The Orinoco AP-500 is an 802.11b wireless access point. I bought mine from MicroWarehouse. At the time it cost $336 from that reseller.
It has a standard Orinoco Gold PCMCIA card and a 10BT Ethernet jack. It operates as a bridge only. It cannot be configured as a router. It cannot perform NAT or be a DHCP server, unlike the RG-1000, which costs less but only has an Orinoco Silver card.
I bought the AP-500 because I thought the Gold card would be more secure than the RG-1000's Silver card. Since then I have done more reading about WEP and learned that WEP is fundamentally broken. A casual snooper will be equally deterred by either standard 40-bit WEP or the Gold card's "128-bit security", but a smart, determined attacker will find both equally easy to break. Oh well. Maybe if they fix WEP and offer a firmware upgrade, then I'll really have 128-bit encryption. Meanwhile, I'll just hope nobody near my house wants to eavesdrop on my web surfing.
(Why would anyone buy the AP-500 instead of the RG-1000, given this brain-damage? Perhaps the RG-1000 cannot participate in multi-AP wireless infrastructures, where a client can roam seamlessly from AP to AP. The AP-500 can be used to build such networks.)
Anyway, the AP-500 comes with a Linux "command-line
interface" called cliproxy for configuring it.
Version 1.00 of cliproxy, which was on the CD-ROM,
includes commands for configuring a bunch of features that the
AP-500 doesn't actually support, like NAT, DHCP, TurboCell, and
IP routing. Version 1.16, which I found on the FTP site, has a
reduced command set that matches what the Windows configuration
tool offers. I recommend using 1.16 or later, because using 1.00
and the unsupported commands is just confusing and time-wasting.
So when I got my AP-500, I started configuring it using
cliproxy version 1.00. (I didn't have 1.16 yet.) I
tried to configure it so that it could only be reconfigured from
the wired network, because the wireless network is too insecure:
WEP is broken and the configuration is performed using SNMP,
which is unencrypted. I decided to allow configuration from only
one of my machines, at 10.0.1.8, from the wired network, which
uses a netmask of 255.255.255.0. So I ran this command:
access-list ip snmp-server permit 10.0.1.8 255.255.255.0 1
Then I wrote the configuration to the AP-500. Then the AP-500
refused to let me configure it further from any machine on
either network. Oops. Turns out you're supposed to use a netmask
of 255.255.255.255 when you want to permit access
from only a single IP address.
So then I had to learn how to do a "forced reload", in which
you press the "reload" button on the AP-500 until the power
light turns amber, and then you upload the firmware image.
Cliproxy has a "write image"
command, which I think can upload the firmware image. However,
I was unable to make it work.
So I waited until my girlfriend came home with her Windows notebook (I do not have any Windows installations of my own), and installed the Windows AP manager on it. I wasn't able to reload the AP with the Windows program either, for quite a long while. I reset the AP-500 many times and held down the reload button for long periods (the manual says to hold it down for about 30 seconds), and the AP manager never showed the AP-500 as being in the "forced reload" state.
Finally I managed to get the AP-500 into the forced reload state by disconnecting the Ethernet cable, resetting it, holding down the reload button for a while, and then reconnecting the Ethernet cable. Then I was able to upload the firmware image and reconfigure the AP to be usable again.
The Windows AP manager has extensive online help, whereas the
cliproxy docs are rather sparse. If you plan to
get an AP-500 and configure it from Linux, I recommend finding
a Windows host to install the AP manager on anyway, so you can
read through its on-line help.
If you want the AP-500 to pass IP traffic and nothing else
(no AppleTalk, no IPX, etc.), you need to configure it to pass
ARP traffic as well. Here are the cliproxy
configuration commands:
access-list ethernet protocol deny others access-list ethernet protocol permit ip access-list ethernet protocol permit ip-arp
Links
| http://www.orinocowireless.com/ | The Orinoco web site. You can read the sales literature here. |
ftp://ftp.orinocowireless.com/pub/
|
The Orinoco file repository. You can download the documentation and the software here. The web site doesn't provide access to everything here. Everything you need should be on the CD-ROM anyway, but you might find newer versions here. |
Help
|
A local copy of the Help subdirectory
from cliproxy version 1.17.
|