Management Vlan, Typical User Vlan Configurations | Proxim AP-4000

Advanced Configuration

AP-4000 Series User Guide

SSID/VLAN/Security

Typical User VLAN Configurations

VLANs segment network traffic into workgroups, which enable you to limit broadcast and multicast traffic. Workgroups enable clients from different VLANs to access different resources using the same network infrastructure. Clients using the same physical network are limited to those resources available to their workgroup.

The AP can segment users into a maximum of 16 different workgroups per radio, based on an SSID/VLAN grouping (also referred as a VLAN Workgroup or a Sub-network).

The primary scenarios for using VLAN workgroups are as follows:

1.VLAN disabled: Your network does not use VLANs, and you cannot configure the AP to use multiple SSIDs.

2.VLAN enabled, each VLAN workgroup uses a different VLAN ID Tag.

3.VLAN enabled, a mixture of Tagged and Untagged workgroups exist.

4.VLAN enabled, all VLANs untagged: VLAN is enabled in order to use SSID. (Note that typical use of SSIDs assumes actual use of VLANs.)

NOTE: VLAN must be enabled to configure security per SSID.

Management VLAN

Figure 4-39 Mgmt VLAN

VLAN Tagging Management

Control Access to the AP

Management access to the AP can easily be secured by making management stations or hosts and the AP itself members of a common VLAN. Simply configure a non-zero management VLAN ID and enable VLAN to restrict management of the AP to members of the same VLAN.

CAUTION: If a non-zero management VLAN ID is configured then management access to the AP is restricted to wired or wireless hosts that are members of the same VLAN. Ensure your management platform or host is a member of the same VLAN before attempting to manage the AP.

1.Click Configure > SSID/VLAN/Security > Mgmt VLAN.

2.Set the VLAN Management ID to a value of between 1 and 4094. (A value of -1 disables VLAN Tagging).

115

Image 115

Proxim AP-4000 manual Management Vlan, Typical User Vlan Configurations, Control Access to the AP, 115

Contents

ORiNOCO AP-4000 Series Access Points User Guide AP-4000 Series User Guide CopyrightTrademarks OpenSSL License Note Contents Contents AP-4000 Series User Guide System Status 4 Advanced Configuration Troubleshooting CommandsMonitoring Recovery Procedures Command Line Interface CLI Statement of Warranty Ascii Character Chart C SpecificationsTechnical Support Regulatory Compliance Document Conventions Products Covered in this User GuideProduct Description Introduction AP-4000 Series User Guide Introduction to Wireless Networking Mesh Network Convergence Mesh Networking AP-4000M/4900M Only Mesh Startup Topology Example Step Mesh Network Configuration Guidelines for Roaming HTTP/HTTPS Interface Ieee 802.11 SpecificationsCommand Line Interface Management and Monitoring Capabilities SNMPv3 Secure Management Snmp Management SSH Secure Shell Management Overview AP-4000 Series Hardware Description External Antennas Antennas Active Ethernet Installation and Initialization AP-4000 Series User GuideGHz Antenna LED Indicators on the AP-4000/4000M/4900M Top Panel LED Indicators General Prerequisites Prerequisites Mesh Prerequisites System Requirements Product Package Required Materials Hardware InstallationCabling the AP-4000/4000M/4900M Mounting the AP-4000/4000M/4900M Installing the Security Cover Mounting the AP-4900M in a Vehicle Mounting the AP-4000/4000M/4900M to a Ceiling Opening the Antenna Compartment Installing External Antennas Attaching Antennas to the AP-4900M for 4.9 GHz Operation Installing the AP in a PlenumPage Initialization Using ScanToolScanTool Instructions Scan List Logging Click LAN SettingsSelect Tools Internet Options 11 Enter Network Password 12 System Status Screen Using the Setup WizardPage Download the Software Installing the Software Click Commands Update AP via Http Install Software with Http Interface Install Software with Tftp Server Click Commands Reboot Related Topics Install Updates from your Tftp Server using the CLI System Status Advanced Configuration Configure Main Screen Advanced Configuration AP-4000 Series User Guide Dynamic DNS Support SystemPage Network IP Configuration DNS Client Dhcp ServerAdvanced Start IP Address End IP Address Advanced Configuration AP-4000 Series User Guide NetworkComment optional Dhcp Relay Agent Dhcp Server IP Address Table Dhcp Relay Agent Target IP Address Comment optional Link Integrity Sntp Simple Network Time Protocol Link Integrity Configuration Screen Sntp Configuration Screen Advanced Configuration AP-4000 Series User Guide Network Interfaces Operational Mode Super Mode and Turbo Mode Advanced Configuration AP-4000 Series User Guide InterfacesIeee 802.11d Support for Additional Regulatory Domains TX Power Control/Transmit Power Level Configuring 802.11d SupportConfiguring TX Power Control 10 Wireless Interface a Wireless-A 802.11a Radio and Wireless-B 802.11b/g Radio Advanced Configuration AP-4000 Series User Guide Interfaces Dynamic Frequency Selection/Radar Detection DFS/RD Affected Countries Wireless Service StatusRTS/CTS Medium Reservation Click on Configure Interfaces Wireless a or Wireless B Traps Generated During Wireless Service Shutdown and ResumeChannel Blacklist Table 13 WDS Example Bridging WDS WDS Setup Procedure 15 Adding WDS Links Ethernet 16 Ethernet Sub-tab 17 Mesh Sub-tab AP-4000M/AP-4900M Mesh AP-4000M/AP-4900M Only 18 Mesh Sub-tab AP-4000 Mesh Software Kit Management Passwords Services IP Access TableSecure Management Https Access Secure Socket Layer Advanced Configuration AP-4000 Series User Guide ManagementAccessing the AP through the Https interface 19 Management Services Configuration Screen Configuring SSH SSH Session SetupSSH Clients Uploading Externally Generated Host Keys Click Commands Update AP via Http or via Tftp Radius Based Management Access Serial Configuration Settings Auto Configuration and the CLI Batch File Automatic Configuration AutoConfigSet up Automatic Configuration for Static IP Set up Automatic Configuration for Dynamic IP 21 Automatic Configuration Screen 22 Dhcp Options Setting the Boot Server Host Name Hardware Configuration Reset Chrd Configuring Hardware Configuration Reset Configuration Reset via Serial Port During BootupClick Configure Management Chrd Procedure to Reset Configuration via the Serial Interface Select the Filter Operation Type FilteringEthernet Protocol Static MAC Advanced Configuration AP-4000 Series User Guide Filtering Wireless MAC Address 0020A6124E38 Wired MAC Address 0040F41CDB6AWireless MAC Address 00022D5194E4 Wired MAC Address Click Add under the TCP/UDP Port Filter Table heading AdvancedTCP/UDP Port Number Click Edit under the TCP/UDP Port Filter Table heading Editing TCP/UDP Port Filters Groups Alarms Operational Trap Group Trap Name Description Severity Level Security Trap Group Trap Name Description Severity Level Flash Memory Trap Group Trap Name Description Severity Level Trap Name Description Severity Level Generic Trap Group Trap Name Description Severity Level Tftp Trap Group Trap Name Description Severity LevelImage Trap Group Trap Name Description Severity Level Sntp Trap Group Trap Name Description Severity Level RFC 1215-Trap Trap Name Description Severity Level Alarm Host Table Syslog Configuring Syslog Event NotificationsEvent Priority Description Syslog Messages Advanced Configuration AP-4000 Series User Guide AlarmsSyslog Message Name Priority Severity Description Advanced Configuration AP-4000 Series User Guide Rogue Scan Background Scanning Mode Continuous Scanning ModeMulti-Band Scanning Rogue Scan Data Collection Click Configure Alarms Rogue ScanRogue Scan 28 Rogue Scan Screen Spanning Tree Bridge Storm Threshold Advanced Configuration AP-4000 Series User Guide Bridge Intra BSS Configuring Interfaces for Packet ForwardingPacket Forwarding Enabling QoS and Adding QoS policies Wireless Multimedia Extensions WME/Quality of Service QoSClick Configure QoS Policy QoS Enter the Priority Mapping Index Advanced Configuration AP-4000 Series User Guide QoS101 Priority Mapping Click Configure QoS Priority Mapping102 STA Edca Table and AP Edca Table Enhanced Distributed Channel Access Edca103 104 Click Configure QoS Edca 105 Radius Profiles Radius Servers per Authentication Mode and per Vlan106 Radius Servers Enforcing Vlan Access Control Configuring Radius Profiles107 108 109 37 Add Radius Server Profile Session Length MAC Access Control Via Radius Authentication802.1x Authentication using Radius Radius Accounting Accounting Attributes Authentication Attributes111 112 Vlan Overview SSID/VLAN/Security113 114 Management Vlan Typical User Vlan ConfigurationsControl Access to the AP Click Configure SSID/VLAN/Security Mgmt Vlan Disable Vlan Tagging Provide Access to a Wireless Host in the Same WorkgroupSecurity Profile Wi-Fi Protected Access WPA/802.11i WPA2 Authentication Process117 118 Authentication Protocol Hierarchy Click Configure SSID/VLAN/Security Security Profile Configuring Security ProfilesVLANs and Security Profiles WPA Station Non Secure StationWEP Station 802.1x Station 121 802.11i-PSK Station 42 Security Profile Table Add Entries 122 Wireless-A or Wireless-B MAC Access123 124 Configuring an SSID/VLAN with Vlan Tagging Disabled 125 45 SSID/VLAN Edit Entries Screen Vlan Tagging Disabled Click SSID/VLAN/Security Wireless-A or Wireless-B Configuring SSID/VLANs with Vlan Tagging Enabled126 127 47 SSID/VLAN Edit Entries Screen Vlan Tagging Enabled 128 Broadcast Ssid and Closed System 129 Monitor Main Screen Monitoring AP-4000 Series User Guide Version Icmp Monitoring Tab IP/ARP Table Learn Table Monitoring Tab Learn Table Radius 134 135 Monitoring AP-4000 Series User Guide Interfaces 136 137 Station Statistics Monitoring AP-4000 Series User Guide Station Statistics Mesh Statistics 139 Introduction to File Transfer via Tftp or Http 140 Image Error Checking During File TransferTftp File Transfer Guidelines Http File Transfer Guidelines 141 Update APUpdate AP via Tftp Commands AP-4000 Series User Guide Commands AP-4000 Series User Guide Update AP Update AP via Http142 143 Commands AP-4000 Series User Guide Retrieve FileRetrieve File Retrieve File via Tftp 144 Retrieve File via Http Retrieve File via Http Command Screen Reset RebootCommands AP-4000 Series User Guide Reboot Help Link 13 Help Link Configuration Screen 147 AP Unit Will Not Boot No LED Activity Troubleshooting ConceptsSymptoms and Solutions Connectivity Issues Basic Software Setup and Configuration Problems Client Connection Problems Active Ethernet AE Vlan Operation Issues Reset to Factory Default Procedure Recovery ProceduresForced Reload Procedure 153 Download a New Image Using ScanToolDownload Procedure Preparing to Download the AP Image 154 Download a New Image Using the Bootloader CLI Attaching the Serial Port Cable Setting IP Address using Serial PortInitializing the IP Address using CLI Hardware and Software Requirements Related Applications Radius Authentication Server156 157 Tftp Server Important Terminology General NotesPrerequisite Skills and Knowledge Notation Conventions Key Combination Operation CLI Error MessagesError Message Description Navigation and Special Keys 160 Command Line Interface CLI VariationsBootloader CLI Command Line Interface CLI AP-4000 Series User Guide Operational CLI Commands CLI Command TypesExample 1. Display Command list Example 3. Display parameters for set and show Example 2. Display specific CommandsExample 3a. Display every parameter that can be changed Download Example 3b. Display parameters based on letter sequenceExample 4. Display Prompts for Successive Parameters Done, exit, quit 164 HelpHistory Passwd 165 Parameter Control CommandsShow CLI Command Search Examples Set CLI CommandConfiguring Objects that Require Reboot Set and show Command Examples Example 3 Modify a table entry or row Example 1 Set the Access Point IP Address ParameterExample 4 Enable, Disable, or Delete a table entry or row Example 2 Create a table entry or row Example 6 Show Individual and Table Parameters Example 5 Show the Group Parameters168 169 Using Tables and StringsUsing Strings Working with Tables Log into the AP using Telnet Configuring the AP using CLI commandsSet Basic Configuration Parameters using CLI Commands Log into the AP using HyperTerminal 171 Change PasswordsSet Network Names for the Wireless Interface Set System Name, Location and Contact Information 172 Country Code 173 Configure SSIDs Network Names, VLANs, and Profiles 174 Download an AP Configuration File from your Tftp ServerBackup your AP Configuration File Set up Auto Configuration Configure the AP as a Dhcp Server Other Network SettingsConfigure the DNS Client Autochannel Select ACS Operational Mode Enable/Disable Turbo Mode 802.11a/g only Enable/Disable Closed SystemShutdown/Resume Wireless Service Enable/Disable Super Mode 802.11a/g only Configure Management Ports Edit Management IP Access TableSet the Distance Between APs Set Communication Ports Configure Secure Socket Layer HttpsSet Telnet Session Timeouts Configure Serial Port Interface Add an Entry to the MAC Access Control Table Create/Enable WDSEnable/Disable WDS Setup MAC Address Access Control Set Radius Parameters Configure Radius Authentication servers181 182 Set Hardware Configuration Reset Parameters Configure a Security Profile with WEP Security Mode Enable Vlan ManagementDisable Vlan Management Configure a Security Profile with Non Secure Security Mode Parameter Tables Configure a Security Profile with 802.11i Security ModeConfigure a Security Profile with 802.11i-PSK Security Mode CLI Monitoring Parameters 185 Serial Port Parameters Serial Port setup 186 187 Name Type Value Access CLI ParameterSet sysresettodefaults System Parameters 188 DNS Client for Radius Name ResolutionDhcp Server Parameters Name Type Value Access CLI Parameter Network Parameters 189 Dhcp Server table for IP poolsDhcp Relay Group Dhcp Relay Server Table Link Integrity IP Target Table Sntp Parameters Name Type Value Access CLI Parameter190 191 Wireless Interface ParametersInterface Parameters Common Parameters to 802.11a/b/g 192 802.11a Only Parameters 802.11b/g Only Parameters 802.11b Only Parameters193 Mode For 802.11g-only modeFor 802.11b/g mode For 802.11b-only 195 Wireless Distribution System WDS ParametersWireless Interface SSID/VLAN/Profile Parameters Channel Blacklist Parameters 196 Wireless Distribution System WDS Security Table Parameters Management Parameters Snmp Parameters Name Type Value Access CLI Parameter197 198 Telnet Parameters Name Type Value Access CLI Parameter Http Parameters Name Type Value Access CLI Parameter199 200 Serial Port Parameters Name Type Value Access CLI ParameterRadius Based Management Access Parameters SSH Parameters Tftp Server Parameters IP Access Table Parameters201 Ethernet Filtering Table Filtering Parameters202 203 Proxy ARP Parameters Name Type Value Access CLI ParameterTCP/UDP Port Filtering TCP/UDP Port Filtering Table Snmp Table Host Table Parameters Alarms Parameters204 Syslog Host Table Syslog Parameters205 Spanning Tree Priority and Path Cost Table Bridge Parameters206 207 Storm Threshold TableIntra BSS Subscriber Blocking Packet Forwarding Parameters 208 Radius Server Configuration ParametersRadius Parameters General Radius Parameters Security Parameters MAC Access Control Table 210 Security Profile Table 211 Iapp Parameters Name Type Value Access CLI ParameterVLAN/SSID Parameters Other Parameters 212 Enabling QoS Name Type Value Access CLI ParameterConfiguring QoS Policies Specifying the Mapping between 802.1p and 802.1D Priorities 213 QoS Enhanced Distributed Channel Access Edca Parameters Sample CLI Batch File Auto Configuration and the CLI Batch FileCLI Batch File CLI Batch File Format and Syntax CLI Batch File Error Log Reboot Behavior215 Charact Equival Ent 216 Hex Number of Stations per BSS Software FeaturesFeature Supported by AP-4000 Series Radius Based Management Access 217 Security Functions Medium Access Control MAC FunctionsSpecifications AP-4000 Series User Guide Software Features Advanced Bridging Functions Network Functions Specifications AP-4000 Series User Guide219 Hardware Specifications AP-4000/4000M Channels Available Channels221 222 AP-4900M Channels 4.9 GHz Public Safety ModeAP-4900M Channels AP-4900M Channels a/b/g Modes 223 Software and Documentation Downloads Knowledgebase 224 Online Support International 225 Telephone Support Support Procedures Warranty CoverageRepair or Replacement Limitations of Warranty Other Adapter Cards Ask a Question or Open an IssueOther Information Search Knowledgebase 228 Product Model Numbers 229 Regulatory Compliance AP-4000 Series User Guide 230 Safety Information USA, Canada, & European Union 231 Federal Communications Commission FCC AP-4000/4000M 232 Modifications 233 Industry Canada IC AP-4000/4000M only 234 European Union AP-4000/4000M only 235 Regulatory Compliance Certifications Summary AP-4000/4000MRegulatory Compliance Certifications Summary AP-4900M Country Certification/Reference No