Dell 6.2 Failures, and the default value is 0 failures, Timer per role overrides this setting

Page 196

The 802.1X authentication profile configuration settings are divided into two tabs, Basic and Advanced. The Basic tab displays only those configuration settings that often need to be adjusted to suit a specific network. The Advanced tab shows all configuration settings, including settings that do not need frequent adjustment or should be kept at their default values. If you change a setting on one tab then click and display the other tab without saving your configuration, that setting will revert to its previous value.

Table 61: 802.1x Authentication Profile Basic WebUI Parameters

Parameter

Description

Basic 802.1x Authentication Settings

Max authentication failures

Number of times a user can try to login with wrong credentials

 

after which the user is blacklisted as a security threat. Set to 0

 

to disable blacklisting, otherwise enter a non-zero integer to

 

blacklist the user after the specified number of failures. The range of allowed values is 0-5

 

failures, and the default value is 0 failures.

 

NOTE: This option may require a license.

 

 

Enforce Machine

Select the Enforce Machine Authentication option to require

Authentication

machine authentication. This option is also available on the Basic settings tab.

 

NOTE: This option may require a license.

 

 

Machine Authentication:

Default role assigned to the user after completing only machine authentication. The default

Default Machine Role

role for this setting is the “guest” role.

 

 

Machine Authentication:

Default role assigned to the user after 802.1x authentication. The default role for this setting is

Default User Role

the “guest” role.

 

 

Reauthentication

Select the Reauthentication checkbox to force the client to do a 802.1X reauthentication after

 

the expiration of the default timer for reauthentication. (The default value of the timer is 24

 

hours.) If the user fails to reauthenticate with valid credentials, the state of the user is cleared.

 

If derivation rules are used to classify 802.1x-authenticated users, then the reauthentication

 

timer per role overrides this setting.

 

This option is disabled by default.

 

 

Termination

Select the Termination checkbox to allow 802.1X authentication to terminate on the controller.

 

This option is disabled by default.

 

 

Termination EAP-Type

If termination is enabled, click either EAP-PEAP or EAP-TLS to select a Extensible

 

Authentication Protocol (EAP) method.

 

 

Termination Inner EAP-

If you are using EAP-PEAP as the EAP method, specify one of the following

Type

inner EAP types:

 

eap-gtc: Described in RFC 2284, this EAP method permits the transfer of unencrypted

 

usernames and passwords from client to server. The main uses for EAP-GTC are one-time

 

token cards such as SecureID and the use of LDAP or RADIUS as the user authentication

 

server. You can also enable caching of user credentials on the controller as a backup to

 

an external authentication server.

 

eap-mschapv2: Described in RFC 2759, this EAP method is widely supported by Microsoft

 

clients.

 

 

Enforce Suite-B 128 bit or

Configure Suite-B 128 bit or more security level authentication enforcement.

more security level

 

Authentication

 

 

 

Enforce Suite-B 128 bit or

Configure Suite-B 192 bit security level authentication enforcement.

more security level

 

Authentication

 

 

 

Dell PowerConnect W-Series ArubaOS 6.2 User Guide

802.1X Authentication 196

Page 195 Page 197
Image 196
Page 195 Page 197
Contents User Guide Open Source Code Copyright InformationLegal Notice Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents 485 477490 Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide What’s New In ArubaOS Feature DescriptionAbout this Guide Users using them in a given network IssuedSpectrum enhancements Spectrum recording informationFundamentals WebUIConventions Related DocumentsType Style Description Page Basic User-Centric Networks Understanding Basic Deployment and Configuration TasksDeployment Scenario #1 Controller and APs on Same Subnet APs All on One Subnet Different from Controller Subnets APs on Multiple Different Subnets from Controllers Configuring the Controller Running Initial SetupUsing the LCD Screen Connecting to the Controller after Initial SetupDell W-7200 Series Controller New Port Numbering SchemeDisplays Uploading a Pre-saved Configuration Using the LCD and USB DriveUpgrading an Image Configuring a Vlan to Connect to the Network Disabling LCD Menu FunctionsCreating, Updating, and Viewing VLANs and Associated IDs Assigning and Configuring the Trunk PortCreating, Updating, and Deleting Vlan Pools Configuring the Default Gateway Configuring the Loopback IP Address for the ControllerTo confirm the port assignments, use the show vlan command WebUIEnter y to reboot the controller or n to cancel Configuring the System ClockController returns the following messages Enabling Wireless Connectivity Configuring Your User-Centric NetworkInstalling Licenses Connecting the Controller to the NetworkMust explicitly enable Telnet on the controller Control Plane Security Configuring Control Plane Security Configure the following control plane security parametersControl Plane Security Overview Parameter DescriptionCLI ExampleManaging AP Whitelists Adding APs to the Campus and Remote AP WhitelistsViewing Whitelist Status Status EntryAddress as a name Control Plane Security Campus AP Whitelist status onlyStatus Entry Description Modifying an AP in the Campus AP Whitelist Command DescriptionClick the Campus AP Whitelist tab Deleting an AP Entry from the Campus AP Whitelist Revoking an AP via the Campus AP WhitelistPurging the Campus AP Whitelist Managing Whitelists on Master and Local Controllers Campus AP whitelist contains Master switchWith local Dell Viewing and Managing the Master or Local Switch Whitelists Viewing the Master or Local Switch WhitelistCampus AP Whitelist Synchronization Data Column DescriptionDeleting an Entry from the Master or Local Switch Whitelist Configuring Networks with a Backup Master Controller Configuring Networks with Clusters of Master ControllersPurging the Master or Local Switch Whitelist Working in Environments with Multiple Master ControllersClick the Cluster Setting tab Creating a Cluster RootTo view your current cluster configuration via the WebUI Viewing Controller Cluster SettingsCreating a Cluster Member Replacing Controllers in a Single Master Network Replacing a Controller on a Multi-Controller NetworkReplacing a Local Controller Replacing a Master Controllerwith No Backup Replacing a Redundant Master ControllerReplacing a Cluster Member Controller with no Backup Replacing Controllers in a Multi-Master NetworkReplacing a Local Controller in a Multi-Master Network Replacing a Redundant Cluster Member ControllerReplacing a Redundant Cluster Root Controller Configuring Control Plane Security after Upgrading Troubleshooting Control Plane SecurityIdentifying Certificate Problems Manually Certify Campus APsDisabling Control Plane Security Verifying CertificatesVerifying Whitelist Synchronization Supported APs Rogue APsUnderstanding License Terminology Software LicensesWorking with Licenses Using Licenses Working with Licenses on a Multiple Controller NetworkLicense Basis What Consumes One LicenseUnderstanding License Interaction Controller Total AP Count Campus APs Remote APsInstalling a License License Installation Best Practices and ExceptionsEnabling a new license on your controller Requesting a Software License in Email Locating the System Serial NumberObtaining a Software License Key Creating a Software License KeyResetting the Controller Deleting a LicenseMoving Licenses Applying the Software License Key in the WebUIPage Configuring VLANs Network Configuration ParametersYou can create and update a single Vlan or bulk VLANs Navigate to the Configuration Network VLANsNavigate to Configuration Network VLANs Creating Named VLANsCreating a Named Vlan not in a Pool Creating Bulk VLANs In the WebUIUsing the WebUI Creating a Vlan PoolThis example assigns a name to an existing Vlan ID This example assigns a Vlan name in a virtual APDistinguishing Between Even and Hash Assignment Types Creating a Vlan PoolCreating a Vlan Pool Using the CLI Viewing and Adding Vlan IDs Using the CLIFollowing example shows how to view Vlan IDs to a Vlan pool Updating a Vlan PoolAdding a Bandwidth Contract to the Vlan Optimizing Vlan Broadcast and Multicast TrafficConfiguring Ports Using the CLIProxy Arp is disabled for the Interface Navigate to Configuration Network IPConfiguring Trusted/Untrusted Ports and VLANs Classifying Traffic as Trusted or UntrustedAbout Trusted and Untrusted Physical Ports About Trusted and Untrusted VLANsFor Port Mode select Trunk This exampleHow a Vlan Obtains an IP Address Understanding Vlan AssignmentsAssigning a Static Address to a Vlan Configuring a Vlan to Receive a Dynamic Address Configuring Multiple Wired Uplink Interfaces Active-StandbyNavigate to the Configuration Network IP IP Interfaces Enabling the Dhcp ClientEnabling the PPPoE Client Select Obtain an IP address with PPPoEConfiguring DNS/WINS Server from DHPC/PPPoE Default Gateway from DHCP/PPPoESelect Apply Configuring Source NAT to Dynamic Vlan Address Configuring Source NAT for Vlan InterfacesExample Configuration Inter-VLAN RoutingUsing the WebUI to restrict Vlan routing Configuring Static RoutesNavigate to the Configuration Network IP IP Interface Modify the IP Address as required Click Configuring the Loopback IP AddressApply Configuring GRE Tunnels Configuring the Controller IP AddressUsing the CLI Navigate to the Configuration Network IP GRE Tunnels Creating a Tunnel InterfaceDirecting Traffic into the Tunnel Static RoutesWebUI Tunnel KeepalivesCLI This chapter describes ArubaOS support for IPv6 features Understanding IPv6 NotationUnderstanding IPv6 Topology IPv6 SupportEnabling IPv6 Enabling IPv6 Support for Controller and APsFeatures Supported on IPv6 APs? Configuring IPv6 Addresses To Configure Link Local AddressTo Configure Global Unicast Address Yes LimitedConfiguring IPv6 Static Neighbors To Configure Loopback Interface AddressConfiguring IPv6 Default Gateway and Static IPv6 Routes To Configure IPv6 Default GatewayTo Configure Static IPv6 Routes Managing Controller IP AddressesConfiguring Multicast Listener Discovery MLD To Modify IPv6 MLD ParametersDebugging an IPv6 Controller Provisioning an IPv6 APConfiguring a Captive Portal over IPv6 Filtering an IPv6 Extension Header EHWorking with IPv6 Router Advertisements RAs To view the EH types deniedUsing WebUI Configuring an IPv6 RA on a VlanYou can use the WebUI or CLI to configure IPv6 RA on a Vlan Configuring Optional Parameters for RAs Using CLINavigate to the ConfigurationNetworkIP To configure neighbor discovery retransmit timeTo configure IPv6 recursive DNS server To configure RA hop-limitSupported Network Configuration Viewing IPv6 RA StatusAuthentication Method Supported for IPv6 Clients? Understanding AuthenticationXSec No not tested MAC-based Yes Working with Firewall Features Authentication Description MethodUnderstanding Firewall Policies Field Description To assign an IPv6 policy using the WebUI Creating an IPv6 Firewall PolicyAssigning an IPv6 Policy to a User Role For Host IP, enter 2002d81ff9f01000Managing IPv6 User Addresses Understanding IPv6 Exceptions and Best PracticesHost config #ipv6 enable Understanding Lacp Best Practices and Exceptions Link Aggregation Control Protocol LacpConfiguring Lacp Set the port priorityLacp Sample Configuration 151 Understanding Ospf Deployment Best Practices and Exceptions OSPFv2Understanding OSPFv2 by Example using a Wlan Scenario Wlan TopologyWlan Routing Table Below is the routing table for RouterBranch Office Topology Branch Office Ospf TopologyConfiguring Ospf Branch Office Routing TableRouting table of the Central office controller is below Routing table for Router 1 is belowGeneral Ospf Configuration Select the Add button to add an area see FigureSample Topology and Configuration Remote BranchRemote Branch Central Office Controller-Active Central Office Controller-Backup OSPFv2 Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide OSPFv2 Understanding Tunneled Node Configuration Tunneled NodesConfiguring a Wired Tunneled Node Client Navigate to ConfigurationAdvanced ServicesWired AccessFor example WebUIConfiguring an Access Port as a Tunneled Node Port Configuring a Trunk Port as a Tunneled Node PortLocate the Wired Access Concentration Configuration section Verify the configurationSample Output On the tunneled node clientPage Authentication Servers Understanding Servers and Server GroupsConfiguring a Radius Server Configuring ServersDescribes the parameters you configure for a Radius server Timeout Default 5 secondsOverride the global configuration NAS IP address to send in Radius packetsConfiguring an RFC-3576 Radius Server Radius Server Authentication CodesRadius Server Fully Qualified Domain Names Set a DNS Query IntervalDescribes the parameters you configure for an Ldap server Configuring an Ldap ServerHost IP address of the Ldap server Default N/A Admin-DN Configuring a TACACS+ Server Enter parameters as described in TableDefines the TACACS+ server parameters Type Connection type is Ldap-s Start-tls Clear-textConfiguring a Windows Server Managing the Internal Database Configuring the Internal DatabaseParameters Enter the following command in enable mode Managing Internal Database FilesExporting Files in the WebUI Parameters DescriptionConfiguring Server Groups Working with Internal Database UtilitiesConfiguring Server Groups Configuring Server List Order and Fail-ThroughConfiguring Dynamic Server Selection Select Fail ThroughClick Add Rule Scroll to the right and click Add Server Click ApplyConfiguring Match Fqdn Option Trimming Domain Information from RequestsConfiguring Server-Derivation Rules Default bottom Controller when the rule is appliedTop User Authentication Management AuthenticationNavigate to the Configuration Management Administration Assigning Server GroupsAccounting Radius AccountingSelect AAA Profile, then select the AAA profile instance Timer Description Configuring Authentication TimersTACACS+ Accounting Setting an Authentication Timer Default 5 minutesLogon User Lifetime RangeConfiguring MAC-Based Authentication MAC-based AuthenticationConfiguring the MAC Authentication Profile ParameterConfiguring Clients Using the WebUI to configure a MAC authentication profileUsing the CLI to configure a MAC authentication profile Disables blacklistingCLI Understanding 802.1X Authentication 802.1X AuthenticationConfiguring Authentication with a Radius Server Supported EAP TypesConfiguring Authentication Terminated on Controller 802.1X Authentication with Radius ServerConfiguring 802.1X Authentication Failures, and the default value is 0 failures Default User Role Guest role ReauthenticationTimer per role overrides this setting This option is disabled by defaultInterval Seconds, and the default value is 30 seconds Default value isCount RequestsKey Exchange Delay between WPA/WPA2 Disable this featureAuthentication takes place Option is disabled by defaultFor the cached information. The default value is 24 hours Use to authenticate itself to the clientDisabled by default Negotiation Disabled by default WPA-Fast-HandoverConfiguring and Using Certificates with AAA FastConnect Configuring User and Machine Authentication Machine User Auth Description Role Assigned StatusAuthenticated Vlan configured Virtual AP profile Enabling 802.1x Supplicant Support on an APMachine Auth User Auth Description Vlan Assigned Status Virtual AP profilePrerequisites To view the 802.1x authentication details on the controllerProvisioning an AP as a 802.1X Supplicant Sample Configurations Configuring Authentication with an 802.1X Radius ServerConfiguring Roles and Policies Creating the Student Role and PolicyCan use the alias for other rules and policies Creating the Faculty Role and Policy Using the WebUICreating the Guest Role and Policy Under Time Range, select working-hours Configuring the Radius Authentication Server Creating Roles and Policies for Sysadmin and ComputerCreating an Alias for the Internal Network Using the CLI Using the WebUI to create the computer roleConfiguring 802.1X Authentication Select Enforce Machine AuthenticationConfiguring VLANs Configuring the Guest Wlan Configuring the WLANsNavigate to the Configuration Wireless AP Configuration Configuring the Non-Guest WLANs AP Group list, click Edit for the first-floorCLI Configuring a Server Rule Using the WebUI Configuring a Server Rule Using the CLISelect Termination Configuring WLANs Configuring the Guest Wlan Configuring the Non-Guest WLANs Configuring Mixed Authentication Modes AuthenticationDescribes the different authentication possibilities 802.1x LogonPerforming Advanced Configuration Options for Configuring Reauthentication with Unicast Key RotationWorking With Stateful Authentication Stateful and WISPr AuthenticationUnderstanding Stateful Authentication Best Practices Working With WISPr AuthenticationConfiguring Stateful 802.1x Authentication Configuring Stateful Ntlm Authentication Configuring Stateful Kerberos Authentication Configuring WISPr Authentication Profiles list, expand the WISPr Authentication Profile Dell PowerConnect W-Series ArubaOS 6.2 User Guide 227 Configuring a Controller as Ocsp and CRL Clients Configuring an Ocsp Controller as a ResponderUnderstanding Ocsp and CRL Certificate RevocationConfiguring the Controller as an Ocsp Client Navigate to the Configuration Management Certificates UploadConfiguring the Controller as a CRL Client Select the Revocation Checkpoint tabConfiguring the Controller as an Ocsp Responder Select Enable next to Enable Ocsp Responder Captive Portal Authentication Understanding Captive PortalConfiguring Captive Portal in the Base Operating System Navigate to the Configuration Management GeneralPolicy Enforcement Firewall Next Generation Pefng License Controller Server CertificateWebUI CLI Using Captive Portal with a Pefng License Configuring Captive Portal in the WebUI To configure captive portal with Pefng license via the WebUIConfiguring Captive Portal in the CLI Sample Authentication with Captive PortalCreating a Guest User Role Configuring Policies and Roles in the WebUI Select Add to add the guest-logon-access policyCreating an Auth-guest User Role Creating a Time RangeTo configure the auth-guest-access policy via the WebUI Creating an Auth-Guest-Access PolicyCreating Aliases Creating an Block-Internal-Access Policy To create the block-internal-access policy via the WebUICreating a Drop-and-Log Policy Creating a Guest RoleTo create the drop-and-log policy via the WebUI To create a guest role via the WebUIConfiguring Policies and Roles in the CLI Creating an Auth-Guest RoleDefining a Time Range To create the guest-logon role via the WebUIConfiguring Guest VLANs Creating a Guest-Logon-Access PolicyCreating a Block-Internal-Access Policy Creating a Guest-Logon RoleConfiguring Captive Portal Authentication Profiles Click Add For Vlan ID, enter Click ApplyConfiguring the AAA Profile Modifying the Initial User RoleConfiguring the Wlan Managing User AccountsConfiguring Captive Portal Configuration Parameters Unauthenticated that a guest cannot accessUtilization Logon Threshold Default 60% Logon wait RoleEnabling Optional Captive Portal Configurations Following are optional captive portal configurationsUploading Captive Portal Pages by Ssid Association Changing the Protocol to HttpEntity Engineering Business Faculty Specify the fac-logon userL3 Authentication Configuring Redirection to a Proxy ServerSecurity Access Control Policies Redirecting Clients on Different VLANs For captive portal with role-based accessFor captive portal with Pefng license Web Client Configuration with Proxy Script Personalizing the Captive PortalTo customize the page background Select the Your Custom BackgroundCreating and Installing an Internal Captive Portal Creating a New Internal WebPassword Example Username ExampleFqdn Example VariableDisplaying Authentication Error Messages Installing a New Captive PortalBasic Html Example Reverting to the Default Captive Portal Configuring LocalizationThis should be replaced with a link like the following Insert javascript to handle error casesThis should be replaced with a link like this Div id=errorbox style=display none /div Customizing the Welcome Sample TranslatedCustomizing the Pop-Up box Customizing the Logged Out Box Creating Walled Garden Access Navigate to Advanced Services Stateful Firewall DestinationConfiguring the Login URL Configuring the Redirect-URLEnabling Captive Portal Enhancements Configuring a Whitelist Configuring the Netdestination for a WhitelistDefining Netdestination Descriptions Associating a Whitelist to Captive Portal ProfileVerifying a Whitelist Configuration Use the following commands to verify the whitelist aliasVerifying a Captive Portal Profile Linked to a Whitelist Verifying Dynamic ACLs for a WhitelistVerifying DNS Resolved IP Addresses for Whitelisted URLs TOSExample Planning a VPN Configuration Virtual Private NetworksSelecting an IKE protocol Understanding Suite-B Encryption LicensingIKE Policies Suite-B for IPsec tunnels 384 Suite-B certificates ECDSA-256, ECDSA-384Working with IKEv2 Clients Understanding Supported VPN AAA DeploymentsWorking with VPN Authentication Profiles Parameter Default Default-rap Default-capWorking with Certificate Groups VPN ClientConfiguring a Basic VPN for L2TP/IPsec in the WebUI Defining Authentication Method and Server Addresses Navigate to Configuration IP NAT PoolsDefining Address Pools Enabling Source NATConfiguring IKE Policies Defining IKEv1 Shared KeysSetting the IPsec Dynamic Map Finalizing WebUI changesConfiguring a VPN for L2TP/IPsec with IKEv2 in the WebUI Enable authentication methods for IKEv1 clientsConfigure source NAT Create address poolsDefining Address Pools PRF-HMAC-MD5 PRF-HMAC-SHA1 PRF-HMAC-SHA256 PRF-HMAC-SHA384 Configuring a VPN for Smart Card Clients Working with Smart Card clients using IKEv2Enable authentication methods for IKEv2 clients Define IKEv2 PoliciesWorking with Smart Card Clients using IKEv1 Configuring a VPN for Clients with User PasswordsSelect Enable L2TP Configuring VPNs for XAuth Clients using Smart Cards Configuring Remote Access VPNs for XAuthClick Add User Certificates or Common Name as it appears on the certificate Working with Remote Access VPNs for Pptp Working with Site-to-Site VPNs Working with Third-Party DevicesWorking with Site-to-Site VPNs with Dynamic IP Addresses Configuring Site-to-Site VPNsUnderstanding VPN Topologies Show crypto-local pki servercert certname subject For certificate authentication Click Doneto activate the changes Click ApplyFor preshared key authentication Detecting Dead PeersFor the Pre-shared-key For the Pre-shared-key for All FQDNsUnderstanding Default IKE policies Working with VPN DialerConfiguring VPN Dialer Assigning a Dialer to a User RoleHost config #user-role role dialer name Configuring Firewall Policies Roles and PoliciesSupport for Desktop Virtualization Protocols Working With Access Control Lists ACLsCreating a Firewall Policy IP address of the host Configure the NAT pool in the controllerThis can be one of the following When it leaves the controller Queue in which a packet matching this rule should be placedPause ARM White ListCreating a Network Service Alias Creating an ACL White ListConfiguring the ACL White List in the WebUI Configuring the White List Bandwidth Contract in the CLIConfiguring the ACL White List in the CLI Use the following CLI command to create ACL White ListsCreating User Roles Bandwidth Contracts Creating a User RoleClick the Delete button against the role you want to delete Configuring a Bandwidth Contract in the WebUI Configuring and Assigning Bandwidth Contracts in the CLIBandwidth Contract Exceptions Assigning a Bandwidth Contract to a User Role in the WebUIConfiguring Bandwidth Contract Exceptions Assigning User RolesAssigning User Roles in AAA Profiles Viewing the Current Exceptions ListWorking with User-Derived VLANs Rule Type Condition ValueEquals String Dhcp serverUnderstanding Device Identification Configuring a User-derived Vlan in the WebUIDhcp Option Description Hexadecimal Equivalent User-Derived Role Example Configuring a User-derived Role or Vlan in the CLISee for descriptions of these parameters Navigate to the Configuration Security Authentication Configuring a Default Role for Authentication MethodController’s log files Configuring a Server-Derived Role Configuring a VSA-Derived RoleUnderstanding Global Firewall Parameters Monitor TCP SYN Attack rateOr disabled Log Icmp ErrorsDefault Disabled stateful SIP processing is enabled Portal configurationSession Idle Timeout sec Default 15 secondsDisable FTP Server Default Disabled FTP server is enabledSession-tunnel FIB Enable session,tunnel based forwarding Mbps Default 1 Mbps Rate limit CP auth process trafficMbps Is 1-200 Mbps Default 1 Mbps Session mirror IpsecPage Wlan Profiles Default AP Group Toronto AP Group Configuring Virtual AP ProfilesVirtual APs Excluding a Virtual AP Profile From an AP in the WebUI Configuring a Virtual APExcluding a Virtual AP Profile From an AP in the CLI Configuring the User Role Building3-lobby GuestDeny Time Range Ssid profile guestConfiguring Authentication Configuring Authentication ServersDone Users. The default role for unauthenticated users is logon MAC Authentication Default RoleWired to Wireless Roaming Side of the network. This feature is enabled by defaultClick Edit for the default AP group Select Wireless LAN under Profiles, then select Virtual APApplying the Virtual AP Enforce DhcpForward mode Can be configured in tunnel modeCampus APs in decrypt-tunnel forward mode Enforcement, 802.11k and station blacklistingEnable this setting Click the Global Setting tabSetting on each individual local controller Band SteeringDefault 6 stations Default 3600 seconds 1 hourAuthentication Failure APs. Default DisabledCreating a new Ssid Profile Select Wireless LAN underProfiles, then select Virtual AP XSec license in each controller KeysDtim Interval Other wireless clients are transmitting Default value is 2333 bytesPowersave WMM Tspec Min Period to receive broadcastsFrames is disabled Battery BoostLengthening battery life At the lowest configured rateConfiguring an Ssid for Suite-B Cryptography Configuring a Vlan Configuring a Guest WlanConfiguring a Guest Role Configuring a Guest Virtual AP Select Virtual APTo enable bSec Ssid using bSec-128 or bSec-256 Sample ConfigurationEnabling bSec Ssid Support Enabling 802.11k Support Measurement Mode for Beacon Reports Measurement Report Mode fieldDefault Mode beacon-table Advertise 802.11K CapabilityHandover Trigger Feature Settings Profile Handover of Voice Clients’ featureBeacon Report Request Settings Profile TSM Report Request Settings ProfileWorking with Radio Resource Management Information Elements Working with Beacon Report Requests Con when Measurement Mode is set to Active-Channel Report Measurement Mode forRange from 0 to 255. The default value is Randomization IntervalGered. When the triggered option is selected, Request frame. The default value is enabledWorking with a Traffic Stream Measurement Report Number of repetitionsConfiguring a High-Throughput Virtual AP Range 0, 65535. The default value isRange 0, 255. The default value is Bin 0 RangeSelect the 802.11a radio profile 40MHz intoleranceSelect the 802.11g radio profile Maximum number of spatial CapabilitiesStreams usable for Stbc TransmissionMode Is enabled by default Short guard interval in 20 MHzShort guard interval in 40 MHz Supported MCS setManaging High-Throughput Profiles Understanding ARM Adaptive Radio Management ARMConfiguring ARM Scanning ARM Support for 802.11nMonitoring Your Network with ARM Understanding ARM Application AwarenessConfiguring ARM Profiles Creating a New ARM ProfileARM Profiles Example Wlan Description Select RF Management to expand the RF Management sectionConfiguring ARM Settings Copying an Existing ProfileDeleting a Profile Select Adaptive Radio Management ARM ProfileSetting Description That Scanning is also enabled Power SaveAware Scan Mode Default disabled Video Aware Default 8 scansDefault 9 dBm Scan That Scanning is also enabledEnabled, that device will ignore this setting Client Aware setting is disabledDefault 240 seconds Error RateThreshold Change Default 50% Error Rate Wait Time Channel change Default 30 seconds Noise ThresholdDefault 1250000 Bps Mode AwareLoad Aware Scanning if the load for the AP gets too highSelect Configuration AP Configuration Assigning an ARM Profile to an AP GroupEnabling Band Steering Using Multi-Band ARM for 802.11a/802.11g TrafficSteering Modes To disable band steering, include the no parameter Select Wireless LAN to expand the Wireless LAN sectionEnabling Band Steering To configure traffic shaping via the WebUI Enabling Traffic ShapingEnabling Traffic Shaping Select QoS to expand the QoS sectionTo disable traffic shaping, use the default-accessparameter Enabling Spectrum Load BalancingReusing Channels to Control RX Sensitivity Tuning Configuring Non-802.11 for Noise Interference ImmunityARM Metrics Troubleshooting ARM Wireless Clients Report a Low Signal LevelTransmission Power Levels Change Too Often Too many APs on the Same ChannelAPs Detect Errors but Do Not Change Channels APs Don’t Change Channels Due to Channel NoiseWorking with the Reusable Wizard Wireless Intrusion PreventionThis chapter contains the following sections Protection features for Wlan clients Understanding Wizard Intrusion DetectionProtecting Your Infrastructure Understanding Wizard Intrusion ProtectionProtecting Your Clients Monitoring the Dashboard WIP Wizard Intrusion ProtectionDetecting Rogue APs Understanding Classification TerminologyUnderstanding Classification Methodology Classification DescriptionUnderstanding Match Types Understanding Match MethodsUnderstanding Suspected Rogue Confidence Level Understanding AP Classification Rules Understanding Rule MatchingWorking with Intrusion Detection Feature Command Trap Syslog IDUnderstanding Infrastructure Intrusion Detection Ids impersonation-profile WlsxAPSpoofingDetected 126069 Detect-bad-wep WlsxStaRepeatWEPIVViolation 126016Ids impersonation-profile 126086Require-wpa WlsxChannelMisconfiguration 127028 Ids unauthorized-device-profile WlsxWirelessBridge 126036Detect-wireless-bridge Wireless-bridge-quiet-time Detect-malformed-large-duration DetectedDetecting an 802.11n 40MHz Intolerance Setting Detecting Active 802.11n Greenfield ModeDetecting an Ad hoc Network Using a Valid Ssid Detecting Ad hoc NetworksDetecting Bad WEP Initialization Detecting a Beacon Frame Spoofing AttackDetecting a Client Flood Attack Detecting an RTS Rate AnomalyDetecting a Misconfigured AP Detecting a Wireless BridgeDetecting Broadcast Deauthentication Detecting Malformed Frame-AuthUnderstanding Client Intrusion Detection Detecting WellenreiterIds dos-profile WlsxPowerSaveDoSAttack 126109 Detect-power-save-dos-attackDetect-hotspotter-attack Hotspotter-quiet-time Ids dos-profile WlsxOmertaAttack 126071Detecting a Meiners Power Save DoS Attack Detecting a Block ACK DoSDetecting a ChopChop Attack Detecting a Disconnect Station AttackDetecting an Omerta Attack Detecting Rate AnomaliesDetecting a Tkip Replay Attack Detecting Unencrypted Valid ClientsConfiguring Intrusion Protection Understanding Infrastructure Intrusion ProtectionUnderstanding Client Intrusion Protection Configuring the Wlan Management System WMS Navigate to the Configuration Advanced Services WirelessProtecting Valid Stations Protecting Windows BridgeConfiguring Local WMS Settings Not configuredManaging the WMS Database Station Ageout IntervalMethods of Blacklisting Understanding Client BlacklistingBlacklisting Manually Blacklisting by Authentication Failure Enter a value in the Max Authentication failures fieldEnabling Attack Blacklisting Captive portalWorking with WIP Advanced Features Setting Blacklist DurationRemoving a Client from Blacklisting Profiles list, expand the IDS menu, then select IDS profileConfiguring TotalWatch Understanding TotalWatch Channel Types and QualifiersUnderstanding TotalWatch Monitoring Features Understanding TotalWatch Scanning Spectrum FeaturesUnderstanding TotalWatch Channel Dwell Time Frequency ChannelAdministering TotalWatch Configuring Per Radio SettingsConfiguring Per AP Setting Understanding TotalWatch Channel VisitingDOS Configuring Tarpit Shielding Understanding Tarpit Shielding Licensing CLI CommandsWorking with Tarpit Shielding LicensingBasic Functions and Features Access Points APsFunction Following topics are included in this chapterNaming and Grouping APs Use the following command to create an AP group Creating an AP groupAssigning APs to an AP Group You can use the WebUI or the CLI to create a new AP groupWorking with Wireless LAN Profiles Understanding AP Configuration ProfilesClick Apply and Reboot Page Page Working with AP Profiles Working with QoS ProfilesWorking with RF Management Profiles Provisioning Mesh ProfilesProfile Hierarchy Viewing Profile ErrorsOther Profiles AP Specific and AP Group Profile Hierarchies Other Profile Hierarchies Configuring Firewall Settings Deploying APsRunning the RF Plan Verifying that APs Can Connect to the ControllerConfiguring Dhcp Server Communication with APs Configuring DNS ResolutionEnabling Controller Discovery Navigate to the Configuration Network IP Dhcp Server window Using the Aruba Discovery Protocol ADPVerifying that APs Are Receiving IP Addresses Provisioning APs for Mesh Provisioning 802.11n APs for Single-Chain TransmissionAP Model Freqency Band Antenna Port AP92 4GHz or 5GHzInstalling APs on the Network AP Model Freqency Band5GHz AP134 4GHz or 5GHzProvisioning Installed APs Updating the RF PlanDesignation an AP as Remote RAP versus Campus CAP Working with the AP Provisioning WizardProvisioning an Individual AP AP Provisioning Window Page LMS or backup LMS values Provisioning Multiple APs using a Provisioning ProfileAP is associated Assigning Provisioning Profiles AP Installation Modes Configuring a Provisioned APTroubleshooting Clear gap-db wired-mac Renaming an APTo configure the bootstrap threshold using the WebUI Configuring the Bootstrap ThresholdOptimize APs Over Low-Speed Links RF Band for AM Mode scanning Configuring split-tunnel forwardingBackup LMS IP LMS IPv6 Backup LMS IPv6 LMS PreemptionBootstrap threshold From a wireless client that is connected to a tunneled SsidWireless frame is only encapsulated inside the IPsec tunnel When an AP process crashesPrioritizing AP heartbeats AP Maintenance Mode AP RedundancyTo enable AP maintenance mode Energy Efficient EthernetManaging AP LEDs AP130 Series onlyRF Management 802.11a and 802.11g RF Management ProfilesManaging 802.11a/802.11g Profiles Using the WebUI Enable CSACreating or Editing a Profile RadioLevel 5 disable PHY reporting Reuse featureBalancing mode Select one of the following options MHz and 40 MHz modesLoad-balancing mode Channel. The default CSA count is 4 announcementsBalancing threshold Radio Management ARM scanning and channel assignmentRX Sensitivity Tuning RX sensitivity tuning based channel reuse threshold, in dBmSignal strength Default, allowing 40 MHz operationAssigning an 802.11a/802.11g Profile Assigning a High-throughput ProfileProfile Spectrum monitor radio AM Scanning ProfileAssigning an ARM Profile Deleting a Profile Managing 802.11a/802.11g Profiles Using the CLICreating or Modifying a Profile Viewing RF Management Settings To view the settings of a specific RF management profileRF Optimization Assigning a 802.11a/802.11g ProfileRF Event Configuration Default value 0 secondsIs sent to the client Maximum value 8 secondsFrame Error Rate High Frame Error Rate LowDetect Frame Rate Anomalies Recommended value is 85%Configuring AP Channel Assignments Select the Regulatory Domain profile named defaultFrame Retry Rate High Frame Retry Rate LowChannel Switch Announcement CSA Managing AP Console Settings Automatic Channel and Transmit Power SelectionIP address of the DNS server used by the AP IP address of the AP’s master controllerDomain name used by the AP Understanding Mesh Access Points Secure Enterprise MeshMesh Portals Mesh PointsUnderstanding Mesh Links Mesh ClustersOptimizing Links Link MetricsComponent Description Understanding Mesh Profiles Mesh Cluster ProfileMesh Radio Profile RF Management 802.11a and 802.11g ProfilesAdaptive Radio Management Profiles Mesh High-Throughput Ssid ProfileHigh-Throughput Profiles Wired AP Profile Understanding Mesh SolutionsMesh Recovery Profile Point-to-Point Deployment Thin AP Services with Wireless Backhaul DeploymentPoint-to-Multipoint Deployment High-Availability Deployment Sample Point-to-Multipoint DeploymentTask Overview Planning a Wlan According to Your SpecificationsCollecting Required Information Building Dimensions AP Desired Rates 2.4 GHz Radio PropertiesWorking with Mesh Radio Profiles Managing Mesh Profiles In the WebUICreating a New Profile AM Desired RatesThreshold Nodes Default 10 missed heartbeats. The range is Indicates the transmit rates for the 802.11a radioRates AP goes through the list and uses the next highest rateRange 0-4094. Default 0 disabled Default distributed-tree-rssiRecommends using this default startup-subthresholdvalue Used for user trafficDefault 2,333 bytes. The range is 256- 2,346 Assigning a Profile to a Mesh AP or AP GroupEditing a Profile Link qualityTo view the settings of a specific mesh radio profile Viewing Profile SettingsManaging Mesh Profiles In the CLI Working with Mesh High Throughput Ssid Profiles Managing Profiles In the WebUIAssigning a Profile to an AP Group Deleting a Mesh Radio ProfileTemporal Diversity Enable Enabled legacy stations are allowedConfigured value adjusts based on AP capabilities Launch then software retriesMode Enabled by default Μsec, 2 µsec, 4 µsecDegrade throughput Different values, separate each value with a commaManaging Profiles In the CLI Viewing High-throughput Ssid Settings To view the settings of a specific high-throughput profileUnderstanding Mesh Cluster Profiles Deployments with Multiple Mesh Cluster ProfilesManaging Mesh Cluster Profiles In the WebUI Associating a Profile to Mesh APs Managing Mesh Cluster Profiles In the CLI Deleting a Mesh Cluster ProfileTo view the settings of a specific mesh cluster profile Viewing Mesh Cluster Profile SettingsAssociating Mesh Cluster Profiles Configuring Ethernet Ports for Mesh Configuring Bridging on the Ethernet PortExcluding a Mesh Cluster Profile from a Mesh Node To exclude a specific mesh cluster profile from an APConfiguring Ethernet Ports for Secure Jack Operation Extending the Life of a Mesh Network Provisioning Mesh Nodes Outdoor AP ParametersUnder Port Selection, click the port to configure IP settings section, select Obtain IP Address Using DhcpProvisioning Caveats Provisioning Mesh NodesBooting the Mesh Portal Understanding the AP Boot SequenceBooting the Mesh Point Verifying the Network Verification ChecklistAir Monitoring and Mesh Configuring Remote Mesh Portals RMPs CLI ExamplesHow RMP Works Creating a Remote Mesh Portal In the WebUIProvisioning the AP Defining the Mesh Private VlanSelecting an RF Management Profile Selecting a Mesh Radio ProfileAdding a Mesh Cluster Profile Configuring the Vlan ID of the Virtual AP Profile Configuring a Dhcp PoolProfile Details window Provisioning a Remote Mesh Portal In the CLI Additional InformationConfiguring Redundancy Parameters Configuring the Local Controller for Redundancy Configuring the Master Controller for Redundancy Configuring the LMS IPOn the master controller Command Explanation Enter the master-redundancy contextRouter ID of the Vrrp instance Controllers. Specify a key of up to 64 charactersConfiguring Database Synchronization This config mode command includes RF plan data whenEnabling Incremental Configuration Synchronization CLI Only Configuring Master-Local Controller RedundancyRedundant Topology Master-Local Redundancy Vrrp Dell PowerConnect W-Series ArubaOS 6.2 User Guide Understanding Rstp Migration and Interoperability Disabled Discarding BlockingWorking with Rapid Convergence Rstp 802.1w Description Port Role Feature Default Value/Range Configuring RstpEdge Port and Point-to-Point Troubleshooting Rstp Change the default configurations via the command lineMonitoring Rstp Port FastDell PowerConnect W-Series ArubaOS 6.2 User Guide Rstp Understanding PVST+ Interoperability and Best Practices Enabling PVST+ in the CLIFrom the WebUI, add a Vlan instance and enable PVST+ Enabling PVST+ in the WebUIUnderstanding Dell Mobility Architecture IP MobilityConfiguring Mobility Domains Enable mobility disabled by defaultOn a master controller On all Dell controllers in the mobility domainConfiguring a Mobility Domain Navigate to the Configuration Advanced Services IP Mobility Example ConfigurationJoining a Mobility Domain Configuring Mobility using the WebUI Subnetwork MaskHome Agent Address or Vrip On controller a the master controllerConfiguring Mobility using the CLI Viewing mobile client status using the WebUIViewing mobile client status using the CLI Tracking Mobile UsersViewing user roaming status using the CLI Viewing specific client information using the CLIRoaming Description Status Type Status Type DescriptionConfiguring Advanced Mobility Functions Setting up mobility association Using the CLIMobile Client Roaming Locations HA Discovery on AssociationIs 0-5000 visitors. The default setting is 5000 visitors Default setting is 3 attemptsSeconds. The default setting is 5000 seconds Enable standalone APClick Apply after setting the parameter Proxy Mobile IP Proxy DhcpUnderstanding Bridge Mode Mobility Deployments RevocationsWorking with Proxy Igmp and Proxy Remote Subscription Enabling Mobility MulticastWorking with Inter controller Mobility Configuring Mobility Multicast Inter-controller MobilityEnable Igmp proxy on the FastEthernet Ieee 802.3 interface Enable Igmp snoopingExample Start at 0 from the left-most positionUnderstanding Firewall Port Configuration Among Dell Devices External Firewall ConfigurationPorts Used for Virtual Internet Access VIA Enabling Network AccessConfiguring Ports to Allow Other Traffic Types Page About Remote Access Points Remote Access PointsRemote AP with a Private Network Configuring the Secure Remote Access Point Service Configure a Public IP Address for the ControllerUsing the WebUI to create a DMZ address Configure the NAT DeviceConfigure the VPN Server Chap Authentication Support over PPPoEUsing the WebUI to configure Chap You can use the CLI or the WebUI to configure ChapUsing the CLI to configure the Chap Configuring Certificate RAPCreating a Remote AP Whitelist Configuring PSK RAP Using WebUIUsing CLI RAP Static Inner IP AddressProvision the AP IP-Address parameter in the local databaseDeploying a Branch Office/Home Office Solution Deployment Scenario Master IP Address ValueConfiguring the Branch Office AP Troubleshooting Remote APProvisioning the Branch Office AP Local DebuggingBasic View Information Advanced View Information Name Multihoming on remote AP RAP Seamless failover from backup link to primary link on RAPRemote AP Connectivity Remote AP Diagnostics Enabling Remote AP Advanced Configuration OptionsData Description Remote Oper Forward Mode Setting Ation Understanding Remote AP Modes of OperationWorking in Fallback Mode Only Ssid configuration Stored in flash onEssid is up when Same behavior as Not supported AP contacts SSIDsBackup Configuration Behavior for Wired Ports Configuring Fallback ModeConfiguring the AAA Profile for Fallback Mode in the WebUI Configuring the AAA Profile for Fallback Mode in the CLI Configuring the Dhcp Server on the Remote AP Using the WebUI Configuring Advanced Backup Options Configuring the Session ACL in the WebUIConfiguring the AAA Profile in the WebUI Defining the Backup Configuration in the WebUI Configuring the Session ACL in the CLIConfigure the Remote-AP Dhcp Server fields Route src-natSpecifying the DNS Controller Setting Using the CLI to configure the AAA profileDefining the Backup Configuration in the CLI You can define other parameters as neededBackup Controller List Configuring Remote AP Failback Configuring the LMS and backup LMS IP addresses in the CLIEnabling RAP Local Network Access Configuring Remote AP Authorization ProfilesTo enable, enter To disable, enterAdding or Editing a Remote AP Authorization Profile Working with Access Control Lists and Firewall PoliciesUnderstanding Split Tunneling Configuring Split Tunneling Sample Split Tunnel EnvironmentConfiguring the Session ACL Allowing Tunneling Configuring an ACL to Restrict Local Debug Homepage Access Configuring the AAA Profile for Tunneling Enable Restricted Access to LD HomepageConfiguring the Tunneling Virtual AP Profile Inthe CLINavigate to Configuration Wireless AP Configuration Provisioning Wi-Fi MultimediaDefining Corporate DNS Servers Configuring Bandwidth Reservation To configure bandwidth reservationNavigate to Configuration Advanced Services All Profiles Reserving Uplink BandwidthProvisioning 4G USB Modems on Remote Access Points Navigate to Configuration Wireless AP Installation4G USB Modem Provisioning Best Practices and Exceptions Provisioning RAP for USB ModemsRAP 3G/4G Backhaul Link Quality Monitoring Configuring W-IAP3WN Access Points PantechConverting IAP to RAP Converting an IAP to RAP or CAPConverting an IAP to CAP Configuring Bandwidth Contracts for RAP Enabling Bandwidth Contract Support for RAPsDefining Bandwidth Contracts Applying ContractsVerifying Contracts on AP Verifying Contracts Applied to UsersFollowing is a sample output for a per-user configuration Verifying Bandwidth Contracts During Data TransferPage Understanding VIA Connection Manager Virtual Intranet AccessHow it Works Installing the VIA Connection Manager On Microsoft Windows ComputersOn Apple MacBooks User action / environment VIA’s behaviorConfiguring the VIA Controller Upgrade WorkflowMinimal Upgrade Complete UpgradeSupported Authentication Mechanisms Authentication mechanisms supported in VIAOther authentication methods Before you BeginConfiguring VIA Settings Suite-BUsing the WebUI to Configure VIA Enable VPN Server ModuleCreate VIA Authentication Profile Create VIA User RolesEnter a name for the server group Create VIA Connection ProfileTo create VIA connection profile Configuration Option Description To the support email-address for troubleshooting List of all IKEv2 authentication methodsDefault None Client Auto-LoginEnable Supplicant Enable Fips ModuleVIA Authentication Name\username instead of just username Use Windows CredentialsConfigure VIA Web Authentication To configure VIA web authentication profileConfigure VIA Client Wlan Profiles To configure a VIA client Wlan profileAssociate VIA Connection Profile to User Role To associate a VIA connection profile to a user roleOption Description Cryptobinding TLVServers or trusted certification authorities Mschapv2-use-windows-credentialsDownload VIA Installer and Version File Rebranding VIA and Downloading the InstallerTo download the VIA installer and version file Using the CLI to Configure VIA Create VIA authentication profilesCreate VIA roles Create VIA connection profilesCustomize VIA logo, landing page and downloading installer Downloading VIAPre-requisites Requires the following Microsoft KB on the end-user systemsLogin to Download VIA Downloading VIAUsing VIA Installing VIAConnection Details Tab Diagnostic Tab TroubleshootingSettings Tab Understanding Spectrum Analysis Spectrum AnalysisDevice AP104 YesHybrid AP? Device Configurable as aGraph Title Graph Title Description Update Interval Spectrum Analysis Clients SpectrogramReal-Time FFT SweptCreating Spectrum Monitors and Hybrid APs Hybrid APs Using Mode-Aware ARMHybrid AP Channel Changes Converting APs to Hybrid APs Converting an Individual AP to a Spectrum MonitorConverting a Group of APs to Spectrum Monitors Select AP to expand the AP profiles sectionConnecting Spectrum Devices to the Spectrum Analysis Client Disconnecting a Spectrum Device View Connected Spectrum Analysis DevicesTable Column Description To manually disconnect a spectrum monitor or hybrid APSelecting a Spectrum Monitor Configuring the Spectrum Analysis DashboardsClick the Spectrum Dashboards tab Changing Graphs within a Spectrum View Click theSpectrum Dashboards tabSaving a Dashboard View Renaming a Spectrum Analysis Dashboard ViewSelect Rename Customizing Spectrum Analysis Graphs Resizing an Individual GraphSpectrum Analysis Graph Configuration Options Active DevicesChannel Range ShowService set identifier of the device’s 802.11 wireless LAN Active Devices TableDevice Type Column may display any of the following valuesSelect the button by the symbol Radio band or channelColumn heading Select the button by the Less than drop down listActive Devices Trend Detects on the radio channelCenter Frequency MHzWi-Fi data as non-Wi-Fi data Channel MetricsShow lines for these Select one of the following device typesChannel Metrics Graph Radio band displayed in this graphChannel Metrics Trend Drop-down list and select one of the following options MinutesHour Unselect the checkbox to hide that informationChannel Summary Table MonitorDevice Duty Cycle Band Radio band displayed in this graphNumbering Identify a channel numbering scheme for the graph Channel Utilization TrendFollowing device types As non-Wi-Fi data Devices vs ChannelIntervals Uncheck the checkbox by that channel numberDevices vs Channel Options FFT Duty Cycle FFT Duty CycleInterference Power Interference Power Options Quality Spectrogram Device typesReal-Time FFT DataAxis Frequencies for the graphFrequency Center of the x-axis of this chart Span Swept SpectrogramCenter Right field, and the higher value in the left fieldSimple Line Graph of FFT Power Data Swept Spectrogram Options Working with Non-Wi-Fi Interferers Non-Wi-Fi Description Interferer Device vs Channel Interference PowerUnderstanding the Spectrum Analysis Session Log Viewing Spectrum Analysis DataCreating a Spectrum Analysis Record Recording Spectrum Analysis DataTo record spectrum analysis data for later analysis Saving the Recording Playing a Spectrum Analysis RecordingPlaying a Recording in the Spectrum Dashboard To save the recording fileClick the Recording View/Play link at the top of the window Playing a Recording Using the RFPlayback ToolClick Load File For Playback Troubleshooting Spectrum Analysis Troubleshooting Browser IssuesConverting a Spectrum Monitor Back to an AP or Air Monitor Loading a Spectrum ViewPlaying a Recording in the RFPlayback Tool Understanding Spectrum Analysis Syslog MessagesUnderstanding Device Ageout Times Hopper Seconds Age Out Generic Fixed FrequencyAge Out Generic Frequency Hopper Monitoring Performance Dashboard MonitoringClients APsUsing Dashboard Histograms Monitoring UsageMonitoring Security Monitoring Potential IssuesMonitoring WLANs Monitoring Access Points Monitoring ClientsTo disable this setting, include the no parameter Monitoring FirewallsElement View ElementColumn Element DescriptionBytes Tx Bytes Rx Bytes Details View Element TabElement Summary View User Bytes Packets Device DestinationUsage Breakdown ApplicationAggregated Sessions Usage BreakdownSource IP Column DescriptionDestination Alias Configuring Certificate Authentication for WebUI Access Management AccessEnabling Public Key Authentication for SSH Access Enabling Radius Server Authentication Select the client certificate Click ApplyConfiguring Radius Server Authentication with VSA Configuring a set-value server-derivation rule Verifying the configuration Disabling Authentication of Local Management User AccountsResetting the Admin or Enable Password Bypassing the Enable Password Prompt User admin PasswordImplementing a Specific Management Password Policy Setting an Administrator Session TimeoutDefining a Management Password Policy Configure the settings described in TableAllowed Characters Disallowed Characters Management Authentication Profile Parameters Allowed CharactersColon Period Pipe Plus sign + Tilde ~ Comma Accent mark `Managing Certificates About Digital CertificatesNavigate to the Configuration Management Certificates CSR Obtaining a Server CertificateParameter Description Range Enter the following informationRun the following command Obtaining a Client CertificateImporting Certificates PKCS7 encrypted PKCS12 encryptedUse the following command to import CSR certificates Viewing Certificate InformationImported Certificate Locations Location DescriptionChecking CRLs Configuring SnmpSnmp Parameters for the Controller Configuring Logging Category/Subcategory Description Logging Level Description Category/Subcategory802.1x messages Radius Radius user messages Configuring the Guest Fields Configuring the Guest ProvisioningEnabling Guest Provisioning Guest Field GuestcategoryConfiguring the Page Design Guest Field DescriptionProvisioning page for the sponsor information Fields that followConfiguring Email Messages Configuring the Smtp Server and Port in the WebUINavigate to the Configuration Management SMTPpage Click Apply and then Save Configuration Configuring an Smtp server and port in the CLICreating Email Messages in the WebUI Configuring a Guest Provisioning User Username and Password Authentication MethodStatic Authentication Method Management Users section, click AddCustomizing the Guest Access Pass Smart Card Authentication MethodUsername and Password Method Click Apply and Save ConfigurationCreating Guest Accounts Customized Guest Account Information WindowGuest Provisioning User Tasks Creating a Guest Account-New Guest WindowImporting Multiple Guest Entries Creating Multiple Guest Entries in a CSV FileImporting the CSV File into the Database CVS File Format-Guest Entries InformationImporting a CSV file that contains Guest Entries Displaying the Guest Entries Log File Restricting one Captive Portal Session for each Guest Optional ConfigurationsPrinting Guest Account Information Setting the Maximum Time for Guest Accounts Using the WebUI to set the maximum time for guest accountsUsing the CLI to set the maximum time for guest accounts Managing Files on the ControllerServer Type Configuration Navigate to the Maintenance Controller Image ManagementTransferring ArubaOS Image Files Username to log into serverBacking Up and Restoring the Flash File System Copying Log FilesSetting the System Clock Manually Setting the ClockNavigate to the Configuration Management Clock Copying Other FilesConfiguring NTP Authentication Clock SynchronizationTimestamps in CLI Output Enabling Capacity AlertsThreshold Description Examples Sent. The default threshold for this parameter is 80%User-capacity Using the Initial Setup Configuring Local ControllersAdding Local Controllers Configuring Layer-2/Layer-3 Settings Configuring Trusted PortsConfiguring Local Controller Settings Using the Web UIConfiguring APs Using the WebUI to configure the LMS IPUsing the CLI to configure the LMS IP Moving to a Multi-Controller EnvironmentConfiguring a Preshared Key Configuring a Controller Certificate Using the WebUI to configure a Local Controller PSKUsing the WebUI to configure a Master Controller PSK Using the CLI to configure a PSKUsing the CLI to configure the Master Controller Certificate Securing Client Traffic Advanced SecuritySecuring Wireless Clients Wireless xSec Client ExampleSecuring Wired Clients Navigate to the Configuration Advanced Services Wired Access Securing Wireless Clients Through Non-Dell APs Securing Clients on an AP Wired Port Time to wait for authentication to SucceedSecuring Controller-to-Controller Communication Configuring Controllers for xSecFor Controller Configuring the Odyssey Client on Client Machines Installing the Odyssey ClientModifying a regedit Policy Certificate Information Page Configuring Voice and Video Setting up Net ServicesUsing Default Net Services Voice and Video License RequirementsConfiguring User Roles Creating Custom Net ServicesUsing the Default User Role Net Service Name Protocol PortUsing the WebUI to configure user roles Service NameNavigate to the Configuration Security Access Control Creating or Modifying Voice User RolesUsing the CLI to configure a user role Click Done Click ApplyUsing the User-Derivation Roles Using the WebUI to derive the role based on SsidUsing the CLI to derive the role based on Ssid Using the WebUI to derive the role based on MAC OUIAdditional Video Configurations Configuring Firewall Settings for Voice and Video ALGsConfiguring Video over Wlan enhancements To enable Igmp snooping Pre-requisitesConfigure multicast rate optimization for video traffic To add the ACL to a user roleConfigure and apply a bandwidth management profile Set a bandwidth percentage for the following categoriesEnable multicast shaping on the firewall Enable Igmp ProxyEnable Igmp Snooping Configure multicast rate optimization for the video traffic Configure ARM scanning for video trafficWorking with QoS for Voice and Video Configure and apply bandwidth management profileThis step is optional Understanding VoIP Call Admission Control Profile To enable call admission control in this profile Understanding Wi-Fi MultimediaVoip Tspec Enforcement Configuring WMM AC Mapping Priority 802.1p Priority WMM Access CategoryEnabling WMM Lowest Background Best effort Video Voice HighestUsing the WebUI to map between WMM AC and Dscp Dscp Decimal Value WMM Access CategoryBackground Best effort Video Voice Configuring Dscp Priorities Using the CLI to map between WMM AC and DscpEnhanced Distributed Channel Access Configuring Dynamic WMM Queue ManagementWMM Access Category Description 802.1p Tag Using the WebUI to configure Edca parameters Disables this option1. a value of 4 computes to 2 4-1 = 15. Possible values are Microseconds, enter 94 3008/32. Possible values areUsing the CLI to configure Edca parameters Enabling WMM Queue Content EnforcementTo associate the Edca profile instance to a Ssid profile Understanding Extended Voice and Video Features Microsoft OCSApple Facetime Port Packet TypeEnabling Mobile IP Home Agent Assignment Enabling WPA Fast HandoverScanning for VoIP-Aware ARM Configuring SIP Authentication Tracking Disabling Voice-AwareTo configure Real Time analysis on voice calls Enabling Real Time Call Quality AnalysisWeb UI Viewing Real Time Call Quality ReportsEnabling SIP Session Timer SIP session timer is implemented in the SIP ALG as per RFCTo view the SIP settings on the controller To configure the session timer and the timeout valueClick the Policies tab Enabling Wi-Fi Edge Detection and Handover for Voice Clients Select the Classify Media check boxExpand Handover Trigger under Wireless Lan Click the Apply button to save the configurationWorking with Dial Plan for SIP Calls Understanding Dial Plan FormatConfiguring Dial Plans Action DescriptionDialplan Profile Dialplan Profile displays the dial plan detailsEnabling Enhanced 911 Support To create a voice dial plan profileTo associate the dial plan with SIP ALG To view the SIP dial plan profileWorking with Voice over Remote Access Point Understanding Battery Boost Enabling LldpConfigure the Lldp profile parameters as desired then click Lldp PDUs. The AP will send all optional TLVs by default Lldp PDUs. The AP will send all 802.1 TLVs by defaultLldp PDUs. The AP will send all 803.2 TLVs by default Show the power support capabilities of the AP interfaceLLDP-MED Profile Configuration Parameters Apply to save your settings Advanced Voice Troubleshooting Viewing Troubleshooting Details on Voice Client StatusConnected Viewing Troubleshooting Details on Voice Call CDRs To view the details of a completed call based on the CDR IdEnabling Voice Logs Navigate to the Configuration Management LoggingEnabling Logging for a Specific Client To view the voice signaling message traces Viewing Voice TracesTo set the voice logging level to debugging To debug voice logs for a specific clientViewing Voice Configurations To view the voice configuration details on your controllerSIP settings Value Parameter L2/L3 network mode support OverviewInstant AP VPN Support Termination of Instant AP VPN tunnelsVPN Configuration Whitelist DB ConfigurationController Whitelist DB External Whitelist DBVPN Local Pool Configuration VPN Profile ConfigurationViewing Branch Status Radius proxy for VPN connected IAPsOutput of this command includes the following parameters Understanding W-600 Series Best Practices and Exceptions Series ControllersController USB PortsSwitching Modes Connecting with a USB Cellular ModemsFinding USB Modem Commands Uplink Manager Cellular ProfileDialer Group Cellular Profile from the WebUIConfiguring a Supported USB Modem Verify the modem is registered with the Uplink ManagerConfiguring the Profile and Modem Driver Configuring a New USB ModemIf you get entries similar to the example below Configuring the TTY Port Driver=noneTesting the TTY Port Selecting the Dialer ProfileNAS Device Setup Setting Up NAS Network-Attached Storage DevicesLinux Support Managing NAS Devices Configuring in the CLIView list of shares in a disk NAS Media Green-solid Press and hold media Mounting and Unmounting DevicesController wake-up Green-solid Button Connecting to a Print Server Printer Setup Using the CLIAdditional Commands for Managing Printers To view a list of printers mounted on the controller, typeSeries Sample Topology and Configuration Remote Branch 1-W-650 ControllerRemote Branch 2-W-650 Controller Central Office Controller-Active Central Office Controller-Backup Page External Services Interface Sample ESI TopologyESI-Fortinet Topology Understanding the ESI Syslog Parser ESI Parser DomainsPeer Controllers Syslog Parser RulesCondition Pattern Matching Configuring ESIUser Pattern Matching Defining the ESI Server Configuring Health-Check Method, Groups, and ServersEnter a Profile Name To configure an ESI server group on the controller Defining the ESI Server GroupServer Name Enter a Group NameRedirection Policies and User Role ESI Syslog Parser Domains and Rules Managing Syslog Parser Domains in the WebUIAdding a new syslog parser domain Deleting an existing syslog parser domainUse these CLI commands to manage syslog parser domains Managing Syslog Parser Domains in the CLIManaging Syslog Parser Rules Editing an existing syslog parser domainDeleting a syslog parser rule Adding a new parser ruleEditing an existing syslog parser rule Testing a Parser Rule Use these CLI commands to manage syslog parser rulesMonitoring Syslog Parser Statistics Sample Route-mode ESI TopologyShowing ESI syslog parser rule information ESI server configuration on controller Configuring the Example Routed ESI TopologyIP routing configuration on Fortinet gateway Health-Check Method, Groups, and Servers Defining the Ping Health-Check MethodTrusted IP Address. Enter Untrusted IP Address. Enter Enter a Group Name. Enter fortinetRedirection Policies and User Role Syslog Parser Domain and Rules Add a New Syslog Parser Domain in the WebUIAdding a New Parser Rule in the WebUI To add a new syslog parser domain for the routed exampleSample NAT-mode ESI Topology Example NAT-Mode TopologyESI server configuration on the controller Configuring the Example NAT-mode ESI Topology Configuring the NAT-mode ESI Example in the WebUIConfiguring the ESI Group in the WebUI Profile Name. This example uses externalcppingConfiguring the Example NAT-mode Topology in the CLI Configure the ESI Servers in the WebUIConfiguring the Redirection Filter in the WebUI Policy Name. This example uses cpredirectaclConfiguring a Health-Check Ping Configuring ESI ServersUsing the ESI Group in a Session Access Control List CLI Configuration ExampleUnderstanding Basic Regular Expression BRE Syntax Character-Matching OperatorsRegular Expression Anchors Regular Expression Repetition OperatorsDescription Sample Result References Working with the ArubaOS XML API Works External User ManagementAuthenticating a User Creating an XML RequestAdding a User Deleting a UserDefault Response Format Format of a default XML response from the controller isXML Response Blacklisting a UserResponse Codes Code Reason messageQuery Command Response Format Code Reason message DescriptionUsing the XML API Server Configuring the XML API ServerVerify the XML API server configuration Associating the XML API Server to a AAA profileVlan Set up Captive Portal profile Associating the Captive Portal Profile to an Initial RoleAuthentication Command Description Options Description Range / DefaultsThis command deletes the user from the controller Dell controllers configurationMonitoring External Captive Portal Usage Statistics Using XML API in C Language Sample CodePage Page Understanding XML API Request Parameters Understanding Request and ResponseList all parameter that you can use in a request This command will add a client on your network Understanding XMl API ResponseAdding a Client Response from the controllerView the updated details of the client on the controller Authenticating a ClientDeleting a Client Sending the authentication command Status of the client before authenticationStatus of the client after authentication Querying for Client Details Blacklisting a Client Blacklisting a Client-request and responseSupported Planning RF PlanConfiguration Considerations Planning DeploymentPre-Deployment Considerations Outdoor-Specific Deployment ConsiderationsPost-Deployment Considerations Dual-Port AP ConsiderationsCampus List Launching the RF PlanButtons Description Buttons Building List PaneEdit a campus from the building list pane Building Specifications Overview Building DimensionAP Modeling Parameters Radio Type Overlap Factor Design ModelRadio Description Button Users/AP Radio Properties Desired Rates and HT Support OptionsOverlap Description Factor Radio Property DescriptionNumber of available channels AM ModelingValid values are 54, 48, 36, 24, 18, 12, 9, 6, 11, 5.5, 2 Planning Floors Design ModelsMonitor Rates Radio Button DescriptionYou can select or adjust the features as described in Table ZoomApproximate Coverage Map Floor Editor Dialog BoxLevel NamingArea Editor Dialog Box Background ImagesLocation and Dimensions Area TypesAccess Point Editor Dialog Box FixedPower Levels 802.11n FeaturesRadio Types Y CoordinatesAP Plan InitializeOptimize MemoFix All Suggested AP/AMs AM PlanViewing the Results Exporting and Importing Files Import Campus Export CampusExport Buildings Locate Import BuildingsFqln Mapper Property DescriptionUsing the Fqln Mapper in the AP Provision Search ResultsUsing the WebUI RF Plan ExampleSample Building HeightCreate a Building Model the Access Points Text BoxInformation Campus NameModel the Air Monitors Add and Edit a FloorAdding the background image and naming the first floor Adding the background image and naming the second floorCreating a Don’t Deploy Area Running the AP PlanRunning the AM Plan Click InitializeClick Optimize Click Initialize then OptimizeBehavior and Defaults Understanding Mode SupportForwarding Mode Feature Not Supported Network Services Understanding Basic System DefaultsName Protocol Name Protocol Ports Predefined Policy Description PoliciesFollowing are predefined policies Used to enable the captive portal logout Access the controllers administrativeBe modified. It permits APs to boot up Network access. You can use this rule toPermits all DNS traffic NAT-T UDP 4500. Remove NAT-T if notNeeded This policy can be used to source-NAT allPredefined Role Description RolesFollowing are predefined roles Enables captive portal Should be disabled if it is not neededBeginning Profiles with different customizationPredefined Role Permissions Understanding Default Management User RolesArubaOS software includes predefined management user roles Show aaa state configuration Show aaa authentication-server allShow switches summary Show wlan-ap-count type access-pointsMonitoring Controller Clients Packet CaptureMonitoring Understanding Default Open Ports Port Protocol Where Used Description NumberController Remote wired MAC lookup 4343 TestingPort is not exposed to wireless users Exposed to wireless usersConfiguring a Windows-Based Dhcp Server Configuring OptionTo configure option 60 on the Windows Dhcp server Dhcp with Vendor-Specific OptionsTo configure option 43 on the Windows Dhcp server Field InformationScope Options Dialog Box Enabling Dhcp Relay Agent Information Option Option Navigate to Configuration Network IP IP InterfacesEnabling Linux Dhcp Servers Range 10.200.10.200 802.1X Configuration for IAS and Windows Clients Configuring Microsoft IASRadius Client Configuration Configuring Policies Remote Access PoliciesActive Directory Database IAS Remote Access Policies Click Configure to select additional propertiesPolicy Configuration Wizard-Authentication Methods Configuring Radius Attributes Radius class Attribute ConfigurationCreating a Remote Policy Configuring Management Authentication using IASNext, create a remote policy for your new Radius client Defining Properties for Remote Policy Creating a User Entry in Windows Active DirectoryConfiguring a Server Group for IAS Management Authentication Navigate to DiagnosticsAAA Test Server Window XP Wireless Client Sample ConfigurationClick Begin Test Wireless Networks Networks to Access Wireless Network Association Wireless Network Authentication Protected EAP Properties EAP MSCHAPv2 Properties Acronyms Acronyms and TermsAcronym DefinitionDoS Acronym MSCHAPv2 PoE PPPoEQoS RoWVoFI VoIP Terms TermWISPr XAuthTerm Term Definition Encryption authentication Fixed wirelessShops are providing free wireless access for customers IR wirelessOptical wireless Hills, mountains, and large human-made structuresInput, multiple output Near field communicationNFCAccess W-CDMA Wi-FiFacilities offer public access to Wi-Fi networks Standards for broadband wireless access BWA networks. WiMAXWireless service provider Wired LANKilometers Yagi antenna
Related manuals
Manual 8 pages 57.45 Kb

6.2 specifications

Dell 6.2 is an advanced enterprise solution that caters to the needs of businesses seeking robust performance and efficiency. As a part of Dell's commitment to innovation, the 6.2 series combines cutting-edge technologies and features that enhance productivity and deliver reliable computing experiences.

One of the standout features of the Dell 6.2 is its impressive processing power. Equipped with the latest Intel processors, it offers exceptional speed and multitasking capabilities. This allows businesses to run demanding applications effortlessly, making it ideal for data-intensive tasks such as data analysis, software development, and virtualization. The series also supports substantial RAM configurations, enabling users to manage extensive workloads without experiencing slowdowns.

In terms of storage, the Dell 6.2 line includes advanced SSD options that significantly boost data access speeds compared to traditional hard drives. This rapid access to information is vital for businesses that require quick retrieval of large datasets. Furthermore, the devices support RAID configurations, which enhances data redundancy and security, protecting critical business information from loss.

Connectivity is another critical aspect of the Dell 6.2 series. It includes multiple USB ports, HDMI outputs, and high-speed Ethernet options, ensuring that users can easily connect to various peripherals and networks. The integration of Wi-Fi 6 technology enables faster wireless connections, resulting in improved internet speeds and bandwidth efficiency, which is crucial in today’s increasingly connected workplaces.

Dell has also prioritized security in the 6.2 series. It features enhanced biometric authentication and advanced encryption methods, safeguarding sensitive data from unauthorized access. Additionally, the system's BIOS protection and automatic updates provide an added layer of security, ensuring that the device remains safe from emerging threats.

The design of the Dell 6.2 is not only sleek and modern but also built for durability. Its robust chassis is engineered to withstand the rigors of daily use, making it suitable for various business environments. This durability ensures that the investment in Dell 6.2 will last for years while maintaining performance integrity.

In summary, the Dell 6.2 series embodies a blend of speed, storage efficiency, connectivity, and security, making it a top choice for enterprises looking to enhance their computing capabilities. With its modern features and durable design, Dell 6.2 is positioned as a reliable partner in driving business success.
Top Page Image Contents