Dell 6.2 manual Monitoring the Dashboard, WIP Wizard Intrusion Protection

Page 367

Figure 101: WIP Wizard Intrusion Protection

Monitoring the Dashboard

The Security Summary dashboard, in the Monitoring section of the WebUI, allows you to monitor the detection and protection of wireless intrusions in your network.

The dashboard’s two top tables—Discovered APs & Clients and Events—contain data as links. When these links are selected they arrange, filter, and display the appropriate information in the lower table. For example, if you select the number 10 under the Active APs column (highlighted in yellow in Figure 102) then the bottom table will filter and arrange information about the ten classified Rogue APs. Use the scroll bar at the right to view all ten Rogue APs.

NOTE: The term events in this document is meant to include security threats, vulnerabilities, attacks (intrusion or Denial of Service)

and other similarly related events.

The Event table contains data links. Selecting these data links will display information, in the bottom table, related to the Event you selected. Again, remember to use the scroll bar at the right to view all the Events.

Figure 102: WIP Monitoring Dashboard

367 Wireless Intrusion Prevention

Dell PowerConnect W-Series ArubaOS 6.2 User Guide

Page 366 Page 368
Image 367
Page 366 Page 368
Contents User Guide Open Source Code Copyright InformationLegal Notice Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents 485 477490 Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide Contents Contents Dell PowerConnect W-Series ArubaOS 6.2 User Guide What’s New In ArubaOS Feature DescriptionAbout this Guide Spectrum recording information Users using them in a given networkIssued Spectrum enhancementsWebUI FundamentalsConventions Related DocumentsType Style Description Page Basic User-Centric Networks Understanding Basic Deployment and Configuration TasksDeployment Scenario #1 Controller and APs on Same Subnet APs All on One Subnet Different from Controller Subnets APs on Multiple Different Subnets from Controllers Running Initial Setup Configuring the ControllerNew Port Numbering Scheme Using the LCD ScreenConnecting to the Controller after Initial Setup Dell W-7200 Series ControllerDisplays Uploading a Pre-saved Configuration Using the LCD and USB DriveUpgrading an Image Disabling LCD Menu Functions Configuring a Vlan to Connect to the NetworkCreating, Updating, and Viewing VLANs and Associated IDs Assigning and Configuring the Trunk PortCreating, Updating, and Deleting Vlan Pools WebUI Configuring the Default GatewayConfiguring the Loopback IP Address for the Controller To confirm the port assignments, use the show vlan commandEnter y to reboot the controller or n to cancel Configuring the System ClockController returns the following messages Connecting the Controller to the Network Enabling Wireless ConnectivityConfiguring Your User-Centric Network Installing LicensesMust explicitly enable Telnet on the controller Control Plane Security Parameter Description Configuring Control Plane SecurityConfigure the following control plane security parameters Control Plane Security OverviewExample CLIAdding APs to the Campus and Remote AP Whitelists Managing AP WhitelistsControl Plane Security Campus AP Whitelist status only Viewing Whitelist StatusStatus Entry Address as a nameStatus Entry Description Modifying an AP in the Campus AP Whitelist Command DescriptionClick the Campus AP Whitelist tab Deleting an AP Entry from the Campus AP Whitelist Revoking an AP via the Campus AP WhitelistPurging the Campus AP Whitelist Managing Whitelists on Master and Local Controllers Campus AP whitelist contains Master switchWith local Dell Data Column Description Viewing and Managing the Master or Local Switch WhitelistsViewing the Master or Local Switch Whitelist Campus AP Whitelist SynchronizationDeleting an Entry from the Master or Local Switch Whitelist Working in Environments with Multiple Master Controllers Configuring Networks with a Backup Master ControllerConfiguring Networks with Clusters of Master Controllers Purging the Master or Local Switch WhitelistCreating a Cluster Root Click the Cluster Setting tabTo view your current cluster configuration via the WebUI Viewing Controller Cluster SettingsCreating a Cluster Member Replacing Controllers in a Single Master Network Replacing a Controller on a Multi-Controller NetworkReplacing a Local Controller Replacing a Redundant Master Controller Replacing a Master Controllerwith No BackupReplacing a Redundant Cluster Member Controller Replacing a Cluster Member Controller with no BackupReplacing Controllers in a Multi-Master Network Replacing a Local Controller in a Multi-Master NetworkReplacing a Redundant Cluster Root Controller Manually Certify Campus APs Configuring Control Plane Security after UpgradingTroubleshooting Control Plane Security Identifying Certificate ProblemsDisabling Control Plane Security Verifying CertificatesVerifying Whitelist Synchronization Rogue APs Supported APsSoftware Licenses Understanding License TerminologyWorking with Licenses Basis What Consumes One License Using LicensesWorking with Licenses on a Multiple Controller Network LicenseController Total AP Count Campus APs Remote APs Understanding License InteractionInstalling a License License Installation Best Practices and ExceptionsEnabling a new license on your controller Creating a Software License Key Requesting a Software License in EmailLocating the System Serial Number Obtaining a Software License KeyApplying the Software License Key in the WebUI Resetting the ControllerDeleting a License Moving LicensesPage Navigate to the Configuration Network VLANs Configuring VLANsNetwork Configuration Parameters You can create and update a single Vlan or bulk VLANsCreating Bulk VLANs In the WebUI Navigate to Configuration Network VLANsCreating Named VLANs Creating a Named Vlan not in a PoolThis example assigns a Vlan name in a virtual AP Using the WebUICreating a Vlan Pool This example assigns a name to an existing Vlan IDCreating a Vlan Pool Distinguishing Between Even and Hash Assignment TypesUpdating a Vlan Pool Creating a Vlan Pool Using the CLIViewing and Adding Vlan IDs Using the CLI Following example shows how to view Vlan IDs to a Vlan poolOptimizing Vlan Broadcast and Multicast Traffic Adding a Bandwidth Contract to the VlanNavigate to Configuration Network IP Configuring PortsUsing the CLI Proxy Arp is disabled for the InterfaceAbout Trusted and Untrusted VLANs Configuring Trusted/Untrusted Ports and VLANsClassifying Traffic as Trusted or Untrusted About Trusted and Untrusted Physical PortsThis example For Port Mode select TrunkHow a Vlan Obtains an IP Address Understanding Vlan AssignmentsAssigning a Static Address to a Vlan Enabling the Dhcp Client Configuring a Vlan to Receive a Dynamic AddressConfiguring Multiple Wired Uplink Interfaces Active-Standby Navigate to the Configuration Network IP IP InterfacesSelect Obtain an IP address with PPPoE Enabling the PPPoE ClientConfiguring DNS/WINS Server from DHPC/PPPoE Default Gateway from DHCP/PPPoESelect Apply Configuring Source NAT for Vlan Interfaces Configuring Source NAT to Dynamic Vlan AddressInter-VLAN Routing Example ConfigurationUsing the WebUI to restrict Vlan routing Configuring Static RoutesNavigate to the Configuration Network IP IP Interface Modify the IP Address as required Click Configuring the Loopback IP AddressApply Configuring GRE Tunnels Configuring the Controller IP AddressUsing the CLI Static Routes Navigate to the Configuration Network IP GRE TunnelsCreating a Tunnel Interface Directing Traffic into the TunnelWebUI Tunnel KeepalivesCLI IPv6 Support This chapter describes ArubaOS support for IPv6 featuresUnderstanding IPv6 Notation Understanding IPv6 TopologyEnabling IPv6 Support for Controller and APs Enabling IPv6Features Supported on IPv6 APs? Yes Limited Configuring IPv6 AddressesTo Configure Link Local Address To Configure Global Unicast AddressTo Configure Loopback Interface Address Configuring IPv6 Static NeighborsManaging Controller IP Addresses Configuring IPv6 Default Gateway and Static IPv6 RoutesTo Configure IPv6 Default Gateway To Configure Static IPv6 RoutesTo Modify IPv6 MLD Parameters Configuring Multicast Listener Discovery MLDProvisioning an IPv6 AP Debugging an IPv6 ControllerTo view the EH types denied Configuring a Captive Portal over IPv6Filtering an IPv6 Extension Header EH Working with IPv6 Router Advertisements RAsUsing WebUI Configuring an IPv6 RA on a VlanYou can use the WebUI or CLI to configure IPv6 RA on a Vlan Using CLI Configuring Optional Parameters for RAsTo configure RA hop-limit Navigate to the ConfigurationNetworkIPTo configure neighbor discovery retransmit time To configure IPv6 recursive DNS serverViewing IPv6 RA Status Supported Network ConfigurationAuthentication Method Supported for IPv6 Clients? Understanding AuthenticationXSec No not tested MAC-based Yes Authentication Description Method Working with Firewall FeaturesUnderstanding Firewall Policies Field Description For Host IP, enter 2002d81ff9f01000 To assign an IPv6 policy using the WebUICreating an IPv6 Firewall Policy Assigning an IPv6 Policy to a User RoleUnderstanding IPv6 Exceptions and Best Practices Managing IPv6 User AddressesHost config #ipv6 enable Link Aggregation Control Protocol Lacp Understanding Lacp Best Practices and ExceptionsSet the port priority Configuring LacpLacp Sample Configuration 151 OSPFv2 Understanding Ospf Deployment Best Practices and ExceptionsBelow is the routing table for Router Understanding OSPFv2 by Example using a Wlan ScenarioWlan Topology Wlan Routing TableBranch Office Ospf Topology Branch Office TopologyRouting table for Router 1 is below Configuring OspfBranch Office Routing Table Routing table of the Central office controller is belowSelect the Add button to add an area see Figure General Ospf ConfigurationRemote Branch Sample Topology and ConfigurationRemote Branch Central Office Controller-Active Central Office Controller-Backup OSPFv2 Dell PowerConnect W-Series ArubaOS 6.2 User Guide Dell PowerConnect W-Series ArubaOS 6.2 User Guide OSPFv2 Tunneled Nodes Understanding Tunneled Node ConfigurationWebUI Configuring a Wired Tunneled Node ClientNavigate to ConfigurationAdvanced ServicesWired Access For exampleVerify the configuration Configuring an Access Port as a Tunneled Node PortConfiguring a Trunk Port as a Tunneled Node Port Locate the Wired Access Concentration Configuration sectionOn the tunneled node client Sample OutputPage Understanding Servers and Server Groups Authentication ServersConfiguring a Radius Server Configuring ServersDescribes the parameters you configure for a Radius server NAS IP address to send in Radius packets TimeoutDefault 5 seconds Override the global configurationSet a DNS Query Interval Configuring an RFC-3576 Radius ServerRadius Server Authentication Codes Radius Server Fully Qualified Domain NamesDescribes the parameters you configure for an Ldap server Configuring an Ldap ServerHost IP address of the Ldap server Default N/A Admin-DN Type Connection type is Ldap-s Start-tls Clear-text Configuring a TACACS+ ServerEnter parameters as described in Table Defines the TACACS+ server parametersConfiguring a Windows Server Managing the Internal Database Configuring the Internal DatabaseParameters Parameters Description Enter the following command in enable modeManaging Internal Database Files Exporting Files in the WebUIWorking with Internal Database Utilities Configuring Server GroupsConfiguring Server List Order and Fail-Through Configuring Server GroupsSelect Fail Through Configuring Dynamic Server SelectionScroll to the right and click Add Server Click Apply Click Add RuleTrimming Domain Information from Requests Configuring Match Fqdn OptionConfiguring Server-Derivation Rules Default bottom Controller when the rule is appliedTop Assigning Server Groups User AuthenticationManagement Authentication Navigate to the Configuration Management AdministrationRadius Accounting AccountingSelect AAA Profile, then select the AAA profile instance Timer Description Configuring Authentication TimersTACACS+ Accounting Range Setting an Authentication TimerDefault 5 minutes Logon User LifetimeParameter Configuring MAC-Based AuthenticationMAC-based Authentication Configuring the MAC Authentication ProfileDisables blacklisting Configuring ClientsUsing the WebUI to configure a MAC authentication profile Using the CLI to configure a MAC authentication profileCLI 802.1X Authentication Understanding 802.1X AuthenticationSupported EAP Types Configuring Authentication with a Radius Server802.1X Authentication with Radius Server Configuring Authentication Terminated on ControllerConfiguring 802.1X Authentication This option is disabled by default Failures, and the default value is 0 failuresDefault User Role Guest role Reauthentication Timer per role overrides this settingRequests Interval Seconds, and the default value is 30 secondsDefault value is CountOption is disabled by default Key Exchange Delay between WPA/WPA2Disable this feature Authentication takes placeNegotiation Disabled by default WPA-Fast-Handover For the cached information. The default value is 24 hoursUse to authenticate itself to the client Disabled by defaultConfiguring and Using Certificates with AAA FastConnect Machine User Auth Description Role Assigned Status Configuring User and Machine AuthenticationVirtual AP profile Authenticated Vlan configured Virtual AP profileEnabling 802.1x Supplicant Support on an AP Machine Auth User Auth Description Vlan Assigned StatusPrerequisites To view the 802.1x authentication details on the controllerProvisioning an AP as a 802.1X Supplicant Creating the Student Role and Policy Sample ConfigurationsConfiguring Authentication with an 802.1X Radius Server Configuring Roles and PoliciesCan use the alias for other rules and policies Creating the Faculty Role and Policy Using the WebUICreating the Guest Role and Policy Under Time Range, select working-hours Using the WebUI to create the computer role Configuring the Radius Authentication ServerCreating Roles and Policies for Sysadmin and Computer Creating an Alias for the Internal Network Using the CLISelect Enforce Machine Authentication Configuring 802.1X AuthenticationConfiguring VLANs Configuring the Guest Wlan Configuring the WLANsNavigate to the Configuration Wireless AP Configuration AP Group list, click Edit for the first-floor Configuring the Non-Guest WLANsCLI Configuring a Server Rule Using the CLI Configuring a Server Rule Using the WebUISelect Termination Configuring WLANs Configuring the Guest Wlan Configuring the Non-Guest WLANs 802.1x Logon Configuring Mixed Authentication ModesAuthentication Describes the different authentication possibilitiesConfiguring Reauthentication with Unicast Key Rotation Performing Advanced Configuration Options forStateful and WISPr Authentication Working With Stateful AuthenticationUnderstanding Stateful Authentication Best Practices Working With WISPr AuthenticationConfiguring Stateful 802.1x Authentication Configuring Stateful Ntlm Authentication Configuring Stateful Kerberos Authentication Configuring WISPr Authentication Profiles list, expand the WISPr Authentication Profile Dell PowerConnect W-Series ArubaOS 6.2 User Guide 227 Certificate Revocation Configuring a Controller as Ocsp and CRL ClientsConfiguring an Ocsp Controller as a Responder Understanding Ocsp and CRLNavigate to the Configuration Management Certificates Upload Configuring the Controller as an Ocsp ClientSelect the Revocation Checkpoint tab Configuring the Controller as a CRL ClientConfiguring the Controller as an Ocsp Responder Select Enable next to Enable Ocsp Responder Understanding Captive Portal Captive Portal AuthenticationController Server Certificate Configuring Captive Portal in the Base Operating SystemNavigate to the Configuration Management General Policy Enforcement Firewall Next Generation Pefng LicenseWebUI CLI Using Captive Portal with a Pefng License To configure captive portal with Pefng license via the WebUI Configuring Captive Portal in the WebUIConfiguring Captive Portal in the CLI Sample Authentication with Captive PortalCreating a Guest User Role Creating a Time Range Configuring Policies and Roles in the WebUISelect Add to add the guest-logon-access policy Creating an Auth-guest User RoleTo configure the auth-guest-access policy via the WebUI Creating an Auth-Guest-Access PolicyCreating Aliases To create the block-internal-access policy via the WebUI Creating an Block-Internal-Access PolicyTo create a guest role via the WebUI Creating a Drop-and-Log PolicyCreating a Guest Role To create the drop-and-log policy via the WebUITo create the guest-logon role via the WebUI Configuring Policies and Roles in the CLICreating an Auth-Guest Role Defining a Time RangeCreating a Guest-Logon Role Configuring Guest VLANsCreating a Guest-Logon-Access Policy Creating a Block-Internal-Access PolicyClick Add For Vlan ID, enter Click Apply Configuring Captive Portal Authentication ProfilesModifying the Initial User Role Configuring the AAA ProfileManaging User Accounts Configuring the WlanRole Configuring Captive Portal Configuration ParametersUnauthenticated that a guest cannot access Utilization Logon Threshold Default 60% Logon waitFollowing are optional captive portal configurations Enabling Optional Captive Portal ConfigurationsSpecify the fac-logon user Uploading Captive Portal Pages by Ssid AssociationChanging the Protocol to Http Entity Engineering Business FacultyL3 Authentication Configuring Redirection to a Proxy ServerSecurity Access Control Policies Redirecting Clients on Different VLANs For captive portal with role-based accessFor captive portal with Pefng license Personalizing the Captive Portal Web Client Configuration with Proxy ScriptSelect the Your Custom Background To customize the page backgroundCreating a New Internal Web Creating and Installing an Internal Captive PortalVariable Password ExampleUsername Example Fqdn ExampleDisplaying Authentication Error Messages Installing a New Captive PortalBasic Html Example Configuring Localization Reverting to the Default Captive PortalThis should be replaced with a link like the following Insert javascript to handle error casesThis should be replaced with a link like this Div id=errorbox style=display none /div Sample Translated Customizing the WelcomeCustomizing the Pop-Up box Customizing the Logged Out Box Navigate to Advanced Services Stateful Firewall Destination Creating Walled Garden AccessConfiguring the Login URL Configuring the Redirect-URLEnabling Captive Portal Enhancements Associating a Whitelist to Captive Portal Profile Configuring a WhitelistConfiguring the Netdestination for a Whitelist Defining Netdestination DescriptionsVerifying Dynamic ACLs for a Whitelist Verifying a Whitelist ConfigurationUse the following commands to verify the whitelist alias Verifying a Captive Portal Profile Linked to a WhitelistTOS Verifying DNS Resolved IP Addresses for Whitelisted URLsExample Virtual Private Networks Planning a VPN Configuration384 Suite-B certificates ECDSA-256, ECDSA-384 Selecting an IKE protocolUnderstanding Suite-B Encryption Licensing IKE Policies Suite-B for IPsec tunnelsUnderstanding Supported VPN AAA Deployments Working with IKEv2 ClientsVPN Client Working with VPN Authentication ProfilesParameter Default Default-rap Default-cap Working with Certificate GroupsConfiguring a Basic VPN for L2TP/IPsec in the WebUI Enabling Source NAT Defining Authentication Method and Server AddressesNavigate to Configuration IP NAT Pools Defining Address PoolsDefining IKEv1 Shared Keys Configuring IKE PoliciesFinalizing WebUI changes Setting the IPsec Dynamic MapCreate address pools Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUIEnable authentication methods for IKEv1 clients Configure source NATDefining Address Pools PRF-HMAC-MD5 PRF-HMAC-SHA1 PRF-HMAC-SHA256 PRF-HMAC-SHA384 Define IKEv2 Policies Configuring a VPN for Smart Card ClientsWorking with Smart Card clients using IKEv2 Enable authentication methods for IKEv2 clientsWorking with Smart Card Clients using IKEv1 Configuring a VPN for Clients with User PasswordsSelect Enable L2TP Configuring VPNs for XAuth Clients using Smart Cards Configuring Remote Access VPNs for XAuthClick Add User Certificates or Common Name as it appears on the certificate Working with Remote Access VPNs for Pptp Working with Third-Party Devices Working with Site-to-Site VPNsWorking with Site-to-Site VPNs with Dynamic IP Addresses Configuring Site-to-Site VPNsUnderstanding VPN Topologies Show crypto-local pki servercert certname subject Click Doneto activate the changes Click Apply For certificate authenticationFor the Pre-shared-key for All FQDNs For preshared key authenticationDetecting Dead Peers For the Pre-shared-keyWorking with VPN Dialer Understanding Default IKE policiesAssigning a Dialer to a User Role Configuring VPN DialerHost config #user-role role dialer name Roles and Policies Configuring Firewall PoliciesSupport for Desktop Virtualization Protocols Working With Access Control Lists ACLsCreating a Firewall Policy IP address of the host Configure the NAT pool in the controllerThis can be one of the following White List When it leaves the controllerQueue in which a packet matching this rule should be placed Pause ARMCreating an ACL White List Creating a Network Service AliasUse the following CLI command to create ACL White Lists Configuring the ACL White List in the WebUIConfiguring the White List Bandwidth Contract in the CLI Configuring the ACL White List in the CLICreating User Roles Bandwidth Contracts Creating a User RoleClick the Delete button against the role you want to delete Assigning a Bandwidth Contract to a User Role in the WebUI Configuring a Bandwidth Contract in the WebUIConfiguring and Assigning Bandwidth Contracts in the CLI Bandwidth Contract ExceptionsViewing the Current Exceptions List Configuring Bandwidth Contract ExceptionsAssigning User Roles Assigning User Roles in AAA ProfilesDhcp server Working with User-Derived VLANsRule Type Condition Value Equals StringUnderstanding Device Identification Configuring a User-derived Vlan in the WebUIDhcp Option Description Hexadecimal Equivalent User-Derived Role Example Configuring a User-derived Role or Vlan in the CLISee for descriptions of these parameters Navigate to the Configuration Security Authentication Configuring a Default Role for Authentication MethodController’s log files Monitor TCP SYN Attack rate Configuring a Server-Derived RoleConfiguring a VSA-Derived Role Understanding Global Firewall ParametersPortal configuration Or disabledLog Icmp Errors Default Disabled stateful SIP processing is enabledDefault Disabled FTP server is enabled Session Idle Timeout secDefault 15 seconds Disable FTP ServerSession mirror Ipsec Session-tunnel FIB Enable session,tunnel based forwardingMbps Default 1 Mbps Rate limit CP auth process traffic Mbps Is 1-200 Mbps Default 1 MbpsPage Wlan Profiles Default AP Group Toronto AP Group Configuring Virtual AP ProfilesVirtual APs Excluding a Virtual AP Profile From an AP in the WebUI Configuring a Virtual APExcluding a Virtual AP Profile From an AP in the CLI Ssid profile guest Configuring the User RoleBuilding3-lobby Guest Deny Time RangeConfiguring Authentication Configuring Authentication ServersDone Side of the network. This feature is enabled by default Users. The default role for unauthenticated users is logonMAC Authentication Default Role Wired to Wireless RoamingEnforce Dhcp Click Edit for the default AP groupSelect Wireless LAN under Profiles, then select Virtual AP Applying the Virtual APEnforcement, 802.11k and station blacklisting Forward modeCan be configured in tunnel mode Campus APs in decrypt-tunnel forward modeBand Steering Enable this settingClick the Global Setting tab Setting on each individual local controllerAPs. Default Disabled Default 6 stationsDefault 3600 seconds 1 hour Authentication FailureCreating a new Ssid Profile Select Wireless LAN underProfiles, then select Virtual AP XSec license in each controller KeysDtim Interval Period to receive broadcasts Other wireless clients are transmittingDefault value is 2333 bytes Powersave WMM Tspec MinAt the lowest configured rate Frames is disabledBattery Boost Lengthening battery lifeConfiguring an Ssid for Suite-B Cryptography Configuring a Vlan Configuring a Guest WlanConfiguring a Guest Role Select Virtual AP Configuring a Guest Virtual APTo enable bSec Ssid using bSec-128 or bSec-256 Sample ConfigurationEnabling bSec Ssid Support Enabling 802.11k Support Advertise 802.11K Capability Measurement Mode for Beacon ReportsMeasurement Report Mode field Default Mode beacon-tableTSM Report Request Settings Profile Handover Trigger Feature Settings ProfileHandover of Voice Clients’ feature Beacon Report Request Settings ProfileWorking with Radio Resource Management Information Elements Working with Beacon Report Requests Randomization Interval Con when Measurement Mode is set to Active-Channel ReportMeasurement Mode for Range from 0 to 255. The default value isNumber of repetitions Gered. When the triggered option is selected,Request frame. The default value is enabled Working with a Traffic Stream Measurement ReportBin 0 Range Configuring a High-Throughput Virtual APRange 0, 65535. The default value is Range 0, 255. The default value is40MHz intolerance Select the 802.11a radio profileSelect the 802.11g radio profile Transmission Maximum number of spatialCapabilities Streams usable for StbcSupported MCS set Mode Is enabled by defaultShort guard interval in 20 MHz Short guard interval in 40 MHzManaging High-Throughput Profiles Adaptive Radio Management ARM Understanding ARMUnderstanding ARM Application Awareness Configuring ARM ScanningARM Support for 802.11n Monitoring Your Network with ARMSelect RF Management to expand the RF Management section Configuring ARM ProfilesCreating a New ARM Profile ARM Profiles Example Wlan DescriptionSelect Adaptive Radio Management ARM Profile Configuring ARM SettingsCopying an Existing Profile Deleting a ProfileSetting Description Default 8 scans That Scanning is also enabledPower Save Aware Scan Mode Default disabled Video AwareClient Aware setting is disabled Default 9 dBmScan That Scanning is also enabled Enabled, that device will ignore this settingTime Channel change Default 30 seconds Noise Threshold Default 240 secondsError Rate Threshold Change Default 50% Error Rate WaitScanning if the load for the AP gets too high Default 1250000 BpsMode Aware Load AwareAssigning an ARM Profile to an AP Group Select Configuration AP ConfigurationEnabling Band Steering Using Multi-Band ARM for 802.11a/802.11g TrafficSteering Modes To disable band steering, include the no parameter Select Wireless LAN to expand the Wireless LAN sectionEnabling Band Steering Select QoS to expand the QoS section To configure traffic shaping via the WebUIEnabling Traffic Shaping Enabling Traffic ShapingEnabling Spectrum Load Balancing To disable traffic shaping, use the default-accessparameterConfiguring Non-802.11 for Noise Interference Immunity Reusing Channels to Control RX Sensitivity TuningARM Metrics Too many APs on the Same Channel Troubleshooting ARMWireless Clients Report a Low Signal Level Transmission Power Levels Change Too OftenAPs Don’t Change Channels Due to Channel Noise APs Detect Errors but Do Not Change ChannelsWorking with the Reusable Wizard Wireless Intrusion PreventionThis chapter contains the following sections Understanding Wizard Intrusion Detection Protection features for Wlan clientsProtecting Your Infrastructure Understanding Wizard Intrusion ProtectionProtecting Your Clients WIP Wizard Intrusion Protection Monitoring the DashboardClassification Description Detecting Rogue APsUnderstanding Classification Terminology Understanding Classification MethodologyUnderstanding Match Types Understanding Match MethodsUnderstanding Suspected Rogue Confidence Level Understanding Rule Matching Understanding AP Classification RulesWorking with Intrusion Detection Feature Command Trap Syslog IDUnderstanding Infrastructure Intrusion Detection 126086 Ids impersonation-profile WlsxAPSpoofingDetected 126069Detect-bad-wep WlsxStaRepeatWEPIVViolation 126016 Ids impersonation-profileDetect-malformed-large-duration Detected Require-wpa WlsxChannelMisconfiguration 127028Ids unauthorized-device-profile WlsxWirelessBridge 126036 Detect-wireless-bridge Wireless-bridge-quiet-timeDetecting Ad hoc Networks Detecting an 802.11n 40MHz Intolerance SettingDetecting Active 802.11n Greenfield Mode Detecting an Ad hoc Network Using a Valid SsidDetecting an RTS Rate Anomaly Detecting Bad WEP InitializationDetecting a Beacon Frame Spoofing Attack Detecting a Client Flood AttackDetecting Malformed Frame-Auth Detecting a Misconfigured APDetecting a Wireless Bridge Detecting Broadcast DeauthenticationDetecting Wellenreiter Understanding Client Intrusion DetectionIds dos-profile WlsxOmertaAttack 126071 Ids dos-profile WlsxPowerSaveDoSAttack 126109Detect-power-save-dos-attack Detect-hotspotter-attack Hotspotter-quiet-timeDetecting a Disconnect Station Attack Detecting a Meiners Power Save DoS AttackDetecting a Block ACK DoS Detecting a ChopChop AttackDetecting Unencrypted Valid Clients Detecting an Omerta AttackDetecting Rate Anomalies Detecting a Tkip Replay AttackUnderstanding Infrastructure Intrusion Protection Configuring Intrusion ProtectionUnderstanding Client Intrusion Protection Protecting Windows Bridge Configuring the Wlan Management System WMSNavigate to the Configuration Advanced Services Wireless Protecting Valid StationsStation Ageout Interval Configuring Local WMS SettingsNot configured Managing the WMS DatabaseMethods of Blacklisting Understanding Client BlacklistingBlacklisting Manually Captive portal Blacklisting by Authentication FailureEnter a value in the Max Authentication failures field Enabling Attack BlacklistingProfiles list, expand the IDS menu, then select IDS profile Working with WIP Advanced FeaturesSetting Blacklist Duration Removing a Client from BlacklistingUnderstanding TotalWatch Channel Types and Qualifiers Configuring TotalWatchFrequency Channel Understanding TotalWatch Monitoring FeaturesUnderstanding TotalWatch Scanning Spectrum Features Understanding TotalWatch Channel Dwell TimeUnderstanding TotalWatch Channel Visiting Administering TotalWatchConfiguring Per Radio Settings Configuring Per AP SettingDOS Licensing Configuring Tarpit ShieldingUnderstanding Tarpit Shielding Licensing CLI Commands Working with Tarpit ShieldingFollowing topics are included in this chapter Basic Functions and FeaturesAccess Points APs FunctionNaming and Grouping APs You can use the WebUI or the CLI to create a new AP group Use the following command to create an AP groupCreating an AP group Assigning APs to an AP GroupWorking with Wireless LAN Profiles Understanding AP Configuration ProfilesClick Apply and Reboot Page Page Working with QoS Profiles Working with AP ProfilesProvisioning Mesh Profiles Working with RF Management ProfilesProfile Hierarchy Viewing Profile ErrorsOther Profiles AP Specific and AP Group Profile Hierarchies Other Profile Hierarchies Verifying that APs Can Connect to the Controller Configuring Firewall SettingsDeploying APs Running the RF PlanConfiguring Dhcp Server Communication with APs Configuring DNS ResolutionEnabling Controller Discovery Navigate to the Configuration Network IP Dhcp Server window Using the Aruba Discovery Protocol ADPVerifying that APs Are Receiving IP Addresses AP92 4GHz or 5GHz Provisioning APs for MeshProvisioning 802.11n APs for Single-Chain Transmission AP Model Freqency Band Antenna PortAP134 4GHz or 5GHz Installing APs on the NetworkAP Model Freqency Band 5GHzWorking with the AP Provisioning Wizard Provisioning Installed APsUpdating the RF Plan Designation an AP as Remote RAP versus Campus CAPProvisioning an Individual AP AP Provisioning Window Page LMS or backup LMS values Provisioning Multiple APs using a Provisioning ProfileAP is associated Assigning Provisioning Profiles AP Installation Modes Configuring a Provisioned APTroubleshooting Renaming an AP Clear gap-db wired-macTo configure the bootstrap threshold using the WebUI Configuring the Bootstrap ThresholdOptimize APs Over Low-Speed Links LMS IPv6 Backup LMS IPv6 LMS Preemption RF Band for AM Mode scanningConfiguring split-tunnel forwarding Backup LMS IPWhen an AP process crashes Bootstrap thresholdFrom a wireless client that is connected to a tunneled Ssid Wireless frame is only encapsulated inside the IPsec tunnelPrioritizing AP heartbeats AP Redundancy AP Maintenance ModeEnergy Efficient Ethernet To enable AP maintenance modeAP130 Series only Managing AP LEDs802.11a and 802.11g RF Management Profiles RF ManagementRadio Managing 802.11a/802.11g Profiles Using the WebUIEnable CSA Creating or Editing a ProfileMHz and 40 MHz modes Level 5 disable PHY reportingReuse feature Balancing mode Select one of the following optionsRadio Management ARM scanning and channel assignment Load-balancing modeChannel. The default CSA count is 4 announcements Balancing thresholdDefault, allowing 40 MHz operation RX Sensitivity TuningRX sensitivity tuning based channel reuse threshold, in dBm Signal strengthAM Scanning Profile Assigning an 802.11a/802.11g ProfileAssigning a High-throughput Profile Profile Spectrum monitor radioAssigning an ARM Profile Deleting a Profile Managing 802.11a/802.11g Profiles Using the CLICreating or Modifying a Profile Assigning a 802.11a/802.11g Profile Viewing RF Management SettingsTo view the settings of a specific RF management profile RF OptimizationMaximum value 8 seconds RF Event ConfigurationDefault value 0 seconds Is sent to the clientRecommended value is 85% Frame Error Rate HighFrame Error Rate Low Detect Frame Rate AnomaliesFrame Retry Rate Low Configuring AP Channel AssignmentsSelect the Regulatory Domain profile named default Frame Retry Rate HighChannel Switch Announcement CSA Automatic Channel and Transmit Power Selection Managing AP Console SettingsIP address of the DNS server used by the AP IP address of the AP’s master controllerDomain name used by the AP Secure Enterprise Mesh Understanding Mesh Access PointsMesh Points Mesh PortalsMesh Clusters Understanding Mesh LinksOptimizing Links Link MetricsComponent Description RF Management 802.11a and 802.11g Profiles Understanding Mesh ProfilesMesh Cluster Profile Mesh Radio ProfileAdaptive Radio Management Profiles Mesh High-Throughput Ssid ProfileHigh-Throughput Profiles Wired AP Profile Understanding Mesh SolutionsMesh Recovery Profile Point-to-Point Deployment Thin AP Services with Wireless Backhaul DeploymentPoint-to-Multipoint Deployment Sample Point-to-Multipoint Deployment High-Availability DeploymentTask Overview Planning a Wlan According to Your SpecificationsCollecting Required Information AP Desired Rates 2.4 GHz Radio Properties Building DimensionsAM Desired Rates Working with Mesh Radio ProfilesManaging Mesh Profiles In the WebUI Creating a New ProfileAP goes through the list and uses the next highest rate Threshold Nodes Default 10 missed heartbeats. The range isIndicates the transmit rates for the 802.11a radio RatesUsed for user traffic Range 0-4094. Default 0 disabledDefault distributed-tree-rssi Recommends using this default startup-subthresholdvalueLink quality Default 2,333 bytes. The range is 256- 2,346Assigning a Profile to a Mesh AP or AP Group Editing a ProfileTo view the settings of a specific mesh radio profile Viewing Profile SettingsManaging Mesh Profiles In the CLI Deleting a Mesh Radio Profile Working with Mesh High Throughput Ssid ProfilesManaging Profiles In the WebUI Assigning a Profile to an AP GroupLaunch then software retries Temporal Diversity EnableEnabled legacy stations are allowed Configured value adjusts based on AP capabilitiesDifferent values, separate each value with a comma Mode Enabled by defaultΜsec, 2 µsec, 4 µsec Degrade throughputManaging Profiles In the CLI Deployments with Multiple Mesh Cluster Profiles Viewing High-throughput Ssid SettingsTo view the settings of a specific high-throughput profile Understanding Mesh Cluster ProfilesManaging Mesh Cluster Profiles In the WebUI Associating a Profile to Mesh APs Deleting a Mesh Cluster Profile Managing Mesh Cluster Profiles In the CLITo view the settings of a specific mesh cluster profile Viewing Mesh Cluster Profile SettingsAssociating Mesh Cluster Profiles To exclude a specific mesh cluster profile from an AP Configuring Ethernet Ports for MeshConfiguring Bridging on the Ethernet Port Excluding a Mesh Cluster Profile from a Mesh NodeConfiguring Ethernet Ports for Secure Jack Operation Extending the Life of a Mesh Network Outdoor AP Parameters Provisioning Mesh NodesProvisioning Mesh Nodes Under Port Selection, click the port to configureIP settings section, select Obtain IP Address Using Dhcp Provisioning CaveatsBooting the Mesh Portal Understanding the AP Boot SequenceBooting the Mesh Point Verifying the Network Verification ChecklistAir Monitoring and Mesh CLI Examples Configuring Remote Mesh Portals RMPsCreating a Remote Mesh Portal In the WebUI How RMP WorksDefining the Mesh Private Vlan Provisioning the APSelecting an RF Management Profile Selecting a Mesh Radio ProfileAdding a Mesh Cluster Profile Configuring the Vlan ID of the Virtual AP Profile Configuring a Dhcp PoolProfile Details window Additional Information Provisioning a Remote Mesh Portal In the CLIConfiguring Redundancy Parameters Configuring the Local Controller for Redundancy Configuring the Master Controller for Redundancy Configuring the LMS IPOn the master controller Controllers. Specify a key of up to 64 characters Command ExplanationEnter the master-redundancy context Router ID of the Vrrp instanceThis config mode command includes RF plan data when Configuring Database SynchronizationConfiguring Master-Local Controller Redundancy Enabling Incremental Configuration Synchronization CLI OnlyRedundant Topology Master-Local Redundancy Vrrp Dell PowerConnect W-Series ArubaOS 6.2 User Guide Understanding Rstp Migration and Interoperability Disabled Discarding BlockingWorking with Rapid Convergence Rstp 802.1w Description Port Role Feature Default Value/Range Configuring RstpEdge Port and Point-to-Point Port Fast Troubleshooting RstpChange the default configurations via the command line Monitoring RstpDell PowerConnect W-Series ArubaOS 6.2 User Guide Rstp Enabling PVST+ in the CLI Understanding PVST+ Interoperability and Best PracticesEnabling PVST+ in the WebUI From the WebUI, add a Vlan instance and enable PVST+IP Mobility Understanding Dell Mobility ArchitectureOn all Dell controllers in the mobility domain Configuring Mobility DomainsEnable mobility disabled by default On a master controllerConfiguring a Mobility Domain Navigate to the Configuration Advanced Services IP Mobility Example ConfigurationJoining a Mobility Domain On controller a the master controller Configuring Mobility using the WebUISubnetwork Mask Home Agent Address or VripTracking Mobile Users Configuring Mobility using the CLIViewing mobile client status using the WebUI Viewing mobile client status using the CLIStatus Type Description Viewing user roaming status using the CLIViewing specific client information using the CLI Roaming Description Status TypeHA Discovery on Association Configuring Advanced Mobility FunctionsSetting up mobility association Using the CLI Mobile Client Roaming LocationsEnable standalone AP Is 0-5000 visitors. The default setting is 5000 visitorsDefault setting is 3 attempts Seconds. The default setting is 5000 secondsClick Apply after setting the parameter Proxy Dhcp Proxy Mobile IPRevocations Understanding Bridge Mode Mobility DeploymentsWorking with Proxy Igmp and Proxy Remote Subscription Enabling Mobility MulticastWorking with Inter controller Mobility Inter-controller Mobility Configuring Mobility MulticastStart at 0 from the left-most position Enable Igmp proxy on the FastEthernet Ieee 802.3 interfaceEnable Igmp snooping ExampleExternal Firewall Configuration Understanding Firewall Port Configuration Among Dell DevicesPorts Used for Virtual Internet Access VIA Enabling Network AccessConfiguring Ports to Allow Other Traffic Types Page Remote Access Points About Remote Access PointsRemote AP with a Private Network Configure the NAT Device Configuring the Secure Remote Access Point ServiceConfigure a Public IP Address for the Controller Using the WebUI to create a DMZ addressYou can use the CLI or the WebUI to configure Chap Configure the VPN ServerChap Authentication Support over PPPoE Using the WebUI to configure ChapUsing the CLI to configure the Chap Configuring Certificate RAPCreating a Remote AP Whitelist RAP Static Inner IP Address Configuring PSK RAPUsing WebUI Using CLIIP-Address parameter in the local database Provision the APDeployment Scenario Master IP Address Value Deploying a Branch Office/Home Office SolutionLocal Debugging Configuring the Branch Office APTroubleshooting Remote AP Provisioning the Branch Office APBasic View Information Advanced View Information Name Multihoming on remote AP RAP Seamless failover from backup link to primary link on RAPRemote AP Connectivity Remote AP Diagnostics Enabling Remote AP Advanced Configuration OptionsData Description Understanding Remote AP Modes of Operation Remote Oper Forward Mode Setting AtionSSIDs Working in Fallback ModeOnly Ssid configuration Stored in flash on Essid is up when Same behavior as Not supported AP contactsBackup Configuration Behavior for Wired Ports Configuring Fallback ModeConfiguring the AAA Profile for Fallback Mode in the WebUI Configuring the AAA Profile for Fallback Mode in the CLI Configuring the Dhcp Server on the Remote AP Using the WebUI Configuring the Session ACL in the WebUI Configuring Advanced Backup OptionsConfiguring the AAA Profile in the WebUI Route src-nat Defining the Backup Configuration in the WebUIConfiguring the Session ACL in the CLI Configure the Remote-AP Dhcp Server fieldsYou can define other parameters as needed Specifying the DNS Controller SettingUsing the CLI to configure the AAA profile Defining the Backup Configuration in the CLIBackup Controller List Configuring the LMS and backup LMS IP addresses in the CLI Configuring Remote AP FailbackTo disable, enter Enabling RAP Local Network AccessConfiguring Remote AP Authorization Profiles To enable, enterAdding or Editing a Remote AP Authorization Profile Working with Access Control Lists and Firewall PoliciesUnderstanding Split Tunneling Sample Split Tunnel Environment Configuring Split TunnelingConfiguring the Session ACL Allowing Tunneling Configuring an ACL to Restrict Local Debug Homepage Access Enable Restricted Access to LD Homepage Configuring the AAA Profile for TunnelingInthe CLI Configuring the Tunneling Virtual AP ProfileNavigate to Configuration Wireless AP Configuration Provisioning Wi-Fi MultimediaDefining Corporate DNS Servers Reserving Uplink Bandwidth Configuring Bandwidth ReservationTo configure bandwidth reservation Navigate to Configuration Advanced Services All ProfilesProvisioning RAP for USB Modems Provisioning 4G USB Modems on Remote Access PointsNavigate to Configuration Wireless AP Installation 4G USB Modem Provisioning Best Practices and ExceptionsRAP 3G/4G Backhaul Link Quality Monitoring Pantech Configuring W-IAP3WN Access PointsConverting IAP to RAP Converting an IAP to RAP or CAPConverting an IAP to CAP Applying Contracts Configuring Bandwidth Contracts for RAPEnabling Bandwidth Contract Support for RAPs Defining Bandwidth ContractsVerifying Contracts Applied to Users Verifying Contracts on APVerifying Bandwidth Contracts During Data Transfer Following is a sample output for a per-user configurationPage Understanding VIA Connection Manager Virtual Intranet AccessHow it Works User action / environment VIA’s behavior Installing the VIA Connection ManagerOn Microsoft Windows Computers On Apple MacBooksComplete Upgrade Configuring the VIA ControllerUpgrade Workflow Minimal UpgradeBefore you Begin Supported Authentication MechanismsAuthentication mechanisms supported in VIA Other authentication methodsSuite-B Configuring VIA SettingsCreate VIA User Roles Using the WebUI to Configure VIAEnable VPN Server Module Create VIA Authentication ProfileEnter a name for the server group Create VIA Connection ProfileTo create VIA connection profile Configuration Option Description Client Auto-Login To the support email-address for troubleshootingList of all IKEv2 authentication methods Default NoneUse Windows Credentials Enable SupplicantEnable Fips Module VIA Authentication Name\username instead of just usernameTo configure VIA web authentication profile Configure VIA Web AuthenticationTo associate a VIA connection profile to a user role Configure VIA Client Wlan ProfilesTo configure a VIA client Wlan profile Associate VIA Connection Profile to User RoleMschapv2-use-windows-credentials Option DescriptionCryptobinding TLV Servers or trusted certification authoritiesDownload VIA Installer and Version File Rebranding VIA and Downloading the InstallerTo download the VIA installer and version file Create VIA connection profiles Using the CLI to Configure VIACreate VIA authentication profiles Create VIA rolesRequires the following Microsoft KB on the end-user systems Customize VIA logo, landing page and downloading installerDownloading VIA Pre-requisitesDownloading VIA Login to Download VIAUsing VIA Installing VIAConnection Details Tab Diagnostic Tab TroubleshootingSettings Tab AP104 Yes Understanding Spectrum AnalysisSpectrum Analysis DeviceHybrid AP? Device Configurable as aGraph Title Graph Title Description Update Interval Swept Spectrum Analysis ClientsSpectrogram Real-Time FFTCreating Spectrum Monitors and Hybrid APs Hybrid APs Using Mode-Aware ARMHybrid AP Channel Changes Converting an Individual AP to a Spectrum Monitor Converting APs to Hybrid APsSelect AP to expand the AP profiles section Converting a Group of APs to Spectrum MonitorsConnecting Spectrum Devices to the Spectrum Analysis Client To manually disconnect a spectrum monitor or hybrid AP Disconnecting a Spectrum DeviceView Connected Spectrum Analysis Devices Table Column DescriptionSelecting a Spectrum Monitor Configuring the Spectrum Analysis DashboardsClick the Spectrum Dashboards tab Click theSpectrum Dashboards tab Changing Graphs within a Spectrum ViewSaving a Dashboard View Renaming a Spectrum Analysis Dashboard ViewSelect Rename Resizing an Individual Graph Customizing Spectrum Analysis GraphsActive Devices Spectrum Analysis Graph Configuration OptionsShow Channel RangeColumn may display any of the following values Service set identifier of the device’s 802.11 wireless LANActive Devices Table Device TypeSelect the button by the Less than drop down list Select the button by the symbolRadio band or channel Column headingMHz Active Devices TrendDetects on the radio channel Center FrequencySelect one of the following device types Wi-Fi data as non-Wi-Fi dataChannel Metrics Show lines for theseRadio band displayed in this graph Channel Metrics GraphChannel Metrics Trend Unselect the checkbox to hide that information Drop-down list and select one of the following optionsMinutes HourMonitor Channel Summary TableBand Radio band displayed in this graph Device Duty CycleNumbering Identify a channel numbering scheme for the graph Channel Utilization TrendFollowing device types Uncheck the checkbox by that channel number As non-Wi-Fi dataDevices vs Channel IntervalsDevices vs Channel Options FFT Duty Cycle FFT Duty CycleInterference Power Interference Power Options Device types Quality SpectrogramData Real-Time FFTFrequencies for the graph AxisRight field, and the higher value in the left field Frequency Center of the x-axis of this chart SpanSwept Spectrogram CenterSimple Line Graph of FFT Power Data Swept Spectrogram Options Working with Non-Wi-Fi Interferers Device vs Channel Interference Power Non-Wi-Fi Description InterfererViewing Spectrum Analysis Data Understanding the Spectrum Analysis Session LogCreating a Spectrum Analysis Record Recording Spectrum Analysis DataTo record spectrum analysis data for later analysis To save the recording file Saving the RecordingPlaying a Spectrum Analysis Recording Playing a Recording in the Spectrum DashboardClick the Recording View/Play link at the top of the window Playing a Recording Using the RFPlayback ToolClick Load File For Playback Loading a Spectrum View Troubleshooting Spectrum AnalysisTroubleshooting Browser Issues Converting a Spectrum Monitor Back to an AP or Air MonitorPlaying a Recording in the RFPlayback Tool Understanding Spectrum Analysis Syslog MessagesUnderstanding Device Ageout Times Hopper Seconds Age Out Generic Fixed FrequencyAge Out Generic Frequency Hopper APs Monitoring PerformanceDashboard Monitoring ClientsMonitoring Usage Using Dashboard HistogramsMonitoring Security Monitoring Potential IssuesMonitoring WLANs Monitoring Clients Monitoring Access PointsElement To disable this setting, include the no parameterMonitoring Firewalls Element ViewColumn Element DescriptionBytes Tx Bytes Rx Bytes User Bytes Packets Device Destination Details ViewElement Tab Element Summary ViewApplication Usage BreakdownUsage Breakdown Aggregated SessionsSource IP Column DescriptionDestination Alias Management Access Configuring Certificate Authentication for WebUI AccessEnabling Public Key Authentication for SSH Access Select the client certificate Click Apply Enabling Radius Server AuthenticationConfiguring Radius Server Authentication with VSA Configuring a set-value server-derivation rule Verifying the configuration Disabling Authentication of Local Management User AccountsResetting the Admin or Enable Password User admin Password Bypassing the Enable Password PromptConfigure the settings described in Table Implementing a Specific Management Password PolicySetting an Administrator Session Timeout Defining a Management Password PolicyAllowed Characters Disallowed Characters Period Pipe Plus sign + Tilde ~ Comma Accent mark ` Management Authentication Profile ParametersAllowed Characters ColonAbout Digital Certificates Managing CertificatesEnter the following information Navigate to the Configuration Management Certificates CSRObtaining a Server Certificate Parameter Description RangePKCS7 encrypted PKCS12 encrypted Run the following commandObtaining a Client Certificate Importing CertificatesLocation Description Use the following command to import CSR certificatesViewing Certificate Information Imported Certificate LocationsChecking CRLs Configuring SnmpSnmp Parameters for the Controller Configuring Logging Category/Subcategory Description Logging Level Description Category/Subcategory802.1x messages Radius Radius user messages Configuring the Guest Fields Configuring the Guest ProvisioningEnabling Guest Provisioning Guestcategory Guest FieldFields that follow Configuring the Page DesignGuest Field Description Provisioning page for the sponsor informationConfiguring Email Messages Configuring the Smtp Server and Port in the WebUINavigate to the Configuration Management SMTPpage Click Apply and then Save Configuration Configuring an Smtp server and port in the CLICreating Email Messages in the WebUI Management Users section, click Add Configuring a Guest Provisioning UserUsername and Password Authentication Method Static Authentication MethodClick Apply and Save Configuration Customizing the Guest Access PassSmart Card Authentication Method Username and Password MethodCustomized Guest Account Information Window Creating Guest AccountsCreating a Guest Account-New Guest Window Guest Provisioning User TasksCreating Multiple Guest Entries in a CSV File Importing Multiple Guest EntriesCVS File Format-Guest Entries Information Importing the CSV File into the DatabaseImporting a CSV file that contains Guest Entries Displaying the Guest Entries Log File Restricting one Captive Portal Session for each Guest Optional ConfigurationsPrinting Guest Account Information Managing Files on the Controller Setting the Maximum Time for Guest AccountsUsing the WebUI to set the maximum time for guest accounts Using the CLI to set the maximum time for guest accountsUsername to log into server Server Type ConfigurationNavigate to the Maintenance Controller Image Management Transferring ArubaOS Image FilesCopying Log Files Backing Up and Restoring the Flash File SystemCopying Other Files Setting the System ClockManually Setting the Clock Navigate to the Configuration Management ClockClock Synchronization Configuring NTP AuthenticationTimestamps in CLI Output Enabling Capacity AlertsThreshold Description Examples Sent. The default threshold for this parameter is 80%User-capacity Using the Initial Setup Configuring Local ControllersAdding Local Controllers Using the Web UI Configuring Layer-2/Layer-3 SettingsConfiguring Trusted Ports Configuring Local Controller SettingsMoving to a Multi-Controller Environment Configuring APsUsing the WebUI to configure the LMS IP Using the CLI to configure the LMS IPConfiguring a Preshared Key Using the CLI to configure a PSK Configuring a Controller CertificateUsing the WebUI to configure a Local Controller PSK Using the WebUI to configure a Master Controller PSKUsing the CLI to configure the Master Controller Certificate Advanced Security Securing Client TrafficWireless xSec Client Example Securing Wireless ClientsSecuring Wired Clients Navigate to the Configuration Advanced Services Wired Access Securing Wireless Clients Through Non-Dell APs Securing Clients on an AP Wired Port Succeed Time to wait for authentication toSecuring Controller-to-Controller Communication Configuring Controllers for xSecFor Controller Installing the Odyssey Client Configuring the Odyssey Client on Client MachinesModifying a regedit Policy Certificate Information Page Voice and Video License Requirements Configuring Voice and VideoSetting up Net Services Using Default Net ServicesNet Service Name Protocol Port Configuring User RolesCreating Custom Net Services Using the Default User RoleCreating or Modifying Voice User Roles Using the WebUI to configure user rolesService Name Navigate to the Configuration Security Access ControlClick Done Click Apply Using the CLI to configure a user roleUsing the WebUI to derive the role based on MAC OUI Using the User-Derivation RolesUsing the WebUI to derive the role based on Ssid Using the CLI to derive the role based on SsidAdditional Video Configurations Configuring Firewall Settings for Voice and Video ALGsConfiguring Video over Wlan enhancements Pre-requisites To enable Igmp snoopingTo add the ACL to a user role Configure multicast rate optimization for video trafficSet a bandwidth percentage for the following categories Configure and apply a bandwidth management profileEnable Igmp Proxy Enable multicast shaping on the firewallEnable Igmp Snooping Configure ARM scanning for video traffic Configure multicast rate optimization for the video trafficWorking with QoS for Voice and Video Configure and apply bandwidth management profileThis step is optional Understanding VoIP Call Admission Control Profile To enable call admission control in this profile Understanding Wi-Fi MultimediaVoip Tspec Enforcement Lowest Background Best effort Video Voice Highest Configuring WMM AC MappingPriority 802.1p Priority WMM Access Category Enabling WMMUsing the WebUI to map between WMM AC and Dscp Dscp Decimal Value WMM Access CategoryBackground Best effort Video Voice Using the CLI to map between WMM AC and Dscp Configuring Dscp PrioritiesEnhanced Distributed Channel Access Configuring Dynamic WMM Queue ManagementWMM Access Category Description 802.1p Tag Microseconds, enter 94 3008/32. Possible values are Using the WebUI to configure Edca parametersDisables this option 1. a value of 4 computes to 2 4-1 = 15. Possible values areUsing the CLI to configure Edca parameters Enabling WMM Queue Content EnforcementTo associate the Edca profile instance to a Ssid profile Port Packet Type Understanding Extended Voice and Video FeaturesMicrosoft OCS Apple FacetimeEnabling Mobile IP Home Agent Assignment Enabling WPA Fast HandoverScanning for VoIP-Aware ARM Disabling Voice-Aware Configuring SIP Authentication TrackingViewing Real Time Call Quality Reports To configure Real Time analysis on voice callsEnabling Real Time Call Quality Analysis Web UISIP session timer is implemented in the SIP ALG as per RFC Enabling SIP Session TimerTo view the SIP settings on the controller To configure the session timer and the timeout valueClick the Policies tab Select the Classify Media check box Enabling Wi-Fi Edge Detection and Handover for Voice ClientsUnderstanding Dial Plan Format Expand Handover Trigger under Wireless LanClick the Apply button to save the configuration Working with Dial Plan for SIP CallsAction Description Configuring Dial PlansDialplan Profile displays the dial plan details Dialplan ProfileTo view the SIP dial plan profile Enabling Enhanced 911 SupportTo create a voice dial plan profile To associate the dial plan with SIP ALGWorking with Voice over Remote Access Point Enabling Lldp Understanding Battery BoostConfigure the Lldp profile parameters as desired then click Show the power support capabilities of the AP interface Lldp PDUs. The AP will send all optional TLVs by defaultLldp PDUs. The AP will send all 802.1 TLVs by default Lldp PDUs. The AP will send all 803.2 TLVs by defaultLLDP-MED Profile Configuration Parameters Apply to save your settings Viewing Troubleshooting Details on Voice Client Status Advanced Voice TroubleshootingConnected To view the details of a completed call based on the CDR Id Viewing Troubleshooting Details on Voice Call CDRsEnabling Voice Logs Navigate to the Configuration Management LoggingEnabling Logging for a Specific Client To debug voice logs for a specific client To view the voice signaling message tracesViewing Voice Traces To set the voice logging level to debuggingTo view the voice configuration details on your controller Viewing Voice ConfigurationsSIP settings Value Parameter Termination of Instant AP VPN tunnels L2/L3 network mode supportOverview Instant AP VPN SupportExternal Whitelist DB VPN ConfigurationWhitelist DB Configuration Controller Whitelist DBRadius proxy for VPN connected IAPs VPN Local Pool ConfigurationVPN Profile Configuration Viewing Branch StatusOutput of this command includes the following parameters USB Ports Understanding W-600 Series Best Practices and ExceptionsSeries Controllers ControllerSwitching Modes Connecting with a USB Cellular ModemsFinding USB Modem Commands Cellular Profile Uplink ManagerCellular Profile from the WebUI Dialer GroupVerify the modem is registered with the Uplink Manager Configuring a Supported USB ModemConfiguring the Profile and Modem Driver Configuring a New USB ModemIf you get entries similar to the example below Driver=none Configuring the TTY PortSelecting the Dialer Profile Testing the TTY PortNAS Device Setup Setting Up NAS Network-Attached Storage DevicesLinux Support Managing NAS Devices Configuring in the CLIView list of shares in a disk NAS Media Green-solid Press and hold media Mounting and Unmounting DevicesController wake-up Green-solid Button To view a list of printers mounted on the controller, type Connecting to a Print ServerPrinter Setup Using the CLI Additional Commands for Managing PrintersRemote Branch 1-W-650 Controller Series Sample Topology and ConfigurationRemote Branch 2-W-650 Controller Central Office Controller-Active Central Office Controller-Backup Page Sample ESI Topology External Services InterfaceESI-Fortinet Topology ESI Parser Domains Understanding the ESI Syslog ParserSyslog Parser Rules Peer ControllersCondition Pattern Matching Configuring ESIUser Pattern Matching Defining the ESI Server Configuring Health-Check Method, Groups, and ServersEnter a Profile Name Enter a Group Name To configure an ESI server group on the controllerDefining the ESI Server Group Server NameRedirection Policies and User Role Deleting an existing syslog parser domain ESI Syslog Parser Domains and RulesManaging Syslog Parser Domains in the WebUI Adding a new syslog parser domainEditing an existing syslog parser domain Use these CLI commands to manage syslog parser domainsManaging Syslog Parser Domains in the CLI Managing Syslog Parser RulesDeleting a syslog parser rule Adding a new parser ruleEditing an existing syslog parser rule Use these CLI commands to manage syslog parser rules Testing a Parser RuleMonitoring Syslog Parser Statistics Sample Route-mode ESI TopologyShowing ESI syslog parser rule information ESI server configuration on controller Configuring the Example Routed ESI TopologyIP routing configuration on Fortinet gateway Defining the Ping Health-Check Method Health-Check Method, Groups, and ServersEnter a Group Name. Enter fortinet Trusted IP Address. Enter Untrusted IP Address. EnterRedirection Policies and User Role To add a new syslog parser domain for the routed example Syslog Parser Domain and RulesAdd a New Syslog Parser Domain in the WebUI Adding a New Parser Rule in the WebUIExample NAT-Mode Topology Sample NAT-mode ESI TopologyESI server configuration on the controller Profile Name. This example uses externalcpping Configuring the Example NAT-mode ESI TopologyConfiguring the NAT-mode ESI Example in the WebUI Configuring the ESI Group in the WebUIPolicy Name. This example uses cpredirectacl Configuring the Example NAT-mode Topology in the CLIConfigure the ESI Servers in the WebUI Configuring the Redirection Filter in the WebUICLI Configuration Example Configuring a Health-Check PingConfiguring ESI Servers Using the ESI Group in a Session Access Control ListCharacter-Matching Operators Understanding Basic Regular Expression BRE SyntaxRegular Expression Anchors Regular Expression Repetition OperatorsDescription Sample Result References External User Management Working with the ArubaOS XML API WorksDeleting a User Authenticating a UserCreating an XML Request Adding a UserBlacklisting a User Default Response FormatFormat of a default XML response from the controller is XML ResponseCode Reason message Response CodesCode Reason message Description Query Command Response FormatAssociating the XML API Server to a AAA profile Using the XML API ServerConfiguring the XML API Server Verify the XML API server configurationVlan Associating the Captive Portal Profile to an Initial Role Set up Captive Portal profileDell controllers configuration Authentication Command DescriptionOptions Description Range / Defaults This command deletes the user from the controllerMonitoring External Captive Portal Usage Statistics Sample Code Using XML API in C LanguagePage Page Understanding XML API Request Parameters Understanding Request and ResponseList all parameter that you can use in a request Response from the controller This command will add a client on your networkUnderstanding XMl API Response Adding a ClientView the updated details of the client on the controller Authenticating a ClientDeleting a Client Sending the authentication command Status of the client before authenticationStatus of the client after authentication Querying for Client Details Blacklisting a Client-request and response Blacklisting a ClientRF Plan Supported PlanningOutdoor-Specific Deployment Considerations Configuration ConsiderationsPlanning Deployment Pre-Deployment ConsiderationsDual-Port AP Considerations Post-Deployment ConsiderationsCampus List Launching the RF PlanButtons Description Buttons Building List PaneEdit a campus from the building list pane Building Dimension Building Specifications OverviewAP Modeling Parameters Radio Type Overlap Factor Design ModelRadio Description Button Radio Property Description Users/APRadio Properties Desired Rates and HT Support Options Overlap Description FactorNumber of available channels AM ModelingValid values are 54, 48, 36, 24, 18, 12, 9, 6, 11, 5.5, 2 Radio Button Description Planning FloorsDesign Models Monitor RatesZoom You can select or adjust the features as described in TableNaming Approximate Coverage MapFloor Editor Dialog Box LevelBackground Images Area Editor Dialog BoxArea Types Location and DimensionsFixed Access Point Editor Dialog BoxY Coordinates Power Levels802.11n Features Radio TypesMemo AP PlanInitialize OptimizeFix All Suggested AP/AMs AM PlanViewing the Results Exporting and Importing Files Import Campus Export CampusExport Buildings Import Buildings LocateProperty Description Fqln MapperSearch Results Using the Fqln Mapper in the AP ProvisionHeight Using the WebUIRF Plan Example Sample BuildingCreate a Building Campus Name Model the Access PointsText Box InformationAdding the background image and naming the second floor Model the Air MonitorsAdd and Edit a Floor Adding the background image and naming the first floorRunning the AP Plan Creating a Don’t Deploy AreaClick Initialize then Optimize Running the AM PlanClick Initialize Click OptimizeBehavior and Defaults Understanding Mode SupportForwarding Mode Feature Not Supported Network Services Understanding Basic System DefaultsName Protocol Name Protocol Ports Predefined Policy Description PoliciesFollowing are predefined policies Network access. You can use this rule to Used to enable the captive portal logoutAccess the controllers administrative Be modified. It permits APs to boot upThis policy can be used to source-NAT all Permits all DNS trafficNAT-T UDP 4500. Remove NAT-T if not NeededPredefined Role Description RolesFollowing are predefined roles Profiles with different customization Enables captive portalShould be disabled if it is not needed BeginningPredefined Role Permissions Understanding Default Management User RolesArubaOS software includes predefined management user roles Show wlan-ap-count type access-points Show aaa state configurationShow aaa authentication-server all Show switches summaryMonitoring Controller Clients Packet CaptureMonitoring Port Protocol Where Used Description Number Understanding Default Open PortsExposed to wireless users Controller Remote wired MAC lookup 4343Testing Port is not exposed to wireless usersDhcp with Vendor-Specific Options Configuring a Windows-Based Dhcp ServerConfiguring Option To configure option 60 on the Windows Dhcp serverField Information To configure option 43 on the Windows Dhcp serverScope Options Dialog Box Enabling Dhcp Relay Agent Information Option Option Navigate to Configuration Network IP IP InterfacesEnabling Linux Dhcp Servers Range 10.200.10.200 802.1X Configuration for IAS and Windows Clients Configuring Microsoft IASRadius Client Configuration Configuring Policies Remote Access PoliciesActive Directory Database Click Configure to select additional properties IAS Remote Access PoliciesPolicy Configuration Wizard-Authentication Methods Radius class Attribute Configuration Configuring Radius AttributesCreating a Remote Policy Configuring Management Authentication using IASNext, create a remote policy for your new Radius client Creating a User Entry in Windows Active Directory Defining Properties for Remote PolicyConfiguring a Server Group for IAS Management Authentication Navigate to DiagnosticsAAA Test Server Window XP Wireless Client Sample ConfigurationClick Begin Test Wireless Networks Networks to Access Wireless Network Association Wireless Network Authentication Protected EAP Properties EAP MSCHAPv2 Properties Definition AcronymsAcronyms and Terms AcronymDoS Acronym MSCHAPv2 RoW PoEPPPoE QoSVoFI VoIP XAuth TermsTerm WISPrTerm Term Definition IR wireless Encryption authenticationFixed wireless Shops are providing free wireless access for customersNear field communicationNFC Optical wirelessHills, mountains, and large human-made structures Input, multiple outputStandards for broadband wireless access BWA networks. WiMAX Access W-CDMAWi-Fi Facilities offer public access to Wi-Fi networksYagi antenna Wireless service providerWired LAN Kilometers
Related manuals
Manual 8 pages 57.45 Kb

6.2 specifications

Dell 6.2 is an advanced enterprise solution that caters to the needs of businesses seeking robust performance and efficiency. As a part of Dell's commitment to innovation, the 6.2 series combines cutting-edge technologies and features that enhance productivity and deliver reliable computing experiences.

One of the standout features of the Dell 6.2 is its impressive processing power. Equipped with the latest Intel processors, it offers exceptional speed and multitasking capabilities. This allows businesses to run demanding applications effortlessly, making it ideal for data-intensive tasks such as data analysis, software development, and virtualization. The series also supports substantial RAM configurations, enabling users to manage extensive workloads without experiencing slowdowns.

In terms of storage, the Dell 6.2 line includes advanced SSD options that significantly boost data access speeds compared to traditional hard drives. This rapid access to information is vital for businesses that require quick retrieval of large datasets. Furthermore, the devices support RAID configurations, which enhances data redundancy and security, protecting critical business information from loss.

Connectivity is another critical aspect of the Dell 6.2 series. It includes multiple USB ports, HDMI outputs, and high-speed Ethernet options, ensuring that users can easily connect to various peripherals and networks. The integration of Wi-Fi 6 technology enables faster wireless connections, resulting in improved internet speeds and bandwidth efficiency, which is crucial in today’s increasingly connected workplaces.

Dell has also prioritized security in the 6.2 series. It features enhanced biometric authentication and advanced encryption methods, safeguarding sensitive data from unauthorized access. Additionally, the system's BIOS protection and automatic updates provide an added layer of security, ensuring that the device remains safe from emerging threats.

The design of the Dell 6.2 is not only sleek and modern but also built for durability. Its robust chassis is engineered to withstand the rigors of daily use, making it suitable for various business environments. This durability ensures that the investment in Dell 6.2 will last for years while maintaining performance integrity.

In summary, the Dell 6.2 series embodies a blend of speed, storage efficiency, connectivity, and security, making it a top choice for enterprises looking to enhance their computing capabilities. With its modern features and durable design, Dell 6.2 is positioned as a reliable partner in driving business success.
Top Page Image Contents