=================================================================== Readme for ORiNOCO Wireless AP-2000 Access Point Release 2.5.5 November 2005 =================================================================== Welcome to Release 2.5.5 of the ORiNOCO Wireless AP-2000 Access Point system. This readme describes the following for the ORiNOCO Wireless AP-2000 Access Point. ------------------------------------------------------------------- 1. Introduction 2. Software Description 3. Release History 4. Installation Notes 5. Know Issues 6. Obtaining Technical Assistance ------------------------------------------------------------------- 1. Introduction The ORiNOCO Wireless AP-2000 is part of a wireless Internet access infrastructure. It functions as a wireless network access point to the Internet or other data networks. As clients move from one coverage cell to another, AP-2000 units automatically perform client handovers within the same subnet. The AP-2000 system provides: - Easy installation and operation - Automatic client handover - Over-the-air encryption of data - High-speed links to the Internet Access Point management is provided through CLI (Command Line Interface), Standard Web based Interface, and SNMP (Simple Network Management Protocol). Any of these management interfaces can be used to view and configure the Access Point's parameter settings. --------------------------------------------------------------------- 2. Software Description In order to ensure that we are able to provide you with the latest available software, the latest version of the AP software may be downloaded from our website by initially visiting http://support.proxim.com/ The AP software is not included on the CD supplied. 2.1 About this software Access Point Software comprises * Access Point image (Download from the online support knowledgebase) * Access Point scantool * Access Point MIBs (Also available for download from the online support knowledgebase) 802.11 MIB: mib-802.mib IANAifType-MIB.mib MIB-II: rfc1213.mib Bridge MIB: rfc1493.mib EtherLike MIB: rfc1643.mib SNMPv2-MIB.mib Provate MIB: orinoco.mib With this software you should have received one Quick Installation guide: "AP Getting Started Guide," which describes the hardware installation of the Access Point. 2.2 Files Installed The following software will be installed in the directory specified during setup: Scanning Tool: SCANTOOL.EXE v2.3 Problem Report form: REPORT.TXT License Description: LICENSE.TXT Readme file (this file): README.TXT ------------------------------------------------------------------- 3.0 Release History 3.1 Release 2.5.5 - November 2005 - No new feature additions in this release - The following issues and/or RFCs have been fixed in this release. - AP image upgrade from 2.4.11 to 2.5.5 did not support first gen. 11a AP2000 upgrade kit cards. (#1017) - AP loses management ability under high broadcast load (#1094) - AP with 11b radios cause AP to continuously reboot (#1239) - Using 2nd Generation 802.11a Upgrade Kit locks up AP (#1273) - 802.1x users cannot associate to the AP after 3 or 4 hours usage (#1296) 3.2 Release 2.5.4 - May 2005 - No new feature additions in this release - The following issues and/or RFCs have been fixed in this release. # WPA-PSK can not associate to AP (#1093) Detail: When a large number (we tested with 31) WPA-PSK clients are associated to the access point, they will begin disassociating over a period of several hours. If the AP is rebooted the 30 clients will re-assoicate/ reauthenticate. # AP loses management ability under high broadcast load (#1094) Detail: Under particular configurations, when there is high amounts of broadcast traffic on the Ethernet interface of the access point, the access point management interfaces are inaccessible. # In 11b mode, AP does not fall back correctly "Retry Issue" Detail: This problem was introduced in version 2.4.11. In version 2.4.11, the access point uses a retry mechanism that is prone to dropping packets. This caused a problem in some applications that were not sufficiently robust to deal with packet dropping. # The AP-2000 802.11a upgrade kit would not function in version 2.5.3. (#1017) 3.3 Release 2.5.3 - January 2005 - No new feature additions in this release - The following issues and/or RFCs have been fixed in this release # AP does not indicate the number of Reject counters with Microsoft Windows IAS. (#481) # DHCP lease time problem. (#954) # No Tx power control in the Configure/Interface tab. In the CLI the "show wif" command does not show the current setting of the Tx power. (#961) # Provide Provision for user to disable DFS in ETSI domain. (#17680) 3.4 Release 2.5.2 - October 2004 - Following are the new features added in this release Radius based authentication for management Access Device Management Access control using RADIUS User Modes Supported – Super User, Limited User Support for Telnet/SSH, HTTP/HTTPS Authentication Mechanism based on Username-Password Local authentication mode Support of SSH2 protocol for secure remote login for management access CLI Batch file for Configuration Upload and Execution of CLI Batch file via HTTP/TFTP Enhanced Auto-Configuration feature Ability to disable Hardware Reset option (Reset to Factory defaults) VLAN Enhancements Security Policy Configuration per VLAN Includes mixed mode of security Authentication Server Configuration per VLAN RADIUS Server based VLAN assignment of users Broadcast SSID We support the ability of broadcasting a single SSID when multiple SSIDs are configured on a wireless interface; the administrator must enable this feature on the desired SSID to broadcast the SSID in the beacon. Closed system is also supported per SSID when multiple SSIDs are configured. Mixed Security Modes using Security Profiles Security is now configured using Security Profiles which can be applied to the wireless interface’s SSIDs. Mixed security modes can be used with VLAN disabled, but VLAN must be enabled when you want to support multiple SSIDs. The Security Profiles can be configured with combinations of supported security modes WPA2 including Pre-authentication and PMK Caching WPA2 is compliant with the IEEE 802.11i which includes mutual authentication and CCMP/AES data confidentiality protocol. Pre-authentication and PMK caching allows for an AP to pre-authenticate a client which in turn will allow for faster roaming between APs. WPA and WPA2 are only supported on the 802.11a upgrade kit and 802.11b/g upgrade kit. - The following issues and/or RFCs have been fixed in this release. # RADIUS accounting setup is too complicated (#458) # Change the CLI vlanmgmtid for untagged (-1) to show untagged in the show vlanmgmtid (#730) # The item "Authorization lifetime" is not in "EAP/802.1x Auth" menu. But if Authorization lifetime is changed in "RADIUS Auth" menu,it is effective. (#719) # CLI command for timeout of MAC addresses in the IP LAN table. (#674) # Place the enabled VoIP – spectra link option on the HTTP GUI. (#755) # CLI: Add management objects for enabling/disabling the trap groups. (#12114) # CLI - add command/parameter name for version - show sysversion (#10527) # Request to modify DHCP client functionality to keep renewing the lease. (#11735) # Trap requested for manual reboot (#10762) # AP allows configuration of VLAN ID 0 (#16414) 3.5 Release 2.4.12 - September 2004 - No new feature additions in this release Singapore variant list updated. Earlier build use to support Singapore .11a lower band, upper band and ISM band channels. The certification from singapore prohibits us from supporting lower band channels for Singapore variants. This image software handles the Singapore variant differently. - The following issues and/or RFCs have been fixed in this release. # APs with Atheros radios drop connections when more than 5 spectralink calls connect simultaneously; however, the AP will support up to 5 calls connected simultaneously. (#16427) # There is a problem retrieving the config file via TFTP. The workaround is to select retrieving the config file via HTTP. (#16531) 3.6 Release 2.4.11 - May 2004 - Following are the new features added in this release Spectralink Support for Atheros Radio Deny Non-Encrypted Data Support for Atheros Radio - The following issues and/or RFCs have been fixed in this release. # WEP mode on wireless VLAN is fixed. (#768) # When the AP is input over than 255 characters(ASCII) in IP Address of "RADIUS" - "RADIUS Acct", the error message will not occur and locked AP. (#735) # If VLAN Management is enabled, it is no longer possible to link the AP with different SSIDs. (#732) # VLAN with WPA-PSK is fixed. (#786/712) # Web: Change Orinoco MIB name to Enterprise MIB (#12004) # Userguide wording was updated with the following text: "Encryption Keys must be configured for WEP clients if mixed mode is selected." (#792) # The SYSLOG HTTP window now includes all syslog host table entries. The heart beat status is a drop down menu, the heart beat interval text box is enabled or disabled depending on the heart beat status. (#11663) # Added ":"'s to mac address verbage to the sentence in "Static MAC" tab of the web interface. (#15269) # Last Known Good Config File Functionality is now working (#15547) # FP2 - CLI should not permit telsessiontout to be configured less than 60 (#15735) # Added an extra column for additional space and fixed some of the column sizes for trap messages in the Status tab. (#15924) # Add SVP - spectra link VoIP into the Atheros 11bg upgrade kit and 11a upgrade kit. (#666) # Setup Wizard now sets AP in 11a-WPA mode. (#511) 3.7 Release 2.4.5 - Jan 2004 - No new feature additions in this release - The following issues have been fixed in this release # Fixed the issue of Link integrity page not displaying properly (Link Integrity Table Corruption) (#568) # Fixed the issue of device crashing when Link Integrity tab is selected after configuring a backup accounting address, the device begins to overload the Ethernet sensor with traffic (# 467) # Fixed the issue of Client not getting disassociated after Ethernet Connection goes down and Link Integrity is enabled. (#572) # Fixed the issue of Device accessibility and configurability across the subnet(#502) # Fixed the issue of WDS feature not working with classic 802.11b only cards(#558) - Additional trackers verified and closed in this release # The issue of Wrong MIB Information for the Variable oriEthernetIfConfigSettings (#400) # The issue of AP Reboot when repeatedly removing and replacing Ethernet Cable of the AP with heavy traffic (#565) # AP freeze after about 20 Client connections (#560) # The issue of A/B/G Client getting de-authenticated by AP2000 (#546) # The Flash memory corruption issue (#463) # The issue of AP Rebooting when a long packet is sent through EtherPort (#396) # The issue of AP reboot when RTS/CTS is enabled (#340) # The RADIUS Accounting issue (Start/Stop) (#305) # The issue of WEP enabled .11b client communication failing, after the AP comes up (#478) # The issue of improper display of the page Configure>Filtering>TCP/UDP port (#425) # The issue of clients not getting connected with AP-2000 b/g kit card in slot B, when WEP enabled and key is set to key# 2. (#453) # The issue that Channel 12 and above does not come up in MKK(Japan) domain. (#360) # The issue about Unicast Key Distribution under heavy traffic (#566) # The issue with AP2000 MAC Authentication failing intermittently (#561) # The issue of EAP – MD5 Authentication for AP2000 (#397) # The issue of SNMP get on the table oriSecurityConfigTableSecurityMode (#563) # The DHCP not working using AP-2000 w/g Kit and/ or 5 GHz Kit in slot A and WEP Key # 2 (#452) # The IP Address conflict issue after reset and reloading the software (#420) # WPA issue on AP2000 (#412) # The Remote Link Test problem on AP3 (Avaya AP2000) (#275) # The WEP functionality on Fujitsu Image (#514) 3.8 Release 2.4.4 - Dec 2003 - No new feature additions in this release - The following issues have been fixed in this release # Migration issue with Deny Non encrypted data feature 3.9 Release 2.4.3 - Dec 2003 - No new feature additions in this release - The following issues have been fixed in this release # Modified Deny non encrypted data feature to be in enabled state by default 3.10 Release 2.4.1 - Dec 2003 - Following are the new features added in this release Monitoring Station Statistics This feature provides the capability to monitor a set of statistics for all active stations connected to an Access Point.User can enable this feature and view the statistics like IP Address,MAC Address, Interface, Station Type, Protocol, SNR etc. without rebooting the device. Wireless Stations inactive for more than 10 minutes, are removed from the statistics table. Secure Socket Layer The functionality of the Secure Socket Layer (SSL) communication is an enhancement to the already existing HTTP Management interface of the ORiNOCO Access Points. This functionality will allow secure communication between the AP and the HTTP Client. SSL feature will utilize a 128-bit encryption certificate (maintained by AP) as cipher for secure communication. User can install a certificate obtained from a Certification Authority. SNMP v3 Support This feature is for supporting the Simple Network Management Protocol version 3 (SNMPv3). The implementation in this release will concentrate on fundamental requirements in order to provide secure SNMP management. The SNMPv3 feature is based on existing SNMP framework, but addresses security requirements for device and network management Rogue AP detection Support This functionality will provide the ability to detect unauthorized APs within a given coverage area. When enabled, the AP will scan in the vicinity with in the range of coverage and identify the access points active in the area. The support is available for all versions and operation modes of Access Points. E.g: 802.11a access point will identify all similar Access Points. However, it will not be able to detect Access points that are not of this type, say 802.11b or 802.11g access points. This feature is not supported in the following hardware: AP-2000 with 11b Classic Card HTTP/ HTTPS File Transfer The functionality of the HTTP(S) File Transfer is an enhancement to the already existing HTTP Management interface of Access Points.This functionality will allow transfer of configuration and kernel image files to and from the Access Points from any compliant HTTP/HTTPS browser. For HTTPS file transfer, SSL should be enabled.This feature also allows transfer of SSL Certificate & private keys and upgrade BSP/BL. Tx Power Control This is a proprietary implementation of transmit power control by using standard 802.11d frames to control transmit power within an IBSS.This method of power control is considered to be a interim way of controlling the transmit power of 802.11d enabled clients in lieu of implementation of 802.11h.The Access Point will allow four (4) intervals of transmit power control: 100% (Regulatory Maximum) 50% 25% 12.5% This feature is not supported in the following Hardware: AP-2000 5GHz Kit (1st gen) AP-2000 with 11b Classic Card WDS enhancements to support 802.11a and 802.11g cards This is an enhancement to the existing WDS feature already available in Access Points for 802.11b into both 802.11a and 802.11g access points. The functionality remains the same as the current 802.11b. Auto Configuration This feature provides the capability to allow auto configuration of the Access Point Devices in a given subnet. Default state of the feature is Enable. This feature can work for both DHCP enabled or Static IP configured devices. Multiple Authentication Server Support This feature extends the existing authentication server configuration option available in access points. With this, the user can configure separate primary & secondary servers for RADIUS and 802.1x servers that can be used for MAC based or 802.1x based authentication, respectively.This also extends the server fallback capability to the new servers supported. Image Error Check This feature allows the Access Point to accept a valid image during download through HTTP or TFTP. The following checks are performed on the downloaded image: Zero Image size Large image size Non VxWorks Image AP2000/AP600 Image Signature Verification - The following issues have been fixed in this release # Added back CLI command to deny non encrypted data for Agere 11b cards (#577) and the command is Set Wifsec <interface number> encryptdeny <enable/disable> Where Interface number for slot A = 3 and for Slot B = 4 Default state of encryptdeny is disable and will allow to connect both encrypted and non-encrypted clients # Fixed the issue with Deny IP Broadcast/Multicast feature in Advanced Filter tab to filter out IP Broadcast/Multicast packets both from Ethernet to Wireless and from Wireless to Ethernet # Fixed IP/ARP filtering issue to filter the Ethernet to wireless traffic (#506) # Fixed the issue of Clients not getting connected to the device with wep encryption and WDS enable for 11b card (#15127) # Fixed the issue of not getting the handover request and response in IAPP with WDS ink up(#15134) # Fixed CLI Commands output format for "show http" and "show snmp"(#15154). # Fixed the issue of "Encryption Key Length" being empty and disabled in Configure Management/Security Page/802.1x (#15156 and #15169). # Fixed the issue of sniffer capturing the frames of RTS/CTS from device to client when "Enable Medium Density Distribution" is disabled (#15161). # Fixed the issue with initial configuration of the device via "Setup Wizard"(#15163) 1) Without reconfiguring the password the wizard was not allowing the user to proceed further. Password need to be configured at least once before moving to next step in setup configuration wizard 2) After Configuring Wireless Interface Configuration, if Save button and Next button was clicked, IE was not displaying any page and was showing up the page only after refresh button was clicked. # Note inserted in the HTTP page indicating Max age can be set in increments of 100ms (#15167) # Fixed the issue with MAC address validation which was not validated for its length in the HTTP interface while adding an entry under MAC Access table and the back link was not taking to the MAC Access table page(#15168) # Fixed the issue with Serial number being displayed blank on the HTTP interface for Wireless Card A(#15170) # Fixed the issue with pull down option under Packet Forwarding Interface Port being empty for 802.11b/g combo card.(#15181). # Fixed the issue in Port filtering table not able to change the interface type from all interfaces to other value through HTTP interface while editing an entry (#15189). # Fixed issue of not able to enable RADIUS Accounting through HTTP, CLI and SNMP (#15221) # Added Error page to display when an incorrect value is entered While editing an VLAN ID(#15300) # Fixed the issue of VLAN table accepting wrong entries (#15301) # Fixed the issue of incorrect links under VLAN page (#15302) # Fixed the issue with Monitor->Interface->type field always showing as ethernet-csmacd for both wireless and ethernet interfaces(#15306) # Fixed the issue of SNMP interface not being able to enable thorugh HTTP interface and Telnet(#15331) # Fixed the issue of HTTP Defaults and Functionality in AP-2000 devices Accepting value less than 3600 seconds in both Default lease time field and Maximum lease time field (#15342). # Note is added to indicate that the Polling interval should always be in steps of 500ms(#15343). # Fixed the issue of accepting 1 character in SSID fied, need to be minimum 2 characters(#15347). # Fixed the issue of downloading an image whenever Reload button is pressed(#15349) # Fixed the issue in password accepting 1-32 characters instead of 6 to 32 characters in HTTP Web based Interface (#15350). # Added missing parameter "Ehthernet Chipset" under Monitoring Interface statistics (#15352) # Fixed the issue of Reauthentication not happening after specified client session timeout for AP2000 with both A and G cards (#15361) # Fixed the issue of reauthentication not happening after specified authorization life time(#15362). 3.11 Release 2.3.0 - July 2003 - Following are the new features added in this release WiFi Protected Access (WPA) WPA pulls together several of the key technologies from the Wi-Fi Alliance defined functionality. These include: · TKIP (Temporal Key Integrity Protocol) - Provides better data privacy with per frame keying and a larger IV than WEP. Also provides message integrity checking (MIC) using Michael MIC algorithm to prevent re-play attacks. · Standard 802.1X server based authentication · Dynamic key management through 802.1X · Option for server-less authentication via pre-shared keys · AP and station negotiation of WPA authentication mode and cipher suite capabilities WPA supports 27 clients. VLAN-16 and Multiple SSIDs This feature extends support for compatibility with VLAN enabled wired networks by providing the user with the capability to configure up to 16 Network Names or SSIDs (Service Set Identifiers) and 16 corresponding VLAN (Virtual Local Area Network) Identifiers per radio Card.VLAN assignment is made by providing the wireless end user with the SSID corresponding to the VLAN ID configured on the AP. The end user associates with the AP and his or her traffic is tagged with the proper VLAN ID and transmitted on the wired LAN. 3.12 Release 2.2.0 - April 2003 - Following are the new features added in this release Closed system (.11g) The AP-2000 Access Point supports a closed system feature that will prevent wireless client access without the configured wireless network name. Refer to the User's Guide for more information on using the closed system feature. Per User Per Session (.11g) This feature supports the dynamic generation of encryption keys for each 802.11 wireless client using 802.1x security.The 802.11a/gradios have the ability to store 128 WEP keys as opposed to the maximum number of 4 on the 802.11b NIC’s. This ability enables a higher level of security for those connecting through this interface by giving each client, up to 108, it’s own unique key. 802.11g Support for 802.11g wireless connectivity through use of 802.11g compliant 2.4 GHz radio technology.The IEEE 802.11g addendum to the 802.11 standard adds support for a high speed wireless physical layer in the 2.4 GHz band using Orthogonal Frequency Division Multiplexing.The standard provides for data rates of up to 54 Mbps. Note: Until further notice, the 802.11b/g hardware kit for South Korea supports channels 1-11 within the FCC regulatory domain, instead of channels 1-13 in the ETSI regulatory domain. ------------------------------------------------------------------- 4. Installation Notes 4.1 If you download the installation from the web: The software, MIB, and documentation are currently found under Answer ID 1221. Please select the appropriate file, image,software, or documentation and proceed to either view from the web or download to a specific location. The WinZip Self-Extractor will request a temporary location to unzip files. You may use the default location or choose a customized location. The Help and User Guides folder includes a setup.exe file. Please run setup.exe in order to use the help documentation. 4.2 If you are using the installation CD: Insert the ORiNOCO Installation CD in your CD-ROM drive and the autorun facility will start the CD wizard which will guide you through the installation process. 4.3 System Requirements - Windows 98, NT, 2000, or XP - At least 5 Mb of free disk space - A web browser, preferably MS IE 6 with Service Pack 1 or Netscape 6.1 Note : ----- For SSL, IE 5.00 (128 bit) with Service Pack 2 (or) IE 5.0 (56 bit) with patch Q240308 (or) IE 6.0 (128 bit) with Service Pack 1 and Patch Q323308 is required. For 802.1x Authentication using TLS, XP Clients should have Service Pack 1 installed on it. ------------------------------------------------------------------- 5. Known Issues # When the AP with Rel 2.4.11 is configured with vlan id 0 and untagged in the same wireless slot, then when we migrate to Rel 2.5 the vlan id for the wireless slot displays as untagged for the vlan id configured as "0" in 2.4.11. (#17551) # Mixed Mode with WEP & WPA enabled does not work on a D-Link DWL-AG520 client using WEP. (#17465) # Syslog requires disabling and re-enabling the Syslog whenever adding or deleting the Syslog server IP Address (#16442) # Invalid security profiles may be created. For example, a profile may be created that includes "no security" and WPA/WPA-PSK/802.11i/802.11i-PSK. Please see the manual for an explanation regarding why this is an invalid security security profile. Invalid security profiles may not, however, be added to the SSID table. (#17507) # If Vlan is enabled then it is possible to set WEP txkey as key 1/2/3 but only key 0 is used as the txkey. # It is possible to configure and enable multiple radius profiles (with different vlan id) for the same radius server. The functionality involving that radius server may not work correctly in such cases. (#17827) # It is possible to configure two SSIDs, one with non-secure security profile and other with security profile containing WPA/WPA-PSK/802.11i/802.11i-PSK, on the same interface. Some WPA/WPA-PSK/802.11i/802.11i-PSK clients may face problems while connecting in these scenarios. (#17826) # Configuring security mode WPA/WPA-PSK/802.11i/802.11i-PSK for the first security profile returns error. A workaround is to use the configure a new security profile with these values and assign it to the SSID. Another work around to do that for first security profile is the following. - Go to SSID/VLAN/Security Page - Go to SecProfiles page and edit first security profile. - enable 802.1x security mode and hit OK - disable non-secure security mode and hit OK - enable WPA/WPA-PSK/802.11i/802.11i-PSK and hit OK - disable 802.1x and hit OK. (#17656) ------------------------------------------------------------------- 6. Obtaining Technical Assistance If you encounter problems when using this product or would like information about our other ORiNOCO Wireless products, please contact the reseller from whom you purchased the equipment for support. If you would like reseller contact information, please contact Proxim inside sales at 1-800-229-1630 or use the contact information on our website. 6.1 Troubleshooting For the most up-to-date, detailed troubleshooting information, refer to the ORiNOCO AP-2000 User Guide and Proxim Knowledge base. 6.2 Obtaining Documentation The user guide is available in English language and you can access it along with the most recent software and user documentation at http://support.proxim.com ------------------------------------------------------------------- END OF FILEDownload Driver Pack
After your driver has been downloaded, follow these simple steps to install it.
Expand the archive file (if the download file is in zip or rar format).
If the expanded file has an .exe extension, double click it and follow the installation instructions.
Otherwise, open Device Manager by right-clicking the Start menu and selecting Device Manager.
Find the device and model you want to update in the device list.
Double-click on it to open the Properties dialog box.
From the Properties dialog box, select the Driver tab.
Click the Update Driver button, then follow the instructions.
Very important: You must reboot your system to ensure that any driver updates have taken effect.
For more help, visit our Driver Support section for step-by-step videos on how to install drivers for every file type.