Dell 6.2 manual Configuring 802.1X Authentication, Select Enforce Machine Authentication

Page 209

On the controller, you add the configured server (IAS1) into a server group. For the server group, you configure the server rule that allows the Class attribute returned by the server to set the user role.

In the WebUI

1.Navigate to the Configuration > Security > Authentication > Servers page.

2.In the Servers list, select Radius Server. In the RADIUS Server Instance list, enter IAS1 and click Add.

a.Select IAS1 to display configuration parameters for the RADIUS server.

b.For IP Address, enter 10.1.1.21.

c.For Key, enter *a^t%183923!. (You must enter the key string twice.)

d.Click Apply.

3.In the Servers list, select Server Group. In the Server Group Instance list, enter IAS and click Add.

a.Select the server group IAS to display configuration parameters for the server group.

b.Under Servers, click New.

c.From the Server Name drop-down menu, select IAS1. Click Add Server.

4.Under Server Rules, click New.

a.For Condition, enter Class.

b.For Attribute, select value-offrom the drop-down menu.

c.For Operand, select set role.

d.Click Add.

5.Click Apply.

In the CLI

(host)(config) #aaa authentication-server radius IAS1 host 10.1.1.21

key *a^t%183923!

(host)(config) #aaa server-group IAS auth-server IAS1

set role condition Class value-of

Configuring 802.1X Authentication

An AAA profile specifies the 802.1X authentication profile and 802.1x server group to be used for authenticating clients for a WLAN. The AAA profile also specifies the default user roles for 802.1X and MAC authentication.

In the 802.1X authentication profile, configure enforcement of machine authentication before user authentication. If a user attempts to log in without machine authentication taking place first, the user is placed in the limited guest role.

In the WebUI

1.Navigate to the Configuration > Security > Authentication > L2 Authentication page.

2.Select 802.1X Authentication Profile.

a.At the bottom of the Instance list, enter dot1x, then click Add.

b.Select the profile name you just added.

c.Select Enforce Machine Authentication.

d.For the Machine Authentication: Default Machine Role, select computer.

e.For the Machine Authentication: Default User Role, select guest.

f.Click Apply.

209 802.1X Authentication

Dell PowerConnect W-Series ArubaOS 6.2 User Guide

Image 209
Contents User Guide Legal Notice Copyright InformationOpen Source Code Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents 490 477485 Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide About this Guide Feature DescriptionWhat’s New In ArubaOS Issued Users using them in a given networkSpectrum enhancements Spectrum recording informationWebUI FundamentalsType Style Description Related DocumentsConventions Page Deployment Scenario #1 Controller and APs on Same Subnet Understanding Basic Deployment and Configuration TasksBasic User-Centric Networks APs All on One Subnet Different from Controller Subnets APs on Multiple Different Subnets from Controllers Running Initial Setup Configuring the ControllerConnecting to the Controller after Initial Setup Using the LCD ScreenDell W-7200 Series Controller New Port Numbering SchemeDisplays Upgrading an Image Using the LCD and USB DriveUploading a Pre-saved Configuration Disabling LCD Menu Functions Configuring a Vlan to Connect to the NetworkCreating, Updating, and Deleting Vlan Pools Assigning and Configuring the Trunk PortCreating, Updating, and Viewing VLANs and Associated IDs Configuring the Loopback IP Address for the Controller Configuring the Default GatewayTo confirm the port assignments, use the show vlan command WebUIController returns the following messages Configuring the System ClockEnter y to reboot the controller or n to cancel Configuring Your User-Centric Network Enabling Wireless ConnectivityInstalling Licenses Connecting the Controller to the NetworkMust explicitly enable Telnet on the controller Control Plane Security Configure the following control plane security parameters Configuring Control Plane SecurityControl Plane Security Overview Parameter DescriptionExample CLIAdding APs to the Campus and Remote AP Whitelists Managing AP WhitelistsStatus Entry Viewing Whitelist StatusAddress as a name Control Plane Security Campus AP Whitelist status onlyStatus Entry Description Click the Campus AP Whitelist tab Command DescriptionModifying an AP in the Campus AP Whitelist Purging the Campus AP Whitelist Revoking an AP via the Campus AP WhitelistDeleting an AP Entry from the Campus AP Whitelist With local Dell Campus AP whitelist contains Master switchManaging Whitelists on Master and Local Controllers Viewing the Master or Local Switch Whitelist Viewing and Managing the Master or Local Switch WhitelistsCampus AP Whitelist Synchronization Data Column DescriptionDeleting an Entry from the Master or Local Switch Whitelist Configuring Networks with Clusters of Master Controllers Configuring Networks with a Backup Master ControllerPurging the Master or Local Switch Whitelist Working in Environments with Multiple Master ControllersCreating a Cluster Root Click the Cluster Setting tabCreating a Cluster Member Viewing Controller Cluster SettingsTo view your current cluster configuration via the WebUI Replacing a Local Controller Replacing a Controller on a Multi-Controller NetworkReplacing Controllers in a Single Master Network Replacing a Redundant Master Controller Replacing a Master Controllerwith No BackupReplacing Controllers in a Multi-Master Network Replacing a Cluster Member Controller with no BackupReplacing a Local Controller in a Multi-Master Network Replacing a Redundant Cluster Member ControllerReplacing a Redundant Cluster Root Controller Troubleshooting Control Plane Security Configuring Control Plane Security after UpgradingIdentifying Certificate Problems Manually Certify Campus APsVerifying Whitelist Synchronization Verifying CertificatesDisabling Control Plane Security Rogue APs Supported APsSoftware Licenses Understanding License TerminologyWorking with Licenses Working with Licenses on a Multiple Controller Network Using LicensesLicense Basis What Consumes One LicenseController Total AP Count Campus APs Remote APs Understanding License InteractionEnabling a new license on your controller License Installation Best Practices and ExceptionsInstalling a License Locating the System Serial Number Requesting a Software License in EmailObtaining a Software License Key Creating a Software License KeyDeleting a License Resetting the ControllerMoving Licenses Applying the Software License Key in the WebUIPage Network Configuration Parameters Configuring VLANsYou can create and update a single Vlan or bulk VLANs Navigate to the Configuration Network VLANsCreating Named VLANs Navigate to Configuration Network VLANsCreating a Named Vlan not in a Pool Creating Bulk VLANs In the WebUICreating a Vlan Pool Using the WebUIThis example assigns a name to an existing Vlan ID This example assigns a Vlan name in a virtual APCreating a Vlan Pool Distinguishing Between Even and Hash Assignment TypesViewing and Adding Vlan IDs Using the CLI Creating a Vlan Pool Using the CLIFollowing example shows how to view Vlan IDs to a Vlan pool Updating a Vlan PoolOptimizing Vlan Broadcast and Multicast Traffic Adding a Bandwidth Contract to the VlanUsing the CLI Configuring PortsProxy Arp is disabled for the Interface Navigate to Configuration Network IPClassifying Traffic as Trusted or Untrusted Configuring Trusted/Untrusted Ports and VLANsAbout Trusted and Untrusted Physical Ports About Trusted and Untrusted VLANsThis example For Port Mode select TrunkAssigning a Static Address to a Vlan Understanding Vlan AssignmentsHow a Vlan Obtains an IP Address Configuring Multiple Wired Uplink Interfaces Active-Standby Configuring a Vlan to Receive a Dynamic AddressNavigate to the Configuration Network IP IP Interfaces Enabling the Dhcp ClientSelect Obtain an IP address with PPPoE Enabling the PPPoE ClientSelect Apply Default Gateway from DHCP/PPPoEConfiguring DNS/WINS Server from DHPC/PPPoE Configuring Source NAT for Vlan Interfaces Configuring Source NAT to Dynamic Vlan AddressInter-VLAN Routing Example ConfigurationNavigate to the Configuration Network IP IP Interface Configuring Static RoutesUsing the WebUI to restrict Vlan routing Apply Configuring the Loopback IP AddressModify the IP Address as required Click Using the CLI Configuring the Controller IP AddressConfiguring GRE Tunnels Creating a Tunnel Interface Navigate to the Configuration Network IP GRE TunnelsDirecting Traffic into the Tunnel Static RoutesCLI Tunnel KeepalivesWebUI Understanding IPv6 Notation This chapter describes ArubaOS support for IPv6 featuresUnderstanding IPv6 Topology IPv6 SupportEnabling IPv6 Support for Controller and APs Enabling IPv6Features Supported on IPv6 APs? To Configure Link Local Address Configuring IPv6 AddressesTo Configure Global Unicast Address Yes LimitedTo Configure Loopback Interface Address Configuring IPv6 Static NeighborsTo Configure IPv6 Default Gateway Configuring IPv6 Default Gateway and Static IPv6 RoutesTo Configure Static IPv6 Routes Managing Controller IP AddressesTo Modify IPv6 MLD Parameters Configuring Multicast Listener Discovery MLDProvisioning an IPv6 AP Debugging an IPv6 ControllerFiltering an IPv6 Extension Header EH Configuring a Captive Portal over IPv6Working with IPv6 Router Advertisements RAs To view the EH types deniedYou can use the WebUI or CLI to configure IPv6 RA on a Vlan Configuring an IPv6 RA on a VlanUsing WebUI Using CLI Configuring Optional Parameters for RAsTo configure neighbor discovery retransmit time Navigate to the ConfigurationNetworkIPTo configure IPv6 recursive DNS server To configure RA hop-limitViewing IPv6 RA Status Supported Network ConfigurationXSec No not tested MAC-based Yes Understanding AuthenticationAuthentication Method Supported for IPv6 Clients? Authentication Description Method Working with Firewall FeaturesUnderstanding Firewall Policies Field Description Creating an IPv6 Firewall Policy To assign an IPv6 policy using the WebUIAssigning an IPv6 Policy to a User Role For Host IP, enter 2002d81ff9f01000Understanding IPv6 Exceptions and Best Practices Managing IPv6 User AddressesHost config #ipv6 enable Link Aggregation Control Protocol Lacp Understanding Lacp Best Practices and ExceptionsSet the port priority Configuring LacpLacp Sample Configuration 151 OSPFv2 Understanding Ospf Deployment Best Practices and ExceptionsWlan Topology Understanding OSPFv2 by Example using a Wlan ScenarioWlan Routing Table Below is the routing table for RouterBranch Office Ospf Topology Branch Office TopologyBranch Office Routing Table Configuring OspfRouting table of the Central office controller is below Routing table for Router 1 is belowSelect the Add button to add an area see Figure General Ospf ConfigurationRemote Branch Sample Topology and ConfigurationRemote Branch Central Office Controller-Active Central Office Controller-Backup OSPFv2 Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide OSPFv2 Tunneled Nodes Understanding Tunneled Node ConfigurationNavigate to ConfigurationAdvanced ServicesWired Access Configuring a Wired Tunneled Node ClientFor example WebUIConfiguring a Trunk Port as a Tunneled Node Port Configuring an Access Port as a Tunneled Node PortLocate the Wired Access Concentration Configuration section Verify the configurationOn the tunneled node client Sample OutputPage Understanding Servers and Server Groups Authentication ServersDescribes the parameters you configure for a Radius server Configuring ServersConfiguring a Radius Server Default 5 seconds TimeoutOverride the global configuration NAS IP address to send in Radius packetsRadius Server Authentication Codes Configuring an RFC-3576 Radius ServerRadius Server Fully Qualified Domain Names Set a DNS Query IntervalHost IP address of the Ldap server Default N/A Admin-DN Configuring an Ldap ServerDescribes the parameters you configure for an Ldap server Enter parameters as described in Table Configuring a TACACS+ ServerDefines the TACACS+ server parameters Type Connection type is Ldap-s Start-tls Clear-textConfiguring a Windows Server Parameters Configuring the Internal DatabaseManaging the Internal Database Managing Internal Database Files Enter the following command in enable modeExporting Files in the WebUI Parameters DescriptionWorking with Internal Database Utilities Configuring Server GroupsConfiguring Server List Order and Fail-Through Configuring Server GroupsSelect Fail Through Configuring Dynamic Server SelectionScroll to the right and click Add Server Click Apply Click Add RuleTrimming Domain Information from Requests Configuring Match Fqdn OptionConfiguring Server-Derivation Rules Top Controller when the rule is appliedDefault bottom Management Authentication User AuthenticationNavigate to the Configuration Management Administration Assigning Server GroupsRadius Accounting AccountingSelect AAA Profile, then select the AAA profile instance TACACS+ Accounting Configuring Authentication TimersTimer Description Default 5 minutes Setting an Authentication TimerLogon User Lifetime RangeMAC-based Authentication Configuring MAC-Based AuthenticationConfiguring the MAC Authentication Profile ParameterUsing the WebUI to configure a MAC authentication profile Configuring ClientsUsing the CLI to configure a MAC authentication profile Disables blacklistingCLI 802.1X Authentication Understanding 802.1X AuthenticationSupported EAP Types Configuring Authentication with a Radius Server802.1X Authentication with Radius Server Configuring Authentication Terminated on ControllerConfiguring 802.1X Authentication Default User Role Guest role Reauthentication Failures, and the default value is 0 failuresTimer per role overrides this setting This option is disabled by defaultDefault value is Interval Seconds, and the default value is 30 secondsCount RequestsDisable this feature Key Exchange Delay between WPA/WPA2Authentication takes place Option is disabled by defaultUse to authenticate itself to the client For the cached information. The default value is 24 hoursDisabled by default Negotiation Disabled by default WPA-Fast-HandoverConfiguring and Using Certificates with AAA FastConnect Machine User Auth Description Role Assigned Status Configuring User and Machine AuthenticationEnabling 802.1x Supplicant Support on an AP Authenticated Vlan configured Virtual AP profileMachine Auth User Auth Description Vlan Assigned Status Virtual AP profileProvisioning an AP as a 802.1X Supplicant To view the 802.1x authentication details on the controllerPrerequisites Configuring Authentication with an 802.1X Radius Server Sample ConfigurationsConfiguring Roles and Policies Creating the Student Role and PolicyCan use the alias for other rules and policies Creating the Guest Role and Policy Using the WebUICreating the Faculty Role and Policy Under Time Range, select working-hours Creating Roles and Policies for Sysadmin and Computer Configuring the Radius Authentication ServerCreating an Alias for the Internal Network Using the CLI Using the WebUI to create the computer roleSelect Enforce Machine Authentication Configuring 802.1X AuthenticationConfiguring VLANs Navigate to the Configuration Wireless AP Configuration Configuring the WLANsConfiguring the Guest Wlan AP Group list, click Edit for the first-floor Configuring the Non-Guest WLANsCLI Configuring a Server Rule Using the CLI Configuring a Server Rule Using the WebUISelect Termination Configuring WLANs Configuring the Guest Wlan Configuring the Non-Guest WLANs Authentication Configuring Mixed Authentication ModesDescribes the different authentication possibilities 802.1x LogonConfiguring Reauthentication with Unicast Key Rotation Performing Advanced Configuration Options forStateful and WISPr Authentication Working With Stateful AuthenticationConfiguring Stateful 802.1x Authentication Working With WISPr AuthenticationUnderstanding Stateful Authentication Best Practices Configuring Stateful Ntlm Authentication Configuring Stateful Kerberos Authentication Configuring WISPr Authentication Profiles list, expand the WISPr Authentication Profile Dell PowerConnect W-Series ArubaOS 6.2 User Guide 227 Configuring an Ocsp Controller as a Responder Configuring a Controller as Ocsp and CRL ClientsUnderstanding Ocsp and CRL Certificate RevocationNavigate to the Configuration Management Certificates Upload Configuring the Controller as an Ocsp ClientSelect the Revocation Checkpoint tab Configuring the Controller as a CRL ClientConfiguring the Controller as an Ocsp Responder Select Enable next to Enable Ocsp Responder Understanding Captive Portal Captive Portal AuthenticationNavigate to the Configuration Management General Configuring Captive Portal in the Base Operating SystemPolicy Enforcement Firewall Next Generation Pefng License Controller Server CertificateWebUI CLI Using Captive Portal with a Pefng License To configure captive portal with Pefng license via the WebUI Configuring Captive Portal in the WebUICreating a Guest User Role Sample Authentication with Captive PortalConfiguring Captive Portal in the CLI Select Add to add the guest-logon-access policy Configuring Policies and Roles in the WebUICreating an Auth-guest User Role Creating a Time RangeCreating Aliases Creating an Auth-Guest-Access PolicyTo configure the auth-guest-access policy via the WebUI To create the block-internal-access policy via the WebUI Creating an Block-Internal-Access PolicyCreating a Guest Role Creating a Drop-and-Log PolicyTo create the drop-and-log policy via the WebUI To create a guest role via the WebUICreating an Auth-Guest Role Configuring Policies and Roles in the CLIDefining a Time Range To create the guest-logon role via the WebUICreating a Guest-Logon-Access Policy Configuring Guest VLANsCreating a Block-Internal-Access Policy Creating a Guest-Logon RoleClick Add For Vlan ID, enter Click Apply Configuring Captive Portal Authentication ProfilesModifying the Initial User Role Configuring the AAA ProfileManaging User Accounts Configuring the WlanUnauthenticated that a guest cannot access Configuring Captive Portal Configuration ParametersUtilization Logon Threshold Default 60% Logon wait RoleFollowing are optional captive portal configurations Enabling Optional Captive Portal ConfigurationsChanging the Protocol to Http Uploading Captive Portal Pages by Ssid AssociationEntity Engineering Business Faculty Specify the fac-logon userSecurity Access Control Policies Configuring Redirection to a Proxy ServerL3 Authentication For captive portal with Pefng license For captive portal with role-based accessRedirecting Clients on Different VLANs Personalizing the Captive Portal Web Client Configuration with Proxy ScriptSelect the Your Custom Background To customize the page backgroundCreating a New Internal Web Creating and Installing an Internal Captive PortalUsername Example Password ExampleFqdn Example VariableBasic Html Example Installing a New Captive PortalDisplaying Authentication Error Messages Configuring Localization Reverting to the Default Captive PortalThis should be replaced with a link like this Insert javascript to handle error casesThis should be replaced with a link like the following Div id=errorbox style=display none /div Sample Translated Customizing the WelcomeCustomizing the Pop-Up box Customizing the Logged Out Box Navigate to Advanced Services Stateful Firewall Destination Creating Walled Garden AccessEnabling Captive Portal Enhancements Configuring the Redirect-URLConfiguring the Login URL Configuring the Netdestination for a Whitelist Configuring a WhitelistDefining Netdestination Descriptions Associating a Whitelist to Captive Portal ProfileUse the following commands to verify the whitelist alias Verifying a Whitelist ConfigurationVerifying a Captive Portal Profile Linked to a Whitelist Verifying Dynamic ACLs for a WhitelistTOS Verifying DNS Resolved IP Addresses for Whitelisted URLsExample Virtual Private Networks Planning a VPN ConfigurationUnderstanding Suite-B Encryption Licensing Selecting an IKE protocolIKE Policies Suite-B for IPsec tunnels 384 Suite-B certificates ECDSA-256, ECDSA-384Understanding Supported VPN AAA Deployments Working with IKEv2 ClientsParameter Default Default-rap Default-cap Working with VPN Authentication ProfilesWorking with Certificate Groups VPN ClientConfiguring a Basic VPN for L2TP/IPsec in the WebUI Navigate to Configuration IP NAT Pools Defining Authentication Method and Server AddressesDefining Address Pools Enabling Source NATDefining IKEv1 Shared Keys Configuring IKE PoliciesFinalizing WebUI changes Setting the IPsec Dynamic MapEnable authentication methods for IKEv1 clients Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUIConfigure source NAT Create address poolsDefining Address Pools PRF-HMAC-MD5 PRF-HMAC-SHA1 PRF-HMAC-SHA256 PRF-HMAC-SHA384 Working with Smart Card clients using IKEv2 Configuring a VPN for Smart Card ClientsEnable authentication methods for IKEv2 clients Define IKEv2 PoliciesSelect Enable L2TP Configuring a VPN for Clients with User PasswordsWorking with Smart Card Clients using IKEv1 Click Add User Configuring Remote Access VPNs for XAuthConfiguring VPNs for XAuth Clients using Smart Cards Certificates or Common Name as it appears on the certificate Working with Remote Access VPNs for Pptp Working with Third-Party Devices Working with Site-to-Site VPNsUnderstanding VPN Topologies Configuring Site-to-Site VPNsWorking with Site-to-Site VPNs with Dynamic IP Addresses Show crypto-local pki servercert certname subject Click Doneto activate the changes Click Apply For certificate authenticationDetecting Dead Peers For preshared key authenticationFor the Pre-shared-key For the Pre-shared-key for All FQDNsWorking with VPN Dialer Understanding Default IKE policiesAssigning a Dialer to a User Role Configuring VPN DialerHost config #user-role role dialer name Roles and Policies Configuring Firewall PoliciesCreating a Firewall Policy Working With Access Control Lists ACLsSupport for Desktop Virtualization Protocols This can be one of the following Configure the NAT pool in the controllerIP address of the host Queue in which a packet matching this rule should be placed When it leaves the controllerPause ARM White ListCreating an ACL White List Creating a Network Service AliasConfiguring the White List Bandwidth Contract in the CLI Configuring the ACL White List in the WebUIConfiguring the ACL White List in the CLI Use the following CLI command to create ACL White ListsCreating User Roles Click the Delete button against the role you want to delete Creating a User RoleBandwidth Contracts Configuring and Assigning Bandwidth Contracts in the CLI Configuring a Bandwidth Contract in the WebUIBandwidth Contract Exceptions Assigning a Bandwidth Contract to a User Role in the WebUIAssigning User Roles Configuring Bandwidth Contract ExceptionsAssigning User Roles in AAA Profiles Viewing the Current Exceptions ListRule Type Condition Value Working with User-Derived VLANsEquals String Dhcp serverDhcp Option Description Hexadecimal Equivalent Configuring a User-derived Vlan in the WebUIUnderstanding Device Identification See for descriptions of these parameters Configuring a User-derived Role or Vlan in the CLIUser-Derived Role Example Controller’s log files Configuring a Default Role for Authentication MethodNavigate to the Configuration Security Authentication Configuring a VSA-Derived Role Configuring a Server-Derived RoleUnderstanding Global Firewall Parameters Monitor TCP SYN Attack rateLog Icmp Errors Or disabledDefault Disabled stateful SIP processing is enabled Portal configurationDefault 15 seconds Session Idle Timeout secDisable FTP Server Default Disabled FTP server is enabledMbps Default 1 Mbps Rate limit CP auth process traffic Session-tunnel FIB Enable session,tunnel based forwardingMbps Is 1-200 Mbps Default 1 Mbps Session mirror IpsecPage Virtual APs Configuring Virtual AP ProfilesWlan Profiles Default AP Group Toronto AP Group Excluding a Virtual AP Profile From an AP in the CLI Configuring a Virtual APExcluding a Virtual AP Profile From an AP in the WebUI Building3-lobby Guest Configuring the User RoleDeny Time Range Ssid profile guestDone Configuring Authentication ServersConfiguring Authentication MAC Authentication Default Role Users. The default role for unauthenticated users is logonWired to Wireless Roaming Side of the network. This feature is enabled by defaultSelect Wireless LAN under Profiles, then select Virtual AP Click Edit for the default AP groupApplying the Virtual AP Enforce DhcpCan be configured in tunnel mode Forward modeCampus APs in decrypt-tunnel forward mode Enforcement, 802.11k and station blacklistingClick the Global Setting tab Enable this settingSetting on each individual local controller Band SteeringDefault 3600 seconds 1 hour Default 6 stationsAuthentication Failure APs. Default DisabledCreating a new Ssid Profile Select Wireless LAN underProfiles, then select Virtual AP Dtim Interval KeysXSec license in each controller Default value is 2333 bytes Other wireless clients are transmittingPowersave WMM Tspec Min Period to receive broadcastsBattery Boost Frames is disabledLengthening battery life At the lowest configured rateConfiguring an Ssid for Suite-B Cryptography Configuring a Guest Role Configuring a Guest WlanConfiguring a Vlan Select Virtual AP Configuring a Guest Virtual APEnabling bSec Ssid Support Sample ConfigurationTo enable bSec Ssid using bSec-128 or bSec-256 Enabling 802.11k Support Measurement Report Mode field Measurement Mode for Beacon ReportsDefault Mode beacon-table Advertise 802.11K CapabilityHandover of Voice Clients’ feature Handover Trigger Feature Settings ProfileBeacon Report Request Settings Profile TSM Report Request Settings ProfileWorking with Radio Resource Management Information Elements Working with Beacon Report Requests Measurement Mode for Con when Measurement Mode is set to Active-Channel ReportRange from 0 to 255. The default value is Randomization IntervalRequest frame. The default value is enabled Gered. When the triggered option is selected,Working with a Traffic Stream Measurement Report Number of repetitionsRange 0, 65535. The default value is Configuring a High-Throughput Virtual APRange 0, 255. The default value is Bin 0 Range40MHz intolerance Select the 802.11a radio profileSelect the 802.11g radio profile Capabilities Maximum number of spatialStreams usable for Stbc TransmissionShort guard interval in 20 MHz Mode Is enabled by defaultShort guard interval in 40 MHz Supported MCS setManaging High-Throughput Profiles Adaptive Radio Management ARM Understanding ARMARM Support for 802.11n Configuring ARM ScanningMonitoring Your Network with ARM Understanding ARM Application AwarenessCreating a New ARM Profile Configuring ARM ProfilesARM Profiles Example Wlan Description Select RF Management to expand the RF Management sectionCopying an Existing Profile Configuring ARM SettingsDeleting a Profile Select Adaptive Radio Management ARM ProfileSetting Description Power Save That Scanning is also enabledAware Scan Mode Default disabled Video Aware Default 8 scansScan That Scanning is also enabled Default 9 dBmEnabled, that device will ignore this setting Client Aware setting is disabledError Rate Default 240 secondsThreshold Change Default 50% Error Rate Wait Time Channel change Default 30 seconds Noise ThresholdMode Aware Default 1250000 BpsLoad Aware Scanning if the load for the AP gets too highAssigning an ARM Profile to an AP Group Select Configuration AP ConfigurationSteering Modes Using Multi-Band ARM for 802.11a/802.11g TrafficEnabling Band Steering Enabling Band Steering Select Wireless LAN to expand the Wireless LAN sectionTo disable band steering, include the no parameter Enabling Traffic Shaping To configure traffic shaping via the WebUIEnabling Traffic Shaping Select QoS to expand the QoS sectionEnabling Spectrum Load Balancing To disable traffic shaping, use the default-accessparameterConfiguring Non-802.11 for Noise Interference Immunity Reusing Channels to Control RX Sensitivity TuningARM Metrics Wireless Clients Report a Low Signal Level Troubleshooting ARMTransmission Power Levels Change Too Often Too many APs on the Same ChannelAPs Don’t Change Channels Due to Channel Noise APs Detect Errors but Do Not Change ChannelsThis chapter contains the following sections Wireless Intrusion PreventionWorking with the Reusable Wizard Understanding Wizard Intrusion Detection Protection features for Wlan clientsProtecting Your Clients Understanding Wizard Intrusion ProtectionProtecting Your Infrastructure WIP Wizard Intrusion Protection Monitoring the DashboardUnderstanding Classification Terminology Detecting Rogue APsUnderstanding Classification Methodology Classification DescriptionUnderstanding Suspected Rogue Confidence Level Understanding Match MethodsUnderstanding Match Types Understanding Rule Matching Understanding AP Classification RulesUnderstanding Infrastructure Intrusion Detection Feature Command Trap Syslog IDWorking with Intrusion Detection Detect-bad-wep WlsxStaRepeatWEPIVViolation 126016 Ids impersonation-profile WlsxAPSpoofingDetected 126069Ids impersonation-profile 126086Ids unauthorized-device-profile WlsxWirelessBridge 126036 Require-wpa WlsxChannelMisconfiguration 127028Detect-wireless-bridge Wireless-bridge-quiet-time Detect-malformed-large-duration DetectedDetecting Active 802.11n Greenfield Mode Detecting an 802.11n 40MHz Intolerance SettingDetecting an Ad hoc Network Using a Valid Ssid Detecting Ad hoc NetworksDetecting a Beacon Frame Spoofing Attack Detecting Bad WEP InitializationDetecting a Client Flood Attack Detecting an RTS Rate AnomalyDetecting a Wireless Bridge Detecting a Misconfigured APDetecting Broadcast Deauthentication Detecting Malformed Frame-AuthDetecting Wellenreiter Understanding Client Intrusion DetectionDetect-power-save-dos-attack Ids dos-profile WlsxPowerSaveDoSAttack 126109Detect-hotspotter-attack Hotspotter-quiet-time Ids dos-profile WlsxOmertaAttack 126071Detecting a Block ACK DoS Detecting a Meiners Power Save DoS AttackDetecting a ChopChop Attack Detecting a Disconnect Station AttackDetecting Rate Anomalies Detecting an Omerta AttackDetecting a Tkip Replay Attack Detecting Unencrypted Valid ClientsUnderstanding Infrastructure Intrusion Protection Configuring Intrusion ProtectionUnderstanding Client Intrusion Protection Navigate to the Configuration Advanced Services Wireless Configuring the Wlan Management System WMSProtecting Valid Stations Protecting Windows BridgeNot configured Configuring Local WMS SettingsManaging the WMS Database Station Ageout IntervalBlacklisting Manually Understanding Client BlacklistingMethods of Blacklisting Enter a value in the Max Authentication failures field Blacklisting by Authentication FailureEnabling Attack Blacklisting Captive portalSetting Blacklist Duration Working with WIP Advanced FeaturesRemoving a Client from Blacklisting Profiles list, expand the IDS menu, then select IDS profileUnderstanding TotalWatch Channel Types and Qualifiers Configuring TotalWatchUnderstanding TotalWatch Scanning Spectrum Features Understanding TotalWatch Monitoring FeaturesUnderstanding TotalWatch Channel Dwell Time Frequency ChannelConfiguring Per Radio Settings Administering TotalWatchConfiguring Per AP Setting Understanding TotalWatch Channel VisitingDOS Understanding Tarpit Shielding Licensing CLI Commands Configuring Tarpit ShieldingWorking with Tarpit Shielding LicensingAccess Points APs Basic Functions and FeaturesFunction Following topics are included in this chapterNaming and Grouping APs Creating an AP group Use the following command to create an AP groupAssigning APs to an AP Group You can use the WebUI or the CLI to create a new AP groupClick Apply and Reboot Understanding AP Configuration ProfilesWorking with Wireless LAN Profiles Page Page Working with QoS Profiles Working with AP ProfilesProvisioning Mesh Profiles Working with RF Management ProfilesOther Profiles Viewing Profile ErrorsProfile Hierarchy AP Specific and AP Group Profile Hierarchies Other Profile Hierarchies Deploying APs Configuring Firewall SettingsRunning the RF Plan Verifying that APs Can Connect to the ControllerEnabling Controller Discovery Configuring DNS ResolutionConfiguring Dhcp Server Communication with APs Verifying that APs Are Receiving IP Addresses Using the Aruba Discovery Protocol ADPNavigate to the Configuration Network IP Dhcp Server window Provisioning 802.11n APs for Single-Chain Transmission Provisioning APs for MeshAP Model Freqency Band Antenna Port AP92 4GHz or 5GHzAP Model Freqency Band Installing APs on the Network5GHz AP134 4GHz or 5GHzUpdating the RF Plan Provisioning Installed APsDesignation an AP as Remote RAP versus Campus CAP Working with the AP Provisioning WizardProvisioning an Individual AP AP Provisioning Window Page AP is associated Provisioning Multiple APs using a Provisioning ProfileLMS or backup LMS values Assigning Provisioning Profiles Troubleshooting Configuring a Provisioned APAP Installation Modes Renaming an AP Clear gap-db wired-macOptimize APs Over Low-Speed Links Configuring the Bootstrap ThresholdTo configure the bootstrap threshold using the WebUI Configuring split-tunnel forwarding RF Band for AM Mode scanningBackup LMS IP LMS IPv6 Backup LMS IPv6 LMS PreemptionFrom a wireless client that is connected to a tunneled Ssid Bootstrap thresholdWireless frame is only encapsulated inside the IPsec tunnel When an AP process crashesPrioritizing AP heartbeats AP Redundancy AP Maintenance ModeEnergy Efficient Ethernet To enable AP maintenance modeAP130 Series only Managing AP LEDs802.11a and 802.11g RF Management Profiles RF ManagementEnable CSA Managing 802.11a/802.11g Profiles Using the WebUICreating or Editing a Profile RadioReuse feature Level 5 disable PHY reportingBalancing mode Select one of the following options MHz and 40 MHz modesChannel. The default CSA count is 4 announcements Load-balancing modeBalancing threshold Radio Management ARM scanning and channel assignmentRX sensitivity tuning based channel reuse threshold, in dBm RX Sensitivity TuningSignal strength Default, allowing 40 MHz operationAssigning a High-throughput Profile Assigning an 802.11a/802.11g ProfileProfile Spectrum monitor radio AM Scanning ProfileAssigning an ARM Profile Creating or Modifying a Profile Managing 802.11a/802.11g Profiles Using the CLIDeleting a Profile To view the settings of a specific RF management profile Viewing RF Management SettingsRF Optimization Assigning a 802.11a/802.11g ProfileDefault value 0 seconds RF Event ConfigurationIs sent to the client Maximum value 8 secondsFrame Error Rate Low Frame Error Rate HighDetect Frame Rate Anomalies Recommended value is 85%Select the Regulatory Domain profile named default Configuring AP Channel AssignmentsFrame Retry Rate High Frame Retry Rate LowChannel Switch Announcement CSA Automatic Channel and Transmit Power Selection Managing AP Console SettingsDomain name used by the AP IP address of the AP’s master controllerIP address of the DNS server used by the AP Secure Enterprise Mesh Understanding Mesh Access PointsMesh Points Mesh PortalsMesh Clusters Understanding Mesh LinksComponent Description Link MetricsOptimizing Links Mesh Cluster Profile Understanding Mesh ProfilesMesh Radio Profile RF Management 802.11a and 802.11g ProfilesHigh-Throughput Profiles Mesh High-Throughput Ssid ProfileAdaptive Radio Management Profiles Mesh Recovery Profile Understanding Mesh SolutionsWired AP Profile Point-to-Multipoint Deployment Thin AP Services with Wireless Backhaul DeploymentPoint-to-Point Deployment Sample Point-to-Multipoint Deployment High-Availability DeploymentCollecting Required Information Planning a Wlan According to Your SpecificationsTask Overview AP Desired Rates 2.4 GHz Radio Properties Building DimensionsManaging Mesh Profiles In the WebUI Working with Mesh Radio ProfilesCreating a New Profile AM Desired RatesIndicates the transmit rates for the 802.11a radio Threshold Nodes Default 10 missed heartbeats. The range isRates AP goes through the list and uses the next highest rateDefault distributed-tree-rssi Range 0-4094. Default 0 disabledRecommends using this default startup-subthresholdvalue Used for user trafficAssigning a Profile to a Mesh AP or AP Group Default 2,333 bytes. The range is 256- 2,346Editing a Profile Link qualityManaging Mesh Profiles In the CLI Viewing Profile SettingsTo view the settings of a specific mesh radio profile Managing Profiles In the WebUI Working with Mesh High Throughput Ssid ProfilesAssigning a Profile to an AP Group Deleting a Mesh Radio ProfileEnabled legacy stations are allowed Temporal Diversity EnableConfigured value adjusts based on AP capabilities Launch then software retriesΜsec, 2 µsec, 4 µsec Mode Enabled by defaultDegrade throughput Different values, separate each value with a commaManaging Profiles In the CLI To view the settings of a specific high-throughput profile Viewing High-throughput Ssid SettingsUnderstanding Mesh Cluster Profiles Deployments with Multiple Mesh Cluster ProfilesManaging Mesh Cluster Profiles In the WebUI Associating a Profile to Mesh APs Deleting a Mesh Cluster Profile Managing Mesh Cluster Profiles In the CLIAssociating Mesh Cluster Profiles Viewing Mesh Cluster Profile SettingsTo view the settings of a specific mesh cluster profile Configuring Bridging on the Ethernet Port Configuring Ethernet Ports for MeshExcluding a Mesh Cluster Profile from a Mesh Node To exclude a specific mesh cluster profile from an APConfiguring Ethernet Ports for Secure Jack Operation Extending the Life of a Mesh Network Outdoor AP Parameters Provisioning Mesh NodesIP settings section, select Obtain IP Address Using Dhcp Under Port Selection, click the port to configureProvisioning Caveats Provisioning Mesh NodesBooting the Mesh Point Understanding the AP Boot SequenceBooting the Mesh Portal Air Monitoring and Mesh Verification ChecklistVerifying the Network CLI Examples Configuring Remote Mesh Portals RMPsCreating a Remote Mesh Portal In the WebUI How RMP WorksDefining the Mesh Private Vlan Provisioning the APAdding a Mesh Cluster Profile Selecting a Mesh Radio ProfileSelecting an RF Management Profile Profile Details window Configuring a Dhcp PoolConfiguring the Vlan ID of the Virtual AP Profile Additional Information Provisioning a Remote Mesh Portal In the CLIConfiguring Redundancy Parameters Configuring the Local Controller for Redundancy On the master controller Configuring the LMS IPConfiguring the Master Controller for Redundancy Enter the master-redundancy context Command ExplanationRouter ID of the Vrrp instance Controllers. Specify a key of up to 64 charactersThis config mode command includes RF plan data when Configuring Database SynchronizationConfiguring Master-Local Controller Redundancy Enabling Incremental Configuration Synchronization CLI OnlyRedundant Topology Master-Local Redundancy Vrrp Dell PowerConnect W-Series ArubaOS 6.2 User Guide Working with Rapid Convergence Disabled Discarding BlockingUnderstanding Rstp Migration and Interoperability Rstp 802.1w Description Port Role Edge Port and Point-to-Point Configuring RstpFeature Default Value/Range Change the default configurations via the command line Troubleshooting RstpMonitoring Rstp Port FastDell PowerConnect W-Series ArubaOS 6.2 User Guide Rstp Enabling PVST+ in the CLI Understanding PVST+ Interoperability and Best PracticesEnabling PVST+ in the WebUI From the WebUI, add a Vlan instance and enable PVST+IP Mobility Understanding Dell Mobility ArchitectureEnable mobility disabled by default Configuring Mobility DomainsOn a master controller On all Dell controllers in the mobility domainConfiguring a Mobility Domain Joining a Mobility Domain Example ConfigurationNavigate to the Configuration Advanced Services IP Mobility Subnetwork Mask Configuring Mobility using the WebUIHome Agent Address or Vrip On controller a the master controllerViewing mobile client status using the WebUI Configuring Mobility using the CLIViewing mobile client status using the CLI Tracking Mobile UsersViewing specific client information using the CLI Viewing user roaming status using the CLIRoaming Description Status Type Status Type DescriptionSetting up mobility association Using the CLI Configuring Advanced Mobility FunctionsMobile Client Roaming Locations HA Discovery on AssociationDefault setting is 3 attempts Is 0-5000 visitors. The default setting is 5000 visitorsSeconds. The default setting is 5000 seconds Enable standalone APClick Apply after setting the parameter Proxy Dhcp Proxy Mobile IPRevocations Understanding Bridge Mode Mobility DeploymentsWorking with Inter controller Mobility Enabling Mobility MulticastWorking with Proxy Igmp and Proxy Remote Subscription Inter-controller Mobility Configuring Mobility MulticastEnable Igmp snooping Enable Igmp proxy on the FastEthernet Ieee 802.3 interfaceExample Start at 0 from the left-most positionExternal Firewall Configuration Understanding Firewall Port Configuration Among Dell DevicesConfiguring Ports to Allow Other Traffic Types Enabling Network AccessPorts Used for Virtual Internet Access VIA Page Remote Access Points About Remote Access PointsRemote AP with a Private Network Configure a Public IP Address for the Controller Configuring the Secure Remote Access Point ServiceUsing the WebUI to create a DMZ address Configure the NAT DeviceChap Authentication Support over PPPoE Configure the VPN ServerUsing the WebUI to configure Chap You can use the CLI or the WebUI to configure ChapCreating a Remote AP Whitelist Configuring Certificate RAPUsing the CLI to configure the Chap Using WebUI Configuring PSK RAPUsing CLI RAP Static Inner IP AddressIP-Address parameter in the local database Provision the APDeployment Scenario Master IP Address Value Deploying a Branch Office/Home Office SolutionTroubleshooting Remote AP Configuring the Branch Office APProvisioning the Branch Office AP Local DebuggingBasic View Information Advanced View Information Name Remote AP Connectivity Seamless failover from backup link to primary link on RAPMultihoming on remote AP RAP Data Description Enabling Remote AP Advanced Configuration OptionsRemote AP Diagnostics Understanding Remote AP Modes of Operation Remote Oper Forward Mode Setting AtionOnly Ssid configuration Stored in flash on Working in Fallback ModeEssid is up when Same behavior as Not supported AP contacts SSIDsConfiguring the AAA Profile for Fallback Mode in the WebUI Configuring Fallback ModeBackup Configuration Behavior for Wired Ports Configuring the AAA Profile for Fallback Mode in the CLI Configuring the Dhcp Server on the Remote AP Using the WebUI Configuring the Session ACL in the WebUI Configuring Advanced Backup OptionsConfiguring the AAA Profile in the WebUI Configuring the Session ACL in the CLI Defining the Backup Configuration in the WebUIConfigure the Remote-AP Dhcp Server fields Route src-natUsing the CLI to configure the AAA profile Specifying the DNS Controller SettingDefining the Backup Configuration in the CLI You can define other parameters as neededBackup Controller List Configuring the LMS and backup LMS IP addresses in the CLI Configuring Remote AP FailbackConfiguring Remote AP Authorization Profiles Enabling RAP Local Network AccessTo enable, enter To disable, enterUnderstanding Split Tunneling Working with Access Control Lists and Firewall PoliciesAdding or Editing a Remote AP Authorization Profile Sample Split Tunnel Environment Configuring Split TunnelingConfiguring the Session ACL Allowing Tunneling Configuring an ACL to Restrict Local Debug Homepage Access Enable Restricted Access to LD Homepage Configuring the AAA Profile for TunnelingInthe CLI Configuring the Tunneling Virtual AP ProfileDefining Corporate DNS Servers Provisioning Wi-Fi MultimediaNavigate to Configuration Wireless AP Configuration To configure bandwidth reservation Configuring Bandwidth ReservationNavigate to Configuration Advanced Services All Profiles Reserving Uplink BandwidthNavigate to Configuration Wireless AP Installation Provisioning 4G USB Modems on Remote Access Points4G USB Modem Provisioning Best Practices and Exceptions Provisioning RAP for USB ModemsRAP 3G/4G Backhaul Link Quality Monitoring Pantech Configuring W-IAP3WN Access PointsConverting an IAP to CAP Converting an IAP to RAP or CAPConverting IAP to RAP Enabling Bandwidth Contract Support for RAPs Configuring Bandwidth Contracts for RAPDefining Bandwidth Contracts Applying ContractsVerifying Contracts Applied to Users Verifying Contracts on APVerifying Bandwidth Contracts During Data Transfer Following is a sample output for a per-user configurationPage How it Works Virtual Intranet AccessUnderstanding VIA Connection Manager On Microsoft Windows Computers Installing the VIA Connection ManagerOn Apple MacBooks User action / environment VIA’s behaviorUpgrade Workflow Configuring the VIA ControllerMinimal Upgrade Complete UpgradeAuthentication mechanisms supported in VIA Supported Authentication MechanismsOther authentication methods Before you BeginSuite-B Configuring VIA SettingsEnable VPN Server Module Using the WebUI to Configure VIACreate VIA Authentication Profile Create VIA User RolesTo create VIA connection profile Create VIA Connection ProfileEnter a name for the server group Configuration Option Description List of all IKEv2 authentication methods To the support email-address for troubleshootingDefault None Client Auto-LoginEnable Fips Module Enable SupplicantVIA Authentication Name\username instead of just username Use Windows CredentialsTo configure VIA web authentication profile Configure VIA Web AuthenticationTo configure a VIA client Wlan profile Configure VIA Client Wlan ProfilesAssociate VIA Connection Profile to User Role To associate a VIA connection profile to a user roleCryptobinding TLV Option DescriptionServers or trusted certification authorities Mschapv2-use-windows-credentialsTo download the VIA installer and version file Rebranding VIA and Downloading the InstallerDownload VIA Installer and Version File Create VIA authentication profiles Using the CLI to Configure VIACreate VIA roles Create VIA connection profilesDownloading VIA Customize VIA logo, landing page and downloading installerPre-requisites Requires the following Microsoft KB on the end-user systemsDownloading VIA Login to Download VIAConnection Details Tab Installing VIAUsing VIA Settings Tab TroubleshootingDiagnostic Tab Spectrum Analysis Understanding Spectrum AnalysisDevice AP104 YesGraph Title Device Configurable as aHybrid AP? Graph Title Description Update Interval Spectrogram Spectrum Analysis ClientsReal-Time FFT SweptHybrid AP Channel Changes Hybrid APs Using Mode-Aware ARMCreating Spectrum Monitors and Hybrid APs Converting an Individual AP to a Spectrum Monitor Converting APs to Hybrid APsSelect AP to expand the AP profiles section Converting a Group of APs to Spectrum MonitorsConnecting Spectrum Devices to the Spectrum Analysis Client View Connected Spectrum Analysis Devices Disconnecting a Spectrum DeviceTable Column Description To manually disconnect a spectrum monitor or hybrid APClick the Spectrum Dashboards tab Configuring the Spectrum Analysis DashboardsSelecting a Spectrum Monitor Click theSpectrum Dashboards tab Changing Graphs within a Spectrum ViewSelect Rename Renaming a Spectrum Analysis Dashboard ViewSaving a Dashboard View Resizing an Individual Graph Customizing Spectrum Analysis GraphsActive Devices Spectrum Analysis Graph Configuration OptionsShow Channel RangeActive Devices Table Service set identifier of the device’s 802.11 wireless LANDevice Type Column may display any of the following valuesRadio band or channel Select the button by the symbolColumn heading Select the button by the Less than drop down listDetects on the radio channel Active Devices TrendCenter Frequency MHzChannel Metrics Wi-Fi data as non-Wi-Fi dataShow lines for these Select one of the following device typesRadio band displayed in this graph Channel Metrics GraphChannel Metrics Trend Minutes Drop-down list and select one of the following optionsHour Unselect the checkbox to hide that informationMonitor Channel Summary TableBand Radio band displayed in this graph Device Duty CycleFollowing device types Channel Utilization TrendNumbering Identify a channel numbering scheme for the graph Devices vs Channel As non-Wi-Fi dataIntervals Uncheck the checkbox by that channel numberDevices vs Channel Options FFT Duty Cycle FFT Duty CycleInterference Power Interference Power Options Device types Quality SpectrogramData Real-Time FFTFrequencies for the graph AxisSwept Spectrogram Frequency Center of the x-axis of this chart SpanCenter Right field, and the higher value in the left fieldSimple Line Graph of FFT Power Data Swept Spectrogram Options Working with Non-Wi-Fi Interferers Device vs Channel Interference Power Non-Wi-Fi Description InterfererViewing Spectrum Analysis Data Understanding the Spectrum Analysis Session LogTo record spectrum analysis data for later analysis Recording Spectrum Analysis DataCreating a Spectrum Analysis Record Playing a Spectrum Analysis Recording Saving the RecordingPlaying a Recording in the Spectrum Dashboard To save the recording fileClick Load File For Playback Playing a Recording Using the RFPlayback ToolClick the Recording View/Play link at the top of the window Troubleshooting Browser Issues Troubleshooting Spectrum AnalysisConverting a Spectrum Monitor Back to an AP or Air Monitor Loading a Spectrum ViewUnderstanding Device Ageout Times Understanding Spectrum Analysis Syslog MessagesPlaying a Recording in the RFPlayback Tool Age Out Generic Frequency Hopper Age Out Generic Fixed FrequencyHopper Seconds Dashboard Monitoring Monitoring PerformanceClients APsMonitoring Usage Using Dashboard HistogramsMonitoring WLANs Monitoring Potential IssuesMonitoring Security Monitoring Clients Monitoring Access PointsMonitoring Firewalls To disable this setting, include the no parameterElement View ElementBytes Tx Bytes Rx Bytes Element DescriptionColumn Element Tab Details ViewElement Summary View User Bytes Packets Device DestinationApplication Usage BreakdownUsage Breakdown Aggregated SessionsDestination Alias Column DescriptionSource IP Management Access Configuring Certificate Authentication for WebUI AccessEnabling Public Key Authentication for SSH Access Select the client certificate Click Apply Enabling Radius Server AuthenticationConfiguring Radius Server Authentication with VSA Configuring a set-value server-derivation rule Resetting the Admin or Enable Password Disabling Authentication of Local Management User AccountsVerifying the configuration User admin Password Bypassing the Enable Password PromptSetting an Administrator Session Timeout Implementing a Specific Management Password PolicyDefining a Management Password Policy Configure the settings described in TableAllowed Characters Disallowed Characters Allowed Characters Management Authentication Profile ParametersColon Period Pipe Plus sign + Tilde ~ Comma Accent mark `About Digital Certificates Managing CertificatesObtaining a Server Certificate Navigate to the Configuration Management Certificates CSRParameter Description Range Enter the following informationObtaining a Client Certificate Run the following commandImporting Certificates PKCS7 encrypted PKCS12 encryptedViewing Certificate Information Use the following command to import CSR certificatesImported Certificate Locations Location DescriptionSnmp Parameters for the Controller Configuring SnmpChecking CRLs Configuring Logging Category/Subcategory Description 802.1x messages Radius Radius user messages Category/SubcategoryLogging Level Description Enabling Guest Provisioning Configuring the Guest ProvisioningConfiguring the Guest Fields Guestcategory Guest FieldGuest Field Description Configuring the Page DesignProvisioning page for the sponsor information Fields that followNavigate to the Configuration Management SMTPpage Configuring the Smtp Server and Port in the WebUIConfiguring Email Messages Creating Email Messages in the WebUI Configuring an Smtp server and port in the CLIClick Apply and then Save Configuration Username and Password Authentication Method Configuring a Guest Provisioning UserStatic Authentication Method Management Users section, click AddSmart Card Authentication Method Customizing the Guest Access PassUsername and Password Method Click Apply and Save ConfigurationCustomized Guest Account Information Window Creating Guest AccountsCreating a Guest Account-New Guest Window Guest Provisioning User TasksCreating Multiple Guest Entries in a CSV File Importing Multiple Guest EntriesCVS File Format-Guest Entries Information Importing the CSV File into the DatabaseImporting a CSV file that contains Guest Entries Displaying the Guest Entries Log File Printing Guest Account Information Optional ConfigurationsRestricting one Captive Portal Session for each Guest Using the WebUI to set the maximum time for guest accounts Setting the Maximum Time for Guest AccountsUsing the CLI to set the maximum time for guest accounts Managing Files on the ControllerNavigate to the Maintenance Controller Image Management Server Type ConfigurationTransferring ArubaOS Image Files Username to log into serverCopying Log Files Backing Up and Restoring the Flash File SystemManually Setting the Clock Setting the System ClockNavigate to the Configuration Management Clock Copying Other FilesClock Synchronization Configuring NTP AuthenticationThreshold Description Enabling Capacity AlertsTimestamps in CLI Output User-capacity Sent. The default threshold for this parameter is 80%Examples Adding Local Controllers Configuring Local ControllersUsing the Initial Setup Configuring Trusted Ports Configuring Layer-2/Layer-3 SettingsConfiguring Local Controller Settings Using the Web UIUsing the WebUI to configure the LMS IP Configuring APsUsing the CLI to configure the LMS IP Moving to a Multi-Controller EnvironmentConfiguring a Preshared Key Using the WebUI to configure a Local Controller PSK Configuring a Controller CertificateUsing the WebUI to configure a Master Controller PSK Using the CLI to configure a PSKUsing the CLI to configure the Master Controller Certificate Advanced Security Securing Client TrafficWireless xSec Client Example Securing Wireless ClientsSecuring Wired Clients Navigate to the Configuration Advanced Services Wired Access Securing Wireless Clients Through Non-Dell APs Securing Clients on an AP Wired Port Succeed Time to wait for authentication toFor Controller Configuring Controllers for xSecSecuring Controller-to-Controller Communication Installing the Odyssey Client Configuring the Odyssey Client on Client MachinesModifying a regedit Policy Certificate Information Page Setting up Net Services Configuring Voice and VideoUsing Default Net Services Voice and Video License RequirementsCreating Custom Net Services Configuring User RolesUsing the Default User Role Net Service Name Protocol PortService Name Using the WebUI to configure user rolesNavigate to the Configuration Security Access Control Creating or Modifying Voice User RolesClick Done Click Apply Using the CLI to configure a user roleUsing the WebUI to derive the role based on Ssid Using the User-Derivation RolesUsing the CLI to derive the role based on Ssid Using the WebUI to derive the role based on MAC OUIConfiguring Video over Wlan enhancements Configuring Firewall Settings for Voice and Video ALGsAdditional Video Configurations Pre-requisites To enable Igmp snoopingTo add the ACL to a user role Configure multicast rate optimization for video trafficSet a bandwidth percentage for the following categories Configure and apply a bandwidth management profileEnable Igmp Proxy Enable multicast shaping on the firewallEnable Igmp Snooping Configure ARM scanning for video traffic Configure multicast rate optimization for the video trafficThis step is optional Configure and apply bandwidth management profileWorking with QoS for Voice and Video Understanding VoIP Call Admission Control Profile Voip Tspec Enforcement Understanding Wi-Fi MultimediaTo enable call admission control in this profile Priority 802.1p Priority WMM Access Category Configuring WMM AC MappingEnabling WMM Lowest Background Best effort Video Voice HighestBackground Best effort Video Voice Dscp Decimal Value WMM Access CategoryUsing the WebUI to map between WMM AC and Dscp Using the CLI to map between WMM AC and Dscp Configuring Dscp PrioritiesWMM Access Category Description 802.1p Tag Configuring Dynamic WMM Queue ManagementEnhanced Distributed Channel Access Disables this option Using the WebUI to configure Edca parameters1. a value of 4 computes to 2 4-1 = 15. Possible values are Microseconds, enter 94 3008/32. Possible values areTo associate the Edca profile instance to a Ssid profile Enabling WMM Queue Content EnforcementUsing the CLI to configure Edca parameters Microsoft OCS Understanding Extended Voice and Video FeaturesApple Facetime Port Packet TypeScanning for VoIP-Aware ARM Enabling WPA Fast HandoverEnabling Mobile IP Home Agent Assignment Disabling Voice-Aware Configuring SIP Authentication TrackingEnabling Real Time Call Quality Analysis To configure Real Time analysis on voice callsWeb UI Viewing Real Time Call Quality ReportsSIP session timer is implemented in the SIP ALG as per RFC Enabling SIP Session TimerClick the Policies tab To configure the session timer and the timeout valueTo view the SIP settings on the controller Select the Classify Media check box Enabling Wi-Fi Edge Detection and Handover for Voice ClientsClick the Apply button to save the configuration Expand Handover Trigger under Wireless LanWorking with Dial Plan for SIP Calls Understanding Dial Plan FormatAction Description Configuring Dial PlansDialplan Profile displays the dial plan details Dialplan ProfileTo create a voice dial plan profile Enabling Enhanced 911 SupportTo associate the dial plan with SIP ALG To view the SIP dial plan profileWorking with Voice over Remote Access Point Enabling Lldp Understanding Battery BoostConfigure the Lldp profile parameters as desired then click Lldp PDUs. The AP will send all 802.1 TLVs by default Lldp PDUs. The AP will send all optional TLVs by defaultLldp PDUs. The AP will send all 803.2 TLVs by default Show the power support capabilities of the AP interfaceLLDP-MED Profile Configuration Parameters Apply to save your settings Viewing Troubleshooting Details on Voice Client Status Advanced Voice TroubleshootingConnected To view the details of a completed call based on the CDR Id Viewing Troubleshooting Details on Voice Call CDRsEnabling Logging for a Specific Client Navigate to the Configuration Management LoggingEnabling Voice Logs Viewing Voice Traces To view the voice signaling message tracesTo set the voice logging level to debugging To debug voice logs for a specific clientTo view the voice configuration details on your controller Viewing Voice ConfigurationsSIP settings Value Parameter Overview L2/L3 network mode supportInstant AP VPN Support Termination of Instant AP VPN tunnelsWhitelist DB Configuration VPN ConfigurationController Whitelist DB External Whitelist DBVPN Profile Configuration VPN Local Pool ConfigurationViewing Branch Status Radius proxy for VPN connected IAPsOutput of this command includes the following parameters Series Controllers Understanding W-600 Series Best Practices and ExceptionsController USB PortsFinding USB Modem Commands Connecting with a USB Cellular ModemsSwitching Modes Cellular Profile Uplink ManagerCellular Profile from the WebUI Dialer GroupVerify the modem is registered with the Uplink Manager Configuring a Supported USB ModemIf you get entries similar to the example below Configuring a New USB ModemConfiguring the Profile and Modem Driver Driver=none Configuring the TTY PortSelecting the Dialer Profile Testing the TTY PortLinux Support Setting Up NAS Network-Attached Storage DevicesNAS Device Setup View list of shares in a disk Configuring in the CLIManaging NAS Devices Controller wake-up Green-solid Button Mounting and Unmounting DevicesNAS Media Green-solid Press and hold media Printer Setup Using the CLI Connecting to a Print ServerAdditional Commands for Managing Printers To view a list of printers mounted on the controller, typeRemote Branch 1-W-650 Controller Series Sample Topology and ConfigurationRemote Branch 2-W-650 Controller Central Office Controller-Active Central Office Controller-Backup Page Sample ESI Topology External Services InterfaceESI-Fortinet Topology ESI Parser Domains Understanding the ESI Syslog ParserSyslog Parser Rules Peer ControllersUser Pattern Matching Configuring ESICondition Pattern Matching Enter a Profile Name Configuring Health-Check Method, Groups, and ServersDefining the ESI Server Defining the ESI Server Group To configure an ESI server group on the controllerServer Name Enter a Group NameRedirection Policies and User Role Managing Syslog Parser Domains in the WebUI ESI Syslog Parser Domains and RulesAdding a new syslog parser domain Deleting an existing syslog parser domainManaging Syslog Parser Domains in the CLI Use these CLI commands to manage syslog parser domainsManaging Syslog Parser Rules Editing an existing syslog parser domainEditing an existing syslog parser rule Adding a new parser ruleDeleting a syslog parser rule Use these CLI commands to manage syslog parser rules Testing a Parser RuleShowing ESI syslog parser rule information Sample Route-mode ESI TopologyMonitoring Syslog Parser Statistics IP routing configuration on Fortinet gateway Configuring the Example Routed ESI TopologyESI server configuration on controller Defining the Ping Health-Check Method Health-Check Method, Groups, and ServersEnter a Group Name. Enter fortinet Trusted IP Address. Enter Untrusted IP Address. EnterRedirection Policies and User Role Add a New Syslog Parser Domain in the WebUI Syslog Parser Domain and RulesAdding a New Parser Rule in the WebUI To add a new syslog parser domain for the routed exampleExample NAT-Mode Topology Sample NAT-mode ESI TopologyESI server configuration on the controller Configuring the NAT-mode ESI Example in the WebUI Configuring the Example NAT-mode ESI TopologyConfiguring the ESI Group in the WebUI Profile Name. This example uses externalcppingConfigure the ESI Servers in the WebUI Configuring the Example NAT-mode Topology in the CLIConfiguring the Redirection Filter in the WebUI Policy Name. This example uses cpredirectaclConfiguring ESI Servers Configuring a Health-Check PingUsing the ESI Group in a Session Access Control List CLI Configuration ExampleCharacter-Matching Operators Understanding Basic Regular Expression BRE SyntaxDescription Sample Result Regular Expression Repetition OperatorsRegular Expression Anchors References External User Management Working with the ArubaOS XML API WorksCreating an XML Request Authenticating a UserAdding a User Deleting a UserFormat of a default XML response from the controller is Default Response FormatXML Response Blacklisting a UserCode Reason message Response CodesCode Reason message Description Query Command Response FormatConfiguring the XML API Server Using the XML API ServerVerify the XML API server configuration Associating the XML API Server to a AAA profileVlan Associating the Captive Portal Profile to an Initial Role Set up Captive Portal profileOptions Description Range / Defaults Authentication Command DescriptionThis command deletes the user from the controller Dell controllers configurationMonitoring External Captive Portal Usage Statistics Sample Code Using XML API in C LanguagePage Page List all parameter that you can use in a request Understanding Request and ResponseUnderstanding XML API Request Parameters Understanding XMl API Response This command will add a client on your networkAdding a Client Response from the controllerDeleting a Client Authenticating a ClientView the updated details of the client on the controller Status of the client after authentication Status of the client before authenticationSending the authentication command Querying for Client Details Blacklisting a Client-request and response Blacklisting a ClientRF Plan Supported PlanningPlanning Deployment Configuration ConsiderationsPre-Deployment Considerations Outdoor-Specific Deployment ConsiderationsDual-Port AP Considerations Post-Deployment ConsiderationsButtons Description Launching the RF PlanCampus List Edit a campus from the building list pane Building List PaneButtons Building Dimension Building Specifications OverviewAP Modeling Parameters Radio Type Radio Description Button Design ModelOverlap Factor Radio Properties Desired Rates and HT Support Options Users/APOverlap Description Factor Radio Property DescriptionValid values are 54, 48, 36, 24, 18, 12, 9, 6, 11, 5.5, 2 AM ModelingNumber of available channels Design Models Planning FloorsMonitor Rates Radio Button DescriptionZoom You can select or adjust the features as described in TableFloor Editor Dialog Box Approximate Coverage MapLevel NamingBackground Images Area Editor Dialog BoxArea Types Location and DimensionsFixed Access Point Editor Dialog Box802.11n Features Power LevelsRadio Types Y CoordinatesInitialize AP PlanOptimize MemoViewing the Results AM PlanFix All Suggested AP/AMs Exporting and Importing Files Export Buildings Export CampusImport Campus Import Buildings LocateProperty Description Fqln MapperSearch Results Using the Fqln Mapper in the AP ProvisionRF Plan Example Using the WebUISample Building HeightCreate a Building Text Box Model the Access PointsInformation Campus NameAdd and Edit a Floor Model the Air MonitorsAdding the background image and naming the first floor Adding the background image and naming the second floorRunning the AP Plan Creating a Don’t Deploy AreaClick Initialize Running the AM PlanClick Optimize Click Initialize then OptimizeForwarding Mode Feature Not Supported Understanding Mode SupportBehavior and Defaults Name Protocol Understanding Basic System DefaultsNetwork Services Name Protocol Ports Following are predefined policies PoliciesPredefined Policy Description Access the controllers administrative Used to enable the captive portal logoutBe modified. It permits APs to boot up Network access. You can use this rule toNAT-T UDP 4500. Remove NAT-T if not Permits all DNS trafficNeeded This policy can be used to source-NAT allFollowing are predefined roles RolesPredefined Role Description Should be disabled if it is not needed Enables captive portalBeginning Profiles with different customizationArubaOS software includes predefined management user roles Understanding Default Management User RolesPredefined Role Permissions Show aaa authentication-server all Show aaa state configurationShow switches summary Show wlan-ap-count type access-pointsMonitoring Controller Clients Packet CaptureMonitoring Port Protocol Where Used Description Number Understanding Default Open PortsTesting Controller Remote wired MAC lookup 4343Port is not exposed to wireless users Exposed to wireless usersConfiguring Option Configuring a Windows-Based Dhcp ServerTo configure option 60 on the Windows Dhcp server Dhcp with Vendor-Specific OptionsField Information To configure option 43 on the Windows Dhcp serverScope Options Dialog Box Enabling Linux Dhcp Servers Navigate to Configuration Network IP IP InterfacesEnabling Dhcp Relay Agent Information Option Option Range 10.200.10.200 Radius Client Configuration Configuring Microsoft IAS802.1X Configuration for IAS and Windows Clients Active Directory Database Remote Access PoliciesConfiguring Policies Click Configure to select additional properties IAS Remote Access PoliciesPolicy Configuration Wizard-Authentication Methods Radius class Attribute Configuration Configuring Radius AttributesNext, create a remote policy for your new Radius client Configuring Management Authentication using IASCreating a Remote Policy Creating a User Entry in Windows Active Directory Defining Properties for Remote PolicyConfiguring a Server Group for IAS Management Authentication Click Begin Test Window XP Wireless Client Sample ConfigurationNavigate to DiagnosticsAAA Test Server Wireless Networks Networks to Access Wireless Network Association Wireless Network Authentication Protected EAP Properties EAP MSCHAPv2 Properties Acronyms and Terms AcronymsAcronym DefinitionDoS Acronym MSCHAPv2 PPPoE PoEQoS RoWVoFI VoIP Term TermsWISPr XAuthTerm Term Definition Fixed wireless Encryption authenticationShops are providing free wireless access for customers IR wirelessHills, mountains, and large human-made structures Optical wirelessInput, multiple output Near field communicationNFCWi-Fi Access W-CDMAFacilities offer public access to Wi-Fi networks Standards for broadband wireless access BWA networks. WiMAXWired LAN Wireless service providerKilometers Yagi antenna
Related manuals
Manual 8 pages 57.45 Kb

6.2 specifications

Dell 6.2 is an advanced enterprise solution that caters to the needs of businesses seeking robust performance and efficiency. As a part of Dell's commitment to innovation, the 6.2 series combines cutting-edge technologies and features that enhance productivity and deliver reliable computing experiences.

One of the standout features of the Dell 6.2 is its impressive processing power. Equipped with the latest Intel processors, it offers exceptional speed and multitasking capabilities. This allows businesses to run demanding applications effortlessly, making it ideal for data-intensive tasks such as data analysis, software development, and virtualization. The series also supports substantial RAM configurations, enabling users to manage extensive workloads without experiencing slowdowns.

In terms of storage, the Dell 6.2 line includes advanced SSD options that significantly boost data access speeds compared to traditional hard drives. This rapid access to information is vital for businesses that require quick retrieval of large datasets. Furthermore, the devices support RAID configurations, which enhances data redundancy and security, protecting critical business information from loss.

Connectivity is another critical aspect of the Dell 6.2 series. It includes multiple USB ports, HDMI outputs, and high-speed Ethernet options, ensuring that users can easily connect to various peripherals and networks. The integration of Wi-Fi 6 technology enables faster wireless connections, resulting in improved internet speeds and bandwidth efficiency, which is crucial in today’s increasingly connected workplaces.

Dell has also prioritized security in the 6.2 series. It features enhanced biometric authentication and advanced encryption methods, safeguarding sensitive data from unauthorized access. Additionally, the system's BIOS protection and automatic updates provide an added layer of security, ensuring that the device remains safe from emerging threats.

The design of the Dell 6.2 is not only sleek and modern but also built for durability. Its robust chassis is engineered to withstand the rigors of daily use, making it suitable for various business environments. This durability ensures that the investment in Dell 6.2 will last for years while maintaining performance integrity.

In summary, the Dell 6.2 series embodies a blend of speed, storage efficiency, connectivity, and security, making it a top choice for enterprises looking to enhance their computing capabilities. With its modern features and durable design, Dell 6.2 is positioned as a reliable partner in driving business success.