both wireless cells. This process wastes wireless bandwidth and degrades throughput performance. In comparison, the dual-slot, VLAN-capable AP-2500 device is designed to efficiently manage delivery of broadcast, multicast, and unicast traffic to wireless clients.
Page 72: Setting Up Independent Vlan Workgroups
Network Parameters Figure 4-6 VLAN Configuration Screen (Wireless A and Wireless Tagged with Different VLAN IDs) 1. Login to the Web interface. 2. Click Configure > Interfaces > Wireless A. 3. Set the SSID for card A. 4. Click the Wireless B tab. 5.
Page 73: Setting Up A Single Vlan Workgroup
Network Parameters Figure 4-7 VLAN Configuration Screen (Slot A tagged; Slot B untagged) 1. Login to the Web interface. 2. Click Configure > Interfaces > Wireless A. 3. Set the SSID for card A. 4. Click the Wireless B tab. 5.
Page 74 Network Parameters Figure 4-8 VLAN Configuration Screen (Wireless A and Wireless B Use Same VLAN ID) 1. Login to the Web interface. 2. Click Configure > Interfaces > Wireless A. 3. Set the SSID for card A. 4. Click the Wireless B tab. 5.
Page 75: Link Integrity
Network Parameters Link Integrity The Link Integrity feature checks the link between the AP and the nodes on the Ethernet backbone. These nodes are listed by IP address in the Link Integrity IP Address Table. The AP periodically pings the nodes listed within the table. If the AP loses network connectivity (that is, the ping attempts fail), the AP disables its wireless interface until the connection is restored.
Page 76: Interfaces
Network Parameters Interfaces From the Interfaces tab, you configure the Access Point’s radio and Ethernet settings. Refer to the Wireless parameters below that correspond to your Access Point’s radio type(s). – Wireless (802.11a) – Wireless (802.11b) – Ethernet Depending on the type of wireless PC Card installed in the AP-2500, the configuration options will be different. Some parameters are the same for 802.11a and 802.11b cards.
Page 77: Dynamic Frequency Selection (Dfs)
Network Parameters Figure 4-10 Wireless Interface Configuration Screen (802.11a) • DTIM Period: The Deferred Traffic Indicator Map (DTIM) is used with clients that have power management enabled. DTIM should be left at 1, the default value, if any clients have power management enabled. This parameter supports a range between 1 and 65535.
Page 78: Wireless (802.11B)
Network Parameters radio. The RTS and CTS packets contain a reservation time to notify other radios (including hidden nodes) that the medium is in use for a specified period. This helps to minimize collisions. While RTS/CTS adds overhead to the radio network, it is particularly useful for large packets that take longer to resend after a collision occurs.
Page 79 Network Parameters Figure 4-11 Wireless Interface Configuration Screen (802.11b) • Multicast Rate: Sets the rate at which Multicast messages are sent. This value is related to the Distance Between APs parameter (described previously). The table below displays the possible Multicast Rates based on the Distance between APs setting.
Page 80: Distance Between Aps
ORiNOCO 802.11a/b ComboCard or a non-ORiNOCO client with the AP. Proxim recommends that you enable this parameter, particularly if your subscribers have ORiNOCO clients on your wireless network (leaving this parameter enabled should not adversely affect the performance of any ORiNOCO 802.11a/b ComboCards or non-ORiNOCO cards on your network).
Page 81 Network Parameters Figure 4-12 1 Mbits/s and 11 Mbits/s Multicast Rates NOTE: The diagram above illustrates how the proximity of wireless clients can affect Multicast Rate. It is not meant to illustrate a roaming network. There is an inter-dependent relationship between the Distance between APs and the Multicast Rate. In general, larger systems operate at a lower average transmit rate.
Page 82: Wireless Distribution System (Wds)
Network Parameters Wireless Distribution System (WDS) A Wireless Distribution System (WDS) creates a link between two APs over their radio interfaces. This link relays traffic from one AP that does not have Ethernet connectivity to a second AP that has Ethernet connectivity. Two AP-2500s cannot establish a WDS link with each other because each AP treats its wireless interfaces as subscriber interfaces only.
Page 83 Network Parameters • If your network does not support the Spanning Tree protocol, be careful to avoid creating network loops between APs. For example, creating a WDS link between two Access Points connected to the same Ethernet network will create a network loop. The AP-2500 does not support Spanning Tree. WDS Setup Procedure To setup a WDS link between an AP-2500 and an AP-2000 or AP-600b, follow the steps below for each AP that you wish to include in the Wireless Distribution System.
Page 84: Ethernet
For best results, Proxim recommends that you configure the Ethernet setting to match the speed and transmission mode of the device the Access Point is connected to (such as a hub or switch). If in doubt, leave this setting at its default, auto-speed-auto-duplex.
Page 85 Network Parameters 6. Enter additional address ranges, if necessary. 7. Click the back button to return to the previous screen. 8. Place a check mark in the Enable Access Control box. 9. Click OK. Once enabled, only those IP addresses that fall within the ranges specified in the IP Access Table will have access to the AP’s management interfaces over the Ethernet network.
Page 86: Services
Network Parameters Services You can configure the following management services: NOTE: You must reboot the Access Point if you change the HTTP Port or Telnet Port. Figure 4-15 Management Services Configuration Screen Security Settings You may block the following management interfaces: •...
Page 87 Flow Control: Select either None (default) or Xon/Xoff (software controlled) data flow control. NOTE: To avoid potential problems when communicating with the AP through the serial port, Proxim recommends that you leave the Flow Control setting at None (the default value).
Page 88: Static Port Mapping
Network Parameters Static Port Mapping Static port mapping allows the network administrator to set up a port mapping scheme that forwards packets received on a specific port to a particular static IP and port number on the subscriber side of the AP. The advantage for the network administrator is that free private IP addresses can be used to manage devices (such as Access Points) on the subscriber side of the AP without setting them up with public IP addresses.
Page 89 Network Parameters Enter the following parameters for the entry then click OK: • MAC Address: Enter a valid MAC address. • Internal IP Address: The IP address of the internal device NOTE: Ensure that the device with the Internal IP address has been added to the Authorized Subscribers table. •...
Page 90: Network Time Protocol (Ntp)
Network Parameters Network Time Protocol (NTP) The Network Time Protocol (NTP) is a protocol that synchronizes computer clocks over the Internet. Devices that support NTP contact a known public time server to periodically retrieve the correct date and time. See http://www.ntp.org/ for more information on this protocol.
Page 91: Static Mac
Network Parameters • To edit or delete an entry, click Edit and change the information, or select Enable, Disable, or Delete from the Status drop-down menu. • An entry’s status must be enabled in order for the protocol to be subject to the filter. The default filters are all disabled by default.
Page 92 Network Parameters • Examples: — If you set the Wired MAC Address to 00:03:8F:00:00:00 and you want to block all cards that begin with 00:03:8F, enter FF:FF:FF:00:00:00 as the Wired Mask. This will block any cards whose MAC address begins with those digits, ranging from 00:03:8F:00:00:00 to 00:03:8F:FF:FF:FF. —...
Page 93: Alarms
Network Parameters Alarms This category has two sub-categories. • Groups • Alarm Host Table Groups There are seven alarm groups that can be enabled or disabled: • Enable Configuration Alarms • Enable Security Alarms • Enable Wireless Alarms • Enable Operational Alarms •...
Page 94: Bridge
Network Parameters Bridge A traditional access point operates as a transparent bridge between your wired and wireless networking devices. The AP-2500 takes this a step further and provides Public Space features that facilitate hotspot operation (see Public Space Features Public Space Parameters for details).
Page 95: Subscribers And Mac Access Control
Network Parameters 9. Select an Operation Type from the drop-down menu. This determines how the stations identified in the MAC Access Control Table are filtered. • If set to Passthru, only the addresses listed in the Control Table will pass through the AP. •...
Page 96: Encryption
Network Parameters Encryption The IEEE 802.11 standards specify an optional encryption feature, known as Wired Equivalent Privacy or WEP, that is designed to provide a wireless LAN with a security level equal to what is found on a wired Ethernet network. WEP encrypts the data portion of each packet exchanged on an 802.11 network using an Encryption Key (also known as a WEP Key).
Page 97: Vpn/Inat (Intelligent Address Translation)
Network Parameters VPN/iNAT (Intelligent Address Translation) Many companies support Virtual Private Network (VPN) connections to provide secure network access for employees in remote locations. The VPN connection establishes a secure, encrypted tunnel between the employee and the company’s VPN server over the public Internet. VPNs are a popular application for hotspot subscribers.
Page 98: Inat (Intelligent Address Translation)
Network Parameters INAT (Intelligent Address Translation) The INAT table on the VPN/iNAT tab allows you to enable Intelligent Address Translation for transparent VPN access. When IP addresses are configured in the INAT table, the AP performs real-time translation of all data packets being communicated between the private and public address domains.
Page 99: Session Rate Limiting
Network Parameters Session Rate Limiting The Rate Limit tab allows you to configure Session Rate Limiting. Session Rate Limiting significantly reduces the risk of Denial of Service attacks by allowing administrators to limit the number of DAT sessions any one user can take over a given time period.
Page 100: Public Space Parameters
ORiN Public Space Parameters This chapter describes all of the Public Space operating parameters that can be configured using the Access Point’s Web browser interface (that is, the parameters accessible after clicking the PublicSpace or Subscriber button). NOTE: If this is your first time configuring the AP-2500, be sure to read AP-2500 Authentication Methods information on the available AAA techniques and for step-by-step configuration instructions.
Page 101: Home Page Redirection (Hpr)
Public Space Parameters Home Page Redirection (HPR) This tab is used to redirect the subscriber’s browser to a specified home page following successful authentication. To redirect subscribers to a specified page before authentication, use the Portal Page feature with internal authentication (see Portal Page) or use external authentication (see...
Page 102: Authentication, Authorization, And Accounting (Aaa)
Public Space Parameters Figure 5-1 Home Page Redirection Configuration Authentication, Authorization, and Accounting (AAA) The AP-2500 uses AAA services to authenticate, authorize, and subsequently bill subscribers for their use of the customer’s network. This section describes the parameters that can be configured from the AAA tab. See AP-2500 Authentication Methods for detailed information on the available authentication methods.
Page 103 Public Space Parameters • Enable IEEE 802.1x: Enable this option to support 802.1x authentication. Note that AAA Services and AAA RADIUS must also be enabled to support 802.1x authentication. • Enable Origin Server Encoding: Enable this option to support the Origin Server (OS) parameter. •...
Page 104: Aaa Services With An External Web Server (Ews)
Public Space Parameters AAA Services with an External Web Server (EWS) You set the configuration parameters for your External Web Server (EWS) from the PublicSpace > AAA > External screen. When AAA services are enabled with an EWS (when PublicSpace > AAA> Basic > Authentication Method is set to External), the AP-2500 redirects the subscriber’s login request to an external server.
Page 105: Aaa Services With The Internal Web Server (Iws)
Public Space Parameters AAA Services with the Internal Web Server (IWS) This screen lets you set the configuration options when authorizing subscribers using the IWS (that is, when PublicSpace > AAA> Basic > Authentication Method is set to Internal). The IWS is “flashed” into the system’s memory and the subscriber’s login page is served directly from the AP-2500.
Page 106: Secure Socket Layer (Ssl)
You need to download three keys to the AP-2500 before enabling SSL. You must create two of these keys yourself: a Private Key file (cakey.pem) and a Public Key file (server.pem). Proxim provides the third key (cacert.pem), on the AP’s CD in the SSL_KEY folder (it is also included with software updates posted on Proxim’s Web site).
Page 107 You have now created two of the three key files required to enable SSL on the AP-2500. The third key file (cacert.pem) is included on the AP’s CD and with software updates posted on Proxim’s Web site. Enabling SSL on the AP-2500 Login to the AP’s Web browser.
Page 108: Portal Page
Public Space Parameters Click OK. • Result: The TFTP operation begins. A new TFTP Operation Status window opens. 10. Click Close after the TFTP operation is complete. 11. Enter cakey.pem in the File Name field. 12. Set File Type to Generic. 13.
Page 109 Public Space Parameters Figure 5-5 Internal Authentication with Portal Page The following sections provide basic instructions for using a Portal Page. Setting up a Web Server (Microsoft IIS) If you have a Windows 2000 Server, follow these basic steps to setup the IIS Web server. NOTE: For detailed information, refer to Windows 2000’s on-line Help documentation.
Page 110 (SSL), the secure Login page is located at: http://[Certificate DNS Name]:1112/usg/login?OS=http://www.anyWebSite.com/ Proxim provides two sample Portal Pages for the AP-2500 to help hotspot operators who have limited Web design experience get started. These sample pages are in the CD’s Docs/samples/ folder. Alternatively, you can download the sample pages from Proxim’s Web site at http://www.proxim.com/.
Page 111 Public Space Parameters • No Portal Page • HTML Portal Page • ASP Portal Pages No Portal Page Customer enters the hotspot and turns on his Wi-Fi enabled computer. The customer’s computer connects to the AP wirelessly. The customer launches a Web browser. The Web browser attempts to load the customer’s default home page (such as http://www.yahoo.com/) but is redirected to the AP’s internal login screen.
Page 112 Public Space Parameters • You can use the confirm.asp sample page to display a second custom screen that can provide additional information to your subscribers following successful authentication. The customer can then click a link on the confirmation screen to be redirected to his originally requested page after reviewing the information on the confirm.asp page.
Page 113 Public Space Parameters Figure 5-6 Portal Page Configuration Click the Passthrough tab. Place a check mark in the Enable Passthrough Address box, if necessary. Add the DNS names for the Web sites in your walled garden to the Passthrough DNS Table. •...
Page 114 Public Space Parameters Figure 5-7 Sample Passthrough Tables 10. Click OK. 11. Click the HPR tab. 12. Place a check mark in the Enable Home Page Redirection box. 13. Enter the Web site to which you want to direct customers following successful authentication in the Redirection URL field (for example, http://www.yahoo.com/).
Page 115 Public Space Parameters Figure 5-8 Portal Page Configuration Click the Passthrough tab. Place a check mark in the Enable Passthrough Address box, if necessary. Add the DNS names for the Web sites in your walled garden to the Passthrough DNS Table. •...
Page 116 Public Space Parameters Figure 5-9 Sample Passthrough Tables 10. Click OK. NOTE: If you disable Home Page Redirection, your subscribers will be automatically redirected to the page they originally requested (following successful authentication). The instructions below describe how to enable Home Page Redirection;...
Page 117: Smart Client
Public Space Parameters Figure 5-10 HPR (with Parameter Passing) 15. Click OK. 16. Click Commands > Reboot. 17. Click OK to reboot the AP so your changes will take effect. 18. Test the Portal Page feature by turning on a wireless computer and launching its Web browser. Note that the computer must not be a current or active subscriber (that is, the wireless card’s MAC address cannot appear in the Authorized Subscribers Table or the Current Subscribers Table) for this test to work properly.
Page 118 Public Space Parameters Figure 5-11 AP Communicating with Hotspot Aggregator The following steps describe how you should configure the AP-2500 if you are partnered with a hotspot aggregator: Follow the installation steps described in Internal Authentication Internal Authentication with RADIUS. •...
Page 119: User Name & New Subscribers
Public Space Parameters Figure 5-12 AAA Internal Settings if Enabling Smart Client Click OK to save the settings. Reboot the AP. User Name & New Subscribers The User Name and New Subscribers options work in conjunction to determine who can connect to the Internet and what credentials the AP uses to authenticate users.
Page 120: Credit Card Services
Public Space Parameters Figure 5-13 Sample Login Screen Presented to Subscribers Sample scenarios include: • If you are renting cards to customers, disable User Name and New Subscribers. Only cards whose MAC addresses are entered in the Authorized Subscriber Table will have access to the Internet. •...
Page 121 Authorize.net’s SIM Interface (U.S.) -- http://www.authorize.net/ — Proxim provides support for Authorize.net’s Simple Integration Solution (SIM) method. NOTE: If your credit card service provider is not on the above list, you will need to provide your service provider with the Credit Card Interface Specification.
Page 122 You need a software program installed on your server that will listen for packets from the AP on the specified port. Proxim provides a sample Bill Mirror Server Daemon in the CD’s Docs/samples/ folder. This program is provided for illustration and testing purposes only.
Page 123 Public Space Parameters The AP should now send copies of credit card transactions to the configured servers running the sample bill mirroring software. The server saves these transactions to two log file: raw.txt (contains full XML strings) and log.txt (contains only the incoming data from the AP). Enabling Bill Mirroring Follow these steps the enable bill mirroring: Login to the AP’s Web browser interface.
Page 124: Goodbye Page
Public Space Parameters • URL: This field is optional. If a URL is not specified, the AP sends an XML packet to the server’s IP address on the selected port. The system administrator decides if the server will listen for the packets on the port or if the packets need to go to a specific file for processing.
Page 125 Public Space Parameters • Show Bytes Received: Enables displaying the number of bytes received during the session. • Show Hyperlink: Enables displaying a hyperlink. • Hyperlink URL: If you enabled Show Hyperlink, enter the URL for the link. • Define the following field label definitions to appear on the Goodbye page: —...
Page 126: Radius
Public Space Parameters RADIUS • RADIUS Overview • Unique AP-2500 RADIUS Client Features • RADIUS Messages and RADIUS Attributes • Sample RADIUS Transmissions • RADIUS Configuration Parameters RADIUS Overview RADIUS is a proven carrier-class protocol to perform accurate time and volume-based billing. The RADIUS protocols are defined in RFCs 2865 (Authentication) and 2866 (Accounting).
Page 127: Radius Messages And Radius Attributes
Public Space Parameters Data Volume Information Transmission (bytes sent/received) The AP’s RADIUS client implementation allows a hotspot operator to accurately track the exact number of bytes sent and received by a subscriber based on: • User Name • IP address (Framed IP) •...
Page 128 Public Space Parameters Authentication-Reply (Accept) • Reply-Message — Used for challenge/response authentication; since the AP uses the Password Authentication Protocol (PAP) for authentication purposes, this attribute is not currently in use. • State — Used for challenge/response authentication; since the AP uses the Password Authentication Protocol (PAP) for authentication purposes, this attribute is not currently in use.
Page 129 Public Space Parameters Accounting-Request • Username • Called-Station-Id • Calling-Station-Id • Acct-Status-Type (Start/Stop/Alive) • Acct-Session-ID • Acct-Output-Octets — Number of octets (bytes) sent by subscriber. • Acct-Input-Octets — Number of octets (bytes) received by subscriber. • Acct-Output-Packets — Number of packets sent by subscriber. •...
Page 130: Sample Radius Transmissions
Public Space Parameters Sample RADIUS Transmissions These are actual accounting logs from a Lucent Navis RADIUS server with all VSAs enabled. Accounting Start Message Thu Aug 29 12:45:32 2002 User-Name = “testflo” NAS-IP-Address = 64.209.75.102 NAS-Port = 0 Acct-Status-Type = Start Acct-Session-Id = “98000004”...
Page 131 Public Space Parameters Accounting Alive Message Caused by Explicit Service Plan Change Thu Aug 29 12:49:20 2002 User-Name = “testflo” NAS-IP-Address = 64.209.75.102 NAS-Port = 0 Acct-Status-Type = Alive Acct-Session-Id = “98000004” Acct-Output-Octets = 36440 Acct-Input-Octets = 512195 Acct-Output-Packets = 284 Acct-Input-Packets = 630 Nomadix-Bw-Up = 56 Nomadix-Bw-Down = 56...
Page 132: Radius Configuration Parameters
Public Space Parameters RADIUS Configuration Parameters You can configure the AP to communicate with up to four different RADIUS servers: • Primary Authentication Server • Back-up Authentication Server • Primary Accounting Server • Back-up Accounting Server NOTE: You must configure the settings for at least one Authentication server before configuring the settings for an Accounting server.
Page 133 Public Space Parameters Figure 5-16 AAA Radius page First identify the default RADIUS service profile. Note that you must first configure a RADIUS service profile on the Public Space > AAA > Profile tab. Place a check mark in the AAA Radius box to enable the feature. The AP can reauthenticate repeat subscribers who return to the system without 720 hours.
Page 134: Profile (Radius Service Profile)
Public Space Parameters • You can use this parameter to differentiate between multiple APs in the RADIUS accounting logs. • Also, the RADIUS server can alter a user’s access policy depending on the NAS identifier. For example, the maximum session time could be reduced if the NAS identifier is “restaurant” instead of “library.” 10.
Page 135 Public Space Parameters Figure 5-18 Add RADIUS Service Profile Configure the following settings: • Enter a Unique Name for the RADIUS service profile. • Authentication: Select the Enable radio button for Enable Authentication Service. Enter the server’s IP address in the Primary Auth Server field or enter the DNS name in the Primary Auth DNS Server field.
Page 136: Logging
Public Space Parameters Repeat the above procedure for the Secondary Server parameters if you have a back-up RADIUS server. Configure the Retransmission Options. • Select a Retransmission Method. This option is only valid if you have configured settings for a Secondary Server.
Page 137: Configuration Instructions
Public Space Parameters Configuration Instructions Follow these steps to enable the AP’s syslog features: Login to the AP’s Web browser interface. Click PublicSpace > Logging. Place a check mark in the Enable System Log box to enable the logging of system message. Place a check mark in the Enable AAA Log box to enable the logging of AAA events.
Page 138 Public Space Parameters • AAA Messages – XML • Bill Mirror • DHCP • • Home Page Redirect • Other AAA Messages • Reboot Requests AAA Messages – Credit Card Message Meaning USG_AAA: 4505 AAA_AuthProcess Credit_card:successful Successful Credit Card purchase 00:50:04:29:37:56 Exp_time:24 hrs 0 min USG_AAA: 4503 AAA_AuthProcess_Authentication Failed Credit Card transaction...
Page 139 Public Space Parameters AAA Messages – XML Message Meaning USG_AAA: 4007 AAA_Interface added_by_administrator User added 00:50:04:29:37:56 Exp_time:24 hrs 0 min USG_AAA: 4800 AAA_XML Memory_updated__State_valid Update Cache executed 00:50:04:29:37:56 USG_AAA: 4006 AAA_Interface User Delete issued for user a Removed_by_administrator a Bill Mirror Message Meaning RMTLOG: rmtlogXmlTcpSend: Connect error...
Page 140 Public Space Parameters Message Meaning USG_DNS:ndxDNSRedirectionTable::processFromNetwork(): This syslog suggests that the AP could not get the could not get subid subscriber associated with a particular DNS redirection request. USG_DNS: ndxDNSRedirectionTable::processFromSubscriber(): The AP has received a DNS packet that was not a valid DNS dnsIsQueryA() failed query and is not processed.
Page 141 Public Space Parameters Other AAA Messages Message Meaning AAA: 4121 AAA_lookup Tried to add blacklisted IP Attempting to add a blacklisted IP to subscriber table. IP is 210.155.227.244 or MAC 00:50:E8:00:07:99 'blacklisted' when its one of the IPs known to not belong to a subscriber (i.e.
Page 142: Url Filtering
Public Space Parameters URL Filtering The AP-2500 can restrict access to specified web sites based on URLs. URL filtering will block access to these list of sites and/or domains. You can restrict access to specific Web sites based on IP address, DNS name (for example www.yahoo.com) or DNS Domain name (for example, *.yahoo.com, meaning all sites under the yahoo.com hierarchy, such as finance.yahoo.com).
Page 143: Information And Control Console (Icc)
Public Space Parameters Click PublicSpace > URLFilter. Place a check mark in the Enable URL Filtering box. Click the Add button above the URL Filtering by IP Address heading. Enter the IP address to block in the IP Address field and click OK. Enter a second IP address to block (if applicable) and click OK.
Page 144: Icc Appearance
Public Space Parameters ICC Appearance The ICC screen contains the following items: • Title Bar — Appears at the top of the screen near the Web browser name. • Ad Banner — You can specify up to 5 different banners that share this space. •...
Page 145: Customizing The Icc
Public Space Parameters Credit Card Purchase If a subscriber purchased access time by credit card, the ICC includes the Count-down Timer and the Dynamic Billing Plan Selection field: Billing Plans Count-down Timer Figure 5-23 ICC Screen -- Credit Card Authenticated by RADIUS If a subscriber has been authenticated by a RADIUS server (if using Internal authentication with RADIUS), the ICC includes a Logout button so customers can end their session.
Page 146 Public Space Parameters Figure 5-25 ICC Setup Screen Place a check mark in the Enable ICC box. Enter the Title for the ICC. • This is the name that appears at the top of the ICC next to the Web browser name. Configure the Choice of ICC or Logout Console option.
Page 147 Public Space Parameters • When set to Logout, the subscriber is automatically logged out when he/she closes the ICC. — This setting is only applicable if your subscribers are authenticated by a RADIUS server. — This setting is not generally recommended. If you do select this option, you should notify your subscribers of the consequences of closing the ICC.
Page 148: Potential End User Issues
Public Space Parameters — The Web browser interface labels this parameter in Mins but it should be Seconds. By default, the banners change every 6 seconds. • Configure the optional banner Start Time and Stop Time. — The Start Time is in hh:mm AM/PM format and determines when the banner will be displayed on the ICC.
Page 149: Smtp Redirection
Public Space Parameters SMTP Redirection This tab allows you to configure the AP-2500 to pass subscriber’s e-mail through a dedicated Simple Mail Transfer Protocol (SMTP) server independent of a subscriber’s (misconfigured and/or properly configured) computer settings. Most SMTP servers only transmit e-mail messages that originate from local traffic to prevent illegal use of a mail server by spammers, hackers, and other unauthorized individuals.
Page 150: Passthrough Addresses
Public Space Parameters Passthrough Addresses This tab provides a method for DNS Names, IP Addresses, and an AAA port to “passthrough” the AP-2500 and access pre-determined services (for example, a portal page) without authentication. This feature also allows you to create a “walled garden”...
Page 151: Passthrough Ip Table
Public Space Parameters Enter the DNS name to filter in the DNS Name field and click OK. • Enter “www.myhotspot.com” to allow access to a specific web address. • Enter “*.myhotspot.com” to allow access to all sites associated with the specified DNS name. •...
Page 152: Bandwidth Management
Public Space Parameters Bandwidth Management The AP-2500 can manage the bandwidth for subscribers, defined in Kbps, for both upstream and downstream data transmissions. With the ICC feature enabled, subscribers can increase or decrease their own bandwidth dynamically (by the minute, or on an hourly, daily, weekly, or monthly basis), and also adjust the pricing plan for their service. If you plan to limit subscriber bandwidth or offer multiple access plans based on bandwidth speeds, click the Bandwidth Mgmt tab to notify the AP of its bandwidth settings.
Page 153: Billing Options For Subscribers
Public Space Parameters Billing Options for Subscribers The Web browser interface’s Subscriber button links to three screens that allow you to configure Subscriber billing plans (Billing tab), login and error messages (Messages tab), and the Authorized Subscribers database (Authorized tab). NOTE: The Billing and Messages options are used in conjunction with the Internal Web Server.
Page 154: Standard And Duration Based Billing Plans
Public Space Parameters Standard and Duration Based Billing Plans You can define two types of billing plans: • Normal billing plans: a standard billing plan, where time “X” = period “Y”. • Duration-based billing plans: allows you to create a billing plan that is similar to a prepaid calling card. Users are allowed online on a time “X”...
Page 155 Public Space Parameters • Min Hours: the default is 1. • Min Days: the default is 1. • Min Weeks: the default is 1. • Min Months: the default is 1. Define the maximum units of access that subscribers can purchase: •...
Page 156 Public Space Parameters Figure 5-32 Subscriber Billing Plans Screen 11. Configure the other billing plans that you want to offer. • You can configure up to six different billing plans. 12. Reboot the AP.
Page 157: Creating A Free Billing Plan
Public Space Parameters Creating a Free Billing Plan Under some circumstances you may want to offer free Internet access to your subscribers. For example, you might offer a low bandwidth connection for free but charge for faster connections. Follow these steps to make one of your six billing plans a free billing plan: Login to the AP’s Web browser interface.
Page 158: Subscriber Messages
Public Space Parameters Figure 5-34 Billing Options as Presented to Subscriber Subscriber Messages The Web browser interface’s Subscriber button links to three screens that allow you to configure Subscriber billing plans (Billing tab), login and error messages (Messages tab), and the Authorized Subscribers database (Authorized tab).
Page 159 Public Space Parameters Figure 5-35 Subscriber Login Messages Edit the login messages as necessary. • Service Selection Message • Existing User Name Message — Appears on the main login screen when the User Name option is enabled in PublicSpace > AAA > Internal.
Page 160 Public Space Parameters Figure 5-36 Sample Login Screen Presented to Subscribers JavaScript support on the AP’s internal Web pages are enabled by default. Remove the check mark from the Enable JavaScript to disable this feature. Configure the “Remember Me” cookie options. See Enabling Cookie Support for details.
Page 161 Public Space Parameters Figure 5-37 Subscriber Messages Screen 12. Click the Sub Msgs 2 tab. 13. Edit the subscriber messages as necessary. • If this is not correct, please go back to the previous page • and make the necessary changes •...
Page 162: Enabling Cookie Support
Public Space Parameters NOTE: Some messages only appear when certain features are enabled. 17. Click OK. 18. Click the Error Msgs 1 tab. 19. Edit the error messages as necessary. The AP will display one of these error messages to the subscriber if a problem occurs during the login process.
Page 163 Public Space Parameters image to this screen (this is known as a “partner image”). The following sample page includes a partner image (the “myhotspot” logo): Figure 5-38 Connecting Screen with Partner Image The second image that appears on the AP’s internal web pages is the default logo. This logo appears at the top of each login page.
Page 164 Public Space Parameters Follow these steps to add your own partner image and logo to the AP: Create the image files that you want to add to the login pages. Keep in mind the following: • The file should in JPG or a GIF format. •...
Page 165: Authorized Subscribers
Public Space Parameters Authorized Subscribers The AP-2500 stores information about subscribers in the Authorized Subscribers Table. You can view the table by clicking Subscriber > Authorized within the Web browser interface. Figure 5-40 Authorized Subscribers Table The table is the AP’s internal database of authorized users; it can hold up to 50 entries. The list is populated by one of three methods: Automatically following a successful credit card transaction.
Page 166: Authorized Subscribers Table And The Current Subscribers Table
Public Space Parameters — Change to Destroy to delete an entry. — The other options are not applicable when using the Web browser interface. Authorized Subscribers Table and the Current Subscribers Table The Authorized Subscribers Table differs from the Current Subscribers Table, found in the Monitor >...
Page 167: Removing A Subscriber
Public Space Parameters Enter an IP Address for the subscriber or leave the field blank. • If left blank, the AP fills in this field automatically after a subscriber logs in. If authorizing a subscriber based on user name and password, enter a User Name and Password for the subscriber in the fields provided.
Page 168: International Language Support
Public Space Parameters International Language Support The AP-2500 allows you to select the language presented to users. You can configure the language by clicking Subscriber > Language within the Web browser interface. The available options are • English • Chinese Big 5 •...
Page 169: Monitor Information
ORiN Monitor Information This chapter describes the statistics that can be viewed using the Access Point’s Web browser interface (that is, the options accessible after clicking the Status or Monitor button). • System Status: Displays basic information about the Access Point’s operating status. •...
Page 170: System Status
Monitor Information System Status System Status is the first screen to appear each time you connect to the Web browser interface. You can also return to this screen by clicking the Status button. Figure 6-1 System Status Screen Each section of the System Status screen provides the following information: •...
Page 171: Version
Monitor Information Version From the Web browser interface, click the Monitor button and select the Version tab. The list displayed provides you with information that may be pertinent when calling Technical Support. With this information, your Technical Support representative can verify compatibility issues and make sure the latest software are loaded. This screen displays the following information for each Access Point component: •...
Page 172: Icmp
Monitor Information ICMP This tab provides statistical information for both received and transmitted messages directed to the Access Point. For example, if you ping the AP from another computer, the AP reports the ping requests (Echos) and replies (Echo Reply) on this screen (as shown in the example below).
Page 173: Ip/Arp Table
Monitor Information IP/ARP Table This tab provides information based on the Address Resolution Protocol (ARP), which maps IP Addresses to MAC Addresses. The AP adds an entry to this list for each station with which the AP directly communicates. This includes devices that manage the AP, ping the AP, and/or receive traps from the AP.
Page 174: Learn Table
Monitor Information Learn Table This tab displays information relating to network bridging. It reports the MAC address for each node that the AP has learned is on the network and the interface on which the node was detected. There can be up to 2,000 entries in the Learn Table.
Page 175: Current Subscribers Table
Monitor Information Current Subscribers Table This table lists all of the active subscribers that are communicating with the AP. (See Authorized Subscribers Table and the Current Subscribers Table for an explanation of how this table differs from the Authorized Subscribers Table.) This table can hold up to 50 entries.
Page 176 Monitor Information A subscriber is removed from the Current Subscribers Table under the following circumstances: • The network administrator changes the subscriber’s Status from Active to Destroy. • The subscriber has logged out (applicable to RADIUS-authenticated users and RADIUS Profile Caching is disabled).
Page 177: Dat Sessions
Monitor Information DAT Sessions The AP performs Dynamic Address Translation (DAT) to provide subscribers with access to the Internet. See Dynamic Address Translation (DAT) for details. The Current Subscriber DAT Sessions screen displays the active DAT sessions for each subscriber. The subscriber is identified by the IP address and MAC address of his/her wireless card.
Page 178: Interfaces
Monitor Information Interfaces This tab displays statistics for the Ethernet and wireless interfaces. The Operational Status can be up, down, or testing. Figure 6-8 Interface Monitoring...
Page 179: Link Test (802.11B Only)
Monitor Information Link Test (802.11b Only) This tab displays information on the quality of the wireless link to clients and other 802.11b APs in the Wireless Distribution System. During a Link Test, the Access Point and the selected device exchange a series of packets to test the strength of the connection.
Page 180 Monitor Information stronger link. For example, a noise level of -95 dBm is more desirable than a noise level of -89 dBm. The bar graph displays the relative strength of the noise level (a shorter bar represents a weaker noise level and is more desirable than a longer bar).
Page 181: Commands
ORiN Commands This chapter describes the commands that can be issued using the Access Point’s Web browser interface (that is, the options accessible after clicking the Commands button). • Download: Download files from a TFTP server to the Access Point. •...
Page 182: Download Instructions
This File Type only supports the Download command. You cannot upload the AP’s firmware image file to a TFTP server. – Proxim periodically makes new firmware available on its Web site that you can download to the AP using a TFTP server; see Download the Latest Software for instructions.
Page 183 Commands The TFTP server must be running and configured to point to the directory to which you want to copy the uploaded file. If you don’t have a TFTP server installed on your system, install the TFTP server from the ORiNOCO CD. You can either install the TFTP server from the CD Wizard or run OEM-TFTP-Server.exe found in the CD’s Xtras/SolarWinds/ sub-directory.
Page 184: Reboot
Commands Reboot Use the Reboot tab to save configuration changes (if any) and reset the AP-2500. Entering a value of 0 (zero) causes an immediate reboot. Note that Reset, described below, does not save configuration changes. CAUTION: Rebooting the AP-2500 will cause all users who are currently connected to lose their connection to the network until the AP-2500 has completed the restart process and resumed operation.
Page 185: Help Link
Commands Help Link To open Help, click the Help button on any display screen. During initialization, the Access Point’s on-line help files are downloaded to the default location: C:\Program Files\ORiNOCO\AP\HTML\index.htm. If you want to place these files on a shared drive, copy the Help Folder to the new location, and then specify the new path in the Help Link box.
Page 186: Troubleshooting
ORiN Troubleshooting This chapter contains troubleshooting advice for the AP-2500. If you are unable to resolve your issue, see Technical Support for information on how to contact a support representative. • Troubleshooting Concepts • Symptoms and Solutions • Connectivity Issues •...
Page 187: Troubleshooting Concepts
Troubleshooting • LED Indicators NOTE: This section helps you locate problems related to the AP-2500 device setup. For details about RADIUS, TFTP, Serial communications program (such as HyperTerminal), Telnet applications or web browsers, please refer to their respective documentation. Troubleshooting Concepts The following list identifies important troubleshooting concepts and topics.
Page 188: Ethernet Link Does Not Work
Troubleshooting Ethernet Link Does Not Work 1. Double-check the physical network connections. Use a known-good unit to make sure the network connection is present. Once you have the AP-2500 IP Address, you can use the “Ping” command over Ethernet to test the IP Address.
Page 189: Html Help Files Do Not Appear
Troubleshooting HTML Help Files Do Not Appear 1. Verify that the HTML Help files are installed in the default directory listed in the Help Link screen. 2. If the Help files are not located in this folder, contact your network administrator to find out where the Help files are located on your server.
Page 190: Vlan Operation Issues
Troubleshooting VLAN Operation Issues Verifying Proper Operation of the VLAN Feature The correct VLAN configuration can be verified by “pinging” both wired and wireless hosts from both sides of the AP-2500 device and the network switch. Traffic can be “sniffed” on both the wired (Ethernet) and wireless (WDS) backbones (if configured).
Page 191: Recovery Procedures
Troubleshooting Recovery Procedures The most common installation problems relate to IP Addressing. For example, without the TFTP server IP address, you will not be able to download an AP Image to the AP-2500. IP Address management is fundamental. We suggest you create a chart to document and validate the IP addresses for your system.
Page 192: Download A New Image Using The Bootloader Cli
Troubleshooting 1. Download the latest software from http://www.proxim.com/. 2. Copy the latest software updates to your TFTP server. 3. Launch ScanTool. 4. Highlight the entry for the AP you want to update and click Change. 5. Set IP Address Type to Static.
Page 193 Troubleshooting 4. Open your terminal emulation program (like HyperTerminal) and set the following connection properties: • Com Port: <COM1, COM2, etc., depending on your computer> • Baud rate: 9600 • Data Bits: 8 • Stop bits: 1 • Flow Control: None •...
Page 194: Setting Ip Address Using Serial Port And Normal Cli
Troubleshooting Setting IP Address using Serial Port and Normal CLI Use the following procedure to set an IP Address over the serial port using the normal CLI. The network administrator typically provides the AP-2500 IP Address. Hardware and Software Requirements •...
Page 195: System Alarms (Traps)
Troubleshooting 6. Change the IP Address and other network values using set and reboot CLI commands, similar to the example dialog below (use your own IP Address and IP Mask). Result: After each entry the CLI reminds you to reboot; however wait to reboot until all commands have been entered.
Page 196: Image Alarms
Troubleshooting Image Alarms oriTrapZeroSizeImage Zero size image has been downloaded to device oriTrapInvalidImage Invalid image has been downloaded to device oriTrapImageTooLarge Image downloaded to device is too big oriTrapIncompatibleImage Incompatible image has been downloaded to device Standard MIB-II (RFC 1213) Alarms coldStart Device has been cold started warmStart...
Page 197: Related Applications
Enable iNAT and configure the iNAT public pool on the Configure -> Security -> VPN/iNAT tab. • Enable PPTP ID tagging if the VPN client is using PPTP. For more information, please refer to the Whitepaper, “iNAT for the AP-2500”, on the Proxim technical support website. Session Rate Limiting If the AP is being maliciously attacked or if there is a virus on the client, you should limit the number of user sessions with this feature.
Page 198: Led Indicators
Troubleshooting LED Indicators POWER ETHERNET PC CARD A PC CARD B INIDICATION Green Green flash Green flash Green flash Normal Operation with data activity with data activity with data activity Amber n/a (not applicable) Amber Amber Rebooting Amber Missing or bad AP Image if amber after reboot Power On Self Test (POST) running PC Card incompatible on indicated interface PC Card failure on indicated interface...
Page 199: A Using The Command Line Interface
ORiN Using the Command Line Interface This chapter provides details for the Command Line (CLI) Interface used to manage an AP-2500 device. CLI commands can be used to initialize, configure, and manage network operation of the Access Point. • CLI commands may be entered in real time through a keyboard, or submitted with CLI scripts. •...
Page 200: Prerequisite Skills And Knowledge
Using the Command Line Interface Prerequisite Skills and Knowledge To use this document effectively, you should have a working knowledge of Local Area Networking (LAN) concepts, network access infrastructures, and client-server relationships. In addition, you should be familiar with software setup procedures for typical network operating systems and servers.
Page 201: Cli Error Messages
Using the Command Line Interface CLI Error Messages The following table describes the error messages associated with improper inputs or expected CLI behavior. Error Message Description % Syntax error Invalid syntax entered at the command prompt. % Invalid command A non-existent command has been entered at the command prompt. % Invalid parameter name An invalid parameter name has been entered at the command prompt.
Page 202: Cli Command Types
Using the Command Line Interface The following figures display the results of using the help and show commands in the Bootloader CLI: Figure A-1 Results of “help” bootloader CLI command Figure A-2 Results of “show” bootloader CLI command CLI Command Types This guide divides CLI Commands into two categories: Operational and Parameter Control.
Page 203: (List Commands)
Using the Command Line Interface • search - Lists the parameters in a specified Table • upload - Uses TFTP server to upload “config” or “generic” files from AP to TFTP default directory or specified path ? (List Commands) This command has varied uses to display commands and parameters, depending on the operation in which it is used. The following table lists each operation and provides a basic example.
Page 204 Using the Command Line Interface Example 3a. Display every parameter that can be changed [Device Name]>set?<CR> Returns the following: Figure A-5 Result of “set ?” CLI command Example 3b. Display parameters based on letter sequence This example shows entries for parameters that start with the letter “i”. The more letters you enter, the fewer the results returned.
Page 205: Done, Exit, Quit
Using the Command Line Interface Example 4. Display Prompts for Successive Parameters Enter the command, a space, and then "?". Then, when the parameter prompt appears, enter the parameter value. Result: The parameter is changed and a new CLI line is echoed with the new value (in the first part of the following example, the value is the IP Address of the TFTP server).
Page 206: History
Using the Command Line Interface Figure A-8 Results of “help<space>” CLI command 2. Complete command description and command usage can be provided by: [Device Name]>help <command name> [Device Name]><command name> help history Shows content of Command History Buffer. The Command History Buffer stores command statements entered in the current session.
Page 207: Search
Using the Command Line Interface search Lists the members of the specified table. This list corresponds to the table information displayed in the HTTP Interface. In this example, the CLI returns the same table items that are displayed in the HTTP Interface’s IP Access Table. [Device Name]>...
Page 208: Parameter Control Commands
Using the Command Line Interface Parameter Control Commands The following sections cover each CLI Command, and include several tables showing parameter properties. The two Parameter Control Commands are show and set. These allow you to view (show) all parameters and statistics, and to change (set) parameters.
Page 209 Using the Command Line Interface Example 4 - Enable, Disable, or Delete a table entry or row In this example you would like to manage the second table row/entry. Syntax: [Device Name]>set <Table> index status <enable, disable, delete> [Device Name]>set <Table> index status <1=enable, 2=disable, 3=delete> Example: [Device Name]>set mgmtipaccesstbl 2 status enable [Device Name]>set mgmtipaccesstbl 2 status disable...
Page 210: Using Tables & User Strings
Using the Command Line Interface Example 6 - Show Individual and Table Parameters 1. View a single parameter Syntax: [Device Name]>show <parameter name> Example: [Device Name]> show ipaddr Result: Displays the Access Point IP Address. Figure A-11 Result of “show ipaddr” CLI Command 2.
Page 211: Using Strings
Using the Command Line Interface • Deletion – The table name is required. – The table index is required – for table deletion the index should be the index of the entry to be deleted. – The reserved word delete or destroy is required. There are some differences between table entry add and delete operations among the available tables.
Page 212: Configuring Objects That Require Reboot
Using the Command Line Interface Configuring Objects that Require Reboot Certain objects supported by the AP require the device to be rebooted in order for the changes to take effect. In order to inform the end-user of this behavior, the CLI shall provide informational messages when the user has configured an object or object(s) that requires the device to be rebooted.
Page 213: Configuring The Ap-2500 Unit Using Cli Commands
Send line ends with line feeds (Result: HyperTerminal sends a line return at the end of each line of code.) Enter the Telnet password (default is public). NOTE: Proxim recommends changing your default passwords immediately. To perform this operation using CLI commands, refer to Change Passwords.
Page 214: Set Static Ip Address For The Ap-2500 Device
Using the Command Line Interface Figure A-12 Result of “show system” CLI Command Set Static IP Address for the AP-2500 device [Device Name]>set ipaddrtype static [Device Name]>set ipaddr <fixed IP address of unit> [Device Name]>set ipsubmask <IP Mask (default = 255.0.0.0)> [Device Name]>set ipgw <gateway IP address (default = 10.0.0.1)>...
Page 215: Set Wep Encryption For Each Wireless Interface
Using the Command Line Interface Figure A-13 Results of “show wif” CLI command Set WEP Encryption for each Wireless Interface – 3 = wireless card in Slot A – 4 = wireless card in Slot B CAUTION: Client stations must have the same encryption key to be able to communicate with the AP-2500 device. Each Wireless Interface can only support one Key Length (so each of the configured keys must have the same length).
Page 216: Change Passwords
[Device Name]>set snmprwpasswd <new password> (SNMP read/write password) [Device Name]>reboot 0 CAUTION: Proxim strongly urges you to change the default passwords to restrict access to your network devices to authorized personnel. If you lose or forget your password settings, you can always perform the...
Page 217: Change Your Wireless Interface Settings
Using the Command Line Interface Change your Wireless Interface Settings Enable/Disable Interference Robustness – 3 = wireless card in Slot A – 4 = wireless card in Slot B [Device Name]>set wif <3 or 4> interrobust <enable/disable> This feature is only available for 802.11b wireless cards. Enable/Disable Closed System –...
Page 218: Set The Multicast Rate
Using the Command Line Interface coverage, and local limits such as physical interference are investigated. From these measurements the appropriate cell size and density is determined, and the optimum distance between APs is calculated to suit your particular business requirements. Set the Multicast Rate NOTE: The Distance Between APs must be set before the Multicast Rate.
Page 219: Configure Management Ports
Using the Command Line Interface Configure Management Ports [Device Name]>set snmpifbitmask <0, 1, 4, 8, 15 (see below)> [Device Name]>set httpifbitmask <0, 1, 4, 8, 15 (see below)> [Device Name]>set telifbitmask <0, 1, 4, 8, 15 (see below)> Choose from the following values: Interface bitmask Description 0 = disable (all interfaces)
Page 220: Parameter Tables
Using the Command Line Interface Parameter Tables Objects contain groups that contain both parameters and parameter tables. Use the following Tables to configure the Access Point. The Access Point CLI is under development as this document is being prepared; therefore, some table cells are blank where a feature has not yet been implemented or information needs validation.
Page 221: System Parameters
Using the Command Line Interface • Passthrough Parameters - Specify free content or walled garden sites for unauthenticated users • Passthrough IP Table • Passthrough DNS Table • AAA Passthrough Port • Bandwidth Management Parameters - Enable bandwidth management control for subscribers •...
Page 222: Inventory Management Information
Using the Command Line Interface SSL Version DisplayString Size(1..32) sslVersion Block ICMP from Integer disable (0) blockICMPFromPending Pending enable (1) Subscriber Inventory Management Information Name Type Values Access CLI Parameter System Inventory Management Subgroup sysinvmgmt Component Table Subgroup sysinvmgmtcmptbl Component Interface Table Subgroup sysinvmgmtcmpiftbl NOTE: The inventory management commands display advanced information about the AP’s installed components.
Page 223: Dhcp Server Parameters
Using the Command Line Interface DHCP Server Parameters A DHCP server assigns a “dynamic” IP address to devices connected to the network. The AP-2500 can behave as a DHCP server or as a DHCP relay (routed to an external DHCP Name Type Values...
Page 224: Dns Parameters
Using the Command Line Interface DNS Parameters Name Type Values Access CLI Parameter Group DNS Host Name DisplayString User Defined RW/Reboot dnsHostName Size(1..32) DNS Domain DisplayString User Defined RW/Reboot dnsDomain Size(1..32) Primary DNS Server IpAddress User Defined RW/Reboot dnsPrimaryServer Secondary DNS IpAddress User Defined RW/Reboot...
Page 225 Using the Command Line Interface Name Type Values Access CLI Parameter Auto Channel Select (ACS) Integer enable (default) autochannel disable Interference Robustness Integer enable (default) interrobust disable DTIM Period Integer 1 – 65535 dtimperiod 1 = default Operating Frequency Channel Integer 1 - 11 (FCC) (3 = default) channel...
Page 226 Using the Command Line Interface Name Type Values Access CLI Parameter WDS Table Table wdstbl Port Index Integer 3.1 - 3.6 (Wireless A) portindex 4.1 - 4.6 (Wireless B) Status Integer enable (1) status disable (2) (default) Partner MAC Address PhysAddress User Defined partnermacaddr...
Page 227: Wireless 802.11A Parameters
Using the Command Line Interface Wireless 802.11a Parameters Name Type Values Access CLI Parameter Wireless Interfaces Group Network Name DisplayString 2 – 31 characters netname My Wireless Network A (default) My Wireless Network B (default) Auto Channel Select (ACS) Integer enable (default) autochannel disable...
Page 228: Ethernet Interface Parameters
Using the Command Line Interface Ethernet Interface Parameters Name Type Values Access CLI Parameter Ethernet Interface Group ethernet Speed Integer 10halfduplex etherspeed 10fullduplex 10autoduplex 100halfduplex 100fullduplex autohalfduplex autoautoduplex (default) MAC Address PhyAddress ethermacaddr Management Parameters IP Access Table Parameters When creating table entries, you may either specify the argument name followed by argument value or simply entering the argument value.
Page 229: Snmp Parameters
Using the Command Line Interface Access Control IP Table Integer active (1), acStatus Entry Status notInService (2), notReady (3), createAndGo (4), createAndWait (5), destroy (6) NOTE: Both the IP Access Table Parameters and the Access Control Parameters determine which IP addresses are allowed to manage the AP over the Ethernet interface.
Page 230 Using the Command Line Interface Telnet Login Inactivity Integer 1 – 60 seconds tellogintout Time-out 30 sec (default) Telnet Session Idle Integer 1 - 900 seconds telsessiontout Time-out 900 sec (default)
Page 231: Serial Port Parameters
Using the Command Line Interface Serial Port Parameters Name Type Values Access CLI Parameter Serial Group serial Baud Rate Integer 2400, 4800, serbaudrate 9600 (default), 19200, 38400, 57600 Data Bits Integer serdatabits Parity Integer none serparity Stop Bits Integer serstopbits Flow Control Value none (default)
Page 232: Ntp Parameters
Using the Command Line Interface NTP Parameters Name Type Values Access CLI Parameter SNTP Group sntp SNTP On Integer enable (1) oriSNTPStatus disable (2) Primary SNTP DisplayString User Defined oriSNTPPrimaryServerNameOrIPAddress Server IP Secondary SNTP DisplayString User Defined oriSNTPSecondaryServerNameOrIPAddress Server IP Time Zone Setup Integer dateline (1)
Page 233: Security Parameters
Using the Command Line Interface Integer32 User Defined oriSNTPDay (1..31) Hour Integer32 User Defined oriSNTPHour (0..23) Minutes Integer32 User Defined oriSNTPMinutes (0..59) Seconds Integer32 User Defined oriSNTPSeconds (0..59) Security Parameters NOTE: The Security group is not currently implemented in the AP-2500. Name Type Values...
Page 234: Radius Service Profile Table
Using the Command Line Interface RADIUS Enable GB Redirect Integer disable (0) aaaRadiusGoodbyeUrlOn enable (1) RADIUS Enable EOD Integer disable (0) aaaRadiusSessionTerminateEOD Termination enable (1) RADIUS Enable Byte Count Integer disable (0) aaaRadiusByteCountReset Reset enable (1) RADIUS Service Profile Table Name Type Values...
Page 235: Security Encryption Key Length Table
Using the Command Line Interface Primary RADIUS Auth Server DisplayString User Defined radAuthSrv1Dns DNS Name Size(0..240) Secondary RADIUS Auth Server DisplayString User Defined radAuthSrv2Dns DNS Name Size(0..240) Primary RADIUS Acct Server DisplayString User Defined radAcctSrv1Dns DNS Name Size(0..240) Secondary RADIUS Acct Server DisplayString User Defined radAcctSrv2Dns...
Page 236: Home Page Redirection Parameters
Using the Command Line Interface Home Page Redirection Parameters Name Type Values Access CLI Parameter Home Page Group Redirection Home Page Integer disable (0) hprOn Redirection Enabled enable (1) HPR URL DisplayString User Defined hprUrl Size(0..238) HPR Parameters Integer disable (0) hprParameterPassing Passing enable (1)
Page 237 Using the Command Line Interface External IpAddress User Defined aaaExternalIPAddress Authorization Server External DisplayString User Defined aaaAuthorizationUrl Authorization Server Size(0..238)
Page 238: Aaa Internal Authorization Parameters
Using the Command Line Interface AAA Internal Authorization Parameters Name Type Values Access CLI Parameter AAA Internal Group aaaInternalAuth Authorization SSL Support Integer disable (0) RW/Reboot aaaSslOn enable (1) SSL Host Name DisplayString User Defined aaaSslHostName Size(0..31) SSL Portal Page Integer disable (0) aaaPortalPageOn...
Page 239: Logging Parameters
Using the Command Line Interface Logging Parameters Name Type Values Access CLI Parameter NSE Log System Group System Logging On Integer disable (0) systemLoggingOn enable (1) System Log Integer 0..7 systemLogNumber Number Syslog Server IP IpAddress User Defined systemLogServerIp AAA Logging Integer disable (0) aaaLoggingOn...
Page 240 Using the Command Line Interface URL Filtering DNS Table urlFilteringDNSTable Table URL Filtering DNS Integer urlFilteringDNSTableIndex Table Index URL Filtering DNS DisplayString User Defined urlFilteringDNSTableAddress Table Name Size(0..237) URL Filtering DNS RowStatus active (1), urlFilteringDNSTableStatus Table Status notInService (2), notReady (3), createAndGo (4), createAndWait (5), destroy (6)
Page 241: Icc (Information Control Console) Parameters
Using the Command Line Interface ICC (Information Control Console) Parameters Name Type Values Access CLI Parameter Group ICC On Integer disable (0) iccOn enable (1) Title to display on DisplayString User Defined iccTitle ICC Console Size(0..238) ICC Logout Option Integer redisplay (0) iccLogoutOption logout (2)
Page 242: Icc Banner Configuration
Using the Command Line Interface ICC Banner Configuration The following table is for ICC Banner 1. The same parameters apply to banners 2 through 5 (simply change the 1 in each command to a different button number). Name Type Values Access CLI Parameter ICC Banner 1 Name...
Page 243: Passthrough Ip Table
Using the Command Line Interface Passthrough IP Table Name Type Values Access CLI Parameter Passthru IP Table Table passthroughIPTable Passthru IP Table Integer passthroughIPTableIndex Index Passthru IP Table IpAddress User Defined passthroughIPTableAddress Address Passthru IP Table RowStatus active (1), passthroughIPTableStatus Status notInService (2), notReady (3),...
Page 244: Billing Parameters
Using the Command Line Interface Billing Parameters Name Type Values Access CLI Parameter AAA Billing Option Group aaaBillingOption Intro Message DisplayString User Defined aaaBilloptIntroMsg Size(0..140) Offer Message DisplayString User Defined aaaBilloptOfferMsg Size(0..140) Policy Message DisplayString User Defined aaaBilloptPolicyMsg Size(0..117) Minimum Purchase Integer User Defined aaaBilloptMinTimeUnitMinute...
Page 245: Billing Mirroring Parameters
Using the Command Line Interface Name Type Values Access CLI Parameter AAA Billing Plan 0 Group aaaBillingPlan0 Billing Plan Enabled Integer disable (0) aaaBillingPlanOn0 enable (1) Plan Label DisplayString User Defined aaaBillingPlanLabel0 Size(0..16) Plan Description DisplayString User Defined aaaBillingPlanDesc0 Size(0..140) Rate per Minute DisplayString User Defined...
Page 246 Using the Command Line Interface Property ID DisplayString User Defined brmPropertyId Size(1..32) AP ID DisplayString brmUsgId Size(1..32) Primary Mirroring IpAddress User Defined brmServerIpPrimary Server IP Primary Mirroring DisplayString User Defined brmServerUrlPrimary Server URL Size(1..238) Primary Mirroring DisplayString User Defined brmServerSecretPrimary Server Secret Key Size(0..32) Primary Mirroring...
Page 247: Subscriber Messages Parameters
Using the Command Line Interface Subscriber Messages Parameters Name Type Values Access CLI Parameter AAA Subscriber Group aaaSubLoginUI Login UI Service Selection DisplayString User Defined aaaWebServiceMsg Message Size(0..140) Existing User DisplayString User Defined aaaWebExistingUserMsg Message Size(0..140) New User Message DisplayString User Defined aaaWebNewUsernameMsg Size(0..140)
Page 248 Using the Command Line Interface Password DisplayString User Defined aaaErrorPasswordMatch Unmatched Size(0..218) Wrong Password DisplayString User Defined aaaErrorPasswordWrong Size(0..218) Too Many DisplayString User Defined aaaErrorTooManyUsers Subscribers Size(0..218) Try Again DisplayString User Defined aaaErrorTryAgain Size(0..218) User ID Not Found DisplayString User Defined aaaErrorUserIdMissing Size(0..218) User ID Taken...
Page 249: Authorized Subscribers Table
Using the Command Line Interface Thank You DisplayString User Defined aaaMessageThankYou Message Size(0..218) Verifying Message DisplayString User Defined aaaMessageVerifying Size(0..218) Purchase Options DisplayString User Defined aaaMessageYourPurchase Message Size(0..218) Enable Partner Integer disable (0) aaaPartnerImageOn Image enable (1) Splashscreen Filename of the DisplayString User Defined aaaPartnerImageFileName...
Page 250: Current Subscribers Table
Using the Command Line Interface Subscriber MAC DisplayString User Defined authSubMac Size(0..17) Subscriber IP IpAddress User Defined authSubIp Subscriber Name DisplayString User Defined authSubName Size(0..96) Subscriber Password DisplayString User Defined authSubPassword Size(0..32) Subscriber Countdown Integer disable (0) authSubCountDown enable (1) Subscriber Expiration Integer User Defined...
Page 251 Using the Command Line Interface Subscriber Upload Integer subBwUp Bandwidth Subscriber Download Integer subBwDown Bandwidth Subscriber AAA State DisplayString subAaaState Subscriber Expiration Info DisplayString subExpiration Inactivity Logoff Timer DisplayString subIdleTimeout Subscriber MBytes Sent Integer subBytesSentInMegaByte Subscriber MBytes Integer subBytesRecInMegaByte Received Total MBytes Sent and Integer subBytesTotalInMegaByte...
Page 252: Miscellaneous Parameters
Using the Command Line Interface Miscellaneous Parameters Name Type Values Access CLI Parameter Miscellaneous Group misc Maximum Integer maxNumSubscribers Subscribers Allowed Session Limit Parameters Name Type Values Access CLI Parameter Session Limit Group sessionlimit Enable Session Limit Integer disable (0) sessionLimitEnable enable (1) Session Limit Mean...
Page 253: Dat Session Parameters
Using the Command Line Interface DAT Session Parameters Dynamic Address Translation (DAT) provides access to subscribers who are misconfigured with static IP addresses or subscribers that do not have DHCP functionality on their computers. Name Type Values Access CLI Parameter Delete All DAT Integer false (0)
Page 254: Cli Monitoring Parameters
Using the Command Line Interface CLI Monitoring Parameters Using the “show” command with the following table parameters will display operating statistics for the AP-2500 (these are the same statistics that are described in Monitor Information for the HTTP Web interface). –...
Page 255: B Xml Interface Specification
— These sample files can only be run from the AP’s Ethernet side; you can not use these files on a wireless client (subscriber). — These sample files are provided for illustration and testing purposes only. Proxim provides no guarantee that these files will function error-free.
Page 256: Url Get
XML Interface Specification URL GET A network device can send commands to the AP via a query string appended to a URL line (GET method). The query string is the string of characters following the question mark (?) at the end of the URL. For example, consider the following example illustrating a “user successful login”...
Page 257: Xml Response Form Format
XML Interface Specification XML Response Form Format In response to a command, the AP returns an XML form in the following format: where: (RESULTCODE) is either "OK" or "ERROR". (UI) is the AP ID. (AP_IP_ADDR) is the AP's IP address. (tag_n) is a data name tag.
Page 258: Ap Command Reference
XML Interface Specification AP Command Reference User Add (or Update) Command Sample file name: UserAdd.htm The specified user has been authorized for access and will be added to the AP’s Authorized Subscribers Table. If the subscriber is in the ‘Current’ (active) memory table of the AP-2500 then the Update Cache XML command must follow in order to correctly update the subscriber.
Page 259: Sample Command Xml (Normal Plan)
XML Interface Specification Sample command XML (Normal Plan): Sample command XML (X over Y Plan): Response for the User Add Command Standard: As a response to this command, the web server will get an acknowledgement XML message from the AP-2500 (OK or ERROR, see “Standard OK/ERROR Response” section for DTD definition). Update Cache Command The user’s status in the Current Subscribers Table will change from “Pending”...
Page 260: Bandwidth Up Command
XML Interface Specification Bandwidth Up Command Set the bandwidth up for an authorized user. This XML command has the following DTD: Where: COMMAND attribute: SET_BANDWIDTH_UP SUBSCRIBER attribute: Subscriber’s MAC address (char [12]) SET_BANDWIDTH_UP: (number measured in Kbps (i.e. for 128,000 bits per second, enter 128)) Sample command XML <?xml version="1.0"...
Page 261: Sample Command Xml
XML Interface Specification Sample command XML <?xml version="1.0" ?> <!DOCTYPE USG "ndxBwDn.dtd"> <USG COMMAND="SET_BANDWIDTH_DOWN" SUBSCRIBER="1A2B3C4D5E6F"> <SET_BANDWIDTH_DOWN>256</SET_BANDWIDTH_DOWN> </USG> Response for the Bandwidth Down Command Standard: As a response to this command, the web server will get an acknowledgement XML message from the AP-2500 (OK or ERROR, see “Standard OK/ERROR Response”...
Page 262: Sample Command Xml
XML Interface Specification This command has the following DTD: Where: COMMAND attribute: USER_QUERY USER attribute: ID_TYPE (either MAC_ADDR or USER_NAME MAC_ADDR: Subscriber’s MAC address (char [12], optional if username is present) USER_NAME: Subscriber’s username (char [96], optional if MAC is present) Sample command XML <?xml version="1.0"...
Page 263: Sample Response Xml
XML Interface Specification Where: MAC_ADDR: Subscriber’s MAC address (char [12]) USER_NAME: Subscriber’s username (char [96]) PASSWORD: Subscriber’s password (char [128]) EXPIRY_TIME: Expiry time UNITS attribute: Either SECONDS, MINUTES, HOURS or DAYS PAYMENT_METHOD: Either "CREDIT_CARD", or blank if subscriber added by XML or by administrator DATA_VOLUME: data transferred by subscriber in Kbytes ID attribute: ID of the AP-2500 (char [6]) IP attribute: IP address of the AP-2500 (char [18])
Page 264: User Authorize
XML Interface Specification User Authorize A User's identity, specified by MAC address, is checked against the Authorized Subscribers and Current Subscribers Tables. If the User is found in either table, VALID_USER is returned along with the User's authorization method: RADIUS or CREDIT_CARD. If the User is not found, INVALID_USER will be returned. This command has the following DTD: Where: COMMAND : "USER_AUTHORIZE"...
Page 265 XML Interface Specification <!DOCTYPE USG "ndxUserAuthRsp.dtd"> <USG RESULT="OK" ID="ABC123" IP="192.168.100.102"> <STATUS>VALID_USER</STATUS> <PAYMENT_METHOD>CREDIT_CARD</PAYMENT_METHOD> </USG>...
Page 266: External Authentication Procedure (Detailed)
XML Interface Specification External Authentication Procedure (Detailed) Whenever a subscriber tries to access the Internet, it must pass through the AP. The AP tracks all packets flowing through it by the source MAC address of the packet, which uniquely identifies the wireless card that the subscriber is using.
Page 267: C Credit Card Interface Specification
AP; this specification should provide them with the information they need to create the interface. CAUTION: This is a “best effort” specification. Proxim cannot guarantee that following these guidelines will ensure trouble-free interoperability between the credit card clearing server and the AP-2500.
Page 268: Data Sent By Credit Card Clearing Server To The Ap-2500
Credit Card Interface Specification 11. This field must be in the form and set to a value of TRUE to tell the system that it will be doing an ADC Relay Response transaction. 12. Sending this field guarantees that the default Payment Form will show up for the user. Should be VALUE="PAYMENT_FORM"...
Page 269: D Ascii Character Chart
ORiN ASCII Character Chart You can configure WEP Encryption Keys in either Hexadecimal or ASCII format. Hexadecimal digits are 0-9 and A-F (not case sensitive). ASCII characters are 0-9, A-F, a-f (case sensitive), and punctuation marks. Each ASCII character corresponds to two hexadecimal digits. The table below lists the ASCII characters that you can use to configure WEP Encryption Keys.
Page 270: E Specifications
ORiN Specifications This chapter contains hardware and radio specification for the AP-2500. • Hardware Specifications • Radio Specifications – 802.11b Channel Frequencies – 802.11a Channel Frequencies – Wireless Communication Range Hardware Specifications Physical Specifications AP-2500 Unit Dimensions (H x W x L) = 6.5 x 18.5 x 26 cm (2.5 x 7.25 x 10.25 in.) Weight = 1.75 kg (3.5 lb.) 802.11a Antenna Adapter Dimensions (H x W x L) = 11.3 x 2.10 x 26.2 cm (4.5 x 0.83 x 10.3in.)
Page 271: Ethernet Interface
Specifications Ethernet Interface 10/100 Base-T, RJ-45 female socket PCMCIA Interface PC Card Slot (A & B) = Standard PC Card slot for PC Card Serial Port Interface Connector Type = DB9, male Serial Cable = Standard RS-232C serial data cable, with a female DB-9 connector at each end Active Ethernet Interface Category 5, foiled, twisted pair cables must be used to ensure compliance with FCC Part 15, subpart B, Class B requirements...
Page 272: Radio Specifications
Specifications Radio Specifications 802.11a radio certification is not available in all countries. Contact your sales representative for details. 802.11b radio certification is available in the US/Canada (FCC), Japan (VCCI), Europe (ETSI), and France. 802.11b Channel Frequencies The following table shows the channel allocations that vary from country to country. Values listed in bold font indicate default channels and frequencies.
Page 273: Wireless Communication Range
Specifications Wireless Communication Range The range of the wireless signal is related to the composition of objects in the radio wave path, and the transmit rate of the wireless communication. Communications at a lower transmit range may travel longer distances. NOTE: The range values listed in the Communications Range Chart are typical distances as measured at the development laboratories.
Page 274: F Technical Support
Version tab (click on Monitor > Version). – Include the source of the software version (e.g., pre-loaded on unit, installed from CD, downloaded from Proxim Web site, etc.) • Information about your network – Network operating system (e.g., Microsoft Networking); include version information –...
Page 275: Telephone Support
Technical Support NOTE: The Knowledgebase is available to all website visitors. First-time users will be asked to create an account to gain access. Telephone Support Contact technical support by phone 24 hours a day, seven days a week. • Domestic: +1-866-674-6626 •...
Page 276: G Statement Of Warranty
The express warranties set forth in this Agreement will not apply to defects in a Product caused; (i) through no fault of Proxim during shipment to or from Buyer, (ii) by the use of software other than that provided with or installed in the...
Page 277: Other Information
Calls to the Customer Service Center for reasons other than Product failure will not be accepted unless Buyer has purchased a Proxim Service Contract or the call is made within the first thirty (30) days of the Product’s invoice date.

Proxim Orinoco AP-2500 User Manual

1 Introduction

2 Installation & Basic Configuration

3 AP-2500 Authentication Methods

4 Network Parameters

5 Public Space Parameters

6 Monitor Information

7 Commands

8 Troubleshooting

A Using the Command Line Interface

Quick Links

Troubleshooting

Need help?

Questions and answers

Related Manuals for Proxim Orinoco AP-2500

Summary of Contents for Proxim Orinoco AP-2500