Proxim ORiNOCO AP-2500 User Manual

ORiNOCO AP-2500User Guide

10ContentsSet the Multicast Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203Set Ethern

100Network ParametersSpecial Considerations Regarding VPN SupportThe most common VPN protocol is IPSec. When a subscriber who has a private IP address

101ORiNOCO AP-2500 User Guide5Public Space ParametersIn this ChapterThis chapter describes all of the Public Space operating parameters that can be c

102Public Space ParametersHome Page Redirection (HPR)This tab is used to redirect the subscriber’s browser to a specified home page following successf

103Public Space ParametersFigure 5-1 Home Page Redirection ConfigurationAuthentication, Authorization, and Accounting (AAA)The AP-2500 uses AAA servi

104Public Space Parameters• Enable AAA Services: Enable this option to support any of the authentication methods described in AP-2500 Authentication M

105Public Space ParametersAAA Services with the Internal Web Server (IWS)This screen lets you set the configuration options when authorizing subscribe

106Public Space ParametersCreating SSL KeysYou need to download three keys to the AP-2500 before enabling SSL. You must create two of these keys yours

107Public Space Parameters8. When prompted, follow the on-screen instructions and enter the information requested (such as your company’s name and add

108Public Space Parameters14. Click OK.• Result: The TFTP operation begins. A new TFTP Operation Status window opens.15. Click Close after the TFTP op

109Public Space ParametersFigure 5-5 Internal Authentication with Portal PageThe following sections provide basic instructions for using a Portal Pag

11ContentsURL Filtering Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221URL Filt

110Public Space ParametersDesigning a Portal PageA Portal Page is a Web page; you can design it using whatever Web design tools you have available. Th

111Public Space ParametersDeciding which sample is right for your hotspot depends on the customer experience you want to provide. The sections below d

112Public Space Parameters7. Following successful authentication, the customer is redirected to the page he originally requested or to the page you sp

113Public Space ParametersFigure 5-6 Portal Page Configuration6. Click the Passthrough tab.7. Place a check mark in the Enable Passthrough Address bo

114Public Space ParametersFigure 5-7 Sample Passthrough Tables10. Click OK.11. Click the HPR tab.12. Place a check mark in the Enable Home Page Redir

115Public Space ParametersFigure 5-8 Portal Page Configuration6. Click the Passthrough tab.7. Place a check mark in the Enable Passthrough Address bo

116Public Space ParametersFigure 5-9 Sample Passthrough Tables10. Click OK.NOTEIf you disable Home Page Redirection, your subscribers will be automat

117Public Space ParametersFigure 5-10 HPR (with Parameter Passing)15. Click OK.16. Click Commands > Reboot.17. Click OK to reboot the AP so your c

118Public Space ParametersFigure 5-11 AP Communicating with Hotspot AggregatorThe following steps describe how you should configure the AP-2500 if yo

119Public Space ParametersFigure 5-12 AAA Internal Settings if Enabling Smart Client3. Click OK to save the settings.4. Reboot the AP.User Name &

12External Authentication Procedure (Detailed) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240Sample XML Communications with the A

120Public Space ParametersFigure 5-13 Sample Login Screen Presented to SubscribersSample scenarios include:• If you are renting cards to customers, d

121Public Space Parameters13. AP adds customer to its Authorized Subscribers Table for the period of time purchased by the customer; the AP also adds

122Public Space ParametersNOTEIf you want the AP to send copies of credit card transactions to a mirroring server, see Credit Card Mirroring for instr

123Public Space ParametersEnabling Bill MirroringFollow these steps the enable bill mirroring:1. Login to the AP’s Web browser interface.2. Click Subs

124Public Space Parameters9. Enter the following settings for the primary server, secondary server (if any), and carbon copy server that will receive

125Public Space ParametersExample of a Positive Acknowledgment:<AP COMMAND=”RMTLOG_ACK”><ACK_VALUE>OK</ACK_VALUE><IP_ADDR>205.

126Public Space ParametersConfiguration InstructionsFollow these steps to enable the AP’s syslog features:1. Login to the AP’s Web browser interface.2

127Public Space ParametersSample Logging Events• AAA Messages – Credit Card• AAA Messages – Internal Web Server – User Name Login• AAA Messages – RADI

128Public Space ParametersAAA Messages – XMLBill MirrorDHCPMessage Meaning USG_AAA: 4007 AAA_Interface added_by_administrator 00:50:04:29:37:56 Exp_ti

129Public Space ParametersDNSHome Page RedirectMessage MeaningUSG_DNS:ndxDNSRedirectionTable::processFromNetwork(): could not get subid This syslog su

13ORiNOCO AP-2500 User Guide1IntroductionIn This Chapter• Introducing the AP-2500• Overview of Product Features• The Product Package• Minimum System

130Public Space ParametersOther AAA MessagesReboot RequestsMessage MeaningAAA: 4121 AAA_lookup Tried to add blacklisted IP 210.155.227.244 or MAC 00:5

131Public Space ParametersURL FilteringThe AP-2500 can restrict access to specified web sites based on URLs. URL filtering will block access to these

132Public Space ParametersURL Filtering by IP Address1. Login to the AP’s Web browser interface.2. Click PublicSpace > URLFilter.3. Place a check m

133Public Space ParametersICC AppearanceThe ICC screen contains the following items:•Title Bar— Appears at the top of the screen near the Web browser

134Public Space ParametersFigure 5-19 ICC Screen -- Credit CardAuthenticated by RADIUSIf a subscriber has been authenticated by a RADIUS server (if u

135Public Space ParametersFigure 5-21 ICC Setup Screen9. Place a check mark in the Enable ICC box.10. Enter the Title for the ICC.• This is the name

136Public Space Parameters12. Configure the ISP Logo Button settings.• Enter the Name or Title of the ISP Button in the ISP Logo Button’s Name/Text fi

137Public Space Parameters• Configure the optional banner Start Time and Stop Time.— The Start Time is in hh:mm AM/PM format and determines when the b

138Public Space ParametersFollow these steps to enable SMTP Redirection:1. Login to the AP’s Web browser interface.2. Click PublicSpace > SMTP.3. I

139Public Space ParametersThe DNS and IP Address tables can hold up to 50 entries each. The AAA port option supports only passthrough port.• Passthrou

14Introduction• Outgoing e-mail (SMTP) Redirection: You can configure the AP-2500 to redirect outgoing e-mail messages to a specified Simple Mail Tran

140Public Space ParametersPassthrough IP Table1. Login to the AP’s Web browser interface.2. Click PublicSpace > Passthrough > IP/DNS.3. Place a

141Public Space Parameters4. Enter the speed of the connection between the AP and the Ethernet network in the Bandwidth uplink (to network) speed fiel

142Public Space ParametersBilling Options for SubscribersThe Web browser interface’s Subscriber button links to three screens that allow you to config

143Public Space ParametersFigure 5-27 Default New User Screen that Appears to Subscribers• Edit the Introduction Message.— The default Introduction M

144Public Space Parameters7. Click OK.8. Click the Plan 0 tab.9. Configure the settings for billing plan 0.• Place a check mark in the Enable Plan box

145Public Space ParametersCreating a Free Billing PlanUnder some circumstances you may want to offer free Internet access to your subscribers. For exa

146Public Space ParametersFigure 5-30 Subscribers Can Select a Plan that Offers Free Internet AccessSubscriber MessagesThe Web browser interface’s Su

147Public Space ParametersFigure 5-31 Subscriber Login Messages3. Edit the login messages as necessary.• Service Selection Message• Existing User Na

148Public Space ParametersFigure 5-32 Sample Login Screen Presented to Subscribers4. JavaScript support on the AP’s internal Web pages are enabled by

149Public Space ParametersFigure 5-33 Subscriber Messages Screen12. Click the Sub Msgs 2 tab.13. Edit the subscriber messages as necessary. • If this

15IntroductionOne of the key features of DAT is a technique known as Network Address Translation (NAT). NAT is an Internet standard that allows a devi

150Public Space Parameters16. Edit the subscriber messages as necessary. • Thank you for your business• We are verifying your account. Please wait— Th

151Public Space Parameters4. Edit the Remember Me Message.• This message appears on the login screen to let the user know that his/her user name and p

152Public Space ParametersFigure 5-35 Login Screen with Custom LogoFollow these steps to add your own partner image and logo to the AP:1. Create the

153Public Space ParametersAuthorized SubscribersThe AP-2500 stores information about subscribers in the Authorized Subscribers Table. You can view the

154Public Space Parameters• Custom fields for internal use (User Alias 1 or User Alias 2)• Upstream and Downstream bandwidth settings•Status— Should b

155Public Space Parameters5. If authorizing a user based on MAC address (in other words, the PublicSpace > AAA > Internal > Enable User Name

156ORiNOCO AP-2500 User Guide6Monitor InformationIn This ChapterThis chapter describes the statistics that can be viewed using the Access Point’s Web

157Monitor InformationSystem StatusSystem Status is the first screen to appear each time you connect to the Web browser interface. You can also return

158Monitor InformationVersionFrom the Web browser interface, click the Monitor button and select the Version tab. The list displayed provides you with

159Monitor InformationICMPThis tab provides statistical information for both received and transmitted messages directed to the Access Point. For examp

16IntroductionNetworking FeaturesThe AP-2500 provides wireless access to the Internet for hotspot subscribers. This means that your customers can surf

160Monitor InformationIP/ARP TableThis tab provides information based on the Address Resolution Protocol (ARP), which maps IP Addresses to MAC Address

161Monitor InformationLearn TableThis tab displays information relating to network bridging. It reports the MAC address for each node that the AP has

162Monitor InformationCurrent Subscribers TableThis table lists all of the active subscribers that are communicating with the AP. (See Authorized Subs

163Monitor InformationA subscriber is removed from the Current Subscribers Table under the following circumstances:• The network administrator changes

164Monitor InformationInterfacesThis tab displays statistics for the Ethernet and wireless interfaces. The Operational Status can be up, down, or test

165Monitor InformationLink Test (802.11b Only)This tab displays information on the quality of the wireless link to clients and other 802.11b APs in th

166Monitor Information• Noise (dBm): The strength of the noise detected at the receiver reported in dBm (decibels referenced to 1 milliwatt). The disp

167ORiNOCO AP-2500 User Guide7CommandsIn This ChapterThis chapter describes the commands that can be issued using the Access Point’s Web browser inte

168CommandsFile Type OverviewFor Downloads, the File Type parameter supports four options: Config, Img, BspBl, and Generic. For Uploads, File Type sup

169CommandsUploadUse the Upload tab to upload Configuration and image files from the AP-2500 to the TFTP server. NOTEThe Download and Upload commands

17Introduction802.11a and 802.11b NetworksThe AP-2500 supports both the IEEE 802.11a and 802.11b standards. The AP-2500 can be used with the following

170CommandsRebootUse the Reboot tab to save configuration changes (if any) and reset the AP-2500. Entering a value of 0 (zero) causes an immediate reb

171CommandsFigure 7-4 Reset to Factory Defaults Command ScreenHelp LinkTo open Help, click the Help button on any display screen.During initializatio

172ORiNOCO AP-2500 User Guide8TroubleshootingIn This Chapter• Troubleshooting Concepts• Symptoms and Solutions• Connectivity Issues• AP-2500 Unit Wil

173TroubleshootingNOTEThis section helps you locate problems related to the AP-2500 device setup. For details about RADIUS, TFTP, Serial communication

174TroubleshootingEthernet Link Does Not Work1. Double-check the physical network connections. Use a known-good unit to make sure the network connecti

175TroubleshootingHTML Help Files Do Not Appear1. Verify that the HTML Help files are installed in the default directory listed in the Help Link scree

176TroubleshootingVLAN Operation IssuesVerifying Proper Operation of the VLAN FeatureThe correct VLAN configuration can be verified by “pinging” both

177TroubleshootingRecovery ProceduresThe most common installation problems relate to IP Addressing. For example, without the TFTP server IP address, y

178TroubleshootingDownload ProcedureFollow these steps to use ScanTool to download a software image to an Access Point with a missing image:1. Downloa

179Troubleshooting4. Open your terminal emulation program (like HyperTerminal) and set the following connection properties:• Com Port: <COM1, COM2,

18IntroductionList of Networking FeaturesThe IEEE standards that governs wireless communications are different for the 2.4 GHz band and the 5 GHz band

180TroubleshootingSetting IP Address using Serial Port and Normal CLIUse the following procedure to set an IP Address over the serial port using the n

181Troubleshooting6. Change the IP Address and other network values using set and reboot CLI commands, similar to the example dialog below (use your o

182TroubleshootingImage AlarmsStandard MIB-II (RFC 1213) AlarmsAAA AlarmsThere are two enterprise traps sent from the Public Space functions:Related A

183TroubleshootingLED IndicatorsPOWER ETHERNET PC CARD A PC CARD B INIDICATIONGreen Green flash with data activityGreen flash with data activityGreen

184ORiNOCO AP-2500 User GuideAUsing the Command Line InterfaceIn This ChapterThis section provides details for the Command Line (CLI) Interface used

185Using the Command Line InterfacePrerequisite Skills and KnowledgeTo use this document effectively, you should have a working knowledge of Local Are

186Using the Command Line InterfaceCLI Error MessagesThe following table describes the error messages associated with improper inputs or expected CLI

187Using the Command Line InterfaceThe following lists display the results of using the help and show commands in the Bootloader CLI:[DeviceName]>h

188Using the Command Line Interface? (List Commands) This command has varied uses to display commands and parameters, depending on the operation in wh

189Using the Command Line Interface Figure A-4 Result of “set ?” CLI commandExample 3b. Display parameters based on letter sequenceThis example shows

19IntroductionThe following table provides detailed information on the differences between the 802.11a and 802.11b feature sets.2.4 GHz(802.11b)5 GHz(

190Using the Command Line InterfaceAfter entering one parameter, you may add another "?" to the new CLI line see the next parameter prompt,

191Using the Command Line InterfaceFigure A-7 Results of “help<space>” CLI command2. Complete command description and command usage can be prov

192Using the Command Line Interfacesearch Lists the members of the specified table. This list corresponds to the table information displayed in the HT

193Using the Command Line InterfaceParameter Control CommandsThe following sections cover each CLI Command, and include several tables showing paramet

194Using the Command Line InterfaceNOTESome tables use a different syntax. See Working with Tables for details.Example 4 - Enable, Disable, or Delete

195Using the Command Line InterfaceExample 6 - Show Individual and Table Parameters1. View a single parameterSyntax:[Device Name]>show <paramete

196Using the Command Line Interface•Deletion– The table name is required.– The table index is required – for table deletion the index should be the in

197Using the Command Line InterfaceConfiguring Objects that Require RebootCertain objects supported by the AP require the device to be rebooted in ord

198Using the Command Line InterfaceConfiguring the AP-2500 Unit using CLI commandsLog Into the AP-2500 Unit using HyperTerminal1. Launch HyperTerminal

199Using the Command Line InterfaceFigure A-11 Result of “show system” CLI CommandSet Static IP Address for the AP-2500 device[Device Name]>set ip

2Copyright© 2003 Proxim Corporation. All rights reserved. Covered by one or more of the following U.S. patents: 5,231,634; 5,875,179; 6,006,090; 5,809

20IntroductionThe Product PackageEach AP-2500 comes with the following:• AP processor module• AP cover• Mounting plate• Mounting hardware– Four 3.5 mm

200Using the Command Line InterfaceFigure A-12 Results of “show wif” CLI commandSet WEP Encryption for each Wireless Interface– 3 = wireless card in

201Using the Command Line InterfaceFor the wireless card in Slot BYou can set up to four encryption keys. This example describes setting encryption Ke

202Using the Command Line InterfaceChange your Wireless Interface Settings Enable/Disable Interference Robustness– 3 = wireless card in Slot A– 4 = wi

203Using the Command Line InterfaceNOTEThe distance between APs should not be approximated. It is calculated by means of a manual Site Survey, in whic

204Using the Command Line InterfaceConfigure Management Ports[Device Name]>set snmpifbitmask <0, 1, 4, 8, 15 (see below)>[Device Name]>set

205Using the Command Line InterfaceParameter TablesObjects contain groups that contain both parameters and parameter tables. Use the following Tables

206Using the Command Line Interface• Passthrough Parameters - Specify free content or walled garden sites for unauthenticated users• Passthrough IP Ta

207Using the Command Line InterfaceInventory Management InformationNOTEThe inventory management commands display advanced information about the AP’s i

208Using the Command Line InterfaceDHCP Server ParametersDNS ParametersName Type Values Access CLI ParameterDHCP Group N/A R dhcpDHCP Service Integer

209Using the Command Line InterfaceVLAN ParametersVLAN ID TableInterface ParametersSince the AP-2500 devices support two PC Card slots, we differentia

21IntroductionWeb Browser InterfaceThe Web Browser interface (also known as the HTTP interface) provides easy access to configuration settings and net

210Using the Command Line InterfaceNOTEThere is an inter-dependent relationship between the Distance between APs and the Multicast Rate. In general, l

211Using the Command Line InterfaceWireless 802.11a ParametersNOTEFor 802.11a cards in Europe, Auto Channel Select is a read-only parameter; it is alw

212Using the Command Line InterfaceEthernet Interface ParametersManagement ParametersIP Access Table ParametersWhen creating table entries, you may ei

213Using the Command Line InterfaceSNMP ParametersSNMP Table Host Table ParametersWhen creating table entries, you may either specifying the argument

214Using the Command Line InterfaceSerial Port ParametersHTTP (web browser) ParametersTFTP Server ParametersThese parameters relate to upload and down

215Using the Command Line InterfaceNTP ParametersName Type Values Access CLI ParameterSNTP Group N/A R sntpSNTP On Integer enable (1)disable (2)RW ori

216Using the Command Line InterfaceSecurity ParametersNOTEThe Security group is not currently implemented in the AP-2500.RADIUS Server ParametersDay I

217Using the Command Line InterfacePrimary RADIUS Acct Server Secret KeyDisplayString Size(0..130)User Defined RW aaaRadiusAcctSrv1SecPrimary RADIUS A

218Using the Command Line InterfaceEncryption ParametersThe following table details the WEP encryption parameters for the AP-2500. This information ap

219Using the Command Line InterfaceAAA ParametersThe Authentication, Authorization and Accounting (AAA) module enables solution provider to provision,

22IntroductionThe Nomadix MIB controls the following settings:• All of the Public Space features found under the PublicSpace and Subscriber headings w

220Using the Command Line InterfaceAAA Internal Authorization ParametersLogging ParametersName Type Values Access CLI ParameterAAA Internal Authorizat

221Using the Command Line InterfaceURL Filtering ParametersURL Filtering IP TableURL Filtering DNS TableName Type Values Access CLI ParameterURL Filte

222Using the Command Line InterfaceICC (Information Control Console) ParametersICC Button ConfigurationThe following table is for ICC Button 2. The sa

223Using the Command Line InterfaceICC Banner ConfigurationThe following table is for ICC Banner 1. The same parameters apply to banners 2 through 5 (

224Using the Command Line InterfacePassthrough IP TablePassthrough DNS TableAAA Passthrough PortSee Basic AAA Parameters.Bandwidth Management Paramete

225Using the Command Line Interface Billing ParametersBilling Mirroring ParametersName Type Values Access CLI ParameterAAA Billing Option Group N/A R

226Using the Command Line InterfaceBilling Plans ConfigurationThe following table is for Billing Plan 0. The same parameters apply to Billing Plans 1

227Using the Command Line InterfaceSubscriber Messages ParametersRate per Month DisplayString Size(0..32)User Defined RW aaaBillingPlanMonth0Uplink Ba

228Using the Command Line InterfaceISP Challenge DisplayString Size(0..218)User Defined RW aaaErrorISPChallengeValue Out of Range DisplayString Size(0

229Using the Command Line InterfaceAuthorized Subscribers TableRADIUS Create MessageDisplayString Size(0..218)User Defined RW aaaMessageRadiusCreateRA

23ORiNOCO AP-2500 User Guide2Installation & Basic ConfigurationIn This ChapterThis chapter describes how to install the AP-2500 hardware and perf

230Using the Command Line InterfaceCurrent Subscribers TableSubscriber Download BandwidthInteger User Defined RW authSubBwDownCredit Card Confirmation

231Using the Command Line InterfaceMiscellaneous ParametersCLI Monitoring ParametersUsing the “show” command with the following table parameters will

232ORiNOCO AP-2500 User GuideBXML Interface SpecificationThis specification describes the AP-2500’s XML Interface. Before reviewing this specificatio

233XML Interface SpecificationURL GETA network device can send commands to the AP via a query string appended to a URL line (GET method). The query st

234XML Interface SpecificationXML Response Form FormatIn response to a command, the AP returns an XML form in the following format:<USG RESULT=&quo

235XML Interface SpecificationAP Command ReferenceAdd/Update UserSample file name: UserAdd.htmThe specified user has been authorized for access and wi

236XML Interface SpecificationBandwidth UpSet the bandwidth up for an authorized user.Command: "SET_BANDWIDTH_UP"Command attr: "SUBSCRI

237XML Interface SpecificationQuery UserSample file name: UserQuery.htmThe current User data is returned.Command: "USER_QUERY"tag_1: "U

238XML Interface SpecificationCommands For Reference OnlyThe following commands are included for reference purposes only. They are not currently suppo

239XML Interface Specification User PaymentUser's authorization and payment is requested. PMS is not supported by the AP at this time.Command: &

24Installation & Basic Configuration Hardware InstallationRefer to the steps below that correspond to your configuration:• AP-2500 with Active Eth

240XML Interface SpecificationExternal Authentication Procedure (Detailed)Whenever a subscriber tries to access the Internet, it must pass through the

241XML Interface SpecificationSample XML Communications with the APThe following is an example of the commands to set access for a new subscriber with

242ORiNOCO AP-2500 User GuideCCredit Card Interface SpecificationA key payment feature of the AP-2500 is direct Credit Card billing. The AP supports

243Credit Card Interface Specification8. Merchant ID9. Amount10. URL to post silent reply11. This field must be in the form and set to a value of TRUE

244ORiNOCO AP-2500 User GuideDASCII Character ChartYou can configure WEP Encryption Keys in either Hexadecimal or ASCII format. Hexadecimal digits ar

245ORiNOCO AP-2500 User GuideESpecificationsIn This Chapter• Hardware Specifications• Radio Specifications– 802.11b Channel Frequencies– 802.11a Chan

246SpecificationsEthernet Interface10/100 Base-T, RJ-45 female socketPCMCIA InterfacePC Card Slot (A & B) = Standard PC Card slot for PC CardSeria

247SpecificationsRadio Specifications802.11a radio certification is not available in all countries. Contact your sales representative for details.802.

248SpecificationsWireless Communication RangeThe range of the wireless signal is related to the composition of objects in the radio wave path, and the

249ORiNOCO AP-2500 User GuideFTechnical SupportIf you are having a problem using an AP-2500 and cannot resolve it with the information in Troubleshoo

25Installation & Basic ConfigurationNOTEIf you want to install a second 802.11b wireless card in Slot B, you will first need to remove the slot co

250Technical SupportFor the Caribbean and Latin America:Phone: 1-866-ORiNOCO (1-866-674-6626)1-661-367-2230E-mail: [email protected]

26Installation & Basic ConfigurationAP-2500 with Power SupplyFollow these installation steps if you purchased an AP with a power supply:1. Clip th

27Installation & Basic ConfigurationFigure 2-7 Slide a PC Card into the APNOTEIf you want to install a second 802.11b wireless card in Slot B, yo

28Installation & Basic ConfigurationNOTEProxim recommends that you perform a Site Survey prior to determine the installation location for your AP-

29Installation & Basic ConfigurationFigure 2-11 Remove the AP cover4. Remove the power and Ethernet cables from the unit.5. Position the antenna

3ORiNOCO AP-2500 User GuideContents1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

30Installation & Basic Configuration8. Position the antenna for best reception:• at a 90° angle for flat surface mounts• at a 180° angle for wall

31Installation & Basic ConfigurationInitialization (ScanTool)ScanTool is a software utility that is included on the installation CD-ROM. The tool

32Installation & Basic Configuration7. Locate the MAC address of the AP you want to initialize within the Scan List.NOTEIf your Access Point does

33Installation & Basic ConfigurationBasic ConfigurationOnce you have a valid IP Address assigned to your AP-2500 and you can communicate with it o

34Installation & Basic ConfigurationFigure 2-17 Enter Network PasswordFigure 2-18 Web Interface’s System Status Screen

35Installation & Basic ConfigurationSet System Name, Location and Contact InformationFigure 2-19 System Configuration1. Click Configure > Syst

36Installation & Basic Configuration Figure 2-20 Network IP ConfigurationConfigure Network Names for the Wireless InterfacesDuring boot-up, the A

37Installation & Basic ConfigurationConfigure the Ethernet Interface1. Click Configure > Interfaces > Ethernet.2. Set the Speed and Transmis

38Installation & Basic Configuration5. Select the Key that the Access Point will use to encrypt outgoing data from the Encrypt Data Transmissions

39Installation & Basic ConfigurationNOTEFor security purposes Proxim recommends that you change ALL PASSWORDS from the default “public” immediatel

4ContentsConfigure Network Names for the Wireless Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Configure the Ethernet Int

40Installation & Basic ConfigurationReboot the APMost of the AP’s configuration settings take effect immediately; they do not require a reboot. Ho

41Installation & Basic ConfigurationDownload Updates from your TFTP Server using the CLI Interface1. Download the latest software at http://www.pr

42Installation & Basic ConfigurationDownloading Configuration FilesFollow these steps to download configuration files to the AP:1. Copy config.sys

43ORiNOCO AP-2500 User Guide3AP-2500 Authentication MethodsThe AP-2500 is a versatile Access Point for hotspot locations that supports multiple authe

44AP-2500 Authentication MethodsInternal AuthenticationIn this configuration, the AP-2500 provides all authentication services to subscribers using it

45AP-2500 Authentication MethodsNOTEIf you want to provide the user with the ability to log in or out of the connection, you need to use a RADIUS serv

46AP-2500 Authentication Methods• You can disable the AP’s DHCP server if there is another DHCP server that you want to use instead. See Disabling the

47AP-2500 Authentication MethodsNOTEAdvanced users can also manage the AP from a network computer using XML commands (tasks such as adding and deletin

48AP-2500 Authentication Methods17. If you want to charge customers for access time via credit card, configure the Credit Card Services options.• You

49AP-2500 Authentication Methods• If you want all outgoing mail traffic redirected to the specified server, enable both the Misconfigured and Properly

5ContentsDisabling the AP’s DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65IP Upsell . . . . .

50AP-2500 Authentication Methods6. Configure the Amount Paid field, if desired. The AP automatically fills in this field after a successful credit car

51AP-2500 Authentication MethodsInternal Authentication with RADIUSIn this configuration, the AP-2500 provides all of the authentication services desc

52AP-2500 Authentication Methods3. Client sends AP its login credentials (User name/password or MAC address).4. AP checks its Authorized Subscribers T

53AP-2500 Authentication Methods1. Install the RADIUS application on your network server, if necessary.• IAS is included with Windows 2000 Server. If

54AP-2500 Authentication Methods16. Return to the Internet Authentication Services window and right-click the Remote Access Policies entry in the nav

55AP-2500 Authentication MethodsConfigure the AP-2500After you have installed and configured your RADIUS server, you need to configure your AP to comm

56AP-2500 Authentication Methods5. Configure the Retransmission Options.• Select a Retransmission Method. This option is only valid if you have config

57AP-2500 Authentication Methods• Place a check mark in the Send NAS Port Type box if you want to include the port type in the messages sent to the RA

58AP-2500 Authentication MethodsExternal AuthenticationThe External Web Server (EWS) interface was designed for customers who want to develop and use

59AP-2500 Authentication Methods• The customer must try to access a valid Web site to initiate a redirect. Entering an unreachable URL or invalid Web

6ContentsEncryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

60AP-2500 Authentication Methods• Some applications require a public IP address to function properly over the Internet (such as certain VPN applicatio

61AP-2500 Authentication Methods22. Click the AAA Port tab and configure the AAA Passthrough Port settings, if applicable. For example, if you are red

62ORiNOCO AP-2500 User Guide4Network ParametersIn This ChapterThis chapter describes all of the network operating parameters that can be configured u

63Network ParametersNetworkThe Network category contains four sub-categories.– IP Configuration– DHCP Server– DNS Server– VLANIP ConfigurationYou can

64Network ParametersOverview of DHCP Server ParametersYou can configure and view the following parameters within the DHCP Server Configuration screen:

65Network ParametersFigure 4-1 DHCP Server Configuration ScreenConfiguring the AP to Serve Public IP AddressesIf you have a pool of public IP address

66Network Parameters5. In the Relay Type field, select the type of addresses your DHCP server will assign to subscribers: Public or Private.6. In the

67Network ParametersFigure 4-2 Enabling IP Upsell11. Configure the billing plans that you want to offer.– At least one plan should offer private IP a

68Network Parameters• If you use external authentication, you can add an IP_Type attribute to the User_Add XML command and specify the address type (p

69Network Parameters4. Enter the DNS Domain name. This name is provided by your ISP or network administrator.5. Enter up to three DNS Server IP addres

7ContentsAuthorized Subscribers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153Authorized Subscr

70Network ParametersVLAN Workgroups and Traffic ManagementTraditional, dual-slot access point devices that are not VLAN-capable typically broadcast an

71Network ParametersFigure 4-5 VLAN Configuration Screen (Wireless A and Wireless Tagged with Different VLAN IDs)1. Login to the Web interface.2. Cli

72Network ParametersFigure 4-6 VLAN Configuration Screen (Slot A tagged; Slot B untagged)1. Login to the Web interface.2. Click Configure > Interf

73Network ParametersFigure 4-7 VLAN Configuration Screen (Wireless A and Wireless B Use Same VLAN ID)1. Login to the Web interface.2. Click Configure

74Network ParametersWireless (802.11a)You can configure and view the following parameters within the Wireless Interface Configuration screen for an 80

75Network ParametersDynamic Frequency Selection (DFS)802.11a devices sold in Europe use a technique called Dynamic Frequency Selection (DFS) to automa

76Network Parameters• Distance Between APs: Set to Large, Medium, Small, Microcell, or Minicell depending on the site survey for your system. By defau

77Network Parameters• Multicast Rate: Sets the rate at which Multicast messages are sent. This value is related to the Distance Between APs parameter

78Network ParametersCAUTION!You should conduct a Site Survey to determine the strength of the wireless connection on the borders of your hotspot. Cont

79Network ParametersWireless Distribution System (WDS)A Wireless Distribution System (WDS) creates a link between two APs over their radio interfaces.

8ContentsClient Connection Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175Client Mana

80Network Parameters• The WDS link shares the communication bandwidth with the clients. Therefore, while the maximum data rate for the Access Point’s

81Network Parameters14. Click Configure > Interfaces > Wireless (A or B, if applicable) to open the configuration screen for the radio that will

82Network ParametersNOTEFor security purposes Proxim recommends changing ALL PASSWORDS from the default “public” immediately, to restrict access to yo

83Network ParametersFigure 4-13 Management Services Configuration ScreenTelnet Configuration Settings• Telnet Interface Bitmask: To allow management

84Network Parameters• Serial Data Bits: This is a read-only field and displays the number of data bits used in serial communication (8 data bits by de

85Network Parameters• To edit or delete an entry, click Edit and change the information, or select Enable, Disable, or Delete from the Status drop-dow

86Network Parameters• Examples: — If you set the Wired MAC Address to 00:03:8F:00:00:00 and you want to block all cards that begin with 00:03:8F, ente

87Network ParametersAlarmsThis category has two sub-categories.– Groups– Alarm Host TableGroupsThere are seven alarm groups that can be enabled or dis

88Network ParametersBridgeA traditional access point operates as a transparent bridge between your wired and wireless networking devices. The AP-2500

89Network Parameters9. Select an Operation Type from the drop-down menu. This determines how the stations identified in the MAC Access Control Table a

9ContentsCommand Line Interface (CLI) Variations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186Bootloader CLI. . . . . . .

90Network ParametersRADIUS• RADIUS Overview• Unique AP-2500 RADIUS Client Features• RADIUS Messages and RADIUS Attributes• Sample RADIUS Transmissions

91Network ParametersData Volume Information Transmission (bytes sent/received)The AP’s RADIUS client implementation allows a hotspot operator to accur

92Network ParametersAccess-Accept Parsing– Reply-Message• Used for challenge/response authentication; since the AP uses the Password Authentication Pr

93Network ParametersAcct-Request– Username– Called-Station-Id– Calling-Station-Id– Acct-Status-Type (Start/Stop/Alive)– Acct-Session-ID– Acct-Output-O

94Network ParametersSample RADIUS TransmissionsThese are actual accounting logs from a Lucent Navis RADIUS server with all VSAs enabled.Accounting Sta

95Network ParametersAccounting Alive Message Caused by Explicit Service Plan ChangeThu Aug 29 12:49:20 2002User-Name = “testflo”NAS-IP-Address = 64.20

96Network ParametersRADIUS Configuration ParametersYou can configure the AP to communicate with up to four different RADIUS servers:• Primary Authenti

97Network Parameters• Server IP Address: The IP address of the RADIUS server (separate fields for Authentication and Accounting).• Server DNS Name: Th

98Network Parameters• Enable RADIUS Profile Caching: When enabled, the AP maintains the user’s information in the Current Subscribers Table (State: Pe

99Network ParametersEncryptionThe IEEE 802.11 standards specify an optional encryption feature, known as Wired Equivalent Privacy or WEP, that is desi