Dell 6.2 manual Configuring Captive Portal Authentication Profiles

Page 246

In the WebUI

1.Navigate to the Configuration > Network > VLANs page.

a.Click Add.

b.For VLAN ID, enter 900.

c.Click Apply.

2.Navigate to the Configuration > Network > IP > IP Interfaces page.

a.Click Edit for VLAN 900.

b.For IP Address, enter 192.168.200.20.

c.For Net Mask, enter 255.255.255.0.

d.Click Apply.

3.Click the DHCP Server tab.

a.Select Enable DHCP Server.

b.Click Add under Pool Configuration.

c.For Pool Name, enter guestpool.

d.For Default Router, enter 192.168.200.20.

e.For DNS Server, enter 64.151.103.120.

f.For Lease, enter 4 hours.

g.For Network, enter 192.168.200.0. For Netmask, enter 255.255.255.0.

h.Click Done.

4.Click Apply.

In the CLI

(host)(config) #vlan 900

(host)(config) #interface vlan 900

(host)(config) #ip address 192.168.200.20 255.255.255.0

(host)(config) #ip dhcp pool "guestpool"

(host)(config) #default-router 192.168.200.20

(host)(config) #dns-server 64.151.103.120

(host)(config) #lease 0 4 0

(host)(config) #network 192.168.200.0 255.255.255.0

Configuring Captive Portal Authentication Profiles

In this section, you create an instance of the captive portal authentication profile and the AAA profile. For the captive portal authentication profile, you specify the previously-created auth-guestuser role as the default user role for authenticated captive portal clients and the authentication server group (“Internal”).

To configure captive portal authentication via the WebUI:

1.Navigate to the Configuration > Security > Authentication > L3 Authentication page. In the Profiles list, select Captive Portal Authentication Profile.

a.In the Captive Portal Authentication Profile Instance list, enter guestnet for the name of the profile, then click Add.

b.Select the captive portal authentication profile you just created.

c.For Default Role, select auth-guest.

d.Select User Login.

e.Deselect (uncheck) Guest Login.

246 Captive Portal Authentication

Dell PowerConnect W-Series ArubaOS 6.2 User Guide

Image 246
Contents User Guide Copyright Information Open Source CodeLegal Notice Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents 477 485490 Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Feature Description What’s New In ArubaOSAbout this Guide Spectrum enhancements Users using them in a given networkIssued Spectrum recording informationFundamentals WebUIRelated Documents ConventionsType Style Description Page Understanding Basic Deployment and Configuration Tasks Basic User-Centric NetworksDeployment Scenario #1 Controller and APs on Same Subnet APs All on One Subnet Different from Controller Subnets APs on Multiple Different Subnets from Controllers Configuring the Controller Running Initial SetupDell W-7200 Series Controller Using the LCD ScreenConnecting to the Controller after Initial Setup New Port Numbering SchemeDisplays Using the LCD and USB Drive Uploading a Pre-saved ConfigurationUpgrading an Image Configuring a Vlan to Connect to the Network Disabling LCD Menu FunctionsAssigning and Configuring the Trunk Port Creating, Updating, and Viewing VLANs and Associated IDsCreating, Updating, and Deleting Vlan Pools To confirm the port assignments, use the show vlan command Configuring the Default GatewayConfiguring the Loopback IP Address for the Controller WebUIConfiguring the System Clock Enter y to reboot the controller or n to cancelController returns the following messages Installing Licenses Enabling Wireless ConnectivityConfiguring Your User-Centric Network Connecting the Controller to the NetworkMust explicitly enable Telnet on the controller Control Plane Security Control Plane Security Overview Configuring Control Plane SecurityConfigure the following control plane security parameters Parameter DescriptionCLI ExampleManaging AP Whitelists Adding APs to the Campus and Remote AP WhitelistsAddress as a name Viewing Whitelist StatusStatus Entry Control Plane Security Campus AP Whitelist status onlyStatus Entry Description Command Description Modifying an AP in the Campus AP WhitelistClick the Campus AP Whitelist tab Revoking an AP via the Campus AP Whitelist Deleting an AP Entry from the Campus AP WhitelistPurging the Campus AP Whitelist Campus AP whitelist contains Master switch Managing Whitelists on Master and Local ControllersWith local Dell Campus AP Whitelist Synchronization Viewing and Managing the Master or Local Switch WhitelistsViewing the Master or Local Switch Whitelist Data Column DescriptionDeleting an Entry from the Master or Local Switch Whitelist Purging the Master or Local Switch Whitelist Configuring Networks with a Backup Master ControllerConfiguring Networks with Clusters of Master Controllers Working in Environments with Multiple Master ControllersClick the Cluster Setting tab Creating a Cluster RootViewing Controller Cluster Settings To view your current cluster configuration via the WebUICreating a Cluster Member Replacing a Controller on a Multi-Controller Network Replacing Controllers in a Single Master NetworkReplacing a Local Controller Replacing a Master Controllerwith No Backup Replacing a Redundant Master ControllerReplacing a Local Controller in a Multi-Master Network Replacing a Cluster Member Controller with no BackupReplacing Controllers in a Multi-Master Network Replacing a Redundant Cluster Member ControllerReplacing a Redundant Cluster Root Controller Identifying Certificate Problems Configuring Control Plane Security after UpgradingTroubleshooting Control Plane Security Manually Certify Campus APsVerifying Certificates Disabling Control Plane SecurityVerifying Whitelist Synchronization Supported APs Rogue APsUnderstanding License Terminology Software LicensesWorking with Licenses License Using LicensesWorking with Licenses on a Multiple Controller Network Basis What Consumes One LicenseUnderstanding License Interaction Controller Total AP Count Campus APs Remote APsLicense Installation Best Practices and Exceptions Installing a LicenseEnabling a new license on your controller Obtaining a Software License Key Requesting a Software License in EmailLocating the System Serial Number Creating a Software License KeyMoving Licenses Resetting the ControllerDeleting a License Applying the Software License Key in the WebUIPage You can create and update a single Vlan or bulk VLANs Configuring VLANsNetwork Configuration Parameters Navigate to the Configuration Network VLANsCreating a Named Vlan not in a Pool Navigate to Configuration Network VLANsCreating Named VLANs Creating Bulk VLANs In the WebUIThis example assigns a name to an existing Vlan ID Using the WebUICreating a Vlan Pool This example assigns a Vlan name in a virtual APDistinguishing Between Even and Hash Assignment Types Creating a Vlan PoolFollowing example shows how to view Vlan IDs to a Vlan pool Creating a Vlan Pool Using the CLIViewing and Adding Vlan IDs Using the CLI Updating a Vlan PoolAdding a Bandwidth Contract to the Vlan Optimizing Vlan Broadcast and Multicast TrafficProxy Arp is disabled for the Interface Configuring PortsUsing the CLI Navigate to Configuration Network IPAbout Trusted and Untrusted Physical Ports Configuring Trusted/Untrusted Ports and VLANsClassifying Traffic as Trusted or Untrusted About Trusted and Untrusted VLANsFor Port Mode select Trunk This exampleUnderstanding Vlan Assignments How a Vlan Obtains an IP AddressAssigning a Static Address to a Vlan Navigate to the Configuration Network IP IP Interfaces Configuring a Vlan to Receive a Dynamic AddressConfiguring Multiple Wired Uplink Interfaces Active-Standby Enabling the Dhcp ClientEnabling the PPPoE Client Select Obtain an IP address with PPPoEDefault Gateway from DHCP/PPPoE Configuring DNS/WINS Server from DHPC/PPPoESelect Apply Configuring Source NAT to Dynamic Vlan Address Configuring Source NAT for Vlan InterfacesExample Configuration Inter-VLAN RoutingConfiguring Static Routes Using the WebUI to restrict Vlan routingNavigate to the Configuration Network IP IP Interface Configuring the Loopback IP Address Modify the IP Address as required ClickApply Configuring the Controller IP Address Configuring GRE TunnelsUsing the CLI Directing Traffic into the Tunnel Navigate to the Configuration Network IP GRE TunnelsCreating a Tunnel Interface Static RoutesTunnel Keepalives WebUICLI Understanding IPv6 Topology This chapter describes ArubaOS support for IPv6 featuresUnderstanding IPv6 Notation IPv6 SupportEnabling IPv6 Enabling IPv6 Support for Controller and APsFeatures Supported on IPv6 APs? To Configure Global Unicast Address Configuring IPv6 AddressesTo Configure Link Local Address Yes LimitedConfiguring IPv6 Static Neighbors To Configure Loopback Interface AddressTo Configure Static IPv6 Routes Configuring IPv6 Default Gateway and Static IPv6 RoutesTo Configure IPv6 Default Gateway Managing Controller IP AddressesConfiguring Multicast Listener Discovery MLD To Modify IPv6 MLD ParametersDebugging an IPv6 Controller Provisioning an IPv6 APWorking with IPv6 Router Advertisements RAs Configuring a Captive Portal over IPv6Filtering an IPv6 Extension Header EH To view the EH types deniedConfiguring an IPv6 RA on a Vlan Using WebUIYou can use the WebUI or CLI to configure IPv6 RA on a Vlan Configuring Optional Parameters for RAs Using CLITo configure IPv6 recursive DNS server Navigate to the ConfigurationNetworkIPTo configure neighbor discovery retransmit time To configure RA hop-limitSupported Network Configuration Viewing IPv6 RA StatusUnderstanding Authentication Authentication Method Supported for IPv6 Clients?XSec No not tested MAC-based Yes Working with Firewall Features Authentication Description MethodUnderstanding Firewall Policies Field Description Assigning an IPv6 Policy to a User Role To assign an IPv6 policy using the WebUICreating an IPv6 Firewall Policy For Host IP, enter 2002d81ff9f01000Managing IPv6 User Addresses Understanding IPv6 Exceptions and Best PracticesHost config #ipv6 enable Understanding Lacp Best Practices and Exceptions Link Aggregation Control Protocol LacpConfiguring Lacp Set the port priorityLacp Sample Configuration 151 Understanding Ospf Deployment Best Practices and Exceptions OSPFv2Wlan Routing Table Understanding OSPFv2 by Example using a Wlan ScenarioWlan Topology Below is the routing table for RouterBranch Office Topology Branch Office Ospf TopologyRouting table of the Central office controller is below Configuring OspfBranch Office Routing Table Routing table for Router 1 is belowGeneral Ospf Configuration Select the Add button to add an area see FigureSample Topology and Configuration Remote BranchRemote Branch Central Office Controller-Active Central Office Controller-Backup OSPFv2 Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide OSPFv2 Understanding Tunneled Node Configuration Tunneled NodesFor example Configuring a Wired Tunneled Node ClientNavigate to ConfigurationAdvanced ServicesWired Access WebUILocate the Wired Access Concentration Configuration section Configuring an Access Port as a Tunneled Node PortConfiguring a Trunk Port as a Tunneled Node Port Verify the configurationSample Output On the tunneled node clientPage Authentication Servers Understanding Servers and Server GroupsConfiguring Servers Configuring a Radius ServerDescribes the parameters you configure for a Radius server Override the global configuration TimeoutDefault 5 seconds NAS IP address to send in Radius packetsRadius Server Fully Qualified Domain Names Configuring an RFC-3576 Radius ServerRadius Server Authentication Codes Set a DNS Query IntervalConfiguring an Ldap Server Describes the parameters you configure for an Ldap serverHost IP address of the Ldap server Default N/A Admin-DN Defines the TACACS+ server parameters Configuring a TACACS+ ServerEnter parameters as described in Table Type Connection type is Ldap-s Start-tls Clear-textConfiguring a Windows Server Configuring the Internal Database Managing the Internal DatabaseParameters Exporting Files in the WebUI Enter the following command in enable modeManaging Internal Database Files Parameters DescriptionConfiguring Server Groups Working with Internal Database UtilitiesConfiguring Server Groups Configuring Server List Order and Fail-ThroughConfiguring Dynamic Server Selection Select Fail ThroughClick Add Rule Scroll to the right and click Add Server Click ApplyConfiguring Match Fqdn Option Trimming Domain Information from RequestsConfiguring Server-Derivation Rules Controller when the rule is applied Default bottomTop Navigate to the Configuration Management Administration User AuthenticationManagement Authentication Assigning Server GroupsAccounting Radius AccountingSelect AAA Profile, then select the AAA profile instance Configuring Authentication Timers Timer DescriptionTACACS+ Accounting Logon User Lifetime Setting an Authentication TimerDefault 5 minutes RangeConfiguring the MAC Authentication Profile Configuring MAC-Based AuthenticationMAC-based Authentication ParameterUsing the CLI to configure a MAC authentication profile Configuring ClientsUsing the WebUI to configure a MAC authentication profile Disables blacklistingCLI Understanding 802.1X Authentication 802.1X AuthenticationConfiguring Authentication with a Radius Server Supported EAP TypesConfiguring Authentication Terminated on Controller 802.1X Authentication with Radius ServerConfiguring 802.1X Authentication Timer per role overrides this setting Failures, and the default value is 0 failuresDefault User Role Guest role Reauthentication This option is disabled by defaultCount Interval Seconds, and the default value is 30 secondsDefault value is RequestsAuthentication takes place Key Exchange Delay between WPA/WPA2Disable this feature Option is disabled by defaultDisabled by default For the cached information. The default value is 24 hoursUse to authenticate itself to the client Negotiation Disabled by default WPA-Fast-HandoverConfiguring and Using Certificates with AAA FastConnect Configuring User and Machine Authentication Machine User Auth Description Role Assigned StatusMachine Auth User Auth Description Vlan Assigned Status Authenticated Vlan configured Virtual AP profileEnabling 802.1x Supplicant Support on an AP Virtual AP profileTo view the 802.1x authentication details on the controller PrerequisitesProvisioning an AP as a 802.1X Supplicant Configuring Roles and Policies Sample ConfigurationsConfiguring Authentication with an 802.1X Radius Server Creating the Student Role and PolicyCan use the alias for other rules and policies Using the WebUI Creating the Faculty Role and PolicyCreating the Guest Role and Policy Under Time Range, select working-hours Creating an Alias for the Internal Network Using the CLI Configuring the Radius Authentication ServerCreating Roles and Policies for Sysadmin and Computer Using the WebUI to create the computer roleConfiguring 802.1X Authentication Select Enforce Machine AuthenticationConfiguring VLANs Configuring the WLANs Configuring the Guest WlanNavigate to the Configuration Wireless AP Configuration Configuring the Non-Guest WLANs AP Group list, click Edit for the first-floorCLI Configuring a Server Rule Using the WebUI Configuring a Server Rule Using the CLISelect Termination Configuring WLANs Configuring the Guest Wlan Configuring the Non-Guest WLANs Describes the different authentication possibilities Configuring Mixed Authentication ModesAuthentication 802.1x LogonPerforming Advanced Configuration Options for Configuring Reauthentication with Unicast Key RotationWorking With Stateful Authentication Stateful and WISPr AuthenticationWorking With WISPr Authentication Understanding Stateful Authentication Best PracticesConfiguring Stateful 802.1x Authentication Configuring Stateful Ntlm Authentication Configuring Stateful Kerberos Authentication Configuring WISPr Authentication Profiles list, expand the WISPr Authentication Profile Dell PowerConnect W-Series ArubaOS 6.2 User Guide 227 Understanding Ocsp and CRL Configuring a Controller as Ocsp and CRL ClientsConfiguring an Ocsp Controller as a Responder Certificate RevocationConfiguring the Controller as an Ocsp Client Navigate to the Configuration Management Certificates UploadConfiguring the Controller as a CRL Client Select the Revocation Checkpoint tabConfiguring the Controller as an Ocsp Responder Select Enable next to Enable Ocsp Responder Captive Portal Authentication Understanding Captive PortalPolicy Enforcement Firewall Next Generation Pefng License Configuring Captive Portal in the Base Operating SystemNavigate to the Configuration Management General Controller Server CertificateWebUI CLI Using Captive Portal with a Pefng License Configuring Captive Portal in the WebUI To configure captive portal with Pefng license via the WebUISample Authentication with Captive Portal Configuring Captive Portal in the CLICreating a Guest User Role Creating an Auth-guest User Role Configuring Policies and Roles in the WebUISelect Add to add the guest-logon-access policy Creating a Time RangeCreating an Auth-Guest-Access Policy To configure the auth-guest-access policy via the WebUICreating Aliases Creating an Block-Internal-Access Policy To create the block-internal-access policy via the WebUITo create the drop-and-log policy via the WebUI Creating a Drop-and-Log PolicyCreating a Guest Role To create a guest role via the WebUIDefining a Time Range Configuring Policies and Roles in the CLICreating an Auth-Guest Role To create the guest-logon role via the WebUICreating a Block-Internal-Access Policy Configuring Guest VLANsCreating a Guest-Logon-Access Policy Creating a Guest-Logon RoleConfiguring Captive Portal Authentication Profiles Click Add For Vlan ID, enter Click ApplyConfiguring the AAA Profile Modifying the Initial User RoleConfiguring the Wlan Managing User AccountsUtilization Logon Threshold Default 60% Logon wait Configuring Captive Portal Configuration ParametersUnauthenticated that a guest cannot access RoleEnabling Optional Captive Portal Configurations Following are optional captive portal configurationsEntity Engineering Business Faculty Uploading Captive Portal Pages by Ssid AssociationChanging the Protocol to Http Specify the fac-logon userConfiguring Redirection to a Proxy Server L3 AuthenticationSecurity Access Control Policies For captive portal with role-based access Redirecting Clients on Different VLANsFor captive portal with Pefng license Web Client Configuration with Proxy Script Personalizing the Captive PortalTo customize the page background Select the Your Custom BackgroundCreating and Installing an Internal Captive Portal Creating a New Internal WebFqdn Example Password ExampleUsername Example VariableInstalling a New Captive Portal Displaying Authentication Error MessagesBasic Html Example Reverting to the Default Captive Portal Configuring LocalizationInsert javascript to handle error cases This should be replaced with a link like the followingThis should be replaced with a link like this Div id=errorbox style=display none /div Customizing the Welcome Sample TranslatedCustomizing the Pop-Up box Customizing the Logged Out Box Creating Walled Garden Access Navigate to Advanced Services Stateful Firewall DestinationConfiguring the Redirect-URL Configuring the Login URLEnabling Captive Portal Enhancements Defining Netdestination Descriptions Configuring a WhitelistConfiguring the Netdestination for a Whitelist Associating a Whitelist to Captive Portal ProfileVerifying a Captive Portal Profile Linked to a Whitelist Verifying a Whitelist ConfigurationUse the following commands to verify the whitelist alias Verifying Dynamic ACLs for a WhitelistVerifying DNS Resolved IP Addresses for Whitelisted URLs TOSExample Planning a VPN Configuration Virtual Private NetworksIKE Policies Suite-B for IPsec tunnels Selecting an IKE protocolUnderstanding Suite-B Encryption Licensing 384 Suite-B certificates ECDSA-256, ECDSA-384Working with IKEv2 Clients Understanding Supported VPN AAA DeploymentsWorking with Certificate Groups Working with VPN Authentication ProfilesParameter Default Default-rap Default-cap VPN ClientConfiguring a Basic VPN for L2TP/IPsec in the WebUI Defining Address Pools Defining Authentication Method and Server AddressesNavigate to Configuration IP NAT Pools Enabling Source NATConfiguring IKE Policies Defining IKEv1 Shared KeysSetting the IPsec Dynamic Map Finalizing WebUI changesConfigure source NAT Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUIEnable authentication methods for IKEv1 clients Create address poolsDefining Address Pools PRF-HMAC-MD5 PRF-HMAC-SHA1 PRF-HMAC-SHA256 PRF-HMAC-SHA384 Enable authentication methods for IKEv2 clients Configuring a VPN for Smart Card ClientsWorking with Smart Card clients using IKEv2 Define IKEv2 PoliciesConfiguring a VPN for Clients with User Passwords Working with Smart Card Clients using IKEv1Select Enable L2TP Configuring Remote Access VPNs for XAuth Configuring VPNs for XAuth Clients using Smart CardsClick Add User Certificates or Common Name as it appears on the certificate Working with Remote Access VPNs for Pptp Working with Site-to-Site VPNs Working with Third-Party DevicesConfiguring Site-to-Site VPNs Working with Site-to-Site VPNs with Dynamic IP AddressesUnderstanding VPN Topologies Show crypto-local pki servercert certname subject For certificate authentication Click Doneto activate the changes Click ApplyFor the Pre-shared-key For preshared key authenticationDetecting Dead Peers For the Pre-shared-key for All FQDNsUnderstanding Default IKE policies Working with VPN DialerConfiguring VPN Dialer Assigning a Dialer to a User RoleHost config #user-role role dialer name Configuring Firewall Policies Roles and PoliciesWorking With Access Control Lists ACLs Support for Desktop Virtualization ProtocolsCreating a Firewall Policy Configure the NAT pool in the controller IP address of the hostThis can be one of the following Pause ARM When it leaves the controllerQueue in which a packet matching this rule should be placed White ListCreating a Network Service Alias Creating an ACL White ListConfiguring the ACL White List in the CLI Configuring the ACL White List in the WebUIConfiguring the White List Bandwidth Contract in the CLI Use the following CLI command to create ACL White ListsCreating User Roles Creating a User Role Bandwidth ContractsClick the Delete button against the role you want to delete Bandwidth Contract Exceptions Configuring a Bandwidth Contract in the WebUIConfiguring and Assigning Bandwidth Contracts in the CLI Assigning a Bandwidth Contract to a User Role in the WebUIAssigning User Roles in AAA Profiles Configuring Bandwidth Contract ExceptionsAssigning User Roles Viewing the Current Exceptions ListEquals String Working with User-Derived VLANsRule Type Condition Value Dhcp serverConfiguring a User-derived Vlan in the WebUI Understanding Device IdentificationDhcp Option Description Hexadecimal Equivalent Configuring a User-derived Role or Vlan in the CLI User-Derived Role ExampleSee for descriptions of these parameters Configuring a Default Role for Authentication Method Navigate to the Configuration Security AuthenticationController’s log files Understanding Global Firewall Parameters Configuring a Server-Derived RoleConfiguring a VSA-Derived Role Monitor TCP SYN Attack rateDefault Disabled stateful SIP processing is enabled Or disabledLog Icmp Errors Portal configurationDisable FTP Server Session Idle Timeout secDefault 15 seconds Default Disabled FTP server is enabledMbps Is 1-200 Mbps Default 1 Mbps Session-tunnel FIB Enable session,tunnel based forwardingMbps Default 1 Mbps Rate limit CP auth process traffic Session mirror IpsecPage Configuring Virtual AP Profiles Wlan Profiles Default AP Group Toronto AP GroupVirtual APs Configuring a Virtual AP Excluding a Virtual AP Profile From an AP in the WebUIExcluding a Virtual AP Profile From an AP in the CLI Deny Time Range Configuring the User RoleBuilding3-lobby Guest Ssid profile guestConfiguring Authentication Servers Configuring AuthenticationDone Wired to Wireless Roaming Users. The default role for unauthenticated users is logonMAC Authentication Default Role Side of the network. This feature is enabled by defaultApplying the Virtual AP Click Edit for the default AP groupSelect Wireless LAN under Profiles, then select Virtual AP Enforce DhcpCampus APs in decrypt-tunnel forward mode Forward modeCan be configured in tunnel mode Enforcement, 802.11k and station blacklistingSetting on each individual local controller Enable this settingClick the Global Setting tab Band SteeringAuthentication Failure Default 6 stationsDefault 3600 seconds 1 hour APs. Default DisabledCreating a new Ssid Profile Select Wireless LAN underProfiles, then select Virtual AP Keys XSec license in each controllerDtim Interval Powersave WMM Tspec Min Other wireless clients are transmittingDefault value is 2333 bytes Period to receive broadcastsLengthening battery life Frames is disabledBattery Boost At the lowest configured rateConfiguring an Ssid for Suite-B Cryptography Configuring a Guest Wlan Configuring a VlanConfiguring a Guest Role Configuring a Guest Virtual AP Select Virtual APSample Configuration To enable bSec Ssid using bSec-128 or bSec-256Enabling bSec Ssid Support Enabling 802.11k Support Default Mode beacon-table Measurement Mode for Beacon ReportsMeasurement Report Mode field Advertise 802.11K CapabilityBeacon Report Request Settings Profile Handover Trigger Feature Settings ProfileHandover of Voice Clients’ feature TSM Report Request Settings ProfileWorking with Radio Resource Management Information Elements Working with Beacon Report Requests Range from 0 to 255. The default value is Con when Measurement Mode is set to Active-Channel ReportMeasurement Mode for Randomization IntervalWorking with a Traffic Stream Measurement Report Gered. When the triggered option is selected,Request frame. The default value is enabled Number of repetitionsRange 0, 255. The default value is Configuring a High-Throughput Virtual APRange 0, 65535. The default value is Bin 0 RangeSelect the 802.11a radio profile 40MHz intoleranceSelect the 802.11g radio profile Streams usable for Stbc Maximum number of spatialCapabilities TransmissionShort guard interval in 40 MHz Mode Is enabled by defaultShort guard interval in 20 MHz Supported MCS setManaging High-Throughput Profiles Understanding ARM Adaptive Radio Management ARMMonitoring Your Network with ARM Configuring ARM ScanningARM Support for 802.11n Understanding ARM Application AwarenessARM Profiles Example Wlan Description Configuring ARM ProfilesCreating a New ARM Profile Select RF Management to expand the RF Management sectionDeleting a Profile Configuring ARM SettingsCopying an Existing Profile Select Adaptive Radio Management ARM ProfileSetting Description Aware Scan Mode Default disabled Video Aware That Scanning is also enabledPower Save Default 8 scansEnabled, that device will ignore this setting Default 9 dBmScan That Scanning is also enabled Client Aware setting is disabledThreshold Change Default 50% Error Rate Wait Default 240 secondsError Rate Time Channel change Default 30 seconds Noise ThresholdLoad Aware Default 1250000 BpsMode Aware Scanning if the load for the AP gets too highSelect Configuration AP Configuration Assigning an ARM Profile to an AP GroupUsing Multi-Band ARM for 802.11a/802.11g Traffic Enabling Band SteeringSteering Modes Select Wireless LAN to expand the Wireless LAN section To disable band steering, include the no parameterEnabling Band Steering Enabling Traffic Shaping To configure traffic shaping via the WebUIEnabling Traffic Shaping Select QoS to expand the QoS sectionTo disable traffic shaping, use the default-accessparameter Enabling Spectrum Load BalancingReusing Channels to Control RX Sensitivity Tuning Configuring Non-802.11 for Noise Interference ImmunityARM Metrics Transmission Power Levels Change Too Often Troubleshooting ARMWireless Clients Report a Low Signal Level Too many APs on the Same ChannelAPs Detect Errors but Do Not Change Channels APs Don’t Change Channels Due to Channel NoiseWireless Intrusion Prevention Working with the Reusable WizardThis chapter contains the following sections Protection features for Wlan clients Understanding Wizard Intrusion DetectionUnderstanding Wizard Intrusion Protection Protecting Your InfrastructureProtecting Your Clients Monitoring the Dashboard WIP Wizard Intrusion ProtectionUnderstanding Classification Methodology Detecting Rogue APsUnderstanding Classification Terminology Classification DescriptionUnderstanding Match Methods Understanding Match TypesUnderstanding Suspected Rogue Confidence Level Understanding AP Classification Rules Understanding Rule MatchingFeature Command Trap Syslog ID Working with Intrusion DetectionUnderstanding Infrastructure Intrusion Detection Ids impersonation-profile Ids impersonation-profile WlsxAPSpoofingDetected 126069Detect-bad-wep WlsxStaRepeatWEPIVViolation 126016 126086Detect-wireless-bridge Wireless-bridge-quiet-time Require-wpa WlsxChannelMisconfiguration 127028Ids unauthorized-device-profile WlsxWirelessBridge 126036 Detect-malformed-large-duration DetectedDetecting an Ad hoc Network Using a Valid Ssid Detecting an 802.11n 40MHz Intolerance SettingDetecting Active 802.11n Greenfield Mode Detecting Ad hoc NetworksDetecting a Client Flood Attack Detecting Bad WEP InitializationDetecting a Beacon Frame Spoofing Attack Detecting an RTS Rate AnomalyDetecting Broadcast Deauthentication Detecting a Misconfigured APDetecting a Wireless Bridge Detecting Malformed Frame-AuthUnderstanding Client Intrusion Detection Detecting WellenreiterDetect-hotspotter-attack Hotspotter-quiet-time Ids dos-profile WlsxPowerSaveDoSAttack 126109Detect-power-save-dos-attack Ids dos-profile WlsxOmertaAttack 126071Detecting a ChopChop Attack Detecting a Meiners Power Save DoS AttackDetecting a Block ACK DoS Detecting a Disconnect Station AttackDetecting a Tkip Replay Attack Detecting an Omerta AttackDetecting Rate Anomalies Detecting Unencrypted Valid ClientsConfiguring Intrusion Protection Understanding Infrastructure Intrusion ProtectionUnderstanding Client Intrusion Protection Protecting Valid Stations Configuring the Wlan Management System WMSNavigate to the Configuration Advanced Services Wireless Protecting Windows BridgeManaging the WMS Database Configuring Local WMS SettingsNot configured Station Ageout IntervalUnderstanding Client Blacklisting Methods of BlacklistingBlacklisting Manually Enabling Attack Blacklisting Blacklisting by Authentication FailureEnter a value in the Max Authentication failures field Captive portalRemoving a Client from Blacklisting Working with WIP Advanced FeaturesSetting Blacklist Duration Profiles list, expand the IDS menu, then select IDS profileConfiguring TotalWatch Understanding TotalWatch Channel Types and QualifiersUnderstanding TotalWatch Channel Dwell Time Understanding TotalWatch Monitoring FeaturesUnderstanding TotalWatch Scanning Spectrum Features Frequency ChannelConfiguring Per AP Setting Administering TotalWatchConfiguring Per Radio Settings Understanding TotalWatch Channel VisitingDOS Working with Tarpit Shielding Configuring Tarpit ShieldingUnderstanding Tarpit Shielding Licensing CLI Commands LicensingFunction Basic Functions and FeaturesAccess Points APs Following topics are included in this chapterNaming and Grouping APs Assigning APs to an AP Group Use the following command to create an AP groupCreating an AP group You can use the WebUI or the CLI to create a new AP groupUnderstanding AP Configuration Profiles Working with Wireless LAN ProfilesClick Apply and Reboot Page Page Working with AP Profiles Working with QoS ProfilesWorking with RF Management Profiles Provisioning Mesh ProfilesViewing Profile Errors Profile HierarchyOther Profiles AP Specific and AP Group Profile Hierarchies Other Profile Hierarchies Running the RF Plan Configuring Firewall SettingsDeploying APs Verifying that APs Can Connect to the ControllerConfiguring DNS Resolution Configuring Dhcp Server Communication with APsEnabling Controller Discovery Using the Aruba Discovery Protocol ADP Navigate to the Configuration Network IP Dhcp Server windowVerifying that APs Are Receiving IP Addresses AP Model Freqency Band Antenna Port Provisioning APs for MeshProvisioning 802.11n APs for Single-Chain Transmission AP92 4GHz or 5GHz5GHz Installing APs on the NetworkAP Model Freqency Band AP134 4GHz or 5GHzDesignation an AP as Remote RAP versus Campus CAP Provisioning Installed APsUpdating the RF Plan Working with the AP Provisioning WizardProvisioning an Individual AP AP Provisioning Window Page Provisioning Multiple APs using a Provisioning Profile LMS or backup LMS valuesAP is associated Assigning Provisioning Profiles Configuring a Provisioned AP AP Installation ModesTroubleshooting Clear gap-db wired-mac Renaming an APConfiguring the Bootstrap Threshold To configure the bootstrap threshold using the WebUIOptimize APs Over Low-Speed Links Backup LMS IP RF Band for AM Mode scanningConfiguring split-tunnel forwarding LMS IPv6 Backup LMS IPv6 LMS PreemptionWireless frame is only encapsulated inside the IPsec tunnel Bootstrap thresholdFrom a wireless client that is connected to a tunneled Ssid When an AP process crashesPrioritizing AP heartbeats AP Maintenance Mode AP RedundancyTo enable AP maintenance mode Energy Efficient EthernetManaging AP LEDs AP130 Series onlyRF Management 802.11a and 802.11g RF Management ProfilesCreating or Editing a Profile Managing 802.11a/802.11g Profiles Using the WebUIEnable CSA RadioBalancing mode Select one of the following options Level 5 disable PHY reportingReuse feature MHz and 40 MHz modesBalancing threshold Load-balancing modeChannel. The default CSA count is 4 announcements Radio Management ARM scanning and channel assignmentSignal strength RX Sensitivity TuningRX sensitivity tuning based channel reuse threshold, in dBm Default, allowing 40 MHz operationProfile Spectrum monitor radio Assigning an 802.11a/802.11g ProfileAssigning a High-throughput Profile AM Scanning ProfileAssigning an ARM Profile Managing 802.11a/802.11g Profiles Using the CLI Deleting a ProfileCreating or Modifying a Profile RF Optimization Viewing RF Management SettingsTo view the settings of a specific RF management profile Assigning a 802.11a/802.11g ProfileIs sent to the client RF Event ConfigurationDefault value 0 seconds Maximum value 8 secondsDetect Frame Rate Anomalies Frame Error Rate HighFrame Error Rate Low Recommended value is 85%Frame Retry Rate High Configuring AP Channel AssignmentsSelect the Regulatory Domain profile named default Frame Retry Rate LowChannel Switch Announcement CSA Managing AP Console Settings Automatic Channel and Transmit Power SelectionIP address of the AP’s master controller IP address of the DNS server used by the APDomain name used by the AP Understanding Mesh Access Points Secure Enterprise MeshMesh Portals Mesh PointsUnderstanding Mesh Links Mesh ClustersLink Metrics Optimizing LinksComponent Description Mesh Radio Profile Understanding Mesh ProfilesMesh Cluster Profile RF Management 802.11a and 802.11g ProfilesMesh High-Throughput Ssid Profile Adaptive Radio Management ProfilesHigh-Throughput Profiles Understanding Mesh Solutions Wired AP ProfileMesh Recovery Profile Thin AP Services with Wireless Backhaul Deployment Point-to-Point DeploymentPoint-to-Multipoint Deployment High-Availability Deployment Sample Point-to-Multipoint DeploymentPlanning a Wlan According to Your Specifications Task OverviewCollecting Required Information Building Dimensions AP Desired Rates 2.4 GHz Radio PropertiesCreating a New Profile Working with Mesh Radio ProfilesManaging Mesh Profiles In the WebUI AM Desired RatesRates Threshold Nodes Default 10 missed heartbeats. The range isIndicates the transmit rates for the 802.11a radio AP goes through the list and uses the next highest rateRecommends using this default startup-subthresholdvalue Range 0-4094. Default 0 disabledDefault distributed-tree-rssi Used for user trafficEditing a Profile Default 2,333 bytes. The range is 256- 2,346Assigning a Profile to a Mesh AP or AP Group Link qualityViewing Profile Settings To view the settings of a specific mesh radio profileManaging Mesh Profiles In the CLI Assigning a Profile to an AP Group Working with Mesh High Throughput Ssid ProfilesManaging Profiles In the WebUI Deleting a Mesh Radio ProfileConfigured value adjusts based on AP capabilities Temporal Diversity EnableEnabled legacy stations are allowed Launch then software retriesDegrade throughput Mode Enabled by defaultΜsec, 2 µsec, 4 µsec Different values, separate each value with a commaManaging Profiles In the CLI Understanding Mesh Cluster Profiles Viewing High-throughput Ssid SettingsTo view the settings of a specific high-throughput profile Deployments with Multiple Mesh Cluster ProfilesManaging Mesh Cluster Profiles In the WebUI Associating a Profile to Mesh APs Managing Mesh Cluster Profiles In the CLI Deleting a Mesh Cluster ProfileViewing Mesh Cluster Profile Settings To view the settings of a specific mesh cluster profileAssociating Mesh Cluster Profiles Excluding a Mesh Cluster Profile from a Mesh Node Configuring Ethernet Ports for MeshConfiguring Bridging on the Ethernet Port To exclude a specific mesh cluster profile from an APConfiguring Ethernet Ports for Secure Jack Operation Extending the Life of a Mesh Network Provisioning Mesh Nodes Outdoor AP ParametersProvisioning Caveats Under Port Selection, click the port to configureIP settings section, select Obtain IP Address Using Dhcp Provisioning Mesh NodesUnderstanding the AP Boot Sequence Booting the Mesh PortalBooting the Mesh Point Verification Checklist Verifying the NetworkAir Monitoring and Mesh Configuring Remote Mesh Portals RMPs CLI ExamplesHow RMP Works Creating a Remote Mesh Portal In the WebUIProvisioning the AP Defining the Mesh Private VlanSelecting a Mesh Radio Profile Selecting an RF Management ProfileAdding a Mesh Cluster Profile Configuring a Dhcp Pool Configuring the Vlan ID of the Virtual AP ProfileProfile Details window Provisioning a Remote Mesh Portal In the CLI Additional InformationConfiguring Redundancy Parameters Configuring the Local Controller for Redundancy Configuring the LMS IP Configuring the Master Controller for RedundancyOn the master controller Router ID of the Vrrp instance Command ExplanationEnter the master-redundancy context Controllers. Specify a key of up to 64 charactersConfiguring Database Synchronization This config mode command includes RF plan data whenEnabling Incremental Configuration Synchronization CLI Only Configuring Master-Local Controller RedundancyRedundant Topology Master-Local Redundancy Vrrp Dell PowerConnect W-Series ArubaOS 6.2 User Guide Disabled Discarding Blocking Understanding Rstp Migration and InteroperabilityWorking with Rapid Convergence Rstp 802.1w Description Port Role Configuring Rstp Feature Default Value/RangeEdge Port and Point-to-Point Monitoring Rstp Troubleshooting RstpChange the default configurations via the command line Port FastDell PowerConnect W-Series ArubaOS 6.2 User Guide Rstp Understanding PVST+ Interoperability and Best Practices Enabling PVST+ in the CLIFrom the WebUI, add a Vlan instance and enable PVST+ Enabling PVST+ in the WebUIUnderstanding Dell Mobility Architecture IP MobilityOn a master controller Configuring Mobility DomainsEnable mobility disabled by default On all Dell controllers in the mobility domainConfiguring a Mobility Domain Example Configuration Navigate to the Configuration Advanced Services IP MobilityJoining a Mobility Domain Home Agent Address or Vrip Configuring Mobility using the WebUISubnetwork Mask On controller a the master controllerViewing mobile client status using the CLI Configuring Mobility using the CLIViewing mobile client status using the WebUI Tracking Mobile UsersRoaming Description Status Type Viewing user roaming status using the CLIViewing specific client information using the CLI Status Type DescriptionMobile Client Roaming Locations Configuring Advanced Mobility FunctionsSetting up mobility association Using the CLI HA Discovery on AssociationSeconds. The default setting is 5000 seconds Is 0-5000 visitors. The default setting is 5000 visitorsDefault setting is 3 attempts Enable standalone APClick Apply after setting the parameter Proxy Mobile IP Proxy DhcpUnderstanding Bridge Mode Mobility Deployments RevocationsEnabling Mobility Multicast Working with Proxy Igmp and Proxy Remote SubscriptionWorking with Inter controller Mobility Configuring Mobility Multicast Inter-controller MobilityExample Enable Igmp proxy on the FastEthernet Ieee 802.3 interfaceEnable Igmp snooping Start at 0 from the left-most positionUnderstanding Firewall Port Configuration Among Dell Devices External Firewall ConfigurationEnabling Network Access Ports Used for Virtual Internet Access VIAConfiguring Ports to Allow Other Traffic Types Page About Remote Access Points Remote Access PointsRemote AP with a Private Network Using the WebUI to create a DMZ address Configuring the Secure Remote Access Point ServiceConfigure a Public IP Address for the Controller Configure the NAT DeviceUsing the WebUI to configure Chap Configure the VPN ServerChap Authentication Support over PPPoE You can use the CLI or the WebUI to configure ChapConfiguring Certificate RAP Using the CLI to configure the ChapCreating a Remote AP Whitelist Using CLI Configuring PSK RAPUsing WebUI RAP Static Inner IP AddressProvision the AP IP-Address parameter in the local databaseDeploying a Branch Office/Home Office Solution Deployment Scenario Master IP Address ValueProvisioning the Branch Office AP Configuring the Branch Office APTroubleshooting Remote AP Local DebuggingBasic View Information Advanced View Information Name Seamless failover from backup link to primary link on RAP Multihoming on remote AP RAPRemote AP Connectivity Enabling Remote AP Advanced Configuration Options Remote AP DiagnosticsData Description Remote Oper Forward Mode Setting Ation Understanding Remote AP Modes of OperationEssid is up when Same behavior as Not supported AP contacts Working in Fallback ModeOnly Ssid configuration Stored in flash on SSIDsConfiguring Fallback Mode Backup Configuration Behavior for Wired PortsConfiguring the AAA Profile for Fallback Mode in the WebUI Configuring the AAA Profile for Fallback Mode in the CLI Configuring the Dhcp Server on the Remote AP Using the WebUI Configuring Advanced Backup Options Configuring the Session ACL in the WebUIConfiguring the AAA Profile in the WebUI Configure the Remote-AP Dhcp Server fields Defining the Backup Configuration in the WebUIConfiguring the Session ACL in the CLI Route src-natDefining the Backup Configuration in the CLI Specifying the DNS Controller SettingUsing the CLI to configure the AAA profile You can define other parameters as neededBackup Controller List Configuring Remote AP Failback Configuring the LMS and backup LMS IP addresses in the CLITo enable, enter Enabling RAP Local Network AccessConfiguring Remote AP Authorization Profiles To disable, enterWorking with Access Control Lists and Firewall Policies Adding or Editing a Remote AP Authorization ProfileUnderstanding Split Tunneling Configuring Split Tunneling Sample Split Tunnel EnvironmentConfiguring the Session ACL Allowing Tunneling Configuring an ACL to Restrict Local Debug Homepage Access Configuring the AAA Profile for Tunneling Enable Restricted Access to LD HomepageConfiguring the Tunneling Virtual AP Profile Inthe CLIProvisioning Wi-Fi Multimedia Navigate to Configuration Wireless AP ConfigurationDefining Corporate DNS Servers Navigate to Configuration Advanced Services All Profiles Configuring Bandwidth ReservationTo configure bandwidth reservation Reserving Uplink Bandwidth4G USB Modem Provisioning Best Practices and Exceptions Provisioning 4G USB Modems on Remote Access PointsNavigate to Configuration Wireless AP Installation Provisioning RAP for USB ModemsRAP 3G/4G Backhaul Link Quality Monitoring Configuring W-IAP3WN Access Points PantechConverting an IAP to RAP or CAP Converting IAP to RAPConverting an IAP to CAP Defining Bandwidth Contracts Configuring Bandwidth Contracts for RAPEnabling Bandwidth Contract Support for RAPs Applying ContractsVerifying Contracts on AP Verifying Contracts Applied to UsersFollowing is a sample output for a per-user configuration Verifying Bandwidth Contracts During Data TransferPage Virtual Intranet Access Understanding VIA Connection ManagerHow it Works On Apple MacBooks Installing the VIA Connection ManagerOn Microsoft Windows Computers User action / environment VIA’s behaviorMinimal Upgrade Configuring the VIA ControllerUpgrade Workflow Complete UpgradeOther authentication methods Supported Authentication MechanismsAuthentication mechanisms supported in VIA Before you BeginConfiguring VIA Settings Suite-BCreate VIA Authentication Profile Using the WebUI to Configure VIAEnable VPN Server Module Create VIA User RolesCreate VIA Connection Profile Enter a name for the server groupTo create VIA connection profile Configuration Option Description Default None To the support email-address for troubleshootingList of all IKEv2 authentication methods Client Auto-LoginVIA Authentication Name\username instead of just username Enable SupplicantEnable Fips Module Use Windows CredentialsConfigure VIA Web Authentication To configure VIA web authentication profileAssociate VIA Connection Profile to User Role Configure VIA Client Wlan ProfilesTo configure a VIA client Wlan profile To associate a VIA connection profile to a user roleServers or trusted certification authorities Option DescriptionCryptobinding TLV Mschapv2-use-windows-credentialsRebranding VIA and Downloading the Installer Download VIA Installer and Version FileTo download the VIA installer and version file Create VIA roles Using the CLI to Configure VIACreate VIA authentication profiles Create VIA connection profilesPre-requisites Customize VIA logo, landing page and downloading installerDownloading VIA Requires the following Microsoft KB on the end-user systemsLogin to Download VIA Downloading VIAInstalling VIA Using VIAConnection Details Tab Troubleshooting Diagnostic TabSettings Tab Device Understanding Spectrum AnalysisSpectrum Analysis AP104 YesDevice Configurable as a Hybrid AP?Graph Title Graph Title Description Update Interval Real-Time FFT Spectrum Analysis ClientsSpectrogram SweptHybrid APs Using Mode-Aware ARM Creating Spectrum Monitors and Hybrid APsHybrid AP Channel Changes Converting APs to Hybrid APs Converting an Individual AP to a Spectrum MonitorConverting a Group of APs to Spectrum Monitors Select AP to expand the AP profiles sectionConnecting Spectrum Devices to the Spectrum Analysis Client Table Column Description Disconnecting a Spectrum DeviceView Connected Spectrum Analysis Devices To manually disconnect a spectrum monitor or hybrid APConfiguring the Spectrum Analysis Dashboards Selecting a Spectrum MonitorClick the Spectrum Dashboards tab Changing Graphs within a Spectrum View Click theSpectrum Dashboards tabRenaming a Spectrum Analysis Dashboard View Saving a Dashboard ViewSelect Rename Customizing Spectrum Analysis Graphs Resizing an Individual GraphSpectrum Analysis Graph Configuration Options Active DevicesChannel Range ShowDevice Type Service set identifier of the device’s 802.11 wireless LANActive Devices Table Column may display any of the following valuesColumn heading Select the button by the symbolRadio band or channel Select the button by the Less than drop down listCenter Frequency Active Devices TrendDetects on the radio channel MHzShow lines for these Wi-Fi data as non-Wi-Fi dataChannel Metrics Select one of the following device typesChannel Metrics Graph Radio band displayed in this graphChannel Metrics Trend Hour Drop-down list and select one of the following optionsMinutes Unselect the checkbox to hide that informationChannel Summary Table MonitorDevice Duty Cycle Band Radio band displayed in this graphChannel Utilization Trend Numbering Identify a channel numbering scheme for the graphFollowing device types Intervals As non-Wi-Fi dataDevices vs Channel Uncheck the checkbox by that channel numberDevices vs Channel Options FFT Duty Cycle FFT Duty CycleInterference Power Interference Power Options Quality Spectrogram Device typesReal-Time FFT DataAxis Frequencies for the graphCenter Frequency Center of the x-axis of this chart SpanSwept Spectrogram Right field, and the higher value in the left fieldSimple Line Graph of FFT Power Data Swept Spectrogram Options Working with Non-Wi-Fi Interferers Non-Wi-Fi Description Interferer Device vs Channel Interference PowerUnderstanding the Spectrum Analysis Session Log Viewing Spectrum Analysis DataRecording Spectrum Analysis Data Creating a Spectrum Analysis RecordTo record spectrum analysis data for later analysis Playing a Recording in the Spectrum Dashboard Saving the RecordingPlaying a Spectrum Analysis Recording To save the recording filePlaying a Recording Using the RFPlayback Tool Click the Recording View/Play link at the top of the windowClick Load File For Playback Converting a Spectrum Monitor Back to an AP or Air Monitor Troubleshooting Spectrum AnalysisTroubleshooting Browser Issues Loading a Spectrum ViewUnderstanding Spectrum Analysis Syslog Messages Playing a Recording in the RFPlayback ToolUnderstanding Device Ageout Times Age Out Generic Fixed Frequency Hopper SecondsAge Out Generic Frequency Hopper Clients Monitoring PerformanceDashboard Monitoring APsUsing Dashboard Histograms Monitoring UsageMonitoring Potential Issues Monitoring SecurityMonitoring WLANs Monitoring Access Points Monitoring ClientsElement View To disable this setting, include the no parameterMonitoring Firewalls ElementElement Description ColumnBytes Tx Bytes Rx Bytes Element Summary View Details ViewElement Tab User Bytes Packets Device DestinationUsage Breakdown ApplicationAggregated Sessions Usage BreakdownColumn Description Source IPDestination Alias Configuring Certificate Authentication for WebUI Access Management AccessEnabling Public Key Authentication for SSH Access Enabling Radius Server Authentication Select the client certificate Click ApplyConfiguring Radius Server Authentication with VSA Configuring a set-value server-derivation rule Disabling Authentication of Local Management User Accounts Verifying the configurationResetting the Admin or Enable Password Bypassing the Enable Password Prompt User admin PasswordDefining a Management Password Policy Implementing a Specific Management Password PolicySetting an Administrator Session Timeout Configure the settings described in TableAllowed Characters Disallowed Characters Colon Management Authentication Profile ParametersAllowed Characters Period Pipe Plus sign + Tilde ~ Comma Accent mark `Managing Certificates About Digital CertificatesParameter Description Range Navigate to the Configuration Management Certificates CSRObtaining a Server Certificate Enter the following informationImporting Certificates Run the following commandObtaining a Client Certificate PKCS7 encrypted PKCS12 encryptedImported Certificate Locations Use the following command to import CSR certificatesViewing Certificate Information Location DescriptionConfiguring Snmp Checking CRLsSnmp Parameters for the Controller Configuring Logging Category/Subcategory Description Category/Subcategory Logging Level Description802.1x messages Radius Radius user messages Configuring the Guest Provisioning Configuring the Guest FieldsEnabling Guest Provisioning Guest Field GuestcategoryProvisioning page for the sponsor information Configuring the Page DesignGuest Field Description Fields that followConfiguring the Smtp Server and Port in the WebUI Configuring Email MessagesNavigate to the Configuration Management SMTPpage Configuring an Smtp server and port in the CLI Click Apply and then Save ConfigurationCreating Email Messages in the WebUI Static Authentication Method Configuring a Guest Provisioning UserUsername and Password Authentication Method Management Users section, click AddUsername and Password Method Customizing the Guest Access PassSmart Card Authentication Method Click Apply and Save ConfigurationCreating Guest Accounts Customized Guest Account Information WindowGuest Provisioning User Tasks Creating a Guest Account-New Guest WindowImporting Multiple Guest Entries Creating Multiple Guest Entries in a CSV FileImporting the CSV File into the Database CVS File Format-Guest Entries InformationImporting a CSV file that contains Guest Entries Displaying the Guest Entries Log File Optional Configurations Restricting one Captive Portal Session for each GuestPrinting Guest Account Information Using the CLI to set the maximum time for guest accounts Setting the Maximum Time for Guest AccountsUsing the WebUI to set the maximum time for guest accounts Managing Files on the ControllerTransferring ArubaOS Image Files Server Type ConfigurationNavigate to the Maintenance Controller Image Management Username to log into serverBacking Up and Restoring the Flash File System Copying Log FilesNavigate to the Configuration Management Clock Setting the System ClockManually Setting the Clock Copying Other FilesConfiguring NTP Authentication Clock SynchronizationEnabling Capacity Alerts Timestamps in CLI OutputThreshold Description Sent. The default threshold for this parameter is 80% ExamplesUser-capacity Configuring Local Controllers Using the Initial SetupAdding Local Controllers Configuring Local Controller Settings Configuring Layer-2/Layer-3 SettingsConfiguring Trusted Ports Using the Web UIUsing the CLI to configure the LMS IP Configuring APsUsing the WebUI to configure the LMS IP Moving to a Multi-Controller EnvironmentConfiguring a Preshared Key Using the WebUI to configure a Master Controller PSK Configuring a Controller CertificateUsing the WebUI to configure a Local Controller PSK Using the CLI to configure a PSKUsing the CLI to configure the Master Controller Certificate Securing Client Traffic Advanced SecuritySecuring Wireless Clients Wireless xSec Client ExampleSecuring Wired Clients Navigate to the Configuration Advanced Services Wired Access Securing Wireless Clients Through Non-Dell APs Securing Clients on an AP Wired Port Time to wait for authentication to SucceedConfiguring Controllers for xSec Securing Controller-to-Controller CommunicationFor Controller Configuring the Odyssey Client on Client Machines Installing the Odyssey ClientModifying a regedit Policy Certificate Information Page Using Default Net Services Configuring Voice and VideoSetting up Net Services Voice and Video License RequirementsUsing the Default User Role Configuring User RolesCreating Custom Net Services Net Service Name Protocol PortNavigate to the Configuration Security Access Control Using the WebUI to configure user rolesService Name Creating or Modifying Voice User RolesUsing the CLI to configure a user role Click Done Click ApplyUsing the CLI to derive the role based on Ssid Using the User-Derivation RolesUsing the WebUI to derive the role based on Ssid Using the WebUI to derive the role based on MAC OUIConfiguring Firewall Settings for Voice and Video ALGs Additional Video ConfigurationsConfiguring Video over Wlan enhancements To enable Igmp snooping Pre-requisitesConfigure multicast rate optimization for video traffic To add the ACL to a user roleConfigure and apply a bandwidth management profile Set a bandwidth percentage for the following categoriesEnable multicast shaping on the firewall Enable Igmp ProxyEnable Igmp Snooping Configure multicast rate optimization for the video traffic Configure ARM scanning for video trafficConfigure and apply bandwidth management profile Working with QoS for Voice and VideoThis step is optional Understanding VoIP Call Admission Control Profile Understanding Wi-Fi Multimedia To enable call admission control in this profileVoip Tspec Enforcement Enabling WMM Configuring WMM AC MappingPriority 802.1p Priority WMM Access Category Lowest Background Best effort Video Voice HighestDscp Decimal Value WMM Access Category Using the WebUI to map between WMM AC and DscpBackground Best effort Video Voice Configuring Dscp Priorities Using the CLI to map between WMM AC and DscpConfiguring Dynamic WMM Queue Management Enhanced Distributed Channel AccessWMM Access Category Description 802.1p Tag 1. a value of 4 computes to 2 4-1 = 15. Possible values are Using the WebUI to configure Edca parametersDisables this option Microseconds, enter 94 3008/32. Possible values areEnabling WMM Queue Content Enforcement Using the CLI to configure Edca parametersTo associate the Edca profile instance to a Ssid profile Apple Facetime Understanding Extended Voice and Video FeaturesMicrosoft OCS Port Packet TypeEnabling WPA Fast Handover Enabling Mobile IP Home Agent AssignmentScanning for VoIP-Aware ARM Configuring SIP Authentication Tracking Disabling Voice-AwareWeb UI To configure Real Time analysis on voice callsEnabling Real Time Call Quality Analysis Viewing Real Time Call Quality ReportsEnabling SIP Session Timer SIP session timer is implemented in the SIP ALG as per RFCTo configure the session timer and the timeout value To view the SIP settings on the controllerClick the Policies tab Enabling Wi-Fi Edge Detection and Handover for Voice Clients Select the Classify Media check boxWorking with Dial Plan for SIP Calls Expand Handover Trigger under Wireless LanClick the Apply button to save the configuration Understanding Dial Plan FormatConfiguring Dial Plans Action DescriptionDialplan Profile Dialplan Profile displays the dial plan detailsTo associate the dial plan with SIP ALG Enabling Enhanced 911 SupportTo create a voice dial plan profile To view the SIP dial plan profileWorking with Voice over Remote Access Point Understanding Battery Boost Enabling LldpConfigure the Lldp profile parameters as desired then click Lldp PDUs. The AP will send all 803.2 TLVs by default Lldp PDUs. The AP will send all optional TLVs by defaultLldp PDUs. The AP will send all 802.1 TLVs by default Show the power support capabilities of the AP interfaceLLDP-MED Profile Configuration Parameters Apply to save your settings Advanced Voice Troubleshooting Viewing Troubleshooting Details on Voice Client StatusConnected Viewing Troubleshooting Details on Voice Call CDRs To view the details of a completed call based on the CDR IdNavigate to the Configuration Management Logging Enabling Voice LogsEnabling Logging for a Specific Client To set the voice logging level to debugging To view the voice signaling message tracesViewing Voice Traces To debug voice logs for a specific clientViewing Voice Configurations To view the voice configuration details on your controllerSIP settings Value Parameter Instant AP VPN Support L2/L3 network mode supportOverview Termination of Instant AP VPN tunnelsController Whitelist DB VPN ConfigurationWhitelist DB Configuration External Whitelist DBViewing Branch Status VPN Local Pool ConfigurationVPN Profile Configuration Radius proxy for VPN connected IAPsOutput of this command includes the following parameters Controller Understanding W-600 Series Best Practices and ExceptionsSeries Controllers USB PortsConnecting with a USB Cellular Modems Switching ModesFinding USB Modem Commands Uplink Manager Cellular ProfileDialer Group Cellular Profile from the WebUIConfiguring a Supported USB Modem Verify the modem is registered with the Uplink ManagerConfiguring a New USB Modem Configuring the Profile and Modem DriverIf you get entries similar to the example below Configuring the TTY Port Driver=noneTesting the TTY Port Selecting the Dialer ProfileSetting Up NAS Network-Attached Storage Devices NAS Device SetupLinux Support Configuring in the CLI Managing NAS DevicesView list of shares in a disk Mounting and Unmounting Devices NAS Media Green-solid Press and hold mediaController wake-up Green-solid Button Additional Commands for Managing Printers Connecting to a Print ServerPrinter Setup Using the CLI To view a list of printers mounted on the controller, typeSeries Sample Topology and Configuration Remote Branch 1-W-650 ControllerRemote Branch 2-W-650 Controller Central Office Controller-Active Central Office Controller-Backup Page External Services Interface Sample ESI TopologyESI-Fortinet Topology Understanding the ESI Syslog Parser ESI Parser DomainsPeer Controllers Syslog Parser RulesConfiguring ESI Condition Pattern MatchingUser Pattern Matching Configuring Health-Check Method, Groups, and Servers Defining the ESI ServerEnter a Profile Name Server Name To configure an ESI server group on the controllerDefining the ESI Server Group Enter a Group NameRedirection Policies and User Role Adding a new syslog parser domain ESI Syslog Parser Domains and RulesManaging Syslog Parser Domains in the WebUI Deleting an existing syslog parser domainManaging Syslog Parser Rules Use these CLI commands to manage syslog parser domainsManaging Syslog Parser Domains in the CLI Editing an existing syslog parser domainAdding a new parser rule Deleting a syslog parser ruleEditing an existing syslog parser rule Testing a Parser Rule Use these CLI commands to manage syslog parser rulesSample Route-mode ESI Topology Monitoring Syslog Parser StatisticsShowing ESI syslog parser rule information Configuring the Example Routed ESI Topology ESI server configuration on controllerIP routing configuration on Fortinet gateway Health-Check Method, Groups, and Servers Defining the Ping Health-Check MethodTrusted IP Address. Enter Untrusted IP Address. Enter Enter a Group Name. Enter fortinetRedirection Policies and User Role Adding a New Parser Rule in the WebUI Syslog Parser Domain and RulesAdd a New Syslog Parser Domain in the WebUI To add a new syslog parser domain for the routed exampleSample NAT-mode ESI Topology Example NAT-Mode TopologyESI server configuration on the controller Configuring the ESI Group in the WebUI Configuring the Example NAT-mode ESI TopologyConfiguring the NAT-mode ESI Example in the WebUI Profile Name. This example uses externalcppingConfiguring the Redirection Filter in the WebUI Configuring the Example NAT-mode Topology in the CLIConfigure the ESI Servers in the WebUI Policy Name. This example uses cpredirectaclUsing the ESI Group in a Session Access Control List Configuring a Health-Check PingConfiguring ESI Servers CLI Configuration ExampleUnderstanding Basic Regular Expression BRE Syntax Character-Matching OperatorsRegular Expression Repetition Operators Regular Expression AnchorsDescription Sample Result References Working with the ArubaOS XML API Works External User ManagementAdding a User Authenticating a UserCreating an XML Request Deleting a UserXML Response Default Response FormatFormat of a default XML response from the controller is Blacklisting a UserResponse Codes Code Reason messageQuery Command Response Format Code Reason message DescriptionVerify the XML API server configuration Using the XML API ServerConfiguring the XML API Server Associating the XML API Server to a AAA profileVlan Set up Captive Portal profile Associating the Captive Portal Profile to an Initial RoleThis command deletes the user from the controller Authentication Command DescriptionOptions Description Range / Defaults Dell controllers configurationMonitoring External Captive Portal Usage Statistics Using XML API in C Language Sample CodePage Page Understanding Request and Response Understanding XML API Request ParametersList all parameter that you can use in a request Adding a Client This command will add a client on your networkUnderstanding XMl API Response Response from the controllerAuthenticating a Client View the updated details of the client on the controllerDeleting a Client Status of the client before authentication Sending the authentication commandStatus of the client after authentication Querying for Client Details Blacklisting a Client Blacklisting a Client-request and responseSupported Planning RF PlanPre-Deployment Considerations Configuration ConsiderationsPlanning Deployment Outdoor-Specific Deployment ConsiderationsPost-Deployment Considerations Dual-Port AP ConsiderationsLaunching the RF Plan Campus ListButtons Description Building List Pane ButtonsEdit a campus from the building list pane Building Specifications Overview Building DimensionAP Modeling Parameters Radio Type Design Model Overlap FactorRadio Description Button Overlap Description Factor Users/APRadio Properties Desired Rates and HT Support Options Radio Property DescriptionAM Modeling Number of available channelsValid values are 54, 48, 36, 24, 18, 12, 9, 6, 11, 5.5, 2 Monitor Rates Planning FloorsDesign Models Radio Button DescriptionYou can select or adjust the features as described in Table ZoomLevel Approximate Coverage MapFloor Editor Dialog Box NamingArea Editor Dialog Box Background ImagesLocation and Dimensions Area TypesAccess Point Editor Dialog Box FixedRadio Types Power Levels802.11n Features Y CoordinatesOptimize AP PlanInitialize MemoAM Plan Fix All Suggested AP/AMsViewing the Results Exporting and Importing Files Export Campus Import CampusExport Buildings Locate Import BuildingsFqln Mapper Property DescriptionUsing the Fqln Mapper in the AP Provision Search ResultsSample Building Using the WebUIRF Plan Example HeightCreate a Building Information Model the Access PointsText Box Campus NameAdding the background image and naming the first floor Model the Air MonitorsAdd and Edit a Floor Adding the background image and naming the second floorCreating a Don’t Deploy Area Running the AP PlanClick Optimize Running the AM PlanClick Initialize Click Initialize then OptimizeUnderstanding Mode Support Behavior and DefaultsForwarding Mode Feature Not Supported Understanding Basic System Defaults Network ServicesName Protocol Name Protocol Ports Policies Predefined Policy DescriptionFollowing are predefined policies Be modified. It permits APs to boot up Used to enable the captive portal logoutAccess the controllers administrative Network access. You can use this rule toNeeded Permits all DNS trafficNAT-T UDP 4500. Remove NAT-T if not This policy can be used to source-NAT allRoles Predefined Role DescriptionFollowing are predefined roles Beginning Enables captive portalShould be disabled if it is not needed Profiles with different customizationUnderstanding Default Management User Roles Predefined Role PermissionsArubaOS software includes predefined management user roles Show switches summary Show aaa state configurationShow aaa authentication-server all Show wlan-ap-count type access-pointsMonitoring Controller Clients Packet CaptureMonitoring Understanding Default Open Ports Port Protocol Where Used Description NumberPort is not exposed to wireless users Controller Remote wired MAC lookup 4343Testing Exposed to wireless usersTo configure option 60 on the Windows Dhcp server Configuring a Windows-Based Dhcp ServerConfiguring Option Dhcp with Vendor-Specific OptionsTo configure option 43 on the Windows Dhcp server Field InformationScope Options Dialog Box Navigate to Configuration Network IP IP Interfaces Enabling Dhcp Relay Agent Information Option OptionEnabling Linux Dhcp Servers Range 10.200.10.200 Configuring Microsoft IAS 802.1X Configuration for IAS and Windows ClientsRadius Client Configuration Remote Access Policies Configuring PoliciesActive Directory Database IAS Remote Access Policies Click Configure to select additional propertiesPolicy Configuration Wizard-Authentication Methods Configuring Radius Attributes Radius class Attribute ConfigurationConfiguring Management Authentication using IAS Creating a Remote PolicyNext, create a remote policy for your new Radius client Defining Properties for Remote Policy Creating a User Entry in Windows Active DirectoryConfiguring a Server Group for IAS Management Authentication Window XP Wireless Client Sample Configuration Navigate to DiagnosticsAAA Test ServerClick Begin Test Wireless Networks Networks to Access Wireless Network Association Wireless Network Authentication Protected EAP Properties EAP MSCHAPv2 Properties Acronym AcronymsAcronyms and Terms DefinitionDoS Acronym MSCHAPv2 QoS PoEPPPoE RoWVoFI VoIP WISPr TermsTerm XAuthTerm Term Definition Shops are providing free wireless access for customers Encryption authenticationFixed wireless IR wirelessInput, multiple output Optical wirelessHills, mountains, and large human-made structures Near field communicationNFCFacilities offer public access to Wi-Fi networks Access W-CDMAWi-Fi Standards for broadband wireless access BWA networks. WiMAXKilometers Wireless service providerWired LAN Yagi antenna
Related manuals
Manual 8 pages 57.45 Kb

6.2 specifications

Dell 6.2 is an advanced enterprise solution that caters to the needs of businesses seeking robust performance and efficiency. As a part of Dell's commitment to innovation, the 6.2 series combines cutting-edge technologies and features that enhance productivity and deliver reliable computing experiences.

One of the standout features of the Dell 6.2 is its impressive processing power. Equipped with the latest Intel processors, it offers exceptional speed and multitasking capabilities. This allows businesses to run demanding applications effortlessly, making it ideal for data-intensive tasks such as data analysis, software development, and virtualization. The series also supports substantial RAM configurations, enabling users to manage extensive workloads without experiencing slowdowns.

In terms of storage, the Dell 6.2 line includes advanced SSD options that significantly boost data access speeds compared to traditional hard drives. This rapid access to information is vital for businesses that require quick retrieval of large datasets. Furthermore, the devices support RAID configurations, which enhances data redundancy and security, protecting critical business information from loss.

Connectivity is another critical aspect of the Dell 6.2 series. It includes multiple USB ports, HDMI outputs, and high-speed Ethernet options, ensuring that users can easily connect to various peripherals and networks. The integration of Wi-Fi 6 technology enables faster wireless connections, resulting in improved internet speeds and bandwidth efficiency, which is crucial in today’s increasingly connected workplaces.

Dell has also prioritized security in the 6.2 series. It features enhanced biometric authentication and advanced encryption methods, safeguarding sensitive data from unauthorized access. Additionally, the system's BIOS protection and automatic updates provide an added layer of security, ensuring that the device remains safe from emerging threats.

The design of the Dell 6.2 is not only sleek and modern but also built for durability. Its robust chassis is engineered to withstand the rigors of daily use, making it suitable for various business environments. This durability ensures that the investment in Dell 6.2 will last for years while maintaining performance integrity.

In summary, the Dell 6.2 series embodies a blend of speed, storage efficiency, connectivity, and security, making it a top choice for enterprises looking to enhance their computing capabilities. With its modern features and durable design, Dell 6.2 is positioned as a reliable partner in driving business success.