Main
Copyright Informa tion
OpenSource Code
Legal Notice
Contents
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
About this G uide
Whats New In ArubaOS 6 .2
New Featuresin ArubaOS 6.2
Table1:
Page
Table2:
New HardwarePlatforms introducedwit h ArubaOS6.2
Fundamentals
WebUI
CLI
Related Documen ts
Conventions
Table3:
Type Style Description
TypographicalConventions
Page
Chapte r 4
The Basic User-Ce ntric Networks
Understanding Ba sic Deployment and Configu ration Tasks
Deploymen t Scenario #1: C ontroller and A Ps on Same Sub net
Figure 4:
Deploymen t Scenario #2: A Ps All on One Sub net Different from C ontroller Subn et
Figure 5:
Deploymen t Scenario #3: A Ps on Multiple D ifferent Subne tsfro m Controllers
Figure 6:
Configuring the Contro ller
Dell PowerConnectW-SeriesA rubaOSQuick Start Guide
chapter
Running Initial Se tup
Connec ting to the Co ntroller after Initial Setu p
Dell W-7200 Series Contro ller
New Port N umbering Sc heme
Individual Po rt Behavior
Using the LCD Scre en
Table7:
LCD PanelMode: Boot
Table9:
Table8:
Function/MenuOptions Displays
Using the LCD and U SB Drive
Upgradin g an Image
Uploadin g a Pre-saved Configuration
Disabling LCD Men u Functions
Configuring a VLAN to Conne ct to the Network
Creating, Upd ating, and Viewing VLAN sa nd Associated IDs
Creating, Up dating, and Deleting VLAN P ools
Assigning and C onfiguring the Trunk P ort
Configuring the Defau lt Gateway
Configuring th e Loopback IP Add ressfor the Co ntroller
Configuring th e System Clock
Installing Licenses
Connec ting the Controller to the Network
Installation Guide
Enabling Wireless C onnectivity
User Guide
Configuring Your Us er-Centric Network
Page
Chapte r 5
Control Plan e Security
Control Plane Secu rity Overview
Configuring Control P lane Security
ControlPlane Security Parameters
Table11 :
Figure 12:
Managing AP Whitelis ts
Adding APs to th e Campus a nd Remote AP Whitelists
APW hitelist Parameters
Table14 :
Figure 13:
Viewing Wh itelist Status
Table15 :
Status Entry Description
Whitelist status information
Status Entry Description
AdditionalCampus AP Status Information
Table16 :
Table17 :
Viewt heC ampusAP Whitelistv ia the CLI
Modifying an AP in the C ampus AP Whitelist
Revoking a n AP via the Campus AP Whitelist
Deleting an A P Entry from the Campus AP Whitelist
Purging th e Campus A P Whitelist
Managing Whiteli sts on Master and Loca l Controllers
Table18 :
ControllerRole Campus AP Whitelist Master Switch Whitelist
Local Switch Whitelist
ControlPlane Security Whitelists
Campus A P Whitelist Synchro nization
Viewing a nd Manag ing the Master o r Local Switch Wh itelists
Masterand Local Switch Whitelist Information
Table20 :
Viewing the Master or Local Swi tch Whitelist
Deleting an Entry from the Mast eror Local Sw itch Whitelist
Purging the Master or Local Switch Whit elist
Working in Enviro nments with Multiple Mas ter Controllers
cluster
Configuring Netw orks with a Bac kup Master C ontroller
mustsynchronize the database from the primary masterto the backupmaster at least once
Configuring Netw orks with Clusters of M aster Controllers
Creating a Cluster Root
Optional
Creating a Cluster Member
Viewing Controll er Cluster Settings
Table22 :
CLI Commandsto Dis play Cluster Settings
Replacing a Con troller on a Multi-Controller Network
Replacin g Controllers in a Single Master N etwork
Replacing a Local Controller
Replacing a Master Controllerwit h No Backup
Replacing a Redundant Master Controller
Replacin g Controllers in a Multi-Master Netwo rk
Replacing a Local Controller in a Mul ti-Master Network
different
Replacing a Cluster Member Controller w ith no Backup
Replacing a Redundant Cl uster Member Controller
Replacing a Cluster Root Control ler with no Backup Controller
Replacing a Redundant Cluster Root C ontroller
Configuring Contro l Plane Security after Upgrading
beforeyou enable the feature
Table23 :
but did not yet have control plane security enabledbefore the upgrade
Automaticallys endCertificates to CampusAPs ManuallyCertify Campus APs
Verifying Certificates
Disabling Co ntrol Plane Se curity
master
Verifying Whitelist Syn chronization
Page
Chapte r 6
Software Licen ses
x
Understanding License Terminology
Working with Licens es
Figure 25:
Working with Lic enses on a Multiple Contro ller Network
Table26 :
Using License s
License Basis WhatConsumes OneL icense
Usageper License
Understanding L icense Interaction
License Inst allation Best Practices and Exc eptions
filename
Installing a Licen se
Enablinga new license on your controller
Requesting a S oftware License in Email
Locating the System Serial N umber
Obtaining a So ftware License Key
Creating a Softw are License Key
Applying the So ftware License Key in the WebUI
Deleting a License
Moving Licens es
Resetting the Contro ller
Page
Chapte r 7
Network Con figuration Paramete rs
up
virtual port on the controller
Configuring VLANs
Creating Nam ed VLANs
TheVLAN name cannot bemodified so choosethename carefully
Creating a Nam ed VLAN not in a Pool
Figure 28:
Creating a VLAN P ool
Figure 29:
Distinguishing Bet ween Even and Hash Assignment Types
Updating a VLAN Pool
Deleting a VLAN Pool
Creating a VLAN Pool Using the C LI
Viewing and Adding VLAN I Ds Using the CLI
Adding a Ba ndwidth Con tract to the VLAN
Optimizing VLAN Broa dcast and Mu lticast Traffic
Figure 30:
Configuring Ports
Classifying Traffic a s Trusted or Untruste d
About Trusted and Untrusted Physical Ports
Table31 :
About Trusted and Untrusted VLANs
Port VLAN TrafficStatus
Configuring T rusted and Untrusted Ports and V LANs in Trunk Mode
untrusted
trusted
untrusted
Understanding VLAN As signments
server-derivedrule
How a V LAN Obtains an IP Ad dress
Assigning a Static Ad dress toa V LAN
Configuring a V LAN to Receive a Dynamic Ad dress
Figure 32:
Configuring Multiple Wired Up link Interfaces (Ac tive-Standby)
Enabling th e DHCP Client
Figure 33:
Enabling th e PPPoE Client
Default Ga teway from DHC P/PPPoE
Configuring DNS/WINS Serve r from DHPC/PPP oE
Configuring S ource NAT to Dynam ic VLAN Address
Configuring So urce NAT for V LAN Interfaces
Example Configuration
Figure 34:
Inter-VLAN Rou ting
Figure 35:
Using the WebUI to restrict VLA N routing
Configuring Static Rou tes
Configuring the Lo opback IP Address
Configuring the Co ntroller IP Address
Using the CLI
<serverip>
<servername>,
<master>
Creating a Tunn el Interface
Directing Traffic into the T unnel
Static Routes
Firewall Policy
Tunnel Keepalives
Chapte r 8
IPv6 Suppo rt
Understanding IPv6 Notation
Understanding IPv6 Topology
Figure 36:
Enabling IPv6
Enabling IPv6 Sup port for Controller and APs
Features Supportedon IPv6 APs?
Table37 :
IPv6 APs SupportMatrix
Features Supportedon IPv6 APs?
Configuring IPv6 Ad dresses
ToConfigure Link Local Address
ToConfigure Global Unicast Address
ToConfigure Loopback InterfaceAddress
Configuring IPv6 Static Neighb ors
Configuring IPv6 De fault Gateway a nd Static IPv6 Ro utes
ToConfigure IPv6 Default Gateway
ToConfigure Static IPv6 Routes
Managin g Controller IP A ddresses
Configuring Multicast Listener D iscovery (MLD)
ToModify IPv 6 MLD Parameters
Debugg ing an IPv6 Co ntroller
Provisioning a n IPv6 AP
Filtering an IPv6 Extension Hea der (EH)
Configuring a Cap tive Portal over IPv6
Working with IPv6 Router Advertisem ents (RAs)
Configuring a n IPv6R A on a VLAN
Using WebUI
IPv6
Configuring Optional Para meters for RAs
IPv6
Viewing IP v6R A Status
Understanding Aru baOS Supported Network Configuration for IPv6 Clients
Supporte d Network Configuratio n
Understand ing the Netw ork Conne ction Sequ ence for Wind ows IPv6 Clients
Understanding Arub aOS Authentication and Firewa ll Features that Support IPv6
IPv6 Client Authentication
Table38 :
Understanding Authentication
AuthenticationMethod Supportedfor IPv6 Clients?
Working with Firewall Features
Table39 :
Authentication Method Description
IPv6 FirewallParameters
Understand ing Firewall Policie s
Table40 :
IPv6 FirewallPolicy RuleParameters
Creating an IPv6 Firewall Pol icy
Assigning an IPv6 Policy to a U serRol e
Understand ing DHCPv6 P assthrough/Relay
Managing IPv6 User Addresses
ArubaOSCommandLi neR eferenceGuide
Viewing o r Deleting User E ntries
Understand ing User Roles
Viewing D atapath Statistics fo r IPv6 Sessions
Page
Chapte r 9
Link Aggre gation Control P rotocol (LACP)
Understanding L ACP Best Practices and Exceptio ns
Configuring LACP
passive
LACP Sample Config uration
Page
Chapte r 10
OSPFv2
Understanding OSP F Deployment Best Practices an d Exceptions
Understanding OSPFv 2 by Example usi ng a WLAN Scenario
WLAN Topo logy
WLAN Routing T able
Understanding OSPF v2 by Example using a Branch Office S cenario
Branch Office T opology
Figure 41:
Branch Office R outing Table
View the branch office controllerrouting table using the show ip route command:
Configuring OSPF
Page
Sample Topology and Configuration
Figure 45:
Remote Bra nch 1
Remote Bra nch 2
W-3200 Central Office C ontrollerActive
W-3200 Central Office C ontrollerBack up
Page
Page
Chapte r 11
Tunneled Nodes
Understanding Tunneled Node Configuration
Figure 46:
Configuring a Wired Tunn eled Node Client
Configuring an Acce ssP ort as a Tunn eled Node Port
Configuring a T runk Port as a Tunneled N ode Port
Sample Output
Use the
Ont het unnelednode client:
Page
Chapte r 12
Authentic ation Servers
groups
Understanding Authentication ServerBest Practices and Exceptions
Understanding S ervers and Server Groups
Configuring Servers
RADIUS Server ConfigurationParameters
Table48 :
Configuring a R ADIUS Server
ipaddr
RADIUS Server Authenticat ion Codes
Table49 :
Code Description
RADIUS Authentication ResponseCodes
RADIUS S erver Fully Qualified Do main Name s
Set a DN S Query Interval
Configuring an RFC-3576 RAD IUS Server
503: SessionNot Found
Configuring a n LDAP Server
Table50 :
LDAPS erverConfigurationParameters
Configuring a T ACACS+ Server
Table51 :
TACACS+ Server ConfigurationParameters
Configuring a Win dows Server
Table52 :
WindowsServer ConfigurationParameters
InternalDatabase ConfigurationParameters
Table53 :
Managing the Internal Database
Configuring the Interna l Database
Parameters Description
Managin g Internal Data base Files
Exporting Files in the WebUI
Importing Files in t he WebUI
Exporting and Importing Fil es in the CLI
groups
Configuring Serve r Groups
Configuring Server Group s
Configuring Server List Order an d Fail-Through
fail-through
Configuring Dyna mic Server Sele ction
contains
exactly
begins
Figure 54:
Configuring M atch FQDN Option
exactly
Trimming Dom ain Information from Req uests
Configuring S erver-Derivation Rules
Table55 :
ServerRule ConfigurationParameters
Configuring a R ole Derivation Rule for the Interna lDa tabase
Assigning Serv er Groups
Table56 :
User Guide
Rolesand Policies
RADIUS TACACS+ LDAP InternalDatabase
Accounting
RADIUS Accounting
Page
start
stop
AuthenticationTimers
TACACS + Accounting
Configuring Authent ication Timers
Table57 :
Timer Description
Setting an Au thentication Timer
Chapte r 13
MAC-based A uthentication
MAC AuthenticationProfile ConfigurationParameters
Table58 :
Configuring MAC-Based Au thentication
Configuring Clients
Page
Chapte r 14
802.1X Authentication
Dell controller
authenticator
supplicant
SupportedEAP Types
Configuring A uthentication with a RA DIUS Server
Figure 59:
Configuring A uthentication Term inated on Controller
Figure 60:
Configuring 802 .1X Authentication
Table61 :
802.1xAuthentication ProfileBasic WebUIParameters
Page
Page
Page
Configuring and Using Certificates with A AA FastConne ct
Configuring User a nd Machin e Authentica tion
machineauthentication
Table62 :
Working with Ro leA ssignment with Machine Au thentication Ena bled
Machine Auth
Enabling 802 .1x Supplicant Support on an AP
Prerequisites
Provisioning a n AP as a 802.1X Su pplicant
Sample Configurat ions
Configuring A uthentication with an 802.1X RAD IUS Server
Configuring Role s and Policies
Creating the Student Role and P olicy
Page
Creating the Faculty Role and Pol icy
Using the WebUI
Creating the Guest Role and Pol icy
svc-dns
svc-https
Creating Roles and Policies f orS ysadmin and Computer
Using the WebUIto create the computer role
Creating an Alias for the I nternal Network Using the CLI
Configuring th e RADIUS Authen tication Server
Configuring 802.1X Auth entication
Configuring V LANs
Configuring th e WLANs
Configuring the Gue stW LAN
Configuring the Non-Gue st WLANs
Page
Configuring Authentic ation with the C ontrollers Internal Da tabase
Configuring the Interna l Database
Configuring a Server Rule Using the WebUI
Configuring a Server Rule Using the CLI
Configuring 802.1x Auth entication
Configuring V LANs
Configuring W LANs
Configuring the Gue stW LAN
Configuring the Non-G uest WLANs
Configuring M ixed Authenticatio n Modes
Table64 :
Authentication 1 2 3 4 5 6
MixedAuthentication Modes
Performing Advan ced Configuration Options f or 802.1X
Configuring Reauthe ntication with U nicast Key Rota tion
Chapte r 15
Stateful an d WISPr Authe ntication
Working With Stateful Au thentication
Working With WISPr Authe ntication
partner
logoff
authentication
proxy
Configuring Statefu l NTLM Authentication
Configuring Statefu l Kerberos Authentication
Configuring WISPr Auth entication
Table65 :
WISPr AuthenticationProfile Parameters
Page
Chapte r 16
Certificate Revoc ation
revocation checkpoint
Understanding OCSP a nd CRL
Configuring a C ontroller as OCS P and CRL C lients
Configuring the Co ntroller as an OCSP Client
Figure 66:
Figure 67:
Configuring the Co ntroller as a CRL Client
Configuring the Co ntroller as an OCSP Respond er
Page
Chapte r 17
Captive Po rtal Authentication
Understanding Ca ptive Portal
Policy Enfo rcement Firewall Ne xt Generatio n (PEFNG) License
chapter
Configuring Captiv e Portal in the Base Operating Sys tem
Page
Page
Using Captive Po rtal with a PEFNG License
Configuring Ca ptive Portal in the W ebUI
Configuring Captive Portal in the CLI
Sample Authentica tion with Captive Portal
logon
Creating a Gue stU ser Role
Creating a n Auth-guest U ser Role
Configuring Po licies and Role s in the WebU I
Creating a Time Range
Creating Aliases
Creating an Auth-Guest-Access Policy
Creating an Block-Internal-Access Poli cy
Creating a Drop-and-Log Policy
Creating a Guest Role
Creating an Auth-Guest Role
Configuring Po licies and Role s in the CLI
Defining a Time Range
Creating Aliases
Creating a Guest-Logon-Access Policy
Creating an Auth-Guest-Access Policy
Configuring Gues t VLANs
Configuring Captiv e Portal Authentication Profiles
Modifying the Initial User Role
Configuring th e AAA Profile
Configuring th e WLAN
Managing UserAccounts
Configuring Captive Po rtal Configuration Parameters
Table6 8 describes configuration parameterso n the WebUI Captive Portal Authentication profile page.
Table68 :
CaptivePortal Authentication ProfileP arameters
Enabling Optiona l Captive Portal Configurations
The followingare opt ional captive portal configurations:
Uploadin g Captive Porta l Pages by SS ID Association
Table69 :
Forcaptive portal wi th role-basedaccess only
Entity Engineering Business Faculty
CaptivePortal login Pages
Configuring R edirection to a Proxy Server
captive-portal-profile
Redirecting Clients on Differen t VLANs
Web Clien t Configuration with Pro xy Script
Personalizing the Ca ptive Portal Page
Page
Creating and Inst alling an Internal Captive Portal
Creating a New Interna l Web Page
Variable Description
Table70 :
WebPage Authentication Variables
Username Example
Password Example
FQDN Example
Basic HTML Example
Installing a Ne w Captive Portal P age
Displaying Au thentication E rror Messages
Reverting to th e Default Cap tive Portal
Configuring Lo calization
Page
Page
Figure 71:
Customizing the We lcome Page
Figure 72:
Customizing the Po p-Up box
Customizing th e Logged Ou t Box
Creating Walled Garden Acc ess
Enabling Captive Portal Enhancements
Configuring th e Redirect-URL
Configuring th e Login URL
Defining Netd estination Descriptions
Configuring a W hitelist
Configuring the Netdesti nation for a Whitelist:
Associating a Whiteli st to Captive Portal Profile
Applying a Captive Portal Prof ile to a User-Role
Verifying a Whitelist Configurat ion
Use the followingco mmandsto verify t hewhit elist alias:
Verifying a Captive Portal P rofile Linked to a Whitelist
Use the followingco mmandsto verify t heCapti ve Portal profilelinked to the whitelist:
Verifying Dynamic ACLs for a Whit elist
Verifying DNS Resolved IP Addresses for Whit elisted URLs
Use the followingco mmandto verify the D NSresolved IP addresses for the whitelisted URLs:
Example:
Chapte r 18
Virtual Private Ne tworks
Planning a VPN Co nfiguration
Selecting a n IKE protocol
Understand ing Suite-B Encryption Lice nsing
Table73 :
IKE Policies Suite-Bfor IPs ectunnels
Suite-BAlgorithms Supportedby the ACR License
Working w ith IKEv2 Clients
Windows 7 Client StrongSwan4.3 Client VIA Client
VPN Clients SupportingIKEv2
Understand ing Supported VP N AAA Deploymen ts
Local-db.
Working with VPN Auth entication Profiles
Parameter default default-rap default-cap
PredefinedAuthenticationProfile settings
Configuring a Ba sic VPN for L2TP/IPsec in the WebUI
Defining Authenti cation Method and Server Addresses
Defining Address Pools
Enabling Source NAT
Selecting Certifi cates
Defining IKEv1 Shared Keys
Configuring IKE Polici es
Setting the IPsec Dynam ic Map
Finalizing WebUI changes
ForIKEv1
Configuring a VPN f or L2TP/IPsec with IKEv 2 in the WebUI
Defining Authenti cation Method and Server Addresses
Defining Address Pools
Enabling Source NAT
Selecting Certifi cates
Configuring IKE Polici es
Setting the IPsec Dynam ic Map
Finalizing WebUI changes
Configuring a VPN f or Smart Card Clients
Working w ith Smart Card c lients using IKEv2
Working w ith Smart Card C lients using IKEv1
Configuring a VPN f or Clients with User Pass words
enable
Configuring Rem ote Access VPNs for XAuth
Configuring VPN s for XAuth Clien ts using Smart Ca rds
Page
Configuring a V PN for XAuth Clients Using a Usernam e and Password
Working with Rem ote Access VPNs for PPTP
Working with Site-to-Site VPNs
Working w ith Third-Party Device s
Working with Site-to-S iteV PNs with Dynamic IP Addresses
initiator
responder
Understanding VPN Topologies
Figure 78:
initiator
responder
Page
Detecting De ad Peers
Understand ing Default IKE policies
Table79 :
Policy Name Policy Number
IKE Version
Working with VPN Dial er
Configuring V PN Dialer
Thisoption is not recommendedfor security reasons
guest
Assigning a Dialer to a User Ro le
mydialer
Page
Chapte r 19
Roles and Po licies
user
dynamic
bi-directional
Working W ith Access Con trol Lists(AC Ls)
from
Support fo r Desktop Virtualizatio n Protocols
Creating a Firewall Policy
Table80 :
FirewallPolicy Rule Parameters
Page
Creating a Netw ork Service Alias
Creating a n ACL White List
Configuring the ACL White Li st in the WebUI
Configuring the White List Bandwidth Contract in the CLI
Configuring the ACL White Li st in the CLI
Creating User Roles
Table81 :
UserRole Parameters
Creating a User Role
Bandwid th Contracts
per-ap-group
per-user
bandwidthcontracts
BandwidthContract Exceptions
Viewing the Current Excepti onsLi st
Configuring Bandwidth C ontract Exceptions
server-derivedrole
xx:yy:zz
Assigning Use r Roles
Assigning Use r Roles in AAA P rofiles
Working with User-De rived VLANs
Table82 :
RuleType Condition Value
Conditionsfor a User-DerivedR oleor VLAN
Understanding Device Identif ication
DHCP Option Description HexadecimalEquivalent
Configuring a User-derived VLAN in the WebUI
Configuring a User-derived Role or VLAN in the CLI
User-Derived Role Example
laptop
Figure 83:
Configuring a Default R ole for Authen tication Metho d
Configuring a S erver-Derived Role
Configuring a V SA-Derived Role
Table84 :
Understanding Glo bal Firewall Parameters
IPv4 FirewallParameters
Page
Page
Page
Page
Chapte r 20
Virtual APs
Table85 :
virtual AP.
Configuring Virtual AP Pro files
Configuring a Virtual AP
AP Group/Name VirtualAP Profile SSID Profile AAA Profile
Configuring th e WLAN
Configuring the U ser Role
Configuring A uthentication Servers
Configuring A uthentication
Table87 :
AAA ProfileParameters
Applying the Virtua l AP
Table88 :
VirtualAP Profile Parameters
Page
Page
Creating a ne w SSID Profile
Table89 :
SSID Profile Parameters
Page
Page
Page
Configuring an SSID for Suit e-B Cryptography
Configuring a G uest WLAN
Configuring a V LAN
Configuring a G uest Role
svc-https
Configuring a Guest Virtual AP
Enabling b Sec SSID Suppo rt
Sample Configuration
Enabling 802.11k Supp ort
Table90 :
802.11kProfile Parameters
on-hook
Page
Working with Radio Resource Management Inf ormation Elements
RRM IEParameters
Table91 :
Working with Beacon Report Requests
Table92 :
BeaconReport Request Settings
Page
Working with a Traffic St ream Measurement Report
Table93 :
TSMReport Request Settings
Configuring a High-T hroughput Virtual AP
Table94 :
High-ThroughputRadio Profile ConfigurationParameters
Page
Table95 :
High-ThroughputSSID ProfileParameters
Page
Managing High-ThroughputProfiles
Chapte r 21
Adaptive R adio Manag ement (ARM)
Dell PowerConnectW-SeriesA rubaOS6 .2 User Guide
Understanding ARM
ARM Sup port for 802.11n
Monitoring Y our Network w ith ARM
Configuring ARM Scanning
Configuring ARM Profiles
Table96 :
ARM Profiles ExampleWLAN Description
ARM ProfileTypes
Creating a Ne w ARM Profile
Copying an E xisting Profile
Deleting a Profile
Configuring ARM S ettings
Table97 :
ARM ProfileC onfigurationParameters
Page
notbe enabl ed
Page
Page
Assigning an ARM Profile to a n APGro up
Using Multi-Band ARM for 802.11a /802.11g Traffic
Enabling Band Steerin g
(Default)
but no virtual AP in tunnel mode
Steering Mod es
Enabling B and Steering
Enabling Traffic Sha ping
Enabling T raffic Shaping
Table98 :
TrafficManagementP rofileParameters
Enabling Spectrum Load Balancing
Reusing Chann els to Control RX Sensitivity Tun ing
static, dynamicor disable
Configuring Non-80 2.11 for Noise Interferenc e Immunity
ARM Metrics
a+b+c+d.
Troubleshootin g ARM
Too ma ny APs on the Same Cha nnel
cov-idx
Wireless Clients Re port a Low Sign al Level
Transmission Po wer Levels Chan ge Too O ften
Page
Chapte r 22
Wireless Intrusion P revention
Dell PowerConnect W-SeriesArubaOS 6.2 Command Line InterfaceGuide
Working with the Reusa ble Wizard
Figure 99:
Understand ing Wizard Intrusion Detection
Figure 100:
Understand ing Wizard Intrusion Protection
Protecting Your Infrastructure
Protecting Your Client s
Figure 101:
Monitoring the Dashb oard
Figure 102:
Detecting Rogue APs
Understand ing Classification Terminolo gy
Table10 4:
Table10 3:
Classification Description
Understanding Match Methods
Understanding Match Types
Understanding Suspected Rogue Confidence Level
Understand ing AP Classification Rules
Understanding SSID specifi cation
Understanding SNR specificat ion
Understanding Discovered-AP-Count specificat ion
Sample Rules
Working with Intrusion De tection
Understand ing Infrastructure Intrusion Detec tion
InfrastructureDetection Summary
Table10 5:
Page
Page
Page
Page
Page
Detecting Wellenreit er
Understand ing Client Intrusion Dete ction
ClientDetect ionSummary
Table10 6:
valid-client
Page
Detecting a Block ACK DoS
Detecting a ChopChop Att ack
Detecting a Disconnect St ation Attack
Detecting an EAP Rate Anom aly
Detecting a FATA-Jack Attack St ructure
Detecting an Omerta At tack
Detecting Rate Anomal ies
valid
packetcapture
Detecting a TKIP Replay A ttack
Configuring Intrusio n Protection
InfrastructureProtection Summary
Table10 7:
interface.
Understand ing Infrastructure Intrusion Protec tion
Understand ing Client Intrusion Protec tion
Table10 8:
ClientProtection Summary
WMS ConfigurationParameters
Table10 9:
Configuring the WLAN Ma nagement System (WM S)
Configuring Local WMS Settings
Managing the WMS Database
Understanding Cl ient Blacklisting
Methods o f Blacklisting
Blacklisting Man ually
Blacklisting b y Authentication Failure
Enabling A ttack Blacklisting
Setting Blac klist Duration
Removing a Clie nt from Blacklisting
Working with WIP Advan ced Features
Configuring TotalWa tch
monitor
scan
Understanding TotalWatchChannel Types and Qualifiers
Understand ing TotalWatch Mon itoring Features
Understanding TotalWatchScanning Spectrum Features
stays
Table11 0:
Frequency Channel
Administering Tota lWatch
Configuring Per R adio Settings
Configuring Per A P Setting
Page
Licensing
Working with Tarpit Sh ielding
Command Line ReferenceGuide
see
deauth
confused
Chapte r 23
Access Po ints (APs)
APC onfigurationFunctionOverview
Table11 1:
Basic Functions a nd Features
Naming and Grouping APs
AP group
APname
APname.floor.building.campus
building.floor.location
Creating an A P group
Assigning AP s to an AP G roup
Understanding AP Co nfiguration Profiles
Working w ith Wireless LAN Profiles
on-hook
Page
Page
Working with AP P rofiles
Working with Qo S Profiles
Working w ith RF Manage ment Profiles
Provisioning Mesh P rofiles
Other Profiles
Viewing Profile Erro rs
flag
Profile Hierarchy
Page
Page
Deploying APs
Running the RF Plan
RFPlan Installation and User Guide
Verifying that A Ps Can Con nect to the Contro ller
Configuring Firewall Set tings
Enabling Controller Di scovery
Configuring DNS Resoluti on
Configuring DHCP Server Communicat ion with APs
Using the Aruba Discovery Protocol (ADP)
Verifying that A Ps Are Rece iving IP Addresses
Provisioning A Ps for Mesh
Provisioning 802.11n AP s for Single-Chain Tran smission
Table11 6:
AP Model Freqency Band AntennaPort
AntennaInterfaces for Single-ChainMode
Installing APs o n the Netwo rk
Figure 117:
Updating the RF P lan
Provisioning Ins talled APs
Designation an A P as Remote (RAP) ve rsus Campus (CAP )
Working with the AP P rovisioning Wizard
Provisioning a n Individual AP
Figure 118:
Page
Provisioning Multiple AP susi ng a Provisioning Profile
Table11 9:
APP rovisioningProfile parameters
Assigning Provisioning Profil es
Troubleshooting
doesnot
Configuring a Provis ioned AP
AP Installation Mod es
Renamin g an AP
Optimize APs O ver Low-Speed Links
Configuring the Bootstrap Threshold
Table12 0:
APS ystem Profile Configuration
backup
Page
Prioritizing AP heartbeats
AP Redundancy
AP MaintenanceMode
EnergyEfficient Ethernet
EthernetInterface Link ProfileP arameters
Table12 1:
Managin g AP LEDs
RF Management
802.11a and 802.11g RF Managemen tPro files
Managin g 802.11a/802.11gP rofiles Using the We bUI
Creating or Editing a Profil e
Table12 2:
802.11a/802.11gRF Management ConfigurationParameters
Page
isalso
Page
Assigning an 802.11a/802.11g Profile
Assigning a High-throughput Profil e
Assigning an ARM Profile
Managin g 802.11a/802.11gP rofiles Using the CLI
Viewing RF Management Set tings
Assigning a 802.11a/802.11g Profile
RF Optimization
Table12 3:
RFOptimization Profile Parameters
RF Event Co nfiguration
Table12 4:
RFE vent ThresholdsProfile Parameters
Configuring AP Chan nel Assignments
Channe l Switch Ann ouncemen t (CSA)
Automatic Channel an d Transmit Powe r Selection
Managing AP Cons ole Settings
Table12 5:
Hit <Enter>t o stop autoboot.
APC onsoleCommands
Page
Chapte r 24
Secure En terprise Mesh
Understanding Me sh Access Points
Mesh Portals
Mesh Points
Mesh Clusters
Figure 126:
Understanding Me sh Links
Link Metrics
Table12 7:
Component Description
MeshLink Metric Computation
Optimizing Links
Understanding Me sh Profiles
Mesh Cluster P rofile
Mesh Radio Pro file
RF Manag ement (802.11a and 802.11g) Pro files
Adaptive Radio Management Profi les
Mesh High -Throughpu t SSID Profile
Wired AP Profile
Mesh Rec overy Profile
Understanding Me sh Solutions
Thin AP Service s with Wireless Back haul Deploym ent
Figure 128:
Point-to-Poin t Deployment
Figure 129:
Point-to-Multipo int Deployment
High-Availab ilityDe ployment
Figure 131:
Planning a WLAN Ac cording to Your Specificati ons
Task Overview
Collecting Re quired Information
Table13 2:
PlanningWorksheet - BuildingDimensions
Table13 3:
AP Desired Rates (2.4 GHz Radio Properties)
PlanningWorksheet - AP Desired Rates (2.4 GHz Radio Properties)
Working with Mesh Rad io Profiles
one
Managin g Mesh Profiles In the W ebUI
Creating a New Profile
Table13 5:
MeshRadio Profile ConfigurationParameters
Page
Assigning a Profile to a Mesh AP or AP Group
Managin g Mesh Profiles In the C LI
Viewing Profile Set tings
Deleting a Mesh Radio Profil e
Working with Mes h High Throughput SSID Profiles
Managin g Profiles In the W ebUI
Creating a Profile
Table13 6:
MeshHigh-ThroughputSSID Profile ConfigurationParameters
Page
Managin g Profiles In the C LI
Viewing High-throughput SSI D Settings
Understanding M esh Cluster Profiles
Deploymen ts with Multiple Mesh Cluster Profiles
Managin g Mesh Cluster P rofiles In the Web UI
Creating a Profile
MeshCluster Profile ConfigurationParameters
Table13 7:
Associating a Profile t o MeshA Ps
Deleting a Mesh Cluster Profil e
Managin g Mesh Cluster P rofiles In the CLI
Viewing Mesh Cluster Profil e Settings
Associating Mesh Cluster Profil es
Excluding a Mesh Cluster Profile f rom a MeshN ode
Deleting a Mesh Cluster Profil e
Configuring Ethe rnet Ports for Mesh
Configuring Bridg ing on the E thernet Port
Configuring Ethe rnet Ports for Sec ure Jack O peration
Extendin g the Life of a Me sh Network
Provisioning Mes h Nodes
Outdoor A P Parameters
Provisioning Cave ats
Provisioning Mesh No des
Understanding the AP Boot Sequence
Booting the Me sh Portal
Booting the Me sh Point
Air Monitoring and Mesh
Verifying the Network
Ift hemesh-radio is to bereservedexclusively for meshbackhaul tr affic,
Verification Checkli st
CLI Examples
Configuring Remot e Mesh Portals (RMPs)
How RMP Wo rks
Figure 138:
Creating a Rem ote Mesh Porta l In the WebUI
Provisioning the AP
Figure 139:
Defining the Mesh Private VLAN
Selecting a Mesh Radio Profil e
Selecting an RF Management Profil e
Adding a Mesh Cluster Profile
Configuring a DHCP Pool
Configuring the VLAN ID of the Virtual AP Profile
Provisioning a Rem ote Mesh Portal In the CLI
Additiona l Information
Chapte r 25
VRRP
VRRP Parameters
Table14 0:
Configuring Redundancy Parameters
Configuring the Local Controller forRedundancy
backup
Configuring th e LMS IP
Configuring the Master Con troller for Redund ancy
initially-preferred master.
VRRP Commands
Command Explanation
Table14 1:
Command Explanation
aruba-master
Table14 2:
Configuring D atabase Synchron ization
Databasesynchronizationc ommands
Enabling Incre mental Configu ration Synchro nization (CLIOnly)
Table14 3:
IncrementalConfigurationSynchronizationC ommands
Configuring Master-Local Controller Redundancy
Figure 144:
Page
Chapte r 26
RSTP
PortState C omparison
Table14 5:
Understanding RS TP Migration and Interoperability
STP (802.1d)
In addition to port state changes,RSTP introduces port roles for allt heinterfaces (see Table 146).
Table14 6:
Port Role Description
PortRole Descriptions
Configuring RSTP
Table14 8:
Figure 147:
Feature DefaultValue/Range
RSTP DefaultValues
Troubleshooting RSTP
Page
Chapte r 27
PVST+
Understanding PV ST+ Interoperability and Best Prac tices
Enabling PVST+ in the CL I
Enabling PVST+ in the We bUI
Chapte r 28
IP Mobility
foreignagent
homeagent
care-ofaddress
Configuring Mobility Do mains
Tasks to Configurea Mobility Domain
Table15 1:
active
On a master controller: On all Dell controllersin the mobility domain:
Configuring a Mo bility Domain
Joining a Mob ilityD omain
Example C onfiguration
Figure 152:
Configuring Mobility usi ng the WebUI
Table15 3:
Subnetwork Mask VLAN ID Home AgentAddress orVRIP
Exampleentries
Configuring Mob ilityu sing the CLI
Tracking Mobile Use rs
Mobile Clien t Roaming S tatus
Viewing mobile cl ient status using the WebUI
Viewing mobile cl ient status using the CLI
Roaming Status Type Description
Viewing user roaming status usi ng the CLI
Roaming status can be one of the following:
Status Type Description
UserRoaming status
Viewing specific cl ient information using the C LI
Configuring Advan ced Mobility Functions
Page
4. Click A pplyafter setti ngt he parameter.
Proxy Mob ile IP
proxy mobileIP module
proxy DHCPmodule
Proxy DHC P
Revocations
Understanding Bridg e Mode Mobility Deployments
Figure 157:
Enabling Mobility M ulticast
Working w ith Proxy IGMP a nd Proxy Re mote Subscriptio n
Working w ith Inter controller Mo bility
Figure 158:
Configuring Mob ilityM ulticast
Table15 9:
CommandSyntax
Example
Chapte r 29
External Firew all Configuration
Understanding F irewall Port Configuration Among De ll Devices
Enabling Network Acce ss
Ports Used for Virtua l Internet Access (VIA)
Configuring Ports to Allo w Other Traffic Types
Page
Chapte r 30
Remote A ccess Points
About Remote Acc ess Points
Figure 160:
Figure 161:
Figure 162:
Figure 163:
Configuring the Sec ure Remote Access Point Serv ice
Configure a Public IP A ddress for the Co ntroller
Using the WebUI to create a DMZ address
Configurethe NAT Device
Configure the VPN Server
CHAP Au thentication S upport over PP PoE
Using the WebUIto configure CHAP
Figure 164:
Using the CLI to configurethe CHAP
Configuring C ertificate RAP
Using WebUI
Creating a Remote AP Whitel ist
Configuring P SK RAP
Add the user to the internal database
Using WebUI
Using CLI
RAP Static In ner IP Address
Provision the AP
DeploymentScenario Master IP Address Value
Deploying a Branch Offic e/Home Office Solution
Figure 167:
Provisioning the Bra nch Office AP
Configuring th e Branch Office AP
Troublesho oting Remote AP
Local Debugging
Remote AP Summary
Summary Table Name Basic View Information AdvancedView Information
RAP ConsoleSummary Tab Information
Table16 8:
Disabled
Split Tunnel
Multihoming on remote AP ( RAP)
Seamless failover from backup l ink to primary link on RAP
Remote AP Connectivit y
Data Description
Table16 9:
Enabling Remo te AP Advanced Configuration Option s
Understand ing Remote AP Mode s of Operation
Table17 0:
Remote AP Oper- ation Setting
Forward Mode Setting
RemoteAP Modes of Operationand Behavior
Working in Fallbac k Mode
Backup Configuration Behavior for Wired Ports
Configuring Fa llback Mode
Configuring the AAA Profi le for Fallback Mode in the WebUI
Configuring the AAA Profi le for Fallback Mode in the CLI
Configuring the Virtual AP Prof ile for Fallback Mode in the WebUI
Configuring the Virtual AP Profile for Fallback Mode in t he CLI
Configuring th e DHCP Server on the Remo te AP
Page
Configuring Advanced Backup Options
Configuring the Session ACL in t he WebUI
Configuring the AAA Profi le in the WebUI
Defining the Backup Confi guration in the WebUI
Configuring the Session ACLin the CLI
Using the CLI to confi guret he AAA profile
Defining the Backup Confi guration in the CLI
Specifying th e DNS Con troller Setting
Backup Controller List
Figure 171:
Configuring the LMS and backup LMS IP addresses in the WebUI
Configuring the LMS and backup LMS IP addresses in the CLI
Configuring R emote AP Failback
Enabling RAP Local Ne twork Access
Figure 172:
Dell PowerConnectW-Series ArubaOS CommandLine ReferenceGuide
Configuring R emote AP Authorization P rofiles
Adding or Editing a Remote A P Authorization Profile
Understanding Split Tunneling
Figure 173:
Configuring Split Tunn eling
Configuring the Session A CL Allowing Tu nneling
Configuring an ACL to R estrict Local Deb ug Homep age Acce ss
Figure 174:
Configuring the AAA Profile fo r Tunneling
start
stop
Inthe CLI
Configuring the T unneling V irtual AP Profile
Defining Co rporate DNS Servers
Provisioning Wi-F i Multimedia
Reserving Uplink Ban dwidth
Understand ing Bandw idth Reservation fo r Uplink Voice Traffic
Configuring B andwidth Reservation
Figure 175:
Provisioning 4 G USB Modems on Remote Acce ss Points
4G USB Mo dem Provisioning BestP ractices and E xceptions
Provisioning R AP for USB Mo dems
none
RAP 3G/4G B ackhaul Link Quality Monitoring
Configuring W-IAP3WN Access Po ints
Dell PowerConnectW-SeriesW-IAP3WN Installation Guide
Converting an IAP to RAP or CAP
Converting IAP to RA P
Converting an IA P to CAP
Enabling Bandw idth Contract Support for RAPs
Configuring Bandwidth C ontracts for RAP
Defining Bandwidt h Contracts
Applying Contracts
ApplyingContracts Per-Role
Verifying Contracts on AP
The followingexample displays the bandwidth contracts o n AP for per-role configuration:
Verifying Contracts Appli ed to Users
The followingis a sample output for a per-user configuration:
Verifying Bandwidth Cont racts During Data Transfer
The followingis a sample output for a per-user configuration:
Page
Chapte r 31
Virtual Intrane t Access
Understanding VIA Connection Manager
How it Works
User action/ environment VIAs behavior
Installing the VIA Con nection Manag er
On Microsoft Windows Computers
On Apple MacBooks
Upgrade W orkflow
Minimal Upgrade
Configuring the VIA C ontroller
Before you Beg in
SupportedAuthentication Mechanisms
Authentication m echanisms supported in VIA 1.x
Authentication m echanisms supported in VIA 2.x
Other authenticationmethods:
Configuring V IA Settings
https://<server-IP-address>/via
Internal
Using the W ebUI to Config ure VIA
Enable VPN Server Module
AuthenticationProfiles
Table17 8:
Create VIA User Roles
Create VIA Connection Profil e
Figure 182:
VIA - ConnectionProfile Options
Table18 3:
Down
Up
Up
Down
Page
Configure VIA Web Authenti cation
Down
Up
Figure 184:
Associate VIA Connection Prof ile to User Role
Edit Role
Controller Profiles
Figure 185:
Configure VIA Client WLAN Profil es
Figure 187:
Figure 188:
Table18 9:
Option Description
ConfigureVIA client WLAN profile
Rebranding VIA and Downloading t he Installer
You can re-brandthe VIA client and the VI A download page with your custom logo and HTML page.
Figure 190:
DownloadVIA Installer and Version File
Customize VIA Logo
Using the C LIto Configure VIA
Create VIA roles
Create VIA authenticat ion profiles
Create VIA connection profil es
Configure VIA web authent ication
Downloading VIA
Pre-requisites
1206 (ERROR_BAD_PROFILE)
Downloa ding VIA
https://115.52.100.10/via
Figure 191:
Figure 192:
Installing VIA
ansetup.msior ansetup64.msi
Using VIA
Connection Details Tab
Diagnostic Tab
Troubleshooting
Chapte r 32
Spectrum A nalysis
DeviceS upportfor Spectrum Analysis
Table19 3:
hybrid AP
Device Configurableas a SpectrumMonitor?
Configurableas a Hybrid AP?
SpectrumAnalysis Graphs
Table19 4:
Page
Spectrum Analysis Clients
Hybrid AP C hannel Cha nges
Hybrid APs Usin g Mode-Awa re ARM
AM
Creating Spectrum Mo nitors and Hybrid APs
Converting A Ps to Hybrid APs
Converting a n Individual AP to a Spectrum Monitor
mode
Converting a Grou p of APs to Sp ectrum Monito rs
Connecting Spectru m Devices to the Spectrum Analysis Client
SpectrumDevice Selection Information
Table19 5:
TableColumn Description
View Con nected Sp ectrum Ana lysisDe vices
Figure 196:
Disconne cting a Spectrum De vice
Configuring the Spec trum Analysis Dashboards
View 2
View 3
View 1
Selecting a S pectrum Monitor
Changin g Graphs within a Spectrum V iew
Figure 198:
Renamin g a Spec trum Analysis Dashbo ard View
Figure 199:
Saving a Dashb oard View
Figure 200:
Resizing an Individual Graph
Customizing Spect rum Analysis Graphs
Figure 202:
Spectrum Analysis Graph Con figuration Optio ns
Active Devices
Figure 203:
Table20 4:
Active Devices GraphOptions
Active Devices Table
Figure 205:
Active Devices Table Options
Table20 6:
Page
Active Devices Trend
Figure 207:
Table20 8:
, or
,
Channel Metrics
channel availability
Figure 209:
ChannelMetrics Options
Table21 0:
Channel Metrics Trend
Figure 211:
ChannelMetrics TrendOptions
Table21 2:
Channel Summary Table
Figure 213:
Table21 4:
ChannelSummary TableParameters
Device Duty Cycle
Figure 215:
DeviceD uty Cycle Options
Table21 6:
Channel Utilizat ion Trend
Figure 217:
Table21 8:
ChannelUtilization TrendOptions
Devices vs Channel
Figure 219:
Table22 0:
Devices vs ChannelOptions
FFT Duty Cycle
Figure 221:
Table22 2:
FFTDuty CycleOptions
Interference Power
Figure 223:
InterferencePowerOptions
Table22 4:
Quality Spectrogram
Figure 225:
Table22 6:
QualitySpectrogramOptions
Real-Time FFT
Figure 227:
Table22 8:
Real-TimeFFT Options
Swept Spectrogram
Page
Page
Ifthis chart is configured to show averageor m aximum FFT values,
Ifthis chart is configured to show theFFT duty cycle
Working with Non-Wi-Fi In terferers
Non-Wi-Fi Interferer Description
Non-Wi-FiInterfererTypes
Table23 4:
Bluetooth
GenericInterferer
Understanding the S pectrum Analysis Session Lo g
Figure 235:
Table23 6:
Viewing Spectrum An alysis Data
SpectrumAnalysis CLI Commands
Recording Spectrum Analysis Data
Creating a Spectrum An alysis Record
Figure 237:
Saving the Rec ording
Figure 238:
Playing a S pectrum An alysisR ecording
Playing a Recording in the Spectrum D ashboard
play
Playing a Recording Using the RFPlayback Tool
play
http://get.adobe.com/air/
Figure 239:
Troubleshootin g Spectrum Analysis
Verifying Spe ctrum Monitors Su pport for One Client per R adio
Converting a Spectrum Monitor Ba ck to an AP or Air Monitor
Troublesho oting Browser Issue s
Loading a Sp ectrum View
Troublesho oting Issues with A dobe Flash Pla yer 10.1o r Later
Understand ing Spectru m Analysis Syslog Messag es
Playing a Reco rding in the RFPlayback T ool
Understand ing Device Ag eout Times
Table24 0:
SpectrumProfile Parameters
Chapte r 33
Dashboa rd Monitoring
Monitoring Performan ce
Clients
APs
Monitoring Usage
Clients
APs
Monitoring Security
Monitoring Potentia l Issues
Monitoring WLANs
Monitoring Access Po ints
Monitoring Clients
Monitoring Firewall s
Element V iew
Table24 1:
Element Description
ElementView
Figure 242:
Table24 3:
TableView Fields
Details View
Element Tab
Element Summary View
Usage Breakdown
Page
Figure 2d
Table24 7:
AggregatedSessionsFields
Chapte r 34
Management Access
Configuring Certific ate Authentication for WebUI Acce ss
Enabling Public Key Au thentication for SSH Access
Enabling RADIUS Serv er Authentication
Configuring RADIUS S erver Username a nd Password A uthentication
Configuring RAD IUS Server Auth entication with V SA
Configuring RAD IUS Server Auth entication with S erver Derivation Ru le
Configuring a se t-value server-derivation rule
Disabling Authentication of Local Management UserAccounts
Verifying the con figuration
Resetting the Adm in or Enable Passwo rd
Figure 248:
Resettingthe Passw ord
Bypassing the En able Password Prompt
Setting an Adm inistrator Session Time out
Implementing a Sp ecific Management Passw ord Policy
ManagementPasswordPolicy Settings
Table25 0:
Defining a Man agement Pa ssword Policy
Allowed Characters Disallowed Characters
Table25 1:
AllowedCharacters in a ManagementUser Password
Allowed Characters Disallowed Characters
In the CLI
Manage ment Authen tication Profile Pa rameters
Table2 52 describes configuration parameterso n the ManagementAuthenticati on profilepage.
Managing Certificat es
strongly
About Dig ital Certificates
Obtaining a Se rver Certificate
Table25 3:
Parameter Description Range
CSR Parameters
Obtaining a Client Certificate
Importing Certifica tes
Use the following commandt o import CSR certificates:
The followingexample imports a server certificate named cert_20 in DER format:
Viewing Ce rtificate Information
ImportedCertificate Locations
Table25 5:
Table25 4:
CertificateShow C ommands
Configuring SNMP
Table25 6:
SNMP Pa rameters for the C ontroller
SNMP Parametersfor the Controller
Configuring Logg ing
Category/Subcategory Description
Table25 7:
SoftwareModules
Category/Subcategory Description
Table25 8:
LoggingLev el Description
LoggingLevels
Enabling Guest P rovisioning
Configuring the G uest Provisioning Pa ge
Configuringthe Guest Fields
Page
Guest Field Description
Configuringthe Page Design
Figure 261:
ConfiguringEmail Messages
Configuring the SMTP Server and Port in the WebUI
Configuring an SMTP server and port in the CLI
Creating Email Messages in the WebUI
Figure 262:
Figure 263:
Configuring a G uest Provisioning Use r
Username andPass word AuthenticationMethod
StaticAuthentication Method
Smart Card AuthenticationMethod
Username andPass word Method
Customizing the Guest Access Pass
Figure 264:
Creating G uest Accoun ts
Figure 265:
Guest Provisioning User Tasks
Figure 266:
Figure 267:
Importing Multipl e Guest Entries
CreatingMultiple Guest Entries in a CSV File
Figure 268:
Importingthe CSV File into the Database
Page
Page
Figure 272:
PrintingGuest Account Information
Figure 273:
Optional C onfigurations
Restricting one Captive Portal Session for each Guest
Using the CLI to restrict one CaptivePortal sess ionfor each guest
Setting the Maximum Time f orG uest Accounts
Using the WebUIto s etthe maximum time for guest accounts
Managing Files o n the Controller
Server Type Configuration
Table27 4:
FileTransfer ConfigurationParameters
Transferring Arub aOS Image Files
Backing U p and Restoring the Flash File System
Backup the Flash File System i n the WebUI
Backup the Flash File System i n the CLI
Restore the Flash File System i n the WebUI
Restore the Flash File System i n the CLI
Setting the System C lock
Manually S etting the Cloc k
Clock Sync hronization
Configuring N TP Authentication
Timestamps in CLI Ou tput
Enabling Capaci ty Alerts
CapacityAlert Thresholds
Table27 5:
wlsxThresholdCleared
wlsxThresholdExceeded
Examples
Chapte r 35
Adding Lo cal Controllers
Configuring Loc al Controllers
Using the Initi al Setup
Using the Web UI
Configuring Layer-2/Layer-3 Se ttings
Configuring T rusted Ports
Configuring Loca l Controller Setting s
Configuring A Ps
Using the WebUI to confi guret he LMSI P
Moving to a Mu lti-Controller Environment
Configuring a P reshared Key
Using the WebUI to confi gurea Local Controller PSK
Using the WebUI to confi gurea Master Cont roller PSK
Using the CLI to confi gurea PSK
Master Controller
Configuring a Contro ller Certificate
Using the CLI to confi gurea Local Controller Certificat e
Using the CLI to confi guret he Master Controller Certificate
Chapte r 36
Advance d Security
Securing Client Traff ic
Securing Wireless Clie nts
Figure 276:
Securing Wire d Clients
Figure 277:
Securing Wireless Clients Th rough Non -Dell APs
Securing C lientso n an AP Wired Port
Table27 8:
EthernetInterface Port/ Wired AP Port ConfigurationParameters
Securing Controlle r-to-Controller Communication
Figure 279:
Configuring Co ntrollers for xSec
Configuring the Ody ssey Client on Client Machin es
Installing the O dyssey Client
Figure 280:
Page
Page
Page
Chapte r 37
Voice and V ideo
Voice and Video Lic ense Requirements
Configuring Voice an d Video
Setting up Net S ervices
Configuring User R oles
Using the Default User Rol e
Creating or Modifying Voice User Roles
Using the WebUIto configure user roles
Table28 6:
ALG Service Name
Servicesfor ALGs
Table28 7:
control
ACL Service Name
OtherMandatoryServices f orthe ALGs
Using the CLI to configurea user role
Using the User-Derivation Roles
Using the WebUIto derive the role based on SSID
Using the CLI to derive ther olebased on SSID
Using the WebUIto derive the role based on MAC OUI
Using the CLI to derive ther olebased on MAC OUI
Configuring Firew allS ettings for Voice and Video A LGs
Additiona l Video Config urations
Configuring Video over WLAN enhancements
Pre-requisites
authenticated
a. To add the ACL to a user role:
This exampleuses t he userrole,
b. To add the ACL to a port:
4. Co nfiguredynamic multicast optimization for video traffic o n a virtual AP profile.
8. Configureand apply a bandwidth management profile.
a. Enable a bandwidth shaping policy so that the allocated bandwidth share is appropriately used.
b. Set a bandwidth percentagefor the following categories:
Figure 288:
Figure 289:
Figure 290:
Figure 291:
Figure 292:
Figure 293:
Figure 294:
Figure 295:
Figure 296:
Working with QoS fo r Voice and Video
Understand ing VoIP Ca ll Admission Control P rofile
VoIPC all AdmissionC ontrolConfigurationP arameters
Table29 9:
5. Click Apply to save your settings.
Understand ing Wi-Fi Multimedia
Priority 802.1p Priority WMM Access Category
Table30 0:
WMMA ccess Category to 802.1pPriority Mapping
Enabling WMM
Configuring WMM AC Mapping
Table30 1:
DSCP DecimalValue WMM Access Category
WMMA ccess Category to DSCP Mappings
Using the WebUIto map between WMM AC and DSCP
Using the CLI to map betweenWMM AC and DSCP
Configuring DSCP Prioriti es
Configuring Dynamic WMM Queue Management
EnhancedDistributed ChannelAccess
Table30 2:
WMM Access Category Description 802.1p Tag
WMMA ccess Categories and802.1p Tags
Using the WebUIto configure EDCA parameters
EDCA ParametersStation andED CA ParametersAP Profile Settings
Table30 3:
5. Click Apply.
Using the CLI to configureEDCA parameters
EnablingWMM Queue Content Enforcement
Understanding Extended Voice and Video Features
Understand ing QoS for M icrosoft Office OCS and App le Facetime
Table30 4:
Microsoft OCS
Apple Facetime
Enabling WPA Fast Han dover
Enabling Mobile IP H ome Agent A ssignment
Scannin g for VoIP-Awa re ARM
Disabling Voic e-Aware 802.1x
Configuring S IP Authentication Tra cking
Enabling Real Time Ca ll Quality Analysis
In the Web UI
Figure 305:
ViewingReal Time Call Quality Reports
Enabling S IP Session Timer
section8.0, Proxy Behaviour
Figure 306:
Enabling V oice and Video Traffic Aw areness for Encrypted Signa ling Protocols
Figure 307:
Figure 308:
Enabling Wi-Fi Edg e Detection a nd Hand over for Voice C lients
Working w ith Dial Plan for SIP Calls
Understanding Dial Plan Format
DialplanPattern Action Description
Table30 9:
Examplesof Dial Plans
Configuring Dial Pl ans
Figure 310:
Figure 311:
Dialplan Profile
Profile
Figure 312:
EnablingEnhanced 911 Support
Working w ith Voice over R emote Acc ess Point
Understand ing Battery Boo st
Enabling LLDP
Figure 314:
Table31 5:
LLDPProfile ConfigurationParameters
Page
Figure 316:
Table31 7:
LLDP-MEDProfile ConfigurationParameters
13.Apply to save yo urset tings.
Advanced Voice Troubleshooting
Viewing T roubleshooting Deta ilso n Voice C lient Status
To view the details of a voice client based on its MAC address:
Viewing T roubleshooting De tails on Voice Call C DRs
EnablingVoice Logs
Figure 318:
EnablingLogging for a SpecificClient
Figure 319:
Viewing Vo ice Traces
Viewing Vo ice Configurations
To view the voice configuration details o n your controller:
Page
Chapte r 38
Instant AP V PN Support
Dell PowerConnectW-Series InstantAccess PointU serGuide
PowerConnect W-Series Instant AccessPoint User Guide
Overview
VPN Configuration
Whitelist DB Co nfiguration
Controller Whiteli st DB
External Whitelist DB
VPN Loca l Pool Configu ration
Viewing Branch Status
Example
The output of this command includes the followingparameters:
Table32 0:
IAP TableParameters
Chapte r 39
W-600 Series Controllers
Table32 1:
Controller USB Ports Maximum ExternalAPs RemoteAPs
600Series Controllerby the Numbers
Connecting with a USB Cellular Modem s
How it Works
Figure 323:
mode-switch
Switching Mo des
UplinkManager
Figure 325:
Cellular Profile
Dialer Group
Configuring a Sup ported USB Modem
Figure 328:
Connected
Figure 329:
Figure 330:
Configuring a New USB M odem
Configuring th e Profile and Modem D river
Figure 332:
Figure 333:
Figure 334:
Configuring th e TTY Port
Figure 335:
Figure 336:
Figure 337:
Figure 338:
Testing the TTY P ort
Figure 339:
Figure 340:
Selecting th e Dialer Profile
Figure 341:
Setting Up NAS (Network-Attach ed Storage) Devices
NAS Device Se tup
Configuring in th e CLI
disk name
mode
filesystempath
Managin g NAS Devices
Mounting a nd Unmounting De vices
Table34 2:
InitialState LED State Action Status LED Function LED Action Completed
Multi-functionMediaE ject Button
Connecting to a Prin t Server
Printer Setup Using the C LI
configmode
Additiona l Commands fo r Managing P rinters
W-600 Series Samp le Topology and Configuration
Remote Bra nch 1W-650 C ontroller
Remote Bra nch 2W-650 C ontroller
W-3200 Central Office C ontrollerActive
W-3200 Central Office C ontrollerBack up
Page
Chapte r 40
External S ervices Interface
Sample ESI Topology
Figure 343:
Figure 344:
Understanding th e ESI Syslog Parser
ESI Parser D omains
Figure 345:
Peer Con trollers
Figure 346:
peers
Syslog Parser R ules
Condition Pattern Matchi ng
Configuring ESI
Configuring He alth-Check Me thod, Groups, a nd Servers
Defining th e ESI Server
Defining th e ESI Server Grou p
Redirection Po licies and User R ole
ESI Syslog P arser Domains an d Rules
Managin g Syslog Parser D omains in the W ebUI
Adding a new syslog parser domain
Deleting an existi ng syslog parserdom ain
Editing an existing sysl og parserdomai n
Managin g Syslog Parser D omains in the C LI
Adding a new syslog parser domain
Showing ESI syslog parser domain inf ormation
Deleting an existi ng syslog parserdom ain
Editing an existing sysl og parserdomai n
Adding a new parser rule
Deleting a syslog parser rule
Editing an existing sysl og parserrule
Testing a Parser Rule
Adding a new parser rule
Showing ESI syslog parser rule informat ion:
Deleting a syslog parser rule:
Editing an existing sysl og parserrule
Sample Route-m ode ESI Topology
Figure 347:
ESI server configuration on controller
server
servergroups
Configuring the Example Routed ESI Topology
Health-Che ck Method , Groups, and S ervers
Defining the Pin g Health-Check Me thod
Defining th e ESI Server
Defining th e ESI Server Grou p
Redirection Policies an d User Role
Syslog Parser D omain and Rules
Add a New Syslog Parser Domain in the WebUI
Adding a New Parser Rule in the WebUI
Sample NAT-mode E SI Topology
Figure 348:
Figure 349:
ESI server configuration on the controll er
Configuring the Exa mple NAT-mod e ESI Topo logy
Configuring th e NAT-mode ESI Exa mple in the WebUI
Configuring the ESI Group in t he WebUI
Configure the ESI Servers in the WebUI
Configuring the Redirecti on Filter in the WebUI
Configuring th e Example NAT-mo de Topology in the CLI
Configuring a Health-Check Ping
Configuring ESI Servers
Configure an ESI Group, Add the Heal th-Check Ping and ESI Servers
Using the ESI Group in a Session Access Cont rol List
CLI Configuration Exampl e 1
Understanding Ba sic Regular Expression (BRE) S yntax
Characte r-Matching Operators
Table35 0:
Character-matchingoperatorsinregular expressions
substitute
Regular E xpression Rep etition Operators
Regularexpressionrepetition operators
RegularExpression Anchors
. That command uses the syntax:
Table35 2:
References
This implementation is based, in part, on the following resources:
Chapte r 41
ExternalUser Management
C
Overview
Before you Beg in
Creating an XML Reque st
Adding a Use r
Deleting a User
Authentic ating a User
Blacklisting a User
XML Response
Default Re sponse Format
In which,
contain the Ok string. If the requestw as a failure,the result tag will contain the Error string.
in the request.
Response Codes
The followingresponse codes are returned if the XML request returnan the Error string.
XMLResponse Codes
Table35 3:
Code Reasonm essage Description
Query Com mand Respo nse Format
Table35 4:
ResponseCode Description
QueryResponse Code
Using the XML API Serv er
Configuring the X ML API Server
Associating th e XML API Se rver to a AAA p rofile
Page
The followingexample illustrates using the default-xml-apiAAA profile.
Yourc ontrolleris now ready to receive API calls fromyour XML API server.
Set up Captive Portal profi le
Associating the Capti veP ortal Profile to an Initi al Role
Creating a n XML API Re quest
Table35 5:
Table35 6:
AuthenticationCommand Description
XMLAPI AuthenticationCommand
Monitoring E xternal Captive Portal Usa ge Statistics
Sample Code
C
The examplescript i s written in the
Using XML A PI in C Langu age
Figure 357:
Page
Page
Understanding Request and Response
XMLAPI RequestParametersand Descriptions
Table35 8:
Understanding XML API Request Parameters
The Table35 8list all parametert hat you can use in a request.
Understanding XMl API Response
Adding a Client
This command will add a client on your network.
Figure 359:
The commandssends the following information in the authentication request to the controller:
Deleting a Client
Authenticating a Cl ient
Status of theclient before authentication
Sendingthe authenticationcommand
Figure 360:
Status of theclient after authentication
Querying for Client D etails
Blacklisting a Cl ient
Figure 361:
Responsefrom the controller
Chapte r 42
RF Plan
Supported Planning
Planning Deploym ent
Pre-Deploym ent Consideratio ns
Installation Guide
Outdoor-Sp ecific Deploym ent Consideratio ns
Configura tion Considerations
Post-Deployme nt Consideration s
Dual-Port AP Consid erations
Launching the RF Plan
Campus List Pa ge
Definitionof Campus List Buttons
Table36 3:
Figure 362:
Building List Pa ne
Edit a campus from the building list pane.
Table36 5:
Figure 364:
BuildingList Buttons
Building S pecifications Ove rview
Figure 366:
Building Dime nsion Page
Figure 367:
Table36 8:
AP Mode ling Parame ters Page
Figure 369:
This window allows you to select o r control the parametersas defined in Table 370.
RadioType Definitions
Table37 1:
Radio Type
Design Model
Table37 2:
Table37 3:
Radio Button Description
DesignModel Radio Buttons
Users/AP
RadioProperties
Table37 4:
Radio Properties (Desired Rates and HT Support Opt ions)
RadioProperty Description
AM Modelin g Page
Figure 375:
RadioButton Description
Table37 6:
Table37 7:
Planning Floo rs Page
Figure 378:
You can select or adjust the features as described in Table 379:
Table37 9:
FloorPlanningFeatures
Zoom
Approximate Coverage Map
Floor Editor Dialog B ox
BackgroundImages
Area Editor Dialog Box
Figure 382:
Naming
Locationand Dimensions
Area Types Figure 383:
Access Point Editor Di alog Box
Figure 384:
Naming
Fixed
Page
Memo
AP Plan Pag e
approximatecoverage
Figure 386:
Initialize
Optimize
AM Plan Pag e
Initialize
Optimize
Viewingthe Results
Figure 389:
Exporting a nd Importing Files
Export Campus
Figure 391:
My_Campus.XML
.XML
Import Campus
Locate
FQLN Mapper
APname.Floor.Building.Campus
APP ropertySearch
Table39 5:
Figure 394:
Using the FQLN Mapper in th e APPro vision Page
Using the WebU I
Using the CLI
SampleBuilding
Table39 7:
RF Plan Example
Sample Bu ilding
Create a Buildin g
TextBox Information
Table39 8:
Createa Building
Model the A ccess Points
Model the Air Monitors
Add an d Edit a Floor
Adding the b ackground imag e and naming the first floor
Adding thebackground image and naming the second floor
Defining Area s
Creating a D ont Deploy A rea
Running th e AP Plan
Running th e AM Plan
Chapte r 43
Behavior a nd Defaults
Featuresnot Supportedin Each ForwardingMode
Table39 9:
Understanding Mode Support
Understanding Bas ic System Defaults
PredefinedNetwork Services
Table40 0:
Network Service s
Table4 00 lists the predefined networkservices and their protoco lsand ports.
Page
Policies
The followingare predefined policies.
PredefinedPolicies
Table40 1:
Page
Page
Roles
The followingare predefined roles.
Table40 2:
PredefinedRole Description
PredefinedRoles
Page
Understanding Default Management User Roles
The ArubaOSsoftware includes predefined management user roles.
Table40 3:
PredefinedManagementRoles
Page
Page
Understanding De fault Open Ports
Default(Trusted) OpenPorts
Table40 4:
Port Number Protocol WhereUs ed Description
Chapte r 44
DHCP with Ven dor-Specific Option s
Configuring a Windo ws-Based DHCP Server
Configuring O ption 60
To configure option 60 on the Windows DH CP server
Configuring O ption 43
To configure option 43 on the Windows DH CP server:
Page
Enabling DHCP Relay Age nt Information Option (Option 82 )
Configuring O ption 82
Enabling Linux DHCP Se rvers
Page
Chapte r 45
802.1X Configuration for IAS an d Windows Clien ts
Step-by-StepGuide for Setting Up SecureWireless Access in a Test Lab
Configuring Micros oft IAS
RADIUS C lient Configuratio n
Remote A ccess Policies
Active Directo ry Database
Configuring P olicies
Figure 409:
Page
Configuring R ADIUS Attributes
Figure 412:
Figure 413:
Configuring Mana gement Authentication usin g IAS
Creating a Rem ote Policy
Defining P roperties for Remo te Policy
Creating a Use r Entry in Windows A ctive Directory
Configure the C ontroller to use IAS Man agement A uthentication
Figure 414:
Figure 415:
Verify Commun ication between the Co ntroller and the RADIUS Se rver
Figure 416:
Window XP Wireless Client Sample Config uration
Page
Figure 418:
Figure 419:
Figure 420:
Page
Page
Appendix A
Acronyms an d Terms
Listof acronyms
Table42 3:
Acronyms
Page
Page
Page
Page
Page
Terms
The followingt ablelist s the terms and their definitions used in this guide.
Table42 4:
Listof terms