===================================================================
Readme for ORiNOCO Wireless AP-2000 Access Point
Release 2.5.5 November 2005
===================================================================
Welcome to Release 2.5.5 of the ORiNOCO Wireless AP-2000 Access
Point system. This readme describes the following for the ORiNOCO
Wireless AP-2000 Access Point.
-------------------------------------------------------------------
1. Introduction
2. Software Description
3. Release History
4. Installation Notes
5. Know Issues
6. Obtaining Technical Assistance
-------------------------------------------------------------------
1. Introduction
The ORiNOCO Wireless AP-2000 is part of a wireless Internet
access infrastructure. It functions as a wireless network
access point to the Internet or other data networks. As
clients move from one coverage cell to another, AP-2000 units
automatically perform client handovers within the same subnet.
The AP-2000 system provides:
- Easy installation and operation
- Automatic client handover
- Over-the-air encryption of data
- High-speed links to the Internet
Access Point management is provided through CLI (Command Line
Interface), Standard Web based Interface, and SNMP (Simple
Network Management Protocol). Any of these management
interfaces can be used to view and configure the Access
Point's parameter settings.
---------------------------------------------------------------------
2. Software Description
In order to ensure that we are able to provide you with the latest
available software, the latest version of the AP software may be
downloaded from our website by initially visiting http://support.proxim.com/
The AP software is not included on the CD supplied.
2.1 About this software
Access Point Software comprises
* Access Point image (Download from the online support knowledgebase)
* Access Point scantool
* Access Point MIBs (Also available for download from the online
support knowledgebase)
802.11 MIB: mib-802.mib
IANAifType-MIB.mib
MIB-II: rfc1213.mib
Bridge MIB: rfc1493.mib
EtherLike MIB: rfc1643.mib
SNMPv2-MIB.mib
Provate MIB: orinoco.mib
With this software you should have received one Quick Installation guide:
"AP Getting Started Guide," which describes the hardware installation of
the Access Point.
2.2 Files Installed
The following software will be installed in the directory
specified during setup:
Scanning Tool: SCANTOOL.EXE v2.3
Problem Report form: REPORT.TXT
License Description: LICENSE.TXT
Readme file (this file): README.TXT
-------------------------------------------------------------------
3.0 Release History
3.1 Release 2.5.5 - November 2005
- No new feature additions in this release
- The following issues and/or RFCs have been fixed in this
release.
- AP image upgrade from 2.4.11 to 2.5.5 did not support first gen. 11a
AP2000 upgrade kit cards. (#1017)
- AP loses management ability under high broadcast load (#1094)
- AP with 11b radios cause AP to continuously reboot (#1239)
- Using 2nd Generation 802.11a Upgrade Kit locks up AP (#1273)
- 802.1x users cannot associate to the AP after 3 or 4 hours usage (#1296)
3.2 Release 2.5.4 - May 2005
- No new feature additions in this release
- The following issues and/or RFCs have been fixed in this
release.
# WPA-PSK can not associate to AP (#1093)
Detail:
When a large number (we tested with 31) WPA-PSK clients are associated to the
access point, they will begin disassociating over a period of several hours.
If the AP is rebooted the 30 clients will re-assoicate/ reauthenticate.
# AP loses management ability under high broadcast load (#1094)
Detail:
Under particular configurations, when there is high amounts of broadcast
traffic on the Ethernet interface of the access point, the access point
management interfaces are inaccessible.
# In 11b mode, AP does not fall back correctly "Retry Issue"
Detail:
This problem was introduced in version 2.4.11. In version 2.4.11, the access point
uses a retry mechanism that is prone to dropping packets. This caused a problem in
some applications that were not sufficiently robust to deal with packet dropping.
# The AP-2000 802.11a upgrade kit would not function in version 2.5.3. (#1017)
3.3 Release 2.5.3 - January 2005
- No new feature additions in this release
- The following issues and/or RFCs have been fixed in this
release
# AP does not indicate the number of Reject counters with Microsoft Windows
IAS. (#481)
# DHCP lease time problem. (#954)
# No Tx power control in the Configure/Interface tab. In the CLI the "show wif"
command does not show the current setting of the Tx power. (#961)
# Provide Provision for user to disable DFS in ETSI domain. (#17680)
3.4 Release 2.5.2 - October 2004
- Following are the new features added in this release
Radius based authentication for management Access
Device Management Access control using RADIUS
User Modes Supported – Super User, Limited User
Support for Telnet/SSH, HTTP/HTTPS
Authentication Mechanism based on Username-Password
Local authentication mode
Support of SSH2 protocol for secure remote login for management access
CLI Batch file for Configuration
Upload and Execution of CLI Batch file via HTTP/TFTP
Enhanced Auto-Configuration feature
Ability to disable Hardware Reset option (Reset to Factory defaults)
VLAN Enhancements
Security Policy Configuration per VLAN
Includes mixed mode of security
Authentication Server Configuration per VLAN
RADIUS Server based VLAN assignment of users
Broadcast SSID
We support the ability of broadcasting a single SSID when multiple SSIDs are
configured on a wireless interface; the administrator must enable this
feature on the desired SSID to broadcast the SSID in the beacon.
Closed system is also supported per SSID when multiple SSIDs are configured.
Mixed Security Modes using Security Profiles
Security is now configured using Security Profiles which can be applied to
the wireless interface’s SSIDs.
Mixed security modes can be used with VLAN disabled, but VLAN must
be enabled when you want to support multiple SSIDs.
The Security Profiles can be configured with combinations of supported
security modes
WPA2 including Pre-authentication and PMK Caching
WPA2 is compliant with the IEEE 802.11i which includes mutual authentication
and CCMP/AES data confidentiality protocol.
Pre-authentication and PMK caching allows for an AP to pre-authenticate a
client which in turn will allow for faster roaming between APs.
WPA and WPA2 are only supported on the 802.11a upgrade kit and 802.11b/g
upgrade kit.
- The following issues and/or RFCs have been fixed in this
release.
# RADIUS accounting setup is too complicated (#458)
# Change the CLI vlanmgmtid for untagged (-1) to show untagged in the show
vlanmgmtid (#730)
# The item "Authorization lifetime" is not in "EAP/802.1x Auth" menu.
But if Authorization lifetime is changed in "RADIUS Auth" menu,it is effective.
(#719)
# CLI command for timeout of MAC addresses in the IP LAN table. (#674)
# Place the enabled VoIP – spectra link option on the HTTP GUI. (#755)
# CLI: Add management objects for enabling/disabling the trap groups.
(#12114)
# CLI - add command/parameter name for version - show sysversion (#10527)
# Request to modify DHCP client functionality to keep renewing the lease.
(#11735)
# Trap requested for manual reboot (#10762)
# AP allows configuration of VLAN ID 0 (#16414)
3.5 Release 2.4.12 - September 2004
- No new feature additions in this release
Singapore variant list updated. Earlier build use to support Singapore .11a
lower band, upper band and ISM band channels. The certification from
singapore prohibits us from supporting lower band channels for Singapore
variants. This image software handles the Singapore variant differently.
- The following issues and/or RFCs have been fixed in this
release.
# APs with Atheros radios drop connections when more than 5
spectralink calls connect simultaneously; however, the AP
will support up to 5 calls connected simultaneously.
(#16427)
# There is a problem retrieving the config file via TFTP. The
workaround is to select retrieving the config file via HTTP.
(#16531)
3.6 Release 2.4.11 - May 2004
- Following are the new features added in this release
Spectralink Support for Atheros Radio
Deny Non-Encrypted Data Support for Atheros Radio
- The following issues and/or RFCs have been fixed in this
release.
# WEP mode on wireless VLAN is fixed. (#768)
# When the AP is input over than 255 characters(ASCII) in IP Address
of "RADIUS" - "RADIUS Acct", the error message will not occur and
locked AP. (#735)
# If VLAN Management is enabled, it is no longer possible to link the
AP with different SSIDs. (#732)
# VLAN with WPA-PSK is fixed. (#786/712)
# Web: Change Orinoco MIB name to Enterprise MIB (#12004)
# Userguide wording was updated with the following text:
"Encryption Keys must be configured for WEP clients if
mixed mode is selected." (#792)
# The SYSLOG HTTP window now includes all syslog host table
entries. The heart beat status is a drop down menu, the
heart beat interval text box is enabled or disabled depending
on the heart beat status. (#11663)
# Added ":"'s to mac address verbage to the sentence in "Static
MAC" tab of the web interface. (#15269)
# Last Known Good Config File Functionality is now working
(#15547)
# FP2 - CLI should not permit telsessiontout to be configured
less than 60 (#15735)
# Added an extra column for additional space and fixed some of
the column sizes for trap messages in the Status tab. (#15924)
# Add SVP - spectra link VoIP into the Atheros 11bg upgrade kit
and 11a upgrade kit. (#666)
# Setup Wizard now sets AP in 11a-WPA mode. (#511)
3.7 Release 2.4.5 - Jan 2004
- No new feature additions in this release
- The following issues have been fixed in this release
# Fixed the issue of Link integrity page not displaying properly
(Link Integrity Table Corruption) (#568)
# Fixed the issue of device crashing when Link Integrity tab
is selected after configuring a backup accounting address,
the device begins to overload the Ethernet sensor with
traffic (# 467)
# Fixed the issue of Client not getting disassociated after
Ethernet Connection goes down and Link Integrity is enabled.
(#572)
# Fixed the issue of Device accessibility and configurability
across the subnet(#502)
# Fixed the issue of WDS feature not working with classic
802.11b only cards(#558)
- Additional trackers verified and closed in this release
# The issue of Wrong MIB Information for the Variable
oriEthernetIfConfigSettings (#400)
# The issue of AP Reboot when repeatedly removing and
replacing Ethernet Cable of the AP with heavy traffic (#565)
# AP freeze after about 20 Client connections (#560)
# The issue of A/B/G Client getting de-authenticated by
AP2000 (#546)
# The Flash memory corruption issue (#463)
# The issue of AP Rebooting when a long packet is sent
through EtherPort (#396)
# The issue of AP reboot when RTS/CTS is enabled (#340)
# The RADIUS Accounting issue (Start/Stop) (#305)
# The issue of WEP enabled .11b client communication failing,
after the AP comes up (#478)
# The issue of improper display of the page
Configure>Filtering>TCP/UDP port (#425)
# The issue of clients not getting connected with AP-2000 b/g
kit card in slot B, when WEP enabled and key is set to
key# 2. (#453)
# The issue that Channel 12 and above does not come up in
MKK(Japan) domain. (#360)
# The issue about Unicast Key Distribution under heavy traffic
(#566)
# The issue with AP2000 MAC Authentication failing intermittently
(#561)
# The issue of EAP – MD5 Authentication for AP2000 (#397)
# The issue of SNMP get on the table oriSecurityConfigTableSecurityMode
(#563)
# The DHCP not working using AP-2000 w/g Kit and/ or 5 GHz Kit in
slot A and WEP Key # 2 (#452)
# The IP Address conflict issue after reset and reloading the
software (#420)
# WPA issue on AP2000 (#412)
# The Remote Link Test problem on AP3 (Avaya AP2000) (#275)
# The WEP functionality on Fujitsu Image (#514)
3.8 Release 2.4.4 - Dec 2003
- No new feature additions in this release
- The following issues have been fixed in this release
# Migration issue with Deny Non encrypted data feature
3.9 Release 2.4.3 - Dec 2003
- No new feature additions in this release
- The following issues have been fixed in this release
# Modified Deny non encrypted data feature to be in enabled
state by default
3.10 Release 2.4.1 - Dec 2003
- Following are the new features added in this release
Monitoring Station Statistics
This feature provides the capability to monitor a set of
statistics for all active stations connected to an Access
Point.User can enable this feature and view the statistics
like IP Address,MAC Address, Interface, Station Type,
Protocol, SNR etc. without rebooting the device. Wireless
Stations inactive for more than 10 minutes, are removed from
the statistics table.
Secure Socket Layer
The functionality of the Secure Socket Layer (SSL)
communication is an enhancement to the already existing HTTP
Management interface of the ORiNOCO Access Points. This
functionality will allow secure communication between the
AP and the HTTP Client. SSL feature will utilize a 128-bit
encryption certificate (maintained by AP) as cipher for secure
communication. User can install a certificate obtained from a
Certification Authority.
SNMP v3 Support
This feature is for supporting the Simple Network Management
Protocol version 3 (SNMPv3). The implementation in this
release will concentrate on fundamental requirements in order
to provide secure SNMP management. The SNMPv3 feature is
based on existing SNMP framework, but addresses security
requirements for device and network management
Rogue AP detection Support
This functionality will provide the ability to detect
unauthorized APs within a given coverage area. When enabled,
the AP will scan in the vicinity with in the range of coverage
and identify the access points active in the area. The support
is available for all versions and operation modes of Access
Points. E.g: 802.11a access point will identify all similar
Access Points. However, it will not be able to detect Access
points that are not of this type, say 802.11b or 802.11g
access points. This feature is not supported in the following
hardware:
AP-2000 with 11b Classic Card
HTTP/ HTTPS File Transfer
The functionality of the HTTP(S) File Transfer is an
enhancement to the already existing HTTP Management interface
of Access Points.This functionality will allow transfer of
configuration and kernel image files to and from the Access
Points from any compliant HTTP/HTTPS browser. For HTTPS file
transfer, SSL should be enabled.This feature also allows
transfer of SSL Certificate & private keys and upgrade BSP/BL.
Tx Power Control
This is a proprietary implementation of transmit power control
by using standard 802.11d frames to control transmit power
within an IBSS.This method of power control is considered to
be a interim way of controlling the transmit power of 802.11d
enabled clients in lieu of implementation of 802.11h.The
Access Point will allow four (4) intervals of transmit
power control:
100% (Regulatory Maximum)
50%
25%
12.5%
This feature is not supported in the following Hardware:
AP-2000 5GHz Kit (1st gen)
AP-2000 with 11b Classic Card
WDS enhancements to support 802.11a and 802.11g cards
This is an enhancement to the existing WDS feature already
available in Access Points for 802.11b into both 802.11a and
802.11g access points. The functionality remains the same as
the current 802.11b.
Auto Configuration
This feature provides the capability to allow auto configuration
of the Access Point Devices in a given subnet. Default state
of the feature is Enable. This feature can work for both DHCP
enabled or Static IP configured devices.
Multiple Authentication Server Support
This feature extends the existing authentication server
configuration option available in access points. With this,
the user can configure separate primary & secondary servers
for RADIUS and 802.1x servers that can be used for MAC based
or 802.1x based authentication, respectively.This also extends
the server fallback capability to the new servers supported.
Image Error Check
This feature allows the Access Point to accept a valid image
during download through HTTP or TFTP. The following checks
are performed on the downloaded image:
Zero Image size
Large image size
Non VxWorks Image
AP2000/AP600 Image
Signature Verification
- The following issues have been fixed in this release
# Added back CLI command to deny non encrypted data for Agere
11b cards (#577) and the command is
Set Wifsec <interface number> encryptdeny <enable/disable>
Where Interface number for slot A = 3 and for Slot B = 4
Default state of encryptdeny is disable and will allow
to connect both encrypted and non-encrypted clients
# Fixed the issue with Deny IP Broadcast/Multicast feature in
Advanced Filter tab to filter out IP Broadcast/Multicast
packets both from Ethernet to Wireless and from Wireless to
Ethernet
# Fixed IP/ARP filtering issue to filter the Ethernet to
wireless traffic (#506)
# Fixed the issue of Clients not getting connected to the
device with wep encryption and WDS enable for 11b card
(#15127)
# Fixed the issue of not getting the handover request and
response in IAPP with WDS ink up(#15134)
# Fixed CLI Commands output format for "show http" and
"show snmp"(#15154).
# Fixed the issue of "Encryption Key Length" being empty and
disabled in Configure Management/Security Page/802.1x
(#15156 and #15169).
# Fixed the issue of sniffer capturing the frames of RTS/CTS
from device to client when "Enable Medium Density
Distribution" is disabled (#15161).
# Fixed the issue with initial configuration of the device
via "Setup Wizard"(#15163)
1) Without reconfiguring the password the wizard was not
allowing the user to proceed further. Password need to
be configured at least once before moving to next
step in setup configuration wizard
2) After Configuring Wireless Interface Configuration,
if Save button and Next button was clicked, IE was not
displaying any page and was showing up the page only
after refresh button was clicked.
# Note inserted in the HTTP page indicating Max age can be
set in increments of 100ms (#15167)
# Fixed the issue with MAC address validation which was not
validated for its length in the HTTP interface while
adding an entry under MAC Access table and the back link
was not taking to the MAC Access table page(#15168)
# Fixed the issue with Serial number being displayed blank
on the HTTP interface for Wireless Card A(#15170)
# Fixed the issue with pull down option under Packet
Forwarding Interface Port being empty for 802.11b/g combo
card.(#15181).
# Fixed the issue in Port filtering table not able to
change the interface type from all interfaces to other
value through HTTP interface while editing an entry
(#15189).
# Fixed issue of not able to enable RADIUS Accounting through
HTTP, CLI and SNMP (#15221)
# Added Error page to display when an incorrect value is
entered While editing an VLAN ID(#15300)
# Fixed the issue of VLAN table accepting wrong entries
(#15301)
# Fixed the issue of incorrect links under VLAN page (#15302)
# Fixed the issue with Monitor->Interface->type field always
showing as ethernet-csmacd for both wireless and ethernet
interfaces(#15306)
# Fixed the issue of SNMP interface not being able to enable
thorugh HTTP interface and Telnet(#15331)
# Fixed the issue of HTTP Defaults and Functionality in
AP-2000 devices Accepting value less than 3600 seconds in
both Default lease time field and Maximum lease time field
(#15342).
# Note is added to indicate that the Polling interval should
always be in steps of 500ms(#15343).
# Fixed the issue of accepting 1 character in SSID fied, need
to be minimum 2 characters(#15347).
# Fixed the issue of downloading an image whenever Reload
button is pressed(#15349)
# Fixed the issue in password accepting 1-32 characters
instead of 6 to 32 characters in HTTP Web based Interface
(#15350).
# Added missing parameter "Ehthernet Chipset" under Monitoring
Interface statistics (#15352)
# Fixed the issue of Reauthentication not happening after
specified client session timeout for AP2000 with both A and
G cards (#15361)
# Fixed the issue of reauthentication not happening after
specified authorization life time(#15362).
3.11 Release 2.3.0 - July 2003
- Following are the new features added in this release
WiFi Protected Access (WPA)
WPA pulls together several of the key technologies from the
Wi-Fi Alliance defined functionality. These include:
· TKIP (Temporal Key Integrity Protocol) - Provides better
data privacy with per frame keying and a larger IV than WEP.
Also provides message integrity checking (MIC) using Michael
MIC algorithm to prevent re-play attacks.
· Standard 802.1X server based authentication
· Dynamic key management through 802.1X
· Option for server-less authentication via pre-shared keys
· AP and station negotiation of WPA authentication mode and
cipher suite capabilities
WPA supports 27 clients.
VLAN-16 and Multiple SSIDs
This feature extends support for compatibility with VLAN
enabled wired networks by providing the user with the
capability to configure up to 16 Network Names or SSIDs
(Service Set Identifiers) and 16 corresponding VLAN (Virtual
Local Area Network) Identifiers per radio Card.VLAN assignment
is made by providing the wireless end user with the SSID
corresponding to the VLAN ID configured on the AP. The end
user associates with the AP and his or her traffic is tagged
with the proper VLAN ID and transmitted on the wired LAN.
3.12 Release 2.2.0 - April 2003
- Following are the new features added in this release
Closed system (.11g)
The AP-2000 Access Point supports a closed system feature that
will prevent wireless client access without the configured
wireless network name. Refer to the User's Guide for more
information on using the closed system feature.
Per User Per Session (.11g)
This feature supports the dynamic generation of encryption
keys for each 802.11 wireless client using 802.1x security.The
802.11a/gradios have the ability to store 128 WEP keys as opposed
to the maximum number of 4 on the 802.11b NIC’s. This ability
enables a higher level of security for those connecting through
this interface by giving each client, up to 108, it’s own unique
key.
802.11g
Support for 802.11g wireless connectivity through use of 802.11g
compliant 2.4 GHz radio technology.The IEEE 802.11g addendum to
the 802.11 standard adds support for a high speed wireless physical
layer in the 2.4 GHz band using Orthogonal Frequency Division
Multiplexing.The standard provides for data rates of up to 54 Mbps.
Note: Until further notice, the 802.11b/g hardware kit for South
Korea supports channels 1-11 within the FCC regulatory
domain, instead of channels 1-13 in the ETSI regulatory
domain.
-------------------------------------------------------------------
4. Installation Notes
4.1 If you download the installation from the web:
The software, MIB, and documentation are currently found under Answer ID 1221.
Please select the appropriate file, image,software, or documentation
and proceed to either view from the web or download to a specific
location. The WinZip Self-Extractor will request a temporary location
to unzip files. You may use the default location or choose
a customized location.
The Help and User Guides folder includes a setup.exe file. Please run
setup.exe in order to use the help documentation.
4.2 If you are using the installation CD:
Insert the ORiNOCO Installation CD in your CD-ROM drive and
the autorun facility will start the CD wizard which will
guide you through the installation process.
4.3 System Requirements
- Windows 98, NT, 2000, or XP
- At least 5 Mb of free disk space
- A web browser, preferably MS IE 6 with Service Pack 1 or
Netscape 6.1
Note :
-----
For SSL, IE 5.00 (128 bit) with Service Pack 2 (or)
IE 5.0 (56 bit) with patch Q240308 (or) IE 6.0
(128 bit) with Service Pack 1 and Patch Q323308
is required.
For 802.1x Authentication using TLS, XP Clients should
have Service Pack 1 installed on it.
-------------------------------------------------------------------
5. Known Issues
# When the AP with Rel 2.4.11 is configured with vlan id 0 and untagged in the
same wireless slot, then when we migrate to Rel 2.5 the vlan id for the
wireless slot displays as untagged for the vlan id configured as "0" in
2.4.11. (#17551)
# Mixed Mode with WEP & WPA enabled does not work on a
D-Link DWL-AG520 client using WEP. (#17465)
# Syslog requires disabling and re-enabling the Syslog
whenever adding or deleting the Syslog server IP Address (#16442)
# Invalid security profiles may be created. For example, a
profile may be created that includes "no security" and
WPA/WPA-PSK/802.11i/802.11i-PSK. Please see the manual
for an explanation regarding why this is an invalid
security security profile. Invalid security profiles may not,
however, be added to the SSID table. (#17507)
# If Vlan is enabled then it is possible to set WEP txkey as
key 1/2/3 but only key 0 is used as the txkey.
# It is possible to configure and enable multiple radius
profiles (with different vlan id) for the same radius
server. The functionality involving that radius server
may not work correctly in such cases. (#17827)
# It is possible to configure two SSIDs, one with non-secure
security profile and other with security profile containing
WPA/WPA-PSK/802.11i/802.11i-PSK, on the same interface. Some
WPA/WPA-PSK/802.11i/802.11i-PSK clients may face problems while
connecting in these scenarios. (#17826)
# Configuring security mode WPA/WPA-PSK/802.11i/802.11i-PSK for
the first security profile returns error. A workaround is to
use the configure a new security profile with these values and
assign it to the SSID. Another work around to do that for first
security profile is the following.
- Go to SSID/VLAN/Security Page
- Go to SecProfiles page and edit first security profile.
- enable 802.1x security mode and hit OK
- disable non-secure security mode and hit OK
- enable WPA/WPA-PSK/802.11i/802.11i-PSK and hit OK
- disable 802.1x and hit OK. (#17656)
-------------------------------------------------------------------
6. Obtaining Technical Assistance
If you encounter problems when using this product or would like information
about our other ORiNOCO Wireless products, please contact the reseller from
whom you purchased the equipment for support. If you would like reseller
contact information, please contact Proxim inside sales at 1-800-229-1630
or use the contact information on our website.
6.1 Troubleshooting
For the most up-to-date, detailed troubleshooting information, refer to the
ORiNOCO AP-2000 User Guide and Proxim Knowledge base.
6.2 Obtaining Documentation
The user guide is available in English language and you can access it along
with the most recent software and user documentation at
http://support.proxim.com
-------------------------------------------------------------------
END OF FILE
Download Driver Pack
After your driver has been downloaded, follow these simple steps to install it.
Expand the archive file (if the download file is in zip or rar format).
If the expanded file has an .exe extension, double click it and follow the installation instructions.
Otherwise, open Device Manager by right-clicking the Start menu and selecting Device Manager.
Find the device and model you want to update in the device list.
Double-click on it to open the Properties dialog box.
From the Properties dialog box, select the Driver tab.
Click the Update Driver button, then follow the instructions.
Very important: You must reboot your system to ensure that any driver updates have taken effect.
For more help, visit our Driver Support section for step-by-step videos on how to install drivers for every file type.