740 likes | 944 Views
AP-2000. Module contents. Product description Installation Physical indicators Configuration and Management using Web browser Configuration and Management using Command Line Interface Problem solving. AP-2000 What is it?.
E N D
Module contents • Product description • Installation • Physical indicators • Configuration and Management using Web browser • Configuration and Management using Command Line Interface • Problem solving
AP-2000 What is it? • High performance dual access wireless Access Point and Ethernet MAC Bridge • Double capacity • Migration to future high speed Wireless LANs • Wireless Bridging (WDS) • H/W: • Intel StrongARM 110 processor (16 MB SDRAM memory, 8MB Flash Memory) • 10BaseT / 100Base-T (UTP) Ethernet • 2 slots for ORiNOCO PC Cards • 8-pin MiniDin serial connector for optional configuration • Powered via Active Ethernet, using splitter (or via PS) • S/W: • Real-Time Operating System (RTOS) built on VxWorks • Supports IEEE802.1x Security • Manageability • Windows-based ORiNOCO manager • Web Browser (http interface) • CLI, via Telnet or local console
TFTP server AP2000 Image file Kernel AP Firmware Con- figuration Data BSP/Boot loader TFTP transfer AP-2000 Flash ROM Original BSP/Boot loader Upgrade BSP/Boot loader ORiNOCO PC Card ORiNOCO PC Card RAM AP Firmware AP Firmware Buffers, Filter & bridge tables Con- figuration Data Kernel AP Firmware Port 1 Port 2 Port 3 RS232 Port Ethernet Interface AP-2000Functional diagram • The AP-2000 operates its software from an embedded image (kept in FlashROM, but executed from RAM): • Uploading of image is executed with the help of a TFTP server. • Users can initiate transfer of • Image (kernel and AP firmware) • BSP.Bootloader upgrades • Configuration data (MIB-II) • System leaves factory with only “Original BSP/Bootloader” on board. Cannot be overwritten by users • New bootloader version can be inserted in different area “Upgrade BSP/Bootloader” • When both bootloaders are present, the Upgrade bootloader is active (not the orginal bootloader) • On start of operation, AP Firmware is placed in PC Cards
AP-2000Functional diagram - Kernel software • Kernel portion of the image contains the heart of the AP-2000; it includes: • The VxWorks operating system that controls the operation and manages the resources • The devices drivers such as the ORiNOCO PC Card driver and the the Ethernet driver • IEEE 802.1x support • The actual bridging software, that implements the filtering and forwarding of frames • The IP stack to allow the devices to be managed from other network locations • The UDP protocol to support IAPP and SNMP • The TCP protocol to support Telnet • The Radius Client to allow Radius MAC based authentication • The IAPP protocol to support roaming • The SNMP agent for configuration & management • DHCP Client to dynamically obtain IP addresses Kernel Radius client IAPP TFTP SNMP agent Telnet VxWorks Kernel DHCP client/server UDP TCP IP ICMP IEEE802.1x security 802.3d Bridging SW ORiNOCO PC Card driver 802.3 Ethernet driver Other device drivers
AP-2000Kit Contents • Mounting plate to mount the AP-2000 unit to a wall • Mounting plate is ready to hold standard Power Supply or optional Active Ethernet Splitter (splits UTP input in Ethernet data, and DC Power) • Power Supply • AP-1000 Processor Module • Cover • ‘Getting Started’ user guide • CD-ROM containing software and documentation • Accessories for mounting the unit • AC Power Cord • MiniDin 8-pin to DB-9 adapter
1 2 3 4 5 Installation of the AP-2000How to set it up? 1. Clip power supply unit (or power splitter when using Active Ethernet) to the mounting plate 2. Slide the processor module onto the mounting plate 3. Insert one or two ORiNOCO PC cards 4. Optionally attach the range extending antenna and connect the Ethernet cable 5. Attach the plastic cover plate and click it into position
1 3 2 10 4 7 8 9 5 6 Installation of the AP-2000Processor module 1. 10/100BaseT Ethernet port (RJ45) 2. Serial connector (MiniDin 8-pin) 3. Power connector 4. Reset switch • To reboot and restart the AP-2000 5. Reload switch • Used during emergency reset procedure (re-setting the parameters to factory default values) 6. Power LED 7. Ethernet traffic LED 8. Traffic LED (ORiNOCO PC-Card A) 9. Traffic LED (ORiNOCO PC Card B) 10. Serial Number label
Power Ethernet Wireless A Wireless B Installation of the AP-2000 Physical Indicators (LEDs on the AP-2000) • Run time, the LEDs show (from left to right): • Power Green - Power enabled • Ethernet flicker Green - Ethernet LAN activity • Wireless A Green - Wireless LAN port on slot A without errors • Wireless B Green - Wireless LAN port on slot B without errors Note: LED will be green with or without PC Card inserted • Error conditions: • During boot sequence all LEDs (except for the Ethernet LED) will be solid amber • When boot-sequence cannot be completed all LEDs will flash red • After boot-sequence completion and failure to initialize, the Power LED will maintain amber • When ORiNOCO PC card is present but malfunctioning its associated LED will stay red
Configuration and ManagementOut of box Defaults (AP-2000) • AP-2000 Identifiers: • IP Address: 10.0.0.1 • IP Address type: Dynamic • Sub-net mask: 255.0.0.0 • Tftp server address: 10.0.0.2 • Tftp filename: FILENAME • Password: public • Read/Write password: public • Wireless Interfaces • RF Channel: Default setting of ORiNOCO PC Cards • Network name: My Wireless Network A, My Wireless Network B • Encryption: Disabled • RTS/CTS (Medium Reservation): Disabled • Multicast-rate: Auto select 1-2 Mbps
Configuration and ManagementConfiguration tools • To configure the AP-2000 the following tools can be applied: • Using standard browser and built-in http-interface • Using the AP Scan tool (for initial basic settings) • Command Line Interface (CLI): • Using Telnet • Using terminal emulation via serial port • Using the Windows-based ORiNOCO Manager AP-2000 Unit to be configured Configuration device
AP-2000 Unit to be configured Ethernet Ethernet Cross-over cable Hub Ethernet IP Networks Configuration device Configuration and ManagementConfiguration tools - Using the http-interface Configuring AP2000 via web-browser • Local connection using • Wireless connection • Ethernet Cross-over cable • two Ethernet patch cords and a hub • Using an IP network (remote connection) • When both devices are on the same segment, the IP addresses need to be in the same sub-net • When routers are available (as in an IP network), the IP address of the AP-2000 need to be known • Starting the browser with the IP address of the AP-2000 will trigger the configuration tool
AP-2000 Unit to be configured Ethernet Ethernet Cross-over cable Hub Ethernet IP Networks Configuration device Configuration and ManagementConfiguration tools - Using the ORiNOCO mgr Configuring AP2000 via ORiNOCO mgr • Windows-based tool • Manages all ORiNOCO AP products (AP500, AP-1000, AP-2000) • Uses GUIs similar to the one used with the AP manager • Executes auto discovery on the same segment but also allows management of devices beyond router (manual discovery) • When both devices are on the same segment (cross-over cable or using hub), the IP addresses need to be in the same sub-net
Configuration via web-browserStarting the configuration • To activate the web-server within the AP-2000: • Start browser • Enter the IP address as target • The web-server in the AP-2000 will reply requesting the username and password
Configuration via web-browserStatus screen • Entering the correct user-name/password will display the status screen: • System name • IP address • Contact/location info • Version levels • Traps recorded by the AP-2000 • Activation of major activity functions is by clicking the buttons on the left: • Configure • Monitor • Commands
Configuration via web-browserConfiguration - System parameters • Clicking the configure button enables a set of configuration tabs. • The “System” tab is shown by default allowing changes to: • Device Name • Device location • Contact person’s name • Contact person’s email address • Contact person’s phone # • This tab also shows the inventory of SW and FW elements and displays the version levels
Configuration via web-browserConfiguration - Network - IP Configuration • The “Network” tab consists of three sub-tabs to configure the network characteristics of the AP-2000 • IP Configuration settings; • “Static” or “Dynamic”; • Static = preset IP Address • Dynamic = IP address assigned by DHCP server • In case of Static IP address the following fields are to be entered: • IP Address • Sub-net mask • IP address of default router • Default value for Time to Live
Configuration via web-browserConfiguration - Network - DHCP server • The AP-2000 can also act as DHCP server, issuing IP addresses to clients • The “DHCP Server” tab allows setup of this function: • Enabling or disabling the server • Identifying an optional IP address for a DNS server that the clients could use • Identifying the IP address of a default router that the clients could use • The lease time of the IP address (default and maximum)
Configuration via web-browserConfiguration - Network - DHCP server • To complete the DHCP Server setup, one or more IP pools have to be created. • Clicking “Add” allows for adding an IP pool by providing a start- and end- address
Configuration via web-browserConfiguration - Network - DHCP server • When the pool has been added, the user is returned to this screen, which will show the entered pool after refreshing the screen: • Press F5
Configuration via web-browserConfiguration - Network - Link Integrity • Link integrity allows the AP to check its connection to the backbone by periodically ping up to 5 different IP locations • When none of the identified correspondents reply, the AP-2000 considers its backbone lost, and will disassociate its connected devices • This tab allows the user to identify these 5 addresses
Configuration via web-browserConfiguration - Interfaces - Wireless • The “Interfaces” tab allows entering settings for available communication interfaces: • Wired (Ethernet) interface • 2 Wireless interfaces (one for each PC Card slot) • Parameters to set on the wireless interface include: • Network name (SSID) • Frequency channel • Medium Reservation • Interference Robustness (on/off) • DTIM period • Closed System (on/off) • Distance between APs • Multi-cast rate
Configuration via web-browserConfiguration - Interfaces - Wireless • Wireless Bridging can be enabled by setting up WDS (Wireless Distribution System) • Clicking “Edit” allows for entry of up to 6 WDS links • On each link the MAC address of the ORiNOCO PC Card, on the other end of the WDS link, has to be entered • Setting this address has to be done on both ends (in both AP-2000 systems) • It is not needed for both ends of a WDS link to have the same Port-index number
Configuration via web-browserConfiguration - Interfaces - Wireless • Wireless Bridging can create complicated topologies and need to be carefully used • Multiple Hop links • Chain of APs • Extend the distance to be covered • May lead to long end-to-end latency figures (needs to match the application requirements) • Circular link • Can create IP loops leading to decrease in performance • Can be used to create back-up paths • Needs Spanning tree to be set • WDS links need to be set to same frequency channel • Can also be same PC card that also drives a cell, but could be 2nd PC Card in AP • Reduces performance
Configuration via web-browserConfiguration - Interfaces - Ethernet • On the Ethernet Interface a selection can be made from a drop-list to match the attached media: • 10 Mbps, Half-duplex • 10 Mbps, Full-duplex • 10 Mbps, Auto-duplex • 100 Mbps, Half-duplex • 100 Mbps, Full-duplex • Auto-speed, Half-duplex • Auto-speed, Auto-duplex
Configuration via web-browserConfiguration - SNMP • On the “SNMP” tab passwords can be set to prevent un-authorized access to the AP-2000’s config data • Read password • Read/Write password • IP address of authorized management stations can identified using the IP Access Table Add function • Traps can be enabled for different groups • Trap-hosts (recipients of the traps) can be identified using the Trap Host Add function
Configuration via web-browserConfiguration - IAPP • IAPP can be disabled and some IAPP related parameters can be set: • The interval between the Periodic Announce Requests • The hand-over timeout value • The number of re-transmissions after a hand-over timeout
Configuration via web-browserConfiguration - Telnet • To control the Telnet access to the AP-2000 following parameters can be set: • Number of concurrent Telnet sessions (maximum 5) • The port number that the Telnet server will listen on • The Password that a Telnet client could be asked to use • The time-out value to control a log-in • The idle timer time-out value
Configuration via web-browserConfiguration - Serial port • On the Serial port the following parameters can be set (which need to match those of the terminal application): • Baud rate: • 2400-57600 • Flow Control: • None • Xon/Xoff
Configuration via web-browserConfiguration - HTTP • The HTTP server, used for configuration with a web-browser, can be disabled and reconfigured: • Password • Port number
Configuration via web-browserConfiguration - Security - Access Control • To set up MAC address based Access Control, user has to create an Access Control table • Can allow only stations listed in the table, or • Can reject all stations listed in the table • Table is created by selecting “Add” and enter the MAC address of the PC card
Configuration via web-browserConfiguration - Security - Radius based AC • For Access Control based on a Radius server user can: • Enable the function • Identify authorization life time • Provide the shared secret between Radius client and Radius server (serves also as the user-password) • Provide details about the location of the Radius server(s): • IP address • Authentication port • Response time • Max number of re-transmissions
Configuration via web-browserConfiguration - Security - Encryption • Three modes of encryption can be used: • WEP only (requires manual setting of WEP keys) • 802.1x Only (requires disabling the manual encryption) • Mixed (allows both schemes)
Configuration via web-browserConfiguration - Bridging • Via the “Bridging” tab several filter tables can be administered, to maximize the efficiency of the wireless channel: • Protocol filtering • Static MAC address filtering • Advanced filtering • Additional control setting: • Spanning Tree • Storm Thresholds • Operation with SpectraLink phones
Configuration via web-browserConfiguration - Bridging - Protocol filtering • Specific protocol traffic can be controlled: • Protocols can be denied - all non denied protocol traffic is passed • Protocols can be allowed - all other protocol traffic can be blocked • Protocols to block/allow are selected by clicking “Edit” and enable the selected protocols • Non-listed protocols can be added using the “Add” button
Configuration via web-browserConfiguration - Bridging - Static MAC address • Traffic between pairs of MAC addresses can be filtered (blocked) • One address is located on wired side of the AP • One address is located on the wireless side • Table entries are created by using the “Add” function
Configuration via web-browserConfiguration - Bridging - Spanning Tree • Up to 15 ports can be defined for connections to other devices: • 1 Ethernet port • For each Wireless PC Card: • 1 port for the cell • 6 ports for WDS links • To prevent IP loops paths should have different priority and cost • For each active interface the priority and cost can be identified
Configuration via web-browserConfiguration - Bridging - Storm thresholds • To prevent overload conditions in the wireless cell, user can define thresholds for multi-cast and broadcast traffic per interface
Configuration via web-browserConfiguration - Bridging - Advanced filters • Advanced filtering includes: • Enabling the Proxy ARP function (where the AP will respond to ARP requests meant for stations on a supported other interface) • Filtering of IP/ARP requests based on MAC address • Stopping IPX protocols • Stopping IP Broadcast and/or Multicast traffic
Configuration via web-browserConfiguration - Bridging - SpectraLink support • The support of the SpectraLink 802.11 handsets can be enabled/disabled. • When enabled outgoing traffic to SpectraLink handsets get priority over regular 802.11b data traffic
Monitoring via web-browserWireless interface • For each of the two Wireless interfaces several tallies are maintained including: • FCS erors • Missed ACKs • Received frames • The browser shows static (snap-shot information); to refresh click on the refresh button or press F5
Monitoring via web-browserICMP • Tallies are kept on ICMP traffic that the AP has been involved in: • ICMP includes diagnostic traffic such as PINGs • Tallies are kept for both incoming and outgoing packets
Monitoring via web-browserIAPP • Tallies are kept on IAPP frames that are issued and received by the AP-2000 • Announce request send/rec’d • Handover request send/rec’d • Announce resp send/rec’d • Handover resp send/rec’d • number of roaming clients
Monitoring via web-browserRADIUS • RADIUS related tallies are maintained for the primary and secondary server (if present) • Access Requests to the server • Access Accepts by the server • Access Rejects by the server • Access Retransmission to the server • Access Challenges • Bad responses • Failed authentication • Timeouts
Monitoring via web-browserRemote link test • Remote links test allows for testing the link between a selected AP and any station that is wirelessly connected to it: • Other APs connected by WDS link • Clients that are associated to it • Pressing “Explore”, and refreshing the screen (F5 or Refresh button) will show a list of detected station • Stations can be selected for link test by clicking the associated radio button
Monitoring via web-browserRemote link test • Selecting a detected station and clicking “Link Test”, will display the link test results: • SNR • Signal • Noise • Possible data-rate (packets counted as transmitted at the specified data-rate) • The conditions around the AP and the around the station are separately displayed • Pressing F5 or the refresh button will update the screen
Monitoring via web-browserInterfaces • For each of the three MIB defined interfaces tallies are maintained, including: • Type • Speed • Unicast/non-unicast packets/octets in/out • Errors in/out • Discards in/out • Output queue length • Unknown protocols • Interfaces are selected from the drop list
Monitoring via web-browserIP ARP table • The IP ARP table displays the mapping of IP address to MAC address for devices that this AP has communicated with (on IP level). • When Proxy ARP is enabled this table shows all clients that this AP will send ARP responses for
Monitoring via web-browserBridge Learn table • The bridge learn table displays the MAC addresses of all stations the AP has “seen” • Each MAC address is associated with the interface (port) its traffic arrived on
AP-2000 Unit to be loaded Ethernet Ethernet Cross-over cable Hub Ethernet IP Networks Tftp server device Configuration and ManagementThe need for tftp server Downloading/uploading of files • Requires the presence of a tftp server • tftp server needs to be operational and reachable when the download/upload command is issued • File to be downloaded need to be present on the tftp server and the server needs to know where it is • Reachable means: • Physically connected by cross cable, hub, wireless or IP network • On same IP sub-net when both the server and the AP are on the same side of a router