Configuring RAD | Proxim AP-2000 manual

Performing Advanced Configuration

Points to the IP address of the management station. The Access Points on detecting a new Access Point sends a RAD Scan Result Trap to the management station.

An example network deployment is shown. The Trusted AP has Rogue Access Detection enabled and the trap host is configured to be the management station. The Trusted AP on detecting the Rogue AP will send a trap to the management station with the Channel and BSSID of the Rogue Access Point.

Configuring RAD

Perform this procedure to enable and configure RAD.

The RAD screen also displays the time of the last scan and the number of new access points detected in the last scan.

1.Enable the Security Alarm Group. Select the Security Alarm Group link from the RAD screen. Configure a Trap Host to receive the list of access points detected during the scan.

2.Click Configure > Alarms > RAD.

3.Enable RAD by checking Enable Rogue AP Detection.

4.Enter the Scan Interval.

•The Scan Interval specifies the time period in minutes between scans and can be set to any value between 15 and 1440 minutes.

5.Select the Scan Interface as Wireless - Slot A, Wireless - Slot B, or Both Wireless - Slots A & B.

6.Click OK.

The results of the RAD scan be viewed in the Status page in the HTTP interface.

Figure 4-19 Rogue Access Point Detection Screen

75

Image 75

Proxim AP-2000 manual Configuring RAD, Rogue Access Point Detection Screen

Contents

ORiNOCO AP-2000 Access Point Copyright Contents Viewing Status Information Bridge Monitoring the AP-2000 Troubleshooting the AP-2000 Using the Command Line Interface CLI Other Network Settings CLI Batch File Regulatory Information Document Conventions Introduction to Wireless Networking Guidelines for Roaming Introduction HTTP/HTTPS Interface Ieee 802.11 SpecificationsCommand Line Interface Management and Monitoring Capabilities SNMPv3 Secure Management Snmp Management Prerequisites Getting Started GHz Antenna Adapter or AP-2000 11a Upgrade Kit Product PackageSystem Requirements AP-2000 with Active Ethernet Hardware Installation Connect an Ethernet cable from an AE hub to the AP AP-2000 with Power Supply Install the power supply Power LED turns green when the unit is operational 10 Remove the AP cover GHz or AP-2000 11a Upgrade Kit 12 Replace cover Initialization ScanToolScanTool Instructions 13 Scan List Set IP Address Type to Static Setup WizardSetup Wizard Instructions Click LAN Settings 15 Enter Network Password Getting Started Download the Latest Software Setup your Tftp Server Enter the command download tftpaddr filename img Additional Hardware FeaturesInstalling the AP in a Plenum Installing/Removing the Metal Faceplate Active Ethernet LED Indicators Related Topics Logging into the Http Interface Viewing Status Information System Status Screen System Status Configuring the AP Using the HTTP/HTTPS Interface Performing Advanced Configuration Performing Advanced Configuration Access Point System Naming Convention SystemDynamic DNS Support DNS Client IP ConfigurationNetwork Basic IP Parameters Dhcp Server Dhcp Server Configuration Screen Target IP Address Comment optional Link IntegrityStart IP Address End IP Address Comment optional Interfaces Operational Mode 8Wireless-A and Wireless-B Ethernet Wireless a 802.11a Operational Mode8Wireless-A and Wireless-B Operational Mode Selection Wireless Service Status Dynamic Frequency Selection DFSRTS/CTS Medium Reservation Traps Generated During Wireless Service Shutdown and Resume Wireless 802.11b Distance Between APs Small Cell Large Cell Multicast Rate 1 Mbits/s and 11 Mbits/s Multicast Rates Wireless 802.11b/g Wireless Distribution System WDS Bridging WDS WDS Edit Entry Screen Click on Interfaces Wireless-A or Wireless-B Ethernet Passwords IP Access TableManagement Https Access ServicesSnmp Settings Http Access 10 Management Services Configuration Screen Configuring SSH Telnet Configuration SettingsSecure Shell SSH Settings SSH Session Setup Uploading Externally Generated Host Keys Click Commands Update AP via Http or via Tftp Radius Based Management Access Serial Configuration Settings Automatic Configuration AutoConfig Auto Configuration and the CLI Batch FileSet up Automatic Configuration for Static IP 12 Automatic Configuration Screen Set up Automatic Configuration for Dynamic IP 13 Dhcp Options Setting the Boot Server Host Name Configuration Reset via Serial Port During Bootup Hardware Configuration Reset Chrp Configuring Hardware Configuration Reset Procedure to Reset Configuration via the Serial InterfaceClick Configure -Management -CHRD Select the Filter Operation Type FilteringEthernet Protocol Static MAC 16 Static MAC Configuration Screen Prevent Two Specific Devices from Communicating Static MAC Filter Examples Click Add under the TCP/UDP Port Filter Table heading AdvancedTCP/UDP Port Adding TCP/UDP Port Filters Click Edit under the TCP/UDP Port Filter Table heading Editing TCP/UDP Port Filters Alarms Configuration Trap GroupGroups Flash Memory Trap Group Wireless Interface/Card Trap GroupSecurity Trap Group Operational Trap Group RFC 1215-Trap Bridge MIB RFC 1493 AlarmsTftp Trap Group Image Trap Group Syslog Alarm Host TableSetting Syslog Event Notifications Configuring Syslog Event Notifications Following messages are supported in the AP Syslog Messages RAD Configuration Requirements Rogue Access Point Detection RAD 19 Rogue Access Point Detection Screen Configuring RAD Intra BSS BridgeSpanning Tree Storm Threshold Packet Forwarding Pkt Fwd QoS Quality of Service Radius Profiles Radius Servers per Authentication Mode and per Vlan Configuring Radius Profiles Radius Servers Enforcing Vlan Access ControlRADIUS-based Vlan Assignment 22 Add Radius Server Profile Adding or Modifying a Radius Server Profile 802.1x Authentication using Radius MAC Access Control Via Radius Authentication Session Length Radius Accounting SSID/VLAN/Security Management VlanVlan Overview Vlan Workgroups and Traffic Management Typical User Vlan Configurations Click Configure SSID/VLAN/Security Control Access to the APProvide Access to a Wireless Host in the Same Workgroup Disable Vlan Management Configuring MAC Access MAC Access 802.1x Authentication Security ProfilesWEP Encryption Authentication Process Wi-Fi Protected Access WPA VLANs and Security Profiles Authentication Protocol Hierarchy WEP Station Configuring Security ProfilesClick Configure -SSID/VLAN/Security -Security Profile Non Secure Station 802.11i Station 802.1x StationWPA Station WPA-PSK Station 27 Security Profile Table Add Entries Click on SSID/VLAN/Security Wireless-A or Wireless-B Wireless-A and Wireless-B 30 SSID/VLAN Edit Entries Screen Vlan Protocol Disabled Performing Advanced Configuration Click SSID/VLAN/Security Wireless-A or Wireless-B Adding or Modifying an SSID/VLAN with Vlan Protocol Enabled 33 SSID/VLAN Add Entries Screen Vlan Protocol Enabled 34 SSID/VLAN Edit Entries Screen Vlan Protocol Enabled Broadcast Ssid and Closed System Monitoring the AP-2000 Monitoring the AP-2000 Component Name Version IP/ARP Table Icmp Iapp Learn Table Radius 106 Description of Station Statistics Station StatisticsEnabling and Viewing Station Statistics Refreshing Station Statistics 108 Performing Commands Performing Commands Http File Transfer Guidelines Image Error Checking during File TransferIntroduction to File Transfer via Tftp or Http Tftp File Transfer Guidelines Update AP via Tftp Command Screen Update AP via Tftp Update AP via Http Command Screen Update AP via Http 114 Retrieve File via Tftp Retrieve File via Tftp Command Screen Retrieve File via Http Retrieve File via Http Command Screen 117 13 Reboot Command Screen Reboot 14 Reset to Factory Defaults Command Screen Reset Program Files/ORiNOCO/AP/HTML/index.htm Help Link Troubleshooting Concepts Troubleshooting the AP-2000 Symptoms and Solutions Connectivity IssuesBasic Software Setup and Configuration Problems Tftp Server Does Not Work Http browser or Telnet Interface Does Not WorkHtml Help Files Do Not Appear Telnet CLI Does Not Work Vlan Operation Issues Client Connection Problems There Is No Data Link Recovery ProceduresActive Ethernet AE AP Does Not Work Forced Reload Procedure Reset to Factory Default Procedure Download a New Image Using ScanTool Download ProcedurePreparing to Download the AP Image Download a New Image Using the Bootloader CLI Attaching the Serial Port Cable Setting IP Address using Serial PortInitializing the IP Address using CLI Hardware and Software Requirements 130 Radius Authentication Server Related ApplicationsTftp Server Important Terminology General NotesPrerequisite Skills and Knowledge Notation Conventions Command Line Interface CLI Variations CLI Error MessagesNavigation and Special Keys Figure A-1 Results of help bootloader CLI command Bootloader CLI Example 1. Display Command list CLI Command TypesOperational CLI Commands ? List Commands Example 3. Display parameters for set and show Example 3a. Display every parameter that can be changedExample 3b. Display parameters based on letter sequence Example 4. Display Prompts for Successive Parameters Done, exit, quitDownload Help Search RebootHistory Passwd Upload Parameter Control CommandsShow CLI Command Set CLI Command Following elements require reboot ipaddr Configuring Objects that Require RebootSet and show Command Examples Example 1 Set the Access Point IP Address Parameter Example 4 Enable, Disable, or Delete a table entry or row Example 3 Modify a table entry or rowExample 5 Show the Group Parameters Using Tables & User Strings Working with TablesExample 6 Show Individual and Table Parameters Log into the AP using Telnet Configuring the AP using CLI commandsUsing Strings Log into the AP using HyperTerminal Set Static IP Address for the AP Set Basic Configuration Parameters using CLI CommandsChange Passwords Set System Name, Location and Contact Information Configure Ssid Network Name and Vlan Pairs, and Profiles Set Network Names for the Wireless Interface 146 Set up Auto Configuration Other Network SettingsDownload an AP Configuration File from your Tftp Server Backup your AP Configuration File Change your Wireless Interface Settings Configure the AP as a Dhcp ServerConfigure the DNS Client Maintain Client Connections using Link Integrity Enable/Disable Interference Robustness 802.11b Only Operational ModeEnable/Disable Closed System Shutdown/Resume Wireless Service Set Interface Management Services Set Ethernet Speed and Transmission Mode Set Telnet Session Timeouts Configure SyslogConfigure Intra BSS Configure Secure Socket Layer Https Disable or Delete an Entry in the MAC Access Control Table Configure MAC Access ControlSetup MAC Address Access Control Add an Entry to the MAC Access Control Table Set Radius Parameters Configure Radius Authentication servers 154 Figure A-16 Results of show rad CLI command Set Rogue Access Point Detection RAD Parameters Parameter Tables Set Hardware Configuration Reset ParametersEnable Vlan Management CLI Monitoring Parameters 157 System Parameters Name Type Values Access CLI Parameter Inventory Management Information IP Configuration ParametersDNS Client for Radius Name Resolution Network Parameters Dhcp Server table for IP pools Dhcp Server Parameters Link Integrity IP Target Table Link Integrity Parameters 802.11a Only Parameters Wireless Interface ParametersInterface Parameters Common Parameters to 802.11a, 802.11b, and 802.11b/g APs 802.11b Channel Frequencies 802.11b Only Parameters 802.11b/g Only Parameters Wireless Distribution System WDS Parameters Wireless Distribution System WDS Security Table Parameters Wireless Interface SSID/VLAN/Profile Parameters Snmp Parameters Management ParametersEthernet Interface Parameters Secure Management Parameters Serial Port Parameters Telnet Parameters SSH Parameters Radius Based Management Access Parameters Auto Configuration Parameters IP Access Table ParametersTftp Server Parameters Ethernet Protocol Filtering Table Filtering ParametersEthernet Protocol Filtering Parameters Static MAC Address Filter Table TCP/UDP Port Filtering Proxy ARP ParametersIP ARP Filtering Parameters Broadcast Filtering Table Alarms Parameters Snmp Table Host Table ParametersSyslog Parameters Spanning Tree Priority and Path Cost Table Bridge ParametersSpanning Tree Parameters Syslog Host Table Storm Threshold Table Storm Threshold ParametersIntra BSS Subscriber Blocking Packet Forwarding Parameters MAC Access Control Parameter Security ParametersRadius Parameters Rogue Access Point Detection RAD Parameters Hardware Configuration ResetVLAN/SSID Parameters Set secprofiletbl index secmode nonsecure status enable Configuring a Security Profile with WEP Security ModeConfiguring a Security Profile with 802.1x Security Mode Configuring a Security Profile with WPA Security Mode Iapp Parameters Configuring a Security Profile with WPA-PSK Security ModeConfiguring a Security Profile with 802.11i Security Mode Other Parameters Sample CLI Batch File Auto Configuration and the CLI Batch FileCLI Batch File CLI Batch File Format and Syntax CLI Batch File Error Log Reboot Behavior Ascii Character Chart Software Features Number of Stations per BSSManagement Functions Medium Access Control MAC Functions Advanced Bridging FunctionsSecurity Functions Network Functions Hardware SpecificationsAdvanced Wireless Functions Physical Specifications Active Ethernet Interface Radio SpecificationsEthernet Interface Serial Port Interface FCC Etsi Telec Asia 802.11a Channel Frequencies 802.11g Channel Frequencies 802.11b Channel Frequencies 802.11b Wireless Communication Range 802.11a 11a Upgrade Kit 802.11a 5 GHz Upgrade Kit Range 802.11b/g For the U.S. and Canada Europe, the Middle East, and Africa EmeaInternational Support Procedures Warranty CoverageRepair or Replacement Limitations of Warranty Other Adapter Cards Ask a Question or Open an IssueOther Information Search Knowledgebase Regulatory Information Information to the User Important Safety Instructions Regulatory Information Wireless LAN and your Health Instructions Importantes Concernant LA Securite Informations pour l’utilisateur Informations sur les réglementations Réseaux sans fil et votre santé Norme DI Sicurezza Importanti Informazioni per l’utente Informazioni legali Wireless LAN e la salute Wichtige Sicherheitshinweise Informationen für den Benutzer Rechtliche Hinweise Funk-LAN und gesundheitliche Sicherheit Instrucciones DE Seguridad Importantes Información para el usuario Información sobre normativas LAN inalámbrica y su salud これらの指示書を保管してください無線 LAN と人体への影響 Modifications United States FCC Information Product Safety Canada IC InformationIndustry Canada IC Europe Information 210 Association of Radio Industries and Businesses Arib Japan Information South Korea Information PC24E-H-FCAP-II E Funkgenehmigungen Radio ApprovalsCertifications radio Omologazioni radio G13ENE-PC Australia Alpha-1 A13QBF For indoor use only AustriaÖsterreich R0167 SRD3a PC24E-H-ET PC24E-H-FC PC24E-H-ET-L AP-AG-AT-01 AP-AG-AT-02A19PCE-PC C38WCW B11FNF A04VBA-PC 219 AP-AT-AG-02 AP-AT-AG-01 PC24E-H-FR FranceRestricted frequency band On French territory PC24E-H-FR-L PC24E-H-ET Cetecom D810069L 223 224 225 PC24E-H-ET CEPT-RLAN Pays Émetteur Radio Numéro du Permis Restrictions PaeseG05INI-PC PC24E-H-ET-L CEPT-RLAN G13GNJ-PC Telec 03YNDA0185 Telec 03GZDA0150 PC24E-H-FC Telec NYCA0010Telec 01NYDA1121 Telec 01NYDA1122 228 229 A13QBF-PC Cofetel PC24E-11-FC/R CofetelG11FNF-PC Cofetel RTIPRPC02-369 PTIPRAL03-094 PCPPRAL03-095AP-AG-AT-01 RCPPRAP03-537 AP-AG-AT-02 RCPPRAP03-537 232 PC24E-H-ET-L RFS PC24E-H-FC RFS PC24E-H-FC/R PC24E-H-ET-L PC24E-H-ET/RG11FNF-PC Gost ME96 G13ENE-PC A09SBS-PC IDA PC24E-H-FC IDAPC24E-H-ET IDA PMREQ-WLAN-B-0934 G13ENE-PC IDA 236 237 238 A09TBT-PC Switzerland AP-700 For indoor use only SuissePour usage intérieur uniquement Schweiz Svizzera HZB-G11FNFPC USA PC24E-H-FC FCC ID IMRWLPCE24HIMRWLPCE2411R FCC ID IMRWLPC2411R USA G11FNF-PC AP-AG-AT-01 IXMAPAGAT01 FCC ID HZB-B11FNF USAFCC ID HZB-G11FNF USA FCC ID HZB-A13QBF 242 243 244