Proxim AP-2500 - page 15

15

Introduction

One of the key features of DAT is a technique known as Network Address Translation (NAT). NAT is an Internet

standard that allows a device (like the AP-2500) to use a single public IP address to provide Internet connectivity to

multiple devices (which would otherwise each need to have its own public IP address to communicate with the

network). The AP-2500 uses NAT for clients that are configured to obtain an IP address automatically from a DHCP

server (which is the typical configuration for hotspot users) and for clients with “misconfigured” static IP addresses (that

is, addresses that are not valid on the AP’s local IP network).

When performing NAT, an AP-2500 uses two IP addresses. One IP address is assigned by your ISP and is valid on the

Internet. This is known as a public or routable IP address. In the illustration below, the AP is assigned a public IP

address of 205.23.45.12.

Figure 1-1 The AP-2500 and NAT

The second IP address assigned to the AP is its private IP Address. This address is not valid on the Internet. The

Internet community has reserved several address ranges for private networks, including 10.0.0.0 and 192.168.0.0. By

default, the AP assigns itself a private IP address of 10.0.0.4. It also acts as a DHCP server to assign IP address in

that same private IP range to wireless subscribers. As shown in the illustration, the AP has assigned one client an IP

address of 10.0.0.15 and a second client an IP address of 10.0.0.16.

When the AP receives traffic from Client 1, it modifies the packet header so Client 1’s private IP address (10.0.0.15)

becomes the AP’s public IP address (205.23.45.12). Likewise, the AP performs the same function for traffic from

Client 2.

The AP differentiates between its clients by specifying different UDP and TCP port numbers for traffic that originates

from different clients. When the AP receives traffic from the Internet, the AP can determine to which client the traffic is

intended based on the port numbers in use.

The NAT technique used by the AP-2500 is known by many names including many-to-one NAT (that is, many private

IP addresses mapped to one public IP address) and Network Address Port Translation (NAPT) (due to the AP’s use

of port numbers to differentiate clients). For more information on NAT, see RFC 3022 at http://www.rfc-editor.org/.

Contents

Main Copyright Trademarks Document Conventions Notes and Cautions Contents Page Page Page Page Page Page Page Page Page Introduction Introducing the AP-2500 Overview of Product Features Public Space Features Dynamic Address Translation (DAT) Page Networking Features IEEE 802.11 Specifications 802.11a and 802.11b Networks Limitations on Roaming List of Networking Features Page The Product Package Minimum System Requirements Management and Monitoring Capabilities Web Browser Interface Command Line Interface SNMP Management Wireless Network Manager Active Ethernet Installation & Basic Configuration Prerequisites Hardware Installation AP-2500 with Active Ethernet Page Page Page Installing a Card in Slot B 5 GHz Kit Installation Page Installing the AP-2500 in a Plenum Initialization (ScanTool) ScanTool Instructions Page Basic Configuration Logging into the Web Interface Page Set System Name, Location and Contact Information Set the Access Points IP Address Configure Network Names for the Wireless Interfaces Configure the Ethernet Interface Set WEP Encryption for each Wireless Interface Set and Change Passwords Configure the Date and Time Configuring the Date/Time Using NTP Configuring the Date/Time Manually Reboot the AP Download the Latest Software Setup your TFTP Server Download Updates from your TFTP Server using the Web Interface Download Updates from your TFTP Server using the CLI Interface Back-up the APs Configuration Files Uploading Configuration Files Downloading Configuration Files Public Space and Advanced Configuration AP-2500 Authentication Methods Authentication Overview Internal Authentication End User Experience Page Page Page Page AP-2500 Authentication Methods Internal Authentication with RADIUS Authentication Procedure Notes Concerning RADIUS Install and Configure RADIUS Page Page Configure the AP-2500 Page Page External Authentication Authentication Procedure Setup your External Web Server Configure the AP-2500 Page Page Network Parameters System Network IP Configuration DHCP Server Overview of DHCP Server Parameters Configuring the AP to Serve Public IP Addresses Disabling the APs DHCP Server IP Upsell How IP Upsell Works Enabling IP Upsell Notes Concerning IP Upsell DNS Server VLAN Typical VLAN Configurations VLAN Workgroups and Traffic Management Traffic Management Typical User VLAN Configurations Setting Up Independent VLAN Workgroups Setting Up a Single VLAN Workgroup Interfaces Wireless (802.11a) Dynamic Frequency Selection (DFS) RTS/CTS Medium Reservation Wireless (802.11b) Page Distance Between APs Multicast Rate Wireless Distribution System (WDS) WDS Warnings WDS Setup Procedure Ethernet Management Passwords IP Access Table Services SNMP Settings HTTP Access Page Network Time Protocol (NTP) Filtering Ethernet Protocol Static MAC Page Alarms Groups Alarm Host Table Bridge Security MAC Access Subscribers and MAC Access Control RADIUS RADIUS Overview Unique AP-2500 RADIUS Client Features Dynamic Service Plan Change via ICC Automatic Re-transmission and Remember Me Cookie RADIUS Messages and RADIUS Attributes Access-Request Attributes Access-Accept Parsing Acct-Request Notes: Sample RADIUS Transmissions Accounting Start Message Accounting Interim Message Accounting Alive Message Caused by Explicit Service Plan Change Accounting Stop Message RADIUS Configuration Parameters Retransmission Options ISP Account Creation Miscellaneous Options Page Encryption VPN Special Considerations Regarding VPN Support Public Space Parameters PublicSpace Options Subscriber Options Home Page Redirection (HPR) Authentication, Authorization, and Accounting (AAA) AAA Services with an External Web Server (EWS) AAA Services with the Internal Web Server (IWS) Secure Socket Layer (SSL) Creating SSL Keys Enabling SSL on the AP-2500 Notes concerning SSL Portal Page Setting up a Web Server (Microsoft IIS) Designing a Portal Page No Portal Page HTML Portal Page ASP Portal Pages Editing the Sample Portal Page Files HTML ASP Enabling the AP-2500 to Use a Portal Page HTML Page ASP Page Page Smart Client Page User Name & New Subscribers Credit Card Services Credit Card Services Requirements Enabling Credit Card Services on the AP Credit Card Mirroring Bill Mirroring Server Enabling Bill Mirroring XML Packet Format Logging General Syslog Information Event Priority Description Page Sample Logging Events AAA Messages Credit Card AAA Messages RADIUS AAA Messages Internal Web Server User Name Login AAA Messages XML Bill Mirror DHCP DNS Home Page Redirect Other AAA Messages Reboot Requests URL Filtering URL Filtering by DNS Names URL Filtering by IP Address Information and Control Console (ICC) ICC Appearance Free Access/Manual Configuration Credit Card Purchase Authenticated by RADIUS Customizing the ICC Page Page Potential End User Issues SMTP Redirection Passthrough Addresses Passthrough DNS Table Passthrough IP Table Passthrough AAA Port Bandwidth Management Page Billing Options for Subscribers Page Page Creating a Free Billing Plan Subscriber Messages Page Page Page Enabling Cookie Support Changing the Login Screen Logos Page Authorized Subscribers Authorized Subscribers Table and the Current Subscribers Table Manually Adding a Subscriber Removing a Subscriber Monitor Information System Status Version ICMP IP/ARP Table Learn Table Current Subscribers Table DAT Sessions Page Link Test (802.11b Only) Page Commands Download File Type Overview Download Instructions Upload Reboot Reset Help Link Troubleshooting Troubleshooting Concepts Symptoms and Solutions Connectivity Issues AP-2500 Unit Will Not Boot - No LED Activity Serial Link Does Not Work Basic Software Setup and Configuration Problems Lost AP-2500, Telnet, or SNMP Password Client Computer Cannot Connect AP-2500 Has Incorrect IP Address HTTP (browser) or Telnet Interface Does Not Work Client Connection Problems VLAN Operation Issues Verifying Proper Operation of the VLAN Feature VLAN Workgroups What if network traffic is being directed to a nonexistent host? Active Ethernet Recovery Procedures Reset to Factory Default Procedure Forced Reload Procedure Download a New Image Using ScanTool Preparing to Download the AP Image Download a New Image Using the Bootloader CLI Preparing to Download the AP Image Download Procedure Page Setting IP Address using Serial Port and Normal CLI Hardware and Software Requirements Attaching the Serial Port Cable Initializing the IP Address using Normal CLI System Alarms (Traps) Security Alarms Wireless Interface Card Alarms Operational Alarms FLASH Memory Alarms TFTP Alarms Image Alarms Standard MIB-II (RFC 1213) Alarms AAA Alarms Related Applications RADIUS Server TFTP Server LED Indicators A Using the Command Line Interface Prerequisite Skills and Knowledge Notation Conventions Important Terminology Navigation and Special Keys CLI Error Messages Command Line Interface (CLI) Variations Bootloader CLI CLI Command Types Operational CLI Commands ? (List Commands) Example 1. Display Command list Example 2. Display specific Commands Example 3. Display parameters for set and show Example 3a. Display every parameter that can be changed Page done, exit, quit download help Page search upload Parameter Control Commands set and show Command Examples Example 1 - Set the Access Point IP Address Parameter Example 2 - Create a table entry or row Example 3 - Modify a table entry or row Page Example 6 - Show Individual and Table Parameters Using Tables & User Strings Working with Tables Using Strings Configuring Objects that Require Reboot Example 1: Configuring objects that require the device to be rebooted set CLI Command show CLI Command Configuring the AP-2500 Unit using CLI commands Log Into the AP-2500 Unit using HyperTerminal Log Into the AP-2500 Unit using Telnet Set Basic Configuration Parameters using CLI Commands Set System Name, Location and Contact Information Set Static IP Address for the AP-2500 device Set a Network Name for each Wireless Interface Set WEP Encryption for each Wireless Interface For the wireless card in Slot B Change Passwords Other Network Settings VLAN Management Add Entry to VLAN ID Table Change your Wireless Interface Settings Enable/Disable Interference Robustness Enable/Disable Closed System Enable/Disable Load Balancing Enable/Disable Medium Density Distribution Set Interface Management Services Set Communication Ports Set Session Timeouts Configure Management Ports Edit IP Access Table Configure Serial Port Interface Parameter Tables System Parameters Miscellaneous System Parameters Inventory Management Information You can also configure the APs basic IP settings using the following Location parameters: Location Parameters DHCP Server Parameters DNS Parameters VLAN Parameters VLAN ID Table Wireless 802.11b Parameters Interface Parameters Wireless Distribution System (WDS) Parameters These parameters only apply to 802.11b radios. Wireless 802.11a Parameters For 802.11a cards in Europe, Auto Channel Select is a read-only parameter; it is always enabled. Ethernet Interface Parameters Management Parameters IP Access Table Parameters Access Control Parameters SNMP Parameters SNMP Table Host Table Parameters Telnet Parameters Serial Port Parameters HTTP (web browser) Parameters TFTP Server Parameters NTP Parameters Security Parameters The Security group is not currently implemented in the AP-2500. RADIUS Server Parameters Page Encryption Parameters Home Page Redirection Parameters Security Encryption Key Length Table The following table details how to set the Encryption Key Length for the wireless interfaces. VPN See Miscellaneous Parameters for VPN commands. AAA Parameters AAA External Authorization Parameters Basic AAA Parameters AAA Internal Authorization Parameters Logging Parameters URL Filtering Parameters URL Filtering IP Table URL Filtering DNS Table ICC (Information Control Console) Parameters ICC Button Configuration ICC Banner Configuration SMTP Parameters Passthrough Parameters Passthrough IP Table Passthrough DNS Table AAA Passthrough Port Bandwidth Management Parameters Billing Parameters Billing Mirroring Parameters Billing Plans Configuration Subscriber Messages Parameters Page Authorized Subscribers Table Current Subscribers Table Miscellaneous Parameters CLI Monitoring Parameters B XML Interface Specification AP-2500 XML Communication Overview URL GET XML POST XML Query String Command Format XML Response Form Format Response Form Error Codes AP Command Reference Add/Update User Update Cache Bandwidth Up Bandwidth Down Delete User Query User Authorize User Commands For Reference Only Set Room Access Query Room Status User Purchase User Payment External Authentication Procedure (Detailed) Definition of parsed parameters the AP sends over the URL line (GET method): Sample XML Communications with the AP C Credit Card Interface Specification Data sent by the AP-2500 to the credit card clearing server Explanation: Credit Card Interface Specification Data sent by credit card clearing server to the AP-2500 Explanation: D ASCII Character Chart E Specifications Hardware Specifications Physical Specifications Electrical Specifications Page Radio Specifications Table E-2 802.11a Channel Frequencies 802.11b Channel Frequencies Table E-1 802.11b Channel Frequencies 802.11a Channel Frequencies Wireless Communication Range Table E-4 802.11a Wireless communication ranges Table E-3 802.11b Wireless communication ranges F Technical Support For the U.S. and Canada: Technical Support