3COM WX2200 User Manual

Download

Wireless LAN Mobility System

Wireless LAN Switch Manager User’s Guide

WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100 3CRWXR10095A WX2200 3CRWX220095A

http://www.3Com.com/

Part No. 10015403 Rev. AA Published August 2006

3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064

Copyright © 2006, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.

3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.

If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:

All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.

3Com is a registered trademark of 3Com Corporation. The 3Com logo is a trademark of 3Com Corporation.

Mobility Domain, Mobility Point, Mobility Profile, Mobility System, Mobility System Software, MP, MSS, and SentrySweep are trademarks of Trapeze Networks, Inc.

Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, Windows XP, and Windows NT are registered trademarks of Microsoft Corporation.

All other company and product names may be trademarks of the respective companies with which they are associated.

ENVIRONMENTAL STATEMENT

It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed to:

Establishing environmental performance standards that comply with national legislation and regulations.

Conserving energy, materials and natural resources in all operations.

Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the recyclable and reusable content of all products.

Ensuring that all products can be recycled, reused and disposed of safely.

Ensuring that all products are labelled according to recognized environmental standards.

Improving our environmental record on a continual basis.

End of Life Statement

3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.

Regulated Materials Statement

3Com products do not contain any hazardous or ozone-depleting material.

Environmental Statement about the Documentation

The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and the inks are vegetable-based with a low heavy-metal content.

CONTENTS

ABOUT THIS GUIDE

Conventions 9 Documentation 10 Documentation Comments 11

1 GETTING STARTED

Hardware Requirements for 3WXM Client 13 Hardware Requirements for 3WXM Services 14 Software Requirements 14 Preparing for Installation 15

User Privileges 15 Serial Number and License Key 15 HP OpenView Network Node Manager 15 Resource Allocation 16

Installing 3WXM 17

Installing 3WXM on Windows Systems 17

Installing 3WXM on Linux Systems 18 Start 3WXM Services 20 Connect 3WXM Clients to 3WXM Services 20

Configure 3WXM Services 21

3WXM Access Control 23 3WXM Interface 23

Display the Main Window 24

Using the Toolbar and Menu Bar 25

Setting Preferences 26

Easy Configuration Using Wizards 26

View Topology 26

Getting Help 27

2 PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH

3WXM

Which Services To Provide? 30 Network Plan 31 RF Coverage Area 31

RF Auto-Tuning 32 RF Auto-Tuning with Modelling 32 RF Planning 33 Which Planning Method Should I Use? 33

Configuration 35

Wireless Configuration 36 AAA Security Configuration 38

System and Administration Configuration 40 Equipment Installation 42 Deployment 43 Management and Monitoring 43

Network Status 44

RF Monitoring 44

Client Monitoring 45

Rogue Detection 46

Event Logging 46

Verification 47

Reporting 47 RF Plan Optimization 48

3 CONFIGURING WIRELESS SERVICES

What are Services? 51 Configure Employee Access Services 52

Tas k Ta bl e 52

Step Summary 54

Example: Configure Employee Access 55 What’s Next? 68 Configure Guest Access Services 69

Tas k Ta bl e 69

Step Summary 71

Optional: Configure Mobility Profiles 81 What’s Next? 82

Configure Voice over Wireless IP Service 83

Tas k Ta bl e 83 Step Summary 85 Create a Radio Profile for Voice 86 Create a Service Profile for Voice 86

What’s Next? 95

4 USING RF AUTO-TUNING

What Is RF Auto-Tuning? 97 Place Your Equipment 98 Configure Initial WX Switch Connectivity 98 Upload the WX Switch Configuration into a 3WXM Network Plan 98 Create a Service Profile 99 Create a Radio Profile and Map the Service Profile to It 100 Create Your MAPs 101 Apply a Radio Profile to Each Radio 104 What’s Next? 104

5 USING RF AUTO-TUNING WITH MODELLING

What Is RF Auto-Tuning with Modelling? 105 Add Site Information 106 Insert RF Obstacles 108 Create Your RF Coverage Area 110

Create a Wiring Closet 110 Create Your RF Coverage Area 111 Add MAPs 118 Associate MAPs to the Coverage Area 118

What’s Next? 120

6 USING RF PLANNING

What is RF Planning? 121 Prepare the Floor Drawings 122 Define Site Information 123

Import a Floor Plan 128 Set the Scale 129 Clean Layout 130

Model RF Obstacles 133 Import a Site Survey 134 Plan RF Coverage 135

Add Wiring Closets 135

Create Coverage Areas 136

Compute and Place MAPs 144

Assign Channel Settings 146

Calculate Optimal Power 148

Display Coverage 150 Generate a Work Order 151 Install the Equipment 153 What’s Next? 153

7 MANAGING AND MONITORING YOUR NETWORK

Deploy Your Configuration 155 Perform Basic Administrative Tasks 157

Configuring WX Management Services 157 Distributing System Images 159

Using the Image Repository 159

Distributing System Images 159

Saving Versions of Network Plans 160 Importing and Exporting Switch Configuration Files 161 Monitoring Examples 163

Monitor an Individual User 163

Monitor a Group of Users 169

Monitor a Rogue 171

8 OPTIMIZING A NETWORK PLAN

Using RF Measurements from MAPs 180 Using RF Measurements from an Ekahau Site Survey 181

Generating an Ekahau Site Survey Work Order 182

Importing RF Measurements from the Ekahau Site Survey 185 Optimizing the RF Coverage Model 187 Locating and Fixing Coverage Holes 189

Displaying the RF Coverage Area 189

Locking Down MAPs 190

Fixing a Coverage Hole 191

Computing and Placing New MAPs 191 Replanning Your Network 191

What’s Next? 192

A OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS

Register Your Product to Gain Service Benefits 193 Solve Problems Online 193 Purchase Extended Warranty and Professional Services 194 Access Software Downloads 194 Contact Us 194

Telephone Technical Support and Repair 195

INDEX

ABOUT THIS GUIDE

This manual shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless LAN Switch Manager (3WXM) tool suite.

Read this manual if you are a network administrator or a person responsible for managing a WLAN.

If release notes are shipped with your product and the information there differs from the information in this guide, follow the instructions in the release notes.

Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on the 3Com World Wide Web site:

http://www.3com.com/

Conventions Table 1 and Table 2 list conventions that are used throughout this guide.

Tab le 1 Notice Icons

Icon Notice Type Description

Information note Information that describes important features or

instructions

Caution Information that alerts you to potential loss of data or

potential damage to an application, system, or device

10 ABOUT THIS GUIDE

This manual uses the following text and syntax conventions:

Tab le 2 Text Conventions

Convention Description

Menu Name > Command

Monospace text Sets off command syntax or sample commands and system

Bold text Highlights commands that you enter or items you select.

Italic text Designates command variables that you replace with

[ ] (square brackets) Enclose optional parameters in command syntax.

{ } (curly brackets) Enclose mandatory parameters in command syntax.

| (vertical bar) Separates mutually exclusive options in command syntax.

Keyboard key names If you must press two or more keys simultaneously, the key

Words in italics Italics are used to:

Indicates a menu item that you select. For example, File > New indicates that you select New from the File menu.

responses.

appropriate values, or highlights publication titles or words requiring special emphasis.

names are linked with a plus sign (+). Example:

Press Ctrl+Alt+Del

 Emphasize a point.

 Denote a new term at the place where it is defined in the

text.

 Highlight an example string, such as a username or SSID.

Documentation The 3WXM documentation set includes the following documents.

 Wireless LAN Switch Manager (3WXM) Release Notes

These notes provide information about the 3WXM software release,

including new features and bug fixes.

 Wireless LAN Switch and Controller Release Notes

These notes provide information about the MSS software release,

including new features and bug fixes.

 Wireless LAN Switch and Controller Quick Start Guide

This guide provides instructions for performing basic setup of secure

(802.1X) and guest (WebAAA™) access, for configuring a Mobility

Domain for roaming, and for accessing a sample network plan in

3WXM for advanced configuration and management.

Documentation Comments 11

 Wireless LAN Switch Manager Reference Manual

This manual shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless LAN Switch Manager (3WXM).

 Wireless LAN Switch Manager User’s Guide (this document)

This guide shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless LAN Switch Manager (3WXM). It contains information about recommended system requirements you should meet for optimum 3WXM performance, installing 3WXM client and 3WXM Services software, and an introduction to using the 3WXM interface.

 Wireless LAN Switch and Controller Hardware Installation Guide

This guide provides instructions and specifications for installing a WX wireless switch in a Mobility System WLAN.

 Wireless LAN Switch and Controller Configuration Guide

This guide provides instructions for configuring and managing the system through the Mobility System Software (MSS) CLI.

Documentation Comments

 Wireless LAN Switch and Controller Command Reference

This reference provides syntax information for all MSS commands supported on WX switches.

Your suggestions are very important to us. They will help make our documentation more useful to you. Please e-mail comments about this document to 3Com at:

pddtechpubs_comments@3com.com

Please include the following information when contacting us:

 Document title

 Document part number and revision (on the title page)

 Page number (if appropriate)

12 ABOUT THIS GUIDE

Example:

 Wireless LAN Switch and Controller Configuration Guide

 Part number 730-9502-0071, Revision B

 Page 25

Please note that we can only respond to comments and questions about 3Com product documentation at this e-mail address. Questions related to Technical Support or sales should be directed in the first instance to your network supplier.

GETTING STARTED

This chapter contains information about recommended system requirements you should meet for optimum 3WXM performance, installing 3WXM client and 3WXM Services software, and an introduction to using the 3WXM interface.

Hardware Requirements for 3WXM Client

Table 3 shows the minimum and recommended requirements to run the 3WXM client on Windows and Linux platforms.

Tab le 3 Hardware Requirements for Running 3WXM Client on Windows and

Linux

Minimum Recommended

Processor Intel Pentium 4, 2 GHz or

RAM 512 MB 1GB

Hard drive space available

Monitor resolution 1024x768 pixels, 24-bit

CD-ROM drive CD-ROM or equivalent CD-ROM

equivalent

100 MB 200 MB

color

Intel Pentium 4, 3 GHz or equivalent

1600x1200 pixels, 32-bit color

14 CHAPTER 1: GETTING STARTED

Hardware Requirements for 3WXM Services

Software Requirements

Table 4 shows the minimum and recommended requirements to run the 3WXM Services on Windows and Linux platforms.

Tab le 4 Hardware Requirements for Running 3WXM Services on Windows and

Linux

Minimum Recommended

Processor Intel Pentium 4, 2.4 GHz or

equivalent

RAM 1GB 2GB

Hard drive space available

Monitor resolution 1024x768 pixels, 24-bit

CD-ROM drive CD-ROM or equivalent CD-ROM

1GB 2GB

color

Intel Pentium 4, 3.6 GHz or equivalent

1600x1200 pixels, 32-bit color

3WXM client and 3WXM Services are each supported on the following operating systems:

 Microsoft Windows Server 2003

 Microsoft Windows XP with Service Pack 1 or higher

 Microsoft Windows 2000 with Service Pack 4

 SUSE Linux 9.1 and Red Hat WS 3

You must use the English version of the operating system you select. Operating system versions in other languages are not supported with 3WXM.

The following additional software is required for certain 3WXM features:

 Web browser (for example, Microsoft Internet Explorer 5.x or 6.x or

Netscape Navigator 6.x or 7.x)—For displaying 3WXM online help,

work orders, and reports

 Adobe Acrobat Reader 5.x or later (or plug-in)—For reading the

manuals and release notes

 HP OpenView Network Node Manager 6.4 or later—Must be installed

prior to 3WXM if you plan to use 3WXM in your HP OpenView

environment

Preparing for Installation 15

Preparing for Installation

User Privileges Before you install 3WXM, make sure that you are logged in as a user who

Serial Number and

License Key

A licensed copy of 3WXM comes with a base license key. Before you install 3WXM, make sure you have the appropriate administrative privileges on the system.

After you have installed 3WXM, you will need to register your license and the serial number with 3Com in order to obtain an activation key.

The base key along with its activation key enables you to manage up to 10 wireless LAN switches. To manage more than 10 wireless LAN switches, you also need an upgrade key and an additional activation key, which you obtain from 3Com. See “Serial Number and License Key” below for more information.

has permission to install software, or as an administrator.

After you install 3WXM, you can configure 3WXM access privileges for the user accounts on the machine. Likewise, you can configure access privileges for the monitoring service, if installed. Access privileges for the 3WXM client are completely independent of access privileges for the monitoring service, and are configured separately.

3WXM comes with a base license key, which is provided on the CD cover. To use 3WXM Services, you need to enter the base key and an activation key, which you obtain from 3Com. The base key and activation key enable you to manage up to 10 wireless LAN switches. To manage more than 10 wireless LAN switches, you also need an upgrade key and additional activation key, which you obtain from 3Com.

HP OpenView

Network Node

Manager

Each time you connect the 3WXM client to the 3WXM Services, it checks the license information. If the product is not licensed, the License wizard is displayed.

If you do not have a license key, you can run 3WXM for 30 days. Once this trial period is over, you will need to purchase a license to continue running the 3WXM software.

If you want to integrate 3WXM into your HP OpenView environment, you have the option of installing the HP OpenView plug-in required to use Network Node Manager with 3Com products. Make sure that HP OpenView is already installed before installing 3WXM with the plug-in.

16 CHAPTER 1: GETTING STARTED

Resource Allocation Table 5 contains general recommended guidelines for hardware

requirements and memory allocation based on the number of radios and WX switches your server will support. A larger number of WX switches implies more connections and data processing, and consequently, more CPU is required. A larger number of radios implies more data (including client sessions) which requires more RAM and storage.

Tab le 5 Recommended Server Hardware Allocation

Number of Radios 1-25 WX Switches 25-50 WX Switches 50+ WX Switches

1 – 1000  2.4 GHz P4

 500 MB RAM

 1 GB HD

1000 – 2000  2.4 GHz P4

 1 GB RAM

 2 GB HD

 2.8 GHz P4

 500 MB RAM

 1 GB HD

 3.0 GHz P4

 1 GB RAM

 2 GB HD

 3.2 GHz Xeon

 1 GB RAM

 1 GB HD

 3.6 GHz Xeon

 2 GB RAM

 2 GB HD

3WXM Services Options

3WXM Services can be installed either in standalone mode or shared mode. Standalone mode is when 3WXM client and 3WXM Services are installed on one machine. Standalone mode is primarily used for trying out 3WXM, while shared mode is used in a working environment. In shared mode, the administrator sets up 3WXM Services on a single host (typically with more resources) and other hosts with the client 3WXM application share 3WXM Services to access network plans and monitoring information. See Figure 1.

Figure 1 3WXM Services in Shared Mode

Installing 3WXM 17

Installing 3WXM To install the 3Com Wireless Switch Manager, follow the instructions

below for your operating system.

Installing 3WXM on

Windows Systems

To install 3WXM on a Windows system:

The 3WXM install program installs either just the 3WXM client, or both the 3WXM client and Services. There is no option to install the 3WXM Services only.

1 Insert the 3WXM CD in the CD-ROM drive.

If Autorun is enabled, wait briefly for the install program to start.

If Autorun is disabled, follow these steps:

a In Windows Explorer, navigate to your CD-ROM drive.

b In the Software\3WXM directory, double-click install.exe.

The Introduction page of the 3Com Wireless Switch Manager installation wizard appears, and then the Contents screen appears, as shown in the following figure.

2 Open the 3Com Wireless Switch Management folder.

3 Select 3Com Wireless Switch Manager.

18 CHAPTER 1: GETTING STARTED

4 Click the View button.

The 3Com Wireless LAN Switch Manager (3WXM) information screen appears.

5 Click the Install button.

The installation begins. During the installation, the 3Com Wireless Switch Manager installation wizard minimizes.

Installing 3WXM on

Linux Systems

6 When the installation is complete, maximize the 3Com Wireless Switch

Manager installation wizard screen, and then press the Contents button.

7 Press the Exit button to close the wizard, or navigate to the other items

on the CD.

The same 3WXM install program installs either 3WXM client, 3WXM Services, or both.

To install 3WXM on a Linux system:

 Unpack files  Use the Installation Wizard

Unpacking Files

To unpack files on Linux systems:

1 Log in as superuser.

2 Insert the 3WXM CD in the CD-ROM drive.

3 For the platform on which you are installing 3WXM, click the appropriate

Installer link.

4 Save the installation binary to a directory.

Installing 3WXM 19

5 Open a shell window.

6 Use the cd command to go to the directory in which you saved the

installation binary.

7 In the shell window, type sh ./install.bin. The Introduction page of the

3WXM installation wizard appears.

8 Click Next to display the Choose Installation Type page of the installation

wizard, and go to “Using the Installation Wizard”.

The installer does not make any path changes during installation. You might want to configure path information, to make 3WXM easy to start on your system. 3WXM must be run at the root level.

Using the Installation Wizard

To use the installation wizard on a Linux system:

1 On the Choose Installation Type page, choose one of the following:

 To install both the 3WXM server and the client, click the 3WXM

Services icon.

 To install only the 3WXM client, click the 3WXM client icon.

For detailed installation instructions, see “Installing 3WXM” in the

Wireless LAN Switch Manager Reference Manual.

Near the end of the installation process, the installer displays the service ports 3WXM Services will use:

 443—HTTPS server port

 162—SNMP trap receiver port

You can change one or both port numbers to prevent conflicts with other applications on the same host.

Multiple applications cannot use the same UDP or TCP port on the same host. For example, port 443 is defined by the Internet Assigned Numbers Authority (IANA) as the well-known HTTPS port. If the host on which you install 3WXM Services uses its default HTTPS port (443), and the same host also runs Microsoft Internet Information Services (IIS) on its default HTTPS port (443), there will be a conflict over the port. 3WXM clients will not be able to communicate with 3WXM Services.

If you plan to use the remote configuration option to configure new switches, you must use port 443 for 3WXM Services. When a switch requests its configuration from 3WXM Services, it sends the request to port 443.

20 CHAPTER 1: GETTING STARTED

Start 3WXM Services

Connect 3WXM Clients to 3WXM Services

3WXM Services are automatically started when you install them on a Windows system.

To start the 3WXM Services on a Unix or Linux System:

To start 3WXM Services manually, type a command such as the following:

solaris# rm-services start

To stop 3WXM Services manually, type a command such as the following:

solaris# rm-services stop

These examples assume that 3WXM Services is installed in the default location.

To connect the client to Services:

1 Select Start > Programs > 3Com > 3WXM > 3WXM. The 3WXM

Services Connection wizard is displayed.

2 Enter the IP address or fully-qualified hostname of the machine on which

the service is installed.

If 3WXM Services is installed on the same machine as the one you are using to run 3WXM client, enter 127.0.0.1 as the IP address. This is a standard IP loopback address.

3 Specify the service port, if different from the port number in the Service

Port listbox.

The port number used by the monitoring service must not be used by another application on the machine where the monitoring service is installed. If the port number is used by another application, change the port number on the monitoring service. (See “Configure 3WXM Services”.)

4 Click Next to connect to the server.

5 If the Certificate Check dialog is displayed, click Accept.

If you left the Open Network Plan option on the 3WXM Services Connection dialog selected, the server opens the last network plan.

Connect 3WXM Clients to 3WXM Services 21

Configure 3WXM

Services

You can change the properties of 3WXM Services.

If a firewall is enabled on the host where you install 3WXM Services, 3WXM Services will not be able to communicate with 3WXM client or with WX switches unless the firewall is configured to allow through traffic for the SSL and SNMP ports (443 and 162 by default).

To configure 3WXM Services:

1 Select To ol s > 3WXM Services Setup dialog box from the 3WXM main

tool bar. The 3WXM Services Setup wizard is displayed.

By default, a username and password are not required to access 3WXM Services from 3WXM client. You can configure user accounts for administrative, provisioning, and monitoring access. (See “3WXM Access Control” on page 23.)

2 You can optionally configure the following:

 Select the arrow buttons to change the HTTPS Server Port, which is

the port on which 3WXM Services listens for requests from 3WXM client.

22 CHAPTER 1: GETTING STARTED

 Select the arrow buttons to change the SNMP Trap Receiver Port,

On each switch in the network plan, you must enable notifications and configure 3WXM Services as a notification target (trap receiver).

3WXM Services does not start listening for SNMP notifications from switches until you save the network plan.

 From the Key Store area of the window, specify security settings.

 From the Access Control area, define user accounts. For more

(The Auto-Config IP Subnet Matching option is used for field replacement of WX switches. For information, see the “Configuring WX Switches Remotely” chapter in the Wireless LAN Switch Manager Reference

Manual.)

To change these settings, use the Service Settings tab of the 3WXM Services Setup dialog.

which is the port on which SNMP traps are received. Also select the

trap type (SNMPv1 or SNMPv3) you want 3WXM Services to receive

from WX switches.

information about access control, see “3WXM Access Control” on

page 23.

To select monitoring settings

All monitoring options are enabled by default. You do not need to enable them and you do not need to specify the switches you want to monitor. However, for 3WXM Services to receive trap data from WX switches, SNMP notifications must be enabled and 3WXM Services must be configured as a notification target on each of the switches.

To start gathering data for monitoring, deploy your configuration to the network. For information about deploying your configuration, see “Deploy Your Configuration” on page 155.

3WXM Interface 23

3WXM Access Control You can create a user account with administrator, provision, or monitor

privileges. See Table 6 for basic privilege definitions. For a details, see the “Restricting Access to 3WXM” section in the “Getting Started” chapter of the Wireless LAN Switch Manager Reference Manual

Tab le 6 User Privilege Levels

Privilege Level Access Control Configuration Monitoring

Administrator yes yes yes

Provision no yes yes

Monitor no no yes

To configure access control

1 Select To ol s > 3WXM Services Setup from the 3WXM main tool bar.

The 3WXM Services Setup window is displayed.

2 In the Access Control area of the window, deselect Allow All Users.

3 Enter a username and password for administrative access, then click OK.

(You must configure an admin account before you can configure provision or monitor accounts.)

4 Select Add Admin Account, Add Provision Account, or Add Monitor

Account. A dialog box is displayed.

5 Enter the account name and the password and click OK.

6 To remove an account, select the account and click Remove Account.

3WXM Interface This section contains the following topics:

 “Display the Main Window” on page 24

 “Using the Toolbar and Menu Bar” on page 25

 “Setting Preferences” on page 26

 “Easy Configuration Using Wizards” on page 26

 “View Topology” on page 26

 “Getting Help” on page 27

24 CHAPTER 1: GETTING STARTED

Display the Main

Window

When you start 3WXM client and log onto 3WXM Services, a network plan is displayed by the 3WXM client. (See Figure 2 on page 25.)

 Organizer panel displays a network tree representing your WLAN’s

devices and configurations on those devices. You can use it to

navigate to Policy configurations, Equipment within your network,

and network Sites.

When you select a device or configuration in the tree, the

context-sensitive information about the device or configuration is

displayed to the right in the Content and Information panels.

 Content panel displays context-sensitive information about the device

or configuration selected from the tree in the Organizer panel. From

the Content panel, you can view 3Com devices and their status, verify

3Com device configurations in the network plan and in the network,

and display event logs and Rogue detection results.

 Alerts panel displays a summary of alerts, including network and

configuration verification, Rogue detection, and local and network

changes. Click on a summary to display details.

The Lock icon indicates whether the network plan has been locked.

When you make changes to a network plan, 3WXM locks it on the

server. The lock prevents other clients who open the network plan

from modifying it while you are making changes. The network plan

remains locked until you save your changes, after which the lock is

released.

Figure 2 Main 3WXM Window with Open Network Plan

3WXM Interface 25

Organizer panel

Content panel

Toolbar

Using the Toolbar

and Menu Bar

Alerts panel

The main 3WXM window has a toolbar that provides quick access to features. You can use the Back and Forward buttons to cycle through your display selections.

The menu bar (located above the toolbar) provides access to administrative options such as plan management and access to online help. For example, to open another network plan, select File > Switch Network Plan.

Lock

icon

26 CHAPTER 1: GETTING STARTED

Setting Preferences You can set network and user interface preferences, as well as

preferences for save interval and autosave, certificate handling, RF monitoring, and logging.

1 Select To ol s > Preferences from the 3WXM main tool bar.

The Preferences wizard is displayed.

2 Select any of the tabs, make modifications in the fields, and select Reset

All to reset preferences.

Easy Configuration

Using Wizards

Wizards help walk administrators through configuration steps. There are many wizards in the 3WXM application.

Enter the required fields and click Next at the bottom of the wizard to display the next step. Click Cancel to discard any changes made with the wizard. When you are done, click Finish or OK to save changes.

You can right-click on many objects to display the Insert option. Select

Insert to create a new object that is a “child” of the selected object.

View Topology You can display a topology view of managed devices in your WLAN and

their relationships to each other. You can also click on the devices in the topology view to display summary monitoring information about each one.

To display a topology view of your network

1 Select the Monitor toolbar option.

2 In the Equipment section of the Organizer panel, select a Mobility

Domain or a WX switch.

3 If not already selected, select Explore from the drop-down list in the

Monitor tab. The topology view of the selected object is displayed.

3WXM Interface 27

You also can select a radio, in which case the floor plan where the radio is located is displayed, with status for all MAPs on that floor.

Getting Help Click Help from the Main menu bar to access different types of help:

1 Select Help > Help to display HTML help about configuring and using

3WXM.

2 Select Help > Licensing to view product licensing information.

3 Select Help > Report Problem to report a problem to 3Com Technical

Support.

4 Select Help > About 3WXM to display information about 3WXM and to

display the Release Notes. You also can click Force GC (garbage collection) to free resources.

28 CHAPTER 1: GETTING STARTED

PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

This chapter contains information about planning and managing your wireless network with 3WXM. Planning your wireless network is highly recommended because it not only helps you configure and deploy it, but also aids in scaling and monitoring your network. 3Com provides you with flexible tools to assist with network planning.

You plan your wireless network to support the services you want to offer your employees, guests, or customers. Figure 3 describes the process you will follow to establish services in your company or organization, beginning with determining the services you want to offer. Each step in the process is described in this chapter.

Figure 3 Process to Establish Wireless Services

START

Determine which services to

provide

Configure services

Optimize services

Plan for network equipment and coverage

Monitor services

Generate work order and install equipment

Deploy services

30 CHAPTER 2: PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

Which Services To Provide?

What is a service?: A service is a concept (not a selectable item in the 3WXM

interface) that represents a set of options you configure and deploy on your wireless network. You configure services to support the different levels of network access you need to provide. For example, a service configured to support employee access will have different options configured to provide greater access to the network. In contrast, a service configured for guest access typically restricts users to limited or no internal network access, but easily provides a gateway connection to the Internet.

A service can be fully isolated and independent of other services on the network (multi-hosted access is typically isolated), or you can reuse part of a service configuration for another service you want to provide. Each service has potential authentications (802.1X, web page, MAC address, or “last resort”) and potential encryptions (802.11i, WPA, WEP, or unencrypted).

Purpose of this section: To provide information about services that you can

configure using 3WXM.

Why is this important?: Understanding the services you can configure with

3WXM is the first step in planning and configuring your network.

The first step you need to do when planning your wireless network is to determine which services your organization requires. The three common types of services are:

 Employee access

 Guest access

 Voice over Wireless IP (VoWIP)

Employee access is typically secure, encrypted access to the wireless network. Guest access is access (possibly unencrypted) for visitors at your location. If you intend to resell services to other providers, you will need to provide multi-hosted access.

Determining the services you will need at the beginning of the planning process results in configuration data. The configuration data is used to create service profiles and AAA rules for each service. A service profile is a subset of a radio profile. A radio profile is a common set of configuration parameters that can be applied to many MAP radios.

See “Create a Service Profile” on page 99 for information about configuring services.

Network Plan 31

Network Plan What is a network plan?: A network plan is the workspace in 3WXM you

use to design a wireless network.

Why is this important?: You can better manage and visualize your network

topology by creating a detailed and accurate network plan.

You can start by creating a device-oriented (WX switches and MAPs) view of your network without any geographic information about your site—no floor dimensions, building material information, or RF obstacle information. You can go a step further and provide some geographic information by adding floor dimensions, your RF coverage area, and some attenuation information, such as elevator shafts or internal concrete walls. If you want to enjoy the full benefits of network monitoring and visualization, you can create a detailed network plan. This is done by importing detailed building and floor plans into 3WXM, defining RF obstacles, and defining the quality of coverage (traffic engineering parameters) you want for specific RF coverage areas.

RF Coverage Area What is an RF coverage area?: An RF coverage area is the geographical area

in which IEEE 802.11 radios provide wireless services.

Purpose of this section: To describe the three techniques you can use for

RF coverage.

Why is this important?: By understanding available RF coverage planning

techniques, you can use the technique that meets your organization’s requirements.

There are three techniques you can use to get your wireless network started:

 RF Auto-Tuning lets you use the default auto tuning feature to select

power and channel settings for RF signals in your RF coverage area. You upload the WX switches into 3WXM, configure the MAPs, enable RF Auto-Tuning, and deploy.

32 CHAPTER 2: PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

 RF Auto-Tuning with Modelling, as with the RF Auto-Tuning

technique, lets you set the auto tuning feature to adjust power and

channel settings to provide RF signals to the coverage area for your

users. Enhance the auto tuning feature by providing modelling

information about your geographic location. By providing some

information about your buildings and floors, you add enough details

into 3WXM so that your can better visualize your network topology

and support improved monitoring at your site.

 RF Planning is a technique you can use to create a detailed network

plan that provides powerful monitoring and visualization benefits.

Unlike RF Auto-Tuning or RF Auto-Tuning with Modelling, you do not

rely on the auto tuning feature. Instead, you fully model your

geographic location with detailed information about your floors, and

specify your RF coverage areas and your RF obstacles.

Each of these methods is described in the sections that follow.

RF Auto-Tuning To use the RF Auto-Tuning technique:

 Physically place WX switches and the MAPs in their desired locations.

RF Auto-Tuning with

Modelling

 Upload a WX switch configuration and deploy it.

 Enable the RF Auto-Tuning feature.

This is a great way to install a WX switch and some MAPs, and

observe how the network operates. The RF Auto-Tuning plan is best

suited to networks containing fewer MAPs.

To use the RF Auto-Tuning with Modelling technique, you add to the RF Auto-Tuning technique by providing some geographical modelling about your building, floors, and RF coverage area. You also add RF obstacle information for major obstacles (like concrete walls, windows, and elevator shafts) that affect attenuation—the quality of RF signals emitted from and received by the MAPs. By adding geographical modelling, you will be able to manage your network in the context of that geographical information. For example, you will be able to manage your network overlaid on a floor plan, versus managing an abstract logical group of switches and MAPs.

RF Coverage Area 33

RF Planning To do RF Planning, you provide detailed information about your site and

buildings by importing AutoCAD DXF™, AutoCAD DWG, JPEG, or GIF floor plan files of the buildings into 3WXM. As you import the floor plans, you can modify them to add or remove RF obstacles. You define RF obstacles by specifying the attenuation factor in decibels for the obstacle. In addition, 3WXM includes a library of attenuators for building obstacles. The library includes doors, walls, ceilings, and other physical obstructions that you can select. 3WXM factors in the impact these objects have on how the radio frequency (RF) signals flow through a given site.

If the network contains third-party or pre-installed APs, you can enter information for these APs so that 3WXM takes the APs into account when calculating the placement (and optionally, the channel and power settings) of the 3Com MAPs.

By using this technique, you receive these substantial benefits:

 Instead of you making a “best guess” as to how many MAPs you

require for the desired coverage and where MAPs should be placed, 3WXM automatically calculates how many MAPs you need and where to place MAPs for optimal positioning.

Which Planning

Method Should I Use?

 You can generate a deployable work order to help installers place WX

switches and MAPs.

 You automatically receive a deployable configuration that includes

optimum power and channel settings.

 You enjoy more accurate monitoring options and network

visualization based on the additional geographic modelling information loaded into 3WXM.

The more detailed your network plan, the better you will be able to manage and monitor the network. However, there are other requirements organizations should consider.

3Com recommends using the RF Auto-Tuning technique if you are installing MAPs without consideration to blanket coverage, throughput concerns, or the number of users for whom service will be provided. RF Auto-Tuning is ideal for small areas; for example, coverage that only requires a few MAPs, or widely dispersed areas in a building, such as conference rooms.

34 CHAPTER 2: PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

Use the RF Auto-Tuning with Modelling technique if you want to better monitor your wireless network in terms of buildings, floors, or coverage areas. You may only be able to locate inaccurate or incomplete building and floor plans (perhaps only a JPEG file), but with even a bit more geographic modelling of your site, you boost your ability to manage and visualize your network.

Use RF Planning when you want to use all the tools provided in 3WXM to deploy, manage, and monitor your network. You likely have multiple constituencies of users you need to consider; for example, sets of users that are mobile and wireless that have specific throughput and bandwidth needs. One group of users may be mobile and require high throughput performance (a higher bandwidth), while another group of users are more stationary and require less throughput. Additionally, you may be planning for future capacity, and need to add as much detailed information as you can about your site in order to plan for the future.

See Table 7 for some guidelines to help you determine what planning technique is right for your organization.

Tab le 7 Planning Techniques to Use

Concern If yes, use If No, use

Do I have adequate time to add geographic modelling and RF obstacle information?

Can I locate accurate building and floor plans?

Do I need to plan for capacity of users or quality of coverage (traffic engineering concerns) for certain users?

Do I need to visualize coverage accurately?

Do I need to locate users? RF Planning or RF

Do I need to locate rogue APs? RF Planning or RF

RF Auto-Tuning with Modelling

RF Planning or

RF Auto-Tuning with Modelling

RF Planning RF Auto-Tuning or RF

Auto-Tuning with Modelling

RF Auto-Tuning

RF Auto-Tuning with Modelling

Auto-Tuning with Modelling

RF Auto-Tuning

Configuration 35

Tab le 7 Planning Techniques to Use

Concern If yes, use If No, use

Do I want to better monitor my wireless network in terms of buildings, floors, or coverage areas?

RF Planning or RF Auto-Tuning with Modelling

RF Auto-Tuning

If RF Planning does not fit your requirements now, you can always use the RF Planning technique in the future when you have the need, the time, and the necessary floor plans available. You also can leverage the data in RF Auto-Tuning and convert these RF measurements to configured baseline values for planning.

Configuration Purpose of this section: To describe the main areas of the 3Com Network

(WX switch and MAPs) you will configure in 3WXM.

Why is this important?: To provide you with overview information about

the software so that you can plan a configuration to support the services you require.

You will configure the wireless configuration and AAA security configuration for each service you provide on your wireless network. You also create a basic configuration for the WX switch.

Figure 4 Configuration Required for Each Service

Wireless Service

Wireless Configuration

- Radio Profile

- Service Profile

- Encryption Choices

AAA Security Configuration

- AAA methods

- Rules

- Authentication choices

36 CHAPTER 2: PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

This section contains information about:

 “Wireless Configuration” on page 36

 “AAA Security Configuration” on page 38

 “System and Administration Configuration” on page 40

Wireless

Configuration

MAP1

Wireless configuration focuses on the configuration tasks (radio configuration and AAA configuration) you do to deliver the virtual wireless services you want to provide on your network. You enable the MAPs to operate according to your planned RF coverage requirements. Most of the wireless configuration is done as you plan your RF coverage and create your radio profiles and service profiles.

A radio profile is used to apply common settings to multiple radios, and each radio profile can support up to 32 service profiles, one for each service you want to support. You specify in the service profile an SSID for each service and the type of encryption mechanisms to be used by the MAP radios. This gives the radio the potential to look like 32 different and independent MAPs. (See Figure 5.)

Figure 5 Radio and Service Profiles

Radio 1

Radio 2

Radio 1

Radio Profile “default” applied to MAP1, Radio 1 and Radio 2 and MAP2, Radio 1

Service Profiles 1-32

SSID

MAP2

Radio 2

Radio Profile “EBC” applied to MAP2, Radio 2

Service Profile, 1-32

SSID

Configuration 37

You must configure a radio profile to set attributes that you can apply to multiple radios. Rather than configuring each radio individually, you create a radio profile and apply it to multiple radios that you select. You can also create a radio profile as part of a policy and apply it to MAP access points on different WX switches.

The radio profile can contain RF Auto-Tuning settings and IEEE 802.11 settings that control how the data is received and transmitted. You can select RF Auto-Tuning in the radio profile to apply AutoRF settings (enable or disable auto tuning of power and channels) to radios en masse via the radio profile. AutoRF enabled through the radio profile to multiple radios can be easily disabled, too, should you want to go to full RF planning. You can set specific IEEE 802.11 settings, such as beacon, DTIM intervals, and the fragment threshold to control how packets are transmitted.

A default radio profile named default is provided and cannot be deleted.

For each service you want to provide, you configure the following items in a service profile:

 The SSID name

 SSID advertisement (whether the SSID name is beaconed)

 Whether the SSID name is encrypted or clear (not encrypted)

 Web page (if using WebAAA)

 Multiple encryption choices (Dynamic/static WEP, WPA, WEP + WPA,

802.11i)

You also must configure AAA security configuration items for each service. For more information, see “AAA Security Configuration” on page 38.

The encryption type you use depends on the type of services you’re offering. Employee access is typically encrypted, guest access is typically clear (no encryption), and multi-host or “multiple virtualized services” service can be encrypted, with each SSID being matched with its own service profile.

If services are being used for customer corporate entities (e.g. different airlines on an airport wireless net), then they would probably use 802.1X and strong encryption with web guest access for their airport club guests.

38 CHAPTER 2: PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

If the services are being used to advertise multiple wireless service

providers (WISP), such as T-Mobile

, Wayport ®, and Boingo WirelessTM, then these services would probably be completely open. However, they would likely be assigned to their own dedicated subnet containing their proxy server/billing gateway.

AAA Security

Configuration

An administrator can control the way in which users access the network. For each service you provide, you can configure unique authentication, authorization, and accounting (AAA) security features, creating an entirely virtualized wireless service. For each service, you configure:

 Multiple authentication choices (802.1X, Web, AAA, MAC

authentication, Bonded Auth, open)

 AAA methods (up to four RADIUS server groups, or a local database

on the WX switch)

Authentication

Authentication is the method of determining whether a user is allowed access to your network. Users can be authenticated by a RADIUS server (pass-through) or by the WX switch local database (local). The WX switch can also assist the RADIUS server by performing the Extensible Authentication Protocol (EAP) processing for the server (offload).

To authenticate users, you will need to configure users either in the local database or on RADIUS servers. Each user will have a username, password, and RADIUS and/or vendor-specific attributes (VSAs). You will also need to configure authentication rules (802.1X, MAC, last-resort, or web authentication).

See Figure 6 on page 39 to see a flowchart representing the authentication process. Generally, 802.1X authentication is attempted first. If the user fails, then MAC authentication is attempted. If this fails, then last resort and web authentication is used. For a service profile, you specify either web authentication, last-resort, or none in the auth-fall-thru box. You can only select one.

Figure 6 Authentication Flowchart for Network Users

Client associates with 3Com radio or requests access from wired authentication port

Configuration 39

Client requests encrypted SSID?

last-resort?

802.1X rule that

Yes

matches SSID?

MAC rule that matches SSID?

Use fallthru authentication

Yes

Client

Yes

Last-resort rule that matches SSID?

responds to 802.1X?

Refuse Client

Yes

Authent. succeeds?

Refuse Client

Authent. succeeds?

Refuse

Client

Yes

Allow Client

web?

none?

Yes

Refuse Client

Web Auth rule that matches SSID?

Refuse Client

Yes

Authent. succeeds?

Refuse Client

Yes

Allow Client

40 CHAPTER 2: PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

Authorization

Authorization is the method for providing users with specific rights to the network by associating attribute-value (AV) pairs to the user. AAA authorization works by assembling a set of attributes that describe what the user is authorized to perform. These attributes are compared to the information contained in a local database or on a RADIUS server for a given user and the result is returned to the WX switch to determine the user’s actual capabilities and restrictions.

You can configure attributes, such as the time of day or specific VLAN access. You can also control access using security access control lists

(ACLs), Mobility Profiles

, and Location Policies. Security ACLs permit or deny traffic based on IP protocol, IP addresses and, optionally, TCP or UDP port. They also can be used to set class-of-service (CoS) values in a packet. Mobility Profiles contain attributes to allow or deny access to specific parts of the network for a specific user or group of users. Location Policies are an ordered list of location policy rules based on a user glob, VLAN, and/or ports. A Location Policy can be configured if you need to override the configured AAA user authorization attributes locally for a specific WX.

System and

Administration

Configuration

Accounting

Accounting collects and sends information used for billing, auditing, and reporting—for example, user identities, connection start and stop times, the number of packets received and sent, and the number of bytes transferred. You can track sessions through accounting information stored locally or on a remote RADIUS server. As network users roam throughout the network, accounting records track them and their network usage.

A Mobility Domain is a collection of WX switches that work together to support roaming users. One of the WX switches is defined as a seed device, which distributes information to the other WX switches defined in the Mobility Domain.

A Mobility Domain allows users to roam geographically from one WX switch to another without losing network connectivity. Users connect as a member of a VLAN through their authorized identities.

You can add switches to a network plan as members of a Mobility Domain or as standalone switches. After a switch is added, you can move it into or out of a Mobility Domain.

Configuration 41

You can create the following types of WX switches:

 WX4400—Provides four dual-interface gigabit Ethernet ports. Each

port has a 1000BASE-TX copper interface and a Gigabit interface converter (GBIC) slot for insertion of a 1000BASE-SX or 1000BASE-LX fiber-optic interface.

 WX1200—Provides eight 10/100 Ethernet ports, six of which support PoE.

 WXR100—Provides two 10/100 Ethernet ports, one of which supports PoE.

 WX2200—Provides twenty 10/100BASE-TX Ethernet ports, all of

which support Power over Ethernet (PoE). WX2200 switches also provide two slots for 1000BASE-SX or 1000BASE-LX fiber-optic gigabit Ethernet ports.

You perform the following tasks to create and initially configure a WX switch:

 Configure basic WX switch properties.

 Configure WX switch connection information.

 Configure boot information.

Configure Basic WX Switch Properties

To configure basic WX switch properties, you specify a name, select a model, select its location by wiring closet, and select the Mobility System Software (MSS) you want to run on the switch. Optionally, you can select an MSS image to download when you deploy changes to the WX.

You also can specify if the switch is managed. A WX switch that is physically installed as well as configured can be managed. You can deploy configuration changes only to managed devices, and 3WXM periodically checks the managed WX switches in the network for changes. You also can fully configure a switch without it being physically installed (unmanaged). Having an unmanaged device in your network plan may be useful for predeployment purposes.

Basic configuration also includes specifying how you will manage the switch. You can manage it through HTTPS, Telnet, and Secure Shell (SSH). You also can enable monitoring using the Simple Network Management Protocol (SNMP) to exchange information about network activity between your network devices.

For more information about configuring basic WX switch properties, see “Perform Basic Administrative Tasks” on page 157.

42 CHAPTER 2: PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

For detailed information about configuring basic WX switch properties, see the Wireless LAN Switch and Controller Quick Start Guide.

Configure WX Switch Connection Information

You need to supply connection information for the WX switch on both the WX switch and in 3WXM when you make the WX a managed device. Connection information includes the IP address of the switch and how it will connect to the backbone; for example, by means of a VLAN or a port.

Configure Boot Information

You select the software image that the WX will use when reset, or optionally, the configuration file the WX will use when reset.

Equipment Installation

To physically install a WX switch:

1 Unpack and rack the WX switch in the wiring closet or data center location.

2 Plug the WX switch electrical cord into a power outlet.

3 Connect a network access cable from your existing network to one of the

Ethernet ports on the switch (10/100 or Gigabit Ethernet, depending on the WX model and available interfaces on the network).

Remember the port number you used. You will need to know this when performing the initial setup of the switch.

4 Connect a serial interface to the console port of the WX switch to access

the console’s CLI for initial setup.

To physically install MAPs:

1 Instruct the cabling installer to run the Cat. 5 Ethernet cable from the

closest wiring closet to intended location of the MAP.

2 Unpack the MAP, and select the appropriate mounting kit for your

installation location.

3 Install the MAP at the indicated location on the floor.

4 Connect the Cat 5. Ethernet cable(s) to the MAP.

5 At the wiring closet, connect the MAP to the infrastructure equipment:

a If you are directly connecting the MAP to a WX switch, plug the other

cable end(s) to the indicated port(s).

Deployment 43

b If you are indirectly connecting the WX to the switch, plug the other

cable end(s) to an available network port on the wiring closet switch. If the switch does not supply PoE, then ensure that a mid-span PoE device is inserted in-line with the connection.

Deployment What is deployment?: Sending the WX configuration information in the

3WXM network plan to your WX switch.

Purpose of this section: To describe how changes are made to 3WXM and

deployed to your network.

Why is this important?: To understand best practices for sending and

deploying configurations to your WX.

Configuration changes are collected in 3WXM when you save them, but are not applied to WX switches until you send the changes to your network. Any changes you make to your network in 3WXM are saved, but not applied to your network until they are deployed. This method makes it easy to apply configurations simultaneously to multiple WX switches, or you can deploy changes to a single WX switch.

Management and Monitoring

Purpose of this section: To provide an overview of the management and

monitoring capabilities offered in 3WXM.

Why is this important?: Understanding the management and monitoring tools

available in 3WXM can help you to quickly identify and correct problems in your wireless network, as well as to provide you with the statistics and reporting information you need to optimize your network.

This section talks about the following management and monitoring features:

 Network Status

 RF monitoring

 Client monitoring

 Rogue detection

 Event logging

 Verification

 Reporting

44 CHAPTER 2: PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

Network Status 3WXM provides summary status on devices in the network at the

Mobility Domain, switch or MAP level. View the summary status as the initial step in monitoring. Summary status displays the operational status of WX switches, MAPs, and their radios (whether they are up or down).

In addition, 3WXM collects network statistics for devices, including system-level events and statistics for the wired network.

The Alerts section in the bottom, left panel in 3WXM displays top-level status information. The Alerts panel provides you with summary error and warning information for the following areas:

 Configuration—indicates network plan configuration issues

 Network—indicates managed network issues

 Rogue detection—identifies the number of rogue APs detected

 Local changes—indicates changes in 3WXM that can be deployed to

the network

 Network changes—indicates configuration changes in the network

You can display a topology view of your network, including the state and relationship of devices. You can right-mouse click on a device in the topology to display the status of that device. The display can include the wired network, third-party APs, and rogue access points (access points that are not authorized to operate in your network).

You also can set thresholds for events. If the threshold is crossed, the affected device is flagged, and a star is placed beside the parameter that triggered the threshold.

RF Monitoring RF monitoring provides you with current and historical information about

your radio health and activity. Data collected for the RF environment and the RF neighborhood includes the following items:

 RF environment

 Channel

 Noise

 CRC errors

 PHY errors

 Packet retransmissions

 Percent utilization

Management and Monitoring 45

 RF neighborhood

 Transmitters (heard by this radio)

 Listeners (who heard this radio)

 Neighbors

 BSSID to SSID mapping  Channel

 RSSI

Statistics collected for the RF environment provides data on a per-channel basis. You can view noise levels, cyclic redundancy check (CRC) and PHY errors, packet retransmissions and percent utilization.

Data collected for the RF neighborhood displays the neighboring radios. This information can be viewed as a list of radios heard by a particular radio, as well as a list of radios who can hear a particular radio.

You also can display trending information on a per-radio basis. Trending collects radio statistics and charts them on a time basis. For example, you could display average throughput rates for the previous 30 days, week, or day. You can display and print the charts from 3WXM, as well as generate a report.

Client Monitoring Client monitoring provides current and historical information about the

clients using your network, including client activity, watch list clients, current client sessions, and the ability to locate clients at your site. 3WXM displays the data that WX switches collect on user sessions—either for a single user, users associated with a MAP, users associated with a specific radio, or users added to a watch list.

By viewing monitoring information for a user or a group of users, you can troubleshoot problems originating from bandwidth constraints or roaming patterns. You can collect statistics and view reports on:

 Client associations, authentication, and authorization failures

 Client activity, such as roaming and successful authorization

 Current session status, location history, and statistics

 Specifics on users over a period of time; information can be gathered

up to 30 days for session status, location history, client errors, and client activity on users you place on the watch list

If you use 3WXM RF Planning, you also can display the approximate geographic locations of clients.

46 CHAPTER 2: PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

Rogue Detection A rogue AP is an access point that is not authorized to operate in or near

your network. You can use RF countermeasures to deny service to or from a targeted rogue AP, and render them ineffective. Once a rogue AP is detected and reported, the closest 3Com MAP is assigned to perform RF countermeasures. By spoofing various 802.11 control messages, the MAP’s countermeasures disrupt association and authentication attempts to the rogue AP by any new clients. This also disrupts any active communications between any existing client and rogue AP.

You can collect statistics and view reports on:

 Current rogue list, aggregated for the whole network

 Current hour rogue list

 Current day rogue list

 30 days of rogue history, using best listener data

 Rogue lifecycle events (when the rogue was first seen, by whom, and

when it went away)

 Counter-measure activity

The number of currently detected rogues is conveniently displayed in the Alerts panel.

If you use 3WXM RF Planning, you also can display the approximate geographic locations of rogue devices and their clients.

Event Logging 3WXM incorporates a powerful and flexible display interface for all

events collected by the system. Events are stored on a per-WX basis and are collected continuously. Customizable filters can be created to easily drill down to specific information the event log database. You can filter events based on:

 Category

 Severity

 Date and time ranges

 WX switch

 3WXM client and services log

 Specific text string matches

Management and Monitoring 47

Verification Both configuration verification and network verification rules are checked

for any inconsistencies or problems. Verification rules include “instant fix” resolutions. Instant fix resolutions are errors that can be automatically fixed, or alternatively providing a hot link to the object containing the error.

You can selectively disable any rule. Disabling a rule is useful if you wish to ignore a warning and do not want to see it displayed anymore. The number of configuration and network errors or warnings are conveniently displayed in the Alerts panel.

Reporting 3WXM uses a database to collect and store client, RF, and other system

dynamic data, such as statistics, status, events, and traps. You can generate reports from the monitoring and configuration data collected in the database. A report can have a selectable scope and a selectable time period and in some cases, query filter parameters. See Table 8 for a listing and description of the reports you can generate in 3WXM.

Tab le 8 3WXM Reports

Report Description

Configuration Reports

Inventory Report Provides information about the WX switches

and MAPs in your network.

Mobility domain configuration Provides a configuration overview, providing

Wireless Switch (WX) Configuration Provides details on a WX configuration.

Site Survey Order Provides a map of your site that can be used

Work Order Provides information installers use to

Monitoring Reports

Client Session Summary Displays summary data for sessions in the

Client Session Details Displays detailed session information.

data that spans multiple WX switches. For example, it contains information about the AAA/RADIUS setup, SSIDs, and where they are configured.

to guide a site survey.

physically install WX switches and MAPs.

selected scope.

48 CHAPTER 2: PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

Tab le 8 3WXM Reports (continued)

Report Description

Client Errors Provides data on client-related health in the

network over time; for example, if there is a large number of association failures in some area of the network.

Watch List Clients Contains detailed information for the clients

on the Watch List.

Network Usage Provides information about network resource

usage and client activity.

RF Summary Provides information about overall network

Radio Details Provides a detailed set of statistical

Rogue Details Provides current and historical information

Rogue Summary Provides information for all visible rogues for

health using selected radio statistics. It can be used to compare RF environments across the network and isolate potential problem areas.

information for each radio in the selected MAP.

for a selected rogue.

a selected time.

RF Plan Optimization

What is optimization?: Importing RF measurement data into an RF model

to improve the accuracy of the model.

Purpose of this section: Provides an overview of optimization methods.

Why is this important?: A network plan contains the configuration settings

that determine the performance of your wireless network. Optimization of the RF model leads to a more successful RF plan. The ultimate result is an accurate visualization of your RF coverage, better-defined statistics for monitoring, and the ability to more accurately plan for and improve network performance.

You can optimize your network based on user and network statistics gathered from:

 The monitoring data in 3WXM

 A site survey

RF Plan Optimization 49

Based on RF measurement data you gather in 3WXM to optimize the RF model of a floor, you can make configuration changes in the software to improve signal strength and coverage for groups or individuals, modify MAP locations, or add additional equipment to your wireless network if statistics indicate your network has outgrown the support provided by its current deployment of WX switches and MAPs.

You also can import RF measurement data based on a site survey done outside of 3WXM. See the “Using RF Measurements from MAPs” on page 180 for general guidelines about performing a site survey.

50 CHAPTER 2: PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

CONFIGURING WIRELESS SERVICES

What are Services? A service is a concept (not a selectable item in the 3WXM interface) that

represents a set of options you configure and deploy on your wireless network. Services are configured to provide various levels of wireless network access to users, such as secure employee access, guest access, multi-hosted access, or Voice over Wireless IP (VoWIP) access.

You can configure a service to be independent of other services on your wireless network, or you may be able to share configuration components among services. For example, multi-hosted access is typically fully isolated from other services (no shared configuration), while services that provide for guest and employee access in a single corporation may share a common radio profile. In this way, you can reuse part of the service configuration for other services you want to provide. You could configure a service for employee access; then reuse part of the configuration to provide services for guest access.

Each service has potential authentication types (802.1X, web page, MAC address, or open access) and potential encryption types (802.11i, WPA, WEP, or unencrypted). (Open Access is sometimes called last resort.)

This chapter contains examples to help you configure the following types of service sets:

 Employee access (802.1X)

 Guest access (Web Portal)

 Voice over IP (MAC AAA)

The configuration examples in this chapter take place on a WX switch already in the network plan. However, you also can preconfigure services in a policy and apply the policy to WX switches later.

52 CHAPTER 3: CONFIGURING WIRELESS SERVICES

Configure Employee Access Services

Tas k Ta b l e Table 9 contains the tasks you need to perform to create a service for

Services for Employee access are typically configured to provide secure, encrypted access to the wireless network.

The following sections provide information about how to configure Employee access:

 “Task Table” on page 52

 “Step Summary” on page 54

 “Example: Configure Employee Access” on page 55

Table 9 on page 52 contains the tasks you need to perform to configure Employee access services. The summary provides the configurable options you should set. The section “Example: Configure Employee Access” on page 55 guides you through the primary wizards and pages in 3WXM to configure Employee access services.

employee access. For a summary of configurable items, see “Step Summary” on page 54. For detailed steps about how to perform each of these tasks, see “Example: Configure Employee Access” on page 55.

Tab le 9 Creating a Service for Employee Access

Primary Parameters to

Task Path

“Create a Radio Profile” on page 56

1 Tool bar option: select

2 Organizer panel: expand

3 Expand Wireless.

4 Click on Radio Profiles.

5 Select Radio Profile in the

Configuration.

the WX switch.

task list.

Configure

From the Create Radio Profile wizard:

 Radio profile name: enter a

name

After you create the service profile, you can map it to the radio profile.

After you install the MAPs, you can map their radios to the radio profile.

Note: The examples in this chapter configure the radio profile first. However, you also can configure the radio profile later as part of service profile configuration.

Configure Employee Access Services 53

Tab le 9 Creating a Service for Employee Access (continued)

Primary Parameters to

Task Path

“Configure

1 Tool bar option: select RADIUS Servers” on page 58

2 Organizer panel: expand

3 Expand AAA.

4 Click RADIUS.

5 Select RADIUS Server in the

Configuration.

the WX switch.

Task List.

Configure

From the Create RADIUS Server wizard:

 Name: enter server name

 IP Address: enter server IP

address

 Key: enter key

 Server group: allow the wizard

to create it

On the RADIUS servers themselves, configure the AAA backed (not in 3WXM):

 Set up each WX switch as a

RADIUS client.

 Define the 3Com vendor-specific

attributes (VSAs) in the RADIUS server’s dictionary.

 Configure each user record with

authorization rules (username and password).

 Configure each user with either

the Vlan-Name attribute (3Com VSA) or the RADIUS Tunnel-Private-Group-ID to assign users to VLANs.

 Configure authentication rules

(802.1X, MAC, Open Access, or Web Portal).

54 CHAPTER 3: CONFIGURING WIRELESS SERVICES

Tab le 9 Creating a Service for Employee Access (continued)

Task Path

“Create a Service Profile for 802.1X Access” on page 61

“Set Up VLANs on WX Switches” on page 66

1 Tool bar option: select

Configuration.

2 Organizer panel: expand

the WX switch.

3 Expand Wireless.

4 Click Wireless Services.

5 Select 802.1X Service

Profile in the Task List.

1 Tool bar option: select

Configuration.

2 Organizer panel: expand

the WX switch.

3 Expand System.

4 Click VLANs.

5 Select VLAN in the Task

List.

Primary Parameters to Configure

From the Create Service Profile wizard:

 Service profile name: edit name

 SSID name: enter name

 Security mode: select WPA (and

deselect Dynamic WEP)

 Encryption type: use TKIP

(already selected)

 EAP Type: use External RADIUS

Server (already selected)

 RADIUS server group: select one

 SSID default VLAN: enter name

 Radio profile: select one

From the Create VLAN wizard:

 VLAN Name: enter name

 VLAN ID: select number

 IP Address: enter IP Address

 Ports: select them and either

move them (use them only in the new VLAN) or add them (share them with other VLANs)

 If you add them, select Tag

Step Summary The following list summarizes the fields selected or configuration items

entered in the example that follows to configure Employee access:

1 Create a radio profile.

 From the Radio Profile wizard, enter RadioProfile1 as the name of the

radio profile.

 Click Finish.

2 Configure the RADIUS back end:

 Configure the RADIUS server for 802.1X. Use the recommended EAP

method, PEAP + MS-CHAPv2.

 Set up each WX switch as a RADIUS client.

 Define any desired 3Com vendor-specific attributes (VSAs).

Configure Employee Access Services 55

 Configure each user record with either the VLAN-Name attribute or

the RADIUS Tunnel-Private-Group-ID.

 Configure 802.1X authentication rules.

3 Configure the RADIUS server in 3WXM:

 From the Create RADIUS wizard, enter sg1 as the Name of the server,

the server’s IP address, and the Key. Allow the wizard to create the server group and place the server in it for you. Click Finish.

4 Create a service profile for 802.1X service.

 From the 802.1x Service Profile wizard, click Next and enter

Secure-802.1X-Employees as the Name of the service profile and Employees as the SSID.

 Click Next. Select WPA and deselect Dynamic WEP.

 Click Next. Leave TKIP enabled.

 Click Next. Leave External RADIUS Server enabled. Select the RADIUS

server group and click Add.

 Click Next. Enter vlan-mkt as the default VLAN to use if the VLAN is

not assigned by RADIUS authorization.

Example: Configure

Employee Access

 Click Next. Select RadioProfile1 and click Add. Select default and click

Remove.

 Click Finish.

5 Set up a VLAN on the WX switches.

 From the Create VLAN wizard, enter vlan-mkt as the VLAN name.

 Click Next. Select the VLAN ports. Click Add to share them with

other VLANs or Move to use them exclusively in this VLAN. If you click Add, then select Tag.

 Click Finish.

The following detailed steps provide an example of how to configure Employee services. You will:

 “Create a Radio Profile” on page 56

 “Configure RADIUS Servers” on page 58

 “Create a Service Profile for 802.1X Access” on page 61

 “Set Up VLANs on WX Switches” on page 66

56 CHAPTER 3: CONFIGURING WIRELESS SERVICES

In general, these same steps are required to configure other services, too. You can refer back to this section, using the summary list or the task table, with configuration options for “Configure Guest Access Services” on page 69 or “Configure Voice over Wireless IP Service” on page 83.

Create a Radio Profile

You configure a radio profile to set attributes that you can apply to multiple radios. Rather than configuring each radio individually, the radio profile is applied to multiple radios that you select. Service profiles are mapped to radio profiles.

The radio profile can contain RF Auto-Tuning settings and IEEE 802.11 settings that control how the data is received and transmitted.

MAPs (and consequently, radios) need to be added to 3WXM after creating a radio profile. For more information about adding radios, refer to one of the following:

 “Using RF Auto-Tuning” on page 97

 “Using RF Auto-Tuning with Modelling” on page 105

 “Using RF Planning” on page 121

To create a radio profile

1 Select Configuration on the toolbar.

2 In the Organizer panel, expand the WX switch.

3 Expand Wireless, then select Radio Profiles.

4 In the Task List panel, select Radio Profile.

The Create Radio Profile wizard is displayed.

Configure Employee Access Services 57

5 Enter the name of the radio profile, then click Next at the bottom of the

wizard.

6 If MAPs are already configured, select the radios to map to the radio

profile, then click Move.

3WXM removes the radios from the radio profile they are in and places them in the new profile.

If you have not configured the MAPs in 3WXM yet, no radios are listed. You can map the radios to the radio profile later.

7 Click Finish to save the changes and close the wizard.

The new radio profile appears in the Content panel.

58 CHAPTER 3: CONFIGURING WIRELESS SERVICES

Configure RADIUS Servers

Remote Authentication Dial-In User Service (RADIUS) is a client-server security protocol that provides authentication, authorization, and accounting for network users and devices. A RADIUS server stores user profiles, which include usernames, passwords, and other user attributes.

To configure RADIUS servers, you must:

 Configure RADIUS server attributes in 3WXM

 Configure attributes on the RADIUS server

Configure RADIUS Server in 3WXM To configure RADIUS in 3WXM, you define RADIUS server groups (named sets of RADIUS servers). You must create at least one server group. RADIUS server groups can authenticate administrators and network users.

To configure the RADIUS server in 3WXM

1 Select Configuration on the toolbar.

2 In the Organizer panel, expand the WX switch on which you are

configuring the service.

3 Expand AAA, then select RADIUS.

4 In the Task List panel, select RADIUS Server.

The Create RADIUS Server wizard is displayed.

Configure Employee Access Services 59

5 Type the name, IP address, and key, then click Next.

3WXM suggests the name of a server group to place the server in. The server group is required because AAA rules refer to server groups, not to individual servers.

6 Click Finish to save the server and create the server group.

The new server and group appear in the Content panel.

60 CHAPTER 3: CONFIGURING WIRELESS SERVICES

Configure Attributes on the RADIUS Server To authenticate users, you will need to configure users either in the local database or on RADIUS servers. To configure services for Employee access, the following items should be configured on the RADIUS server.

To configure the RADIUS server

1 Configure RADIUS server to perform 802.1X using the recommended

EAP method PEAP + MSCHAPV2.

2 Setup each WX switch as a RADIUS client.

3 Define any desired 3Com vendor-specific attributes (VSAs) in the RADIUS

server’s dictionary.

The vendor-specific attributes (VSAs) created by 3Com are embedded according to the procedure recommended in RFC 2865, with Vendor-ID set to 14525. Table 10 describes the 3Com VSAs, listed in order by vendor type number.

Table 10 3Com VSAs

Rcv in

Attribute Type

VLAN-Name 26, 43, 2 Yes No Yes Name of the VLAN to

MobilityProfile

EncryptionType

Time-Of-Day 26, 43, 5 Yes No No Day(s) and time(s) during

SSID 26, 43, 6 Yes No Yes Name of the SSID you

26, 43, 3 Yes No No Name of the Mobility

26, 43, 4 Yes No No Type of encryption used

Access Resp?

Sent in Access Reqst?

Sent in Acct Reqst? Description

which the client belongs.

Profile used by the authorized client.

to authenticate the client.

which a user can log into the network.

want the user to use. The SSID must be configured in a service profile, and the service profile must be used by a radio profile assigned to 3Com radios in the Mobility Domain.

Table 10 3Com VSAs (continued)

Configure Employee Access Services 61

Rcv in

Attribute Type

End-Date 26, 43, 7 Yes No No Date and time after which

Start-Date 26, 43, 7 Yes No No Date and time at which

URL 26, 43, 8 Yes No No URL to which the user is

Access Resp?

Sent in Access Reqst?

Sent in Acct Reqst? Description

the user is no longer allowed to be on the network. Use the following format:

YY/MM/DD-HH:MM

the user becomes eligible to access the network. Use the following format:

YY/MM/DD-HH:MM

redirected after successful WebAAA. Use the following format:

http://www.example.com

4 Configure each user record with authorization rules (username and

password) and with either the Vlan-Name attribute (3Com VSA) or the RADIUS Tunnel-Private-Group-ID to assign users to VLANs.

Other attributes are optional.

Create a Service Profile for 802.1X Access

A service profile contains the configuration for the service you want to offer, such as employee access, guest access, or VoWIP.

For more information about service profiles, see “Wireless Configuration” on page 36. For more information about service sets, see “Which Services To Provide?” on page 30.

To create an 802.1X service profile

1 Select Configuration on the toolbar.

2 In the Organizer panel, expand the WX switch.

3 Expand Wireless, then select Wireless Services.

4 In the Task List panel, select 802.1X Service Profile.

The 802.1X Service Profile wizard is displayed.

62 CHAPTER 3: CONFIGURING WIRELESS SERVICES

5 Click Next.

6 Change the service profile name to Secure-802.1X-Employees, and use

Employees as the SSID, as shown in the figure on the next page.

7 Click Next. Select WPA and deselect Dynamic WEP.

Configure Employee Access Services 63

8 Click Next. TKIP is already selected.

9 Click Next. Leave External RADIUS Server selected as the EAP Type.

10 Select the RADIUS server group in the Available RADIUS Server Groups list

and click Add.

11 Click Next. Type vlan-mkt in the VLAN Name box.

12 Click Next. Select RadioProfile1 in the Available Radio Profiles list and

click Add. Select default in the Current Radio Profiles list and click Remove.

64 CHAPTER 3: CONFIGURING WIRELESS SERVICES

13 Click Finish.

The new service profile appears in the Content panel.

View the Service Profile’s Access Rules

Every service profile requires access rules. The access rules specify the usernames or MAC addresses that are allowed to access the SSID. The service profile wizards automatically create access rules that match on all usernames (or that match on all MAC addresses, for VoWIP services).

Configure Employee Access Services 65

To view an 802.1X service profile’s access rules

1 Select the service profile in the Wireless Service Profiles table (located in

the Content panel).

A Setup group appears in the Task List panel.

2 In the Task List panel, select 802.1X Access.

The Configure 802.1X Access wizard appears. The wizard displays the encryption settings, access rules, and AAA settings for the service profile and allows you to change them. You also can configure new access rules using the wizard.

3 Click Next to page through the wizard until the 802.1X Access Rules

page appears.

This page lists the access rules configured for the service profile. The userglob and SSID name are shown. The userglob is the value that matches on username. The userglob can be a specific username, part of a username with a wildcard character (*), or two wildcard characters (**) to match on all usernames.

66 CHAPTER 3: CONFIGURING WIRELESS SERVICES

The 802.1X Service Profile wizards uses the ** userglob in the access rule. You can use this rule, modify it, or delete it and create a new one. You also can create additional rules. For syntax information, see the “Wireless Service Parameters” section in the “Configuring Wireless Parameters” chapter of the Wireless LAN Switch Manager Reference

Manual.

To modify or create access rules

See the “Modifying SSID Encryption Settings and Access Rules” section in the “Configuring Wireless Parameters” chapter of the Wireless LAN

Switch Manager Reference Manual.

Set Up VLANs on WX Switches

WX switches in a Mobility Domain contain a user’s traffic within the VLAN the user is assigned to. For example, if you assign a user to VLAN red, the WX switches in the Mobility Domain contain the user’s traffic within VLAN red configured on the switches. The VLANs you set up for service sets support wireless users—they don’t serve as management VLANs.

If a WX is connected to the network by only one IP subnet, the WX must have at least one VLAN configured. Optionally, each VLAN can have its own IP address. However, no two IP addresses on the switch can belong to the same IP subnet. User VLANs must be defined on at least one WX switch within the Mobility Domain.

You can configure the Spanning Tree Protocol (STP) on a VLAN. STP is used to maintain a loop-free network; meaning, devices will recognize a loop in the topology and block one or more redundant paths, creating a loop-free path.

The Mobility System Software (MSS) supports Per-VLAN Spanning Tree protocol (PVST). PVST allows a separate spanning tree in each VLAN. STP, disabled by default on all VLANS, is configurable for individual VLANs. STP does not run on MAP ports or wired authentication ports and does not affect traffic flow on these port types.

To set up a VLAN on a WX switch

1 Select Configuration on the toolbar.

2 In the Organizer panel, expand the WX switch.

3 Expand System, then select VLANs.

4 In the Task List panel, select VLAN.

The Create VLAN wizard is displayed.

Configure Employee Access Services 67

5 Enter vlan-mkt as the VLAN name and use the VLAN ID suggested by the

wizard.

6 Click Next. Select the ports you want to use in the VLAN and click Add

or Move.

 The Add button adds the ports to the new VLAN without removing

them from any other VLANs.

 The Move button removes the ports from all other VLANs, and places

them in the new VLAN.

The ports appear in the Current Members list.

To tag ports in the VLAN, select Tag and edit the tag value. (Tagging is required if you click Add, because the ports are then members of multiple VLANs.)

7 Click Next. (Optional) To assign an IP interface to the VLAN, edit the IP

address or select DHCP Client. To enable the IP interface, select Interface Enabled.

8 Click Finish.

The new VLAN appears in the Content panel.

68 CHAPTER 3: CONFIGURING WIRELESS SERVICES

What’s Next? After you create Employee services, you can create additional services.

For information about configuring additional services, refer to:

 “Configure Guest Access Services” on page 69

 “Configure Voice over Wireless IP Service” on page 83

After you have created additional services, you can create your RF environment, and deploy your configuration and enable monitoring.

For information about creating your RF environment, refer to:

 “Using RF Auto-Tuning” on page 97

 “Using RF Auto-Tuning with Modelling” on page 105

 “Using RF Planning” on page 121

For information about deploying your configuration and enabling monitoring of your network, see “Managing and Monitoring Your Network” on page 155.

Configure Guest Access Services 69

Configure Guest Access Services

Tas k Ta b l e Table 11 contains the tasks you need to perform to create Guest access services.

Guest access is access for visitors at your location and is typically clear (no encryption).

This section contains the following information about how to configure Guest access services:

 “Task Table” on page 69

 “Step Summary” on page 71

 “Optional: Configure Mobility Profiles” on page 81

Table 11 contains the tasks you must perform to configure Guest access services. The “Step Summary” provides the configurable options you should set. The table contains references to the section “Example: Configure Employee Access” on page 55. The references are provided in case you want to refer back to detailed steps. However, be sure to use the configurable options for Guest access services set forth in the “Step Summary” on page 71. Also, you can optionally configure mobility profiles for your Guest access services to limit access based on criteria, such as RF coverage area or time of day.

For a summary of configurable items, see “Step Summary” on page 71.

Table 11 Creating a Service for Guest Access

Task Path

“Create a Radio Profile” on page 56

1 Tool bar option: select

2 Organizer panel: expand

3 Expand Wireless.

4 Click Radio Profiles.

5 Select Radio Profile in the

Configuration.

the WX switch.

Task List.

Primary Parameters to Configure

From the Create Radio Profile wizard:

 Radio profile name: enter a name

After you create the service profile, you can map it to the radio profile.

After you install the MAPs, you can map their radios to the radio profile.

Note: The examples in this chapter configure the radio profile first. However, you also can configure the radio profile later as part of service profile configuration.

70 CHAPTER 3: CONFIGURING WIRELESS SERVICES

Table 11 Creating a Service for Guest Access

Task Path

“Create a User Group and Guest Users” on page 72

“Create a Service Profile for Guest Access with Web Login” on page 75

“Set Up VLANs on WX Switches” on page 66

“Optional: Configure Mobility Profiles” on page 81

1 Tool bar option: select

Configuration.

2 Organizer panel: expand

the WX switch.

3 Expand AAA.

4 Click Local User Database.

5 Select User in the Task List.

1 Tool bar option: select

Configuration.

2 Organizer panel: expand

the WX switch.

3 Expand Wireless.

4 Click Wireless Services.

5 Select Web Portal Service

Profile in the Task List.

1 Tool bar option: select

Configuration.

2 Organizer panel: expand

the WX switch.

3 Expand System.

4 Click VLANs.

5 Select VLAN in the Task List.

1 Tool bar option: select

Configuration.

2 Organizer panel: expand

the WX switch.

3 Expand AAA.

4 Click Mobility Profiles.

5 Select Mobility Profile in the

Task List.

Primary Parameters to Configure

From the Create Named User wizard:

 Username: enter name

 Password: enter password

 Authorization attributes:

configure the end-date, to specify when the account expires

From the Create Service Profile wizard:

 Service profile name: edit

name

 SSID name: enter name

 SSID Type: use Clear

(unencrypted)

 VLAN Name: enter name

 Authentication server: select

LOCAL or a RADIUS server group

 Radio profile: select one

From the Create VLAN wizard:

 VLAN Name: enter name

 VLAN ID: select number

 IP Address: enter IP Address

 Ports: select them and either

move them (use them only in the new VLAN) or add them (share them with other VLANs)

 If you add them, select Tag

From the Create Mobility Profile wizard:

 Profile Name: enter one

 Ports: use Selected

 Select the ports or Distributed

MAPs

Configure Guest Access Services 71

Step Summary The following list summarizes the fields selected or configuration items

entered configure Guest access.

1 Create a radio profile.

 From the Radio Profile wizard, enter RadioProfile1 as the Name of the

radio profile.

 Click Finish.

2 Configure users in the local database:

 From the Create Named User wizard, enter guest1 as username and

guest1pass as the password.

 Configure the end-date authorization attribute to specify when the

account expires.

 Allow the wizard to create a server group or select a configured server

group.

 Click Finish.

3 Create a Web-Portal service profile.

 From the Web-Portal Service Profile wizard, click Next and enter

Web-Portal-Guests as the Name of the service profile and Guests as the SSID.

 Click Next. Enter guest_vlan.

 Click Next. Click Next again. Select LOCAL and click Add.

 Click Next. Click Next again. Select RadioProfile1 and click Add.

Select default and click Remove.

 Click Finish.

4 Set up a VLAN on the WX switches.

 From the Create VLAN wizard, enter guest-vlan as the VLAN name.

 Click Next. Select the VLAN ports. Click Add to share them with

other VLANs or Move to use them exclusively in this VLAN. If you click Add, then select Tag.

 Click Finish.

5 Optional: Configure a Mobility Profile.

 From the Create Mobility Profile wizard, enter the Profile Name.

 Select Selected.

72 CHAPTER 3: CONFIGURING WIRELESS SERVICES

 Choose the Ports or Distributed MAPs to which you’ll restrict guest

users to certain geographic areas of your network.

 Click Finish.

For detailed information about the steps, see the cross-references in the “Task Table” on page 69. New configuration items that were not part of the example “Configure Employee Access Services” on page 52 are included in the following sections.

Create a User Group and Guest Users

A simple way to administer guest user accounts is to configure a guest user group and add users to the group.

To create users

1 Select Configuration on the toolbar.

2 In the Organizer panel, expand the WX switch.

3 Expand AAA, then select Local User Database.

4 In the Task List panel, select User.

5 Type the username and password.

Leave the User Group unassigned. (You can add the user to the group when you create the group.)

Configure Guest Access Services 73

Leave the VLAN name unassigned.

For Web Portal access, you specify the VLAN name when you configure the guest service profile. (See step 8 on page 77.)

6 Click Next.

The wizard lists the authorization attributes you can configure for the user. A very useful authorization attribute for guest users is the end-date, which specifies the date and time when the user’s network access expires.

7 Click in the Value column next to end-date and specify the ending date

and time for this user’s guest access. Use the following format:

YY/MM/DD-HH:MM

8 Click Finish.

The new user appears in the Content panel.

74 CHAPTER 3: CONFIGURING WIRELESS SERVICES

To create a user group and add users to it

1 In the Task List panel, select User Group.

2 Type a name for the group in the name box and click Next.

The wizard lists the authorization attributes you can configure for the group. For this example, leave the attributes unconfigured.

If attributes are configured for a user and also for the group the user is in, the attributes assigned to the individual user take precedence for that user.

3 Click Next. The users configured in the local database are listed. Select

the guest users in the Available Users list and click Add.

4 Click Finish.

Configure Guest Access Services 75

The new group appears in the Content panel.

Create a Service Profile for Guest Access with Web Login

To create a Web-Portal service profile

1 Select Configuration on the toolbar.

2 In the Organizer panel, expand the WX switch.

3 Expand Wireless, then select Wireless Services.

4 In the Task List panel, select Web-Portal Service Profile.

The Web-Portal Service Profile wizard is displayed.

76 CHAPTER 3: CONFIGURING WIRELESS SERVICES

5 Click Next.

6 Change the service profile name to Web-Portal-Guests, and use the name

Guests for the SSID.

Configure Guest Access Services 77

7 Select the SSID Type:

 Clear —Data is not encrypted

 Encrypted—Data is encrypted

For this example, Clear is selected.

8 Click Next. Type or select the name of the VLAN you want to place your

guests users in. For this example, use guest-vlan.

Typing the VLAN name here does not actually configure the VLAN. To configure a VLAN, see “Set Up VLANs on WX Switches” on page 66.

9 Click Next. The wizard displays the ACL that will automatically be added

to the configuration by the wizard. The ACL restricts users to DHCP traffic only, while they are in the portal and are being authenticated. After successful authentication, the user is allowed through the portal and the ACL no longer applies to the user session.

78 CHAPTER 3: CONFIGURING WIRELESS SERVICES

10 Click Next. Select the location of the user information and click Add:

 LOCAL—The switch’s local database

 RADIUS server group—group of external RADIUS servers

(For a server group to be available in the wizard, the group must already be configured. See “Configure RADIUS Servers” on page 58.)

For this example, LOCAL is selected.

Configure Guest Access Services 79

11 Click Next. The wizard shows the user names configured in the local

database.

The users created in “To create users” on page 72 are listed.

80 CHAPTER 3: CONFIGURING WIRELESS SERVICES

Also listed is a user named web-portal-ssid, where ssid is the Web-Portal SSID name. This user is automatically created. The switch uses the web-portal-ssid username for users while they are in the portal and are being authenticated. After a user is authenticated, the username of the session changes to the user’s login name.

If you need to add users, you can do so from within the wizard by clicking

Create.

12 Click Next. Select RadioProfile1 in the Available Radio Profiles list and

click Add. Select the default radio profile and click Remove.

13 Click Finish.

The new service profile appears in the Content panel.

Configure Guest Access Services 81

View the Service Profile’s Access Rules

To view a Web-Portal service profile’s access rules

1 Select the service profile in the Wireless Service Profiles table (located in

the Content panel).

A Setup group appears in the Task List panel.

2 In the Task List panel, select Web Portal Access.

The wizard is similar to the 802.1X Access wizard, but shows access information for the Web-Portal service profile. (See “View the Service Profile’s Access Rules” on page 64.)

Optional: Configure

Mobility Profiles

Mobility Profile™ attributes allow or deny access to the network for a specific user or group of users. When you create a Mobility Profile, you specify which MAP ports, Distributed MAPs, or wired authentication ports are to be included. Typically, you include ports that are defined as MAP ports or Distributed MAPs. You can specify that all or no ports are included, or you can specify a list of ports to be included.

When you apply the Mobility Profile, it guests have access only through specific areas of your WLAN—if they roam outside of a designated area supported by a WX switch or certain MAPs, they no longer have access to the Internet.

After creating a Mobility Profile, you can assign it to users created in the local WX user database, or users who are authenticated and authorized by a RADIUS server. To assign it to users in the WX user database, you add the Mobility Profile name when you create or modify a user or user group. To add this on a RADIUS server, you assign the name of the Mobility Profile by using the Mobility-Profile RADIUS attribute, which is a 3Com vendor-specific attribute (VSA).

To create a Mobility Profile

1 Select Configuration on the toolbar.

2 In the Organizer panel, expand the WX switch.

3 Expand AAA, then select Mobility Profiles.

82 CHAPTER 3: CONFIGURING WIRELESS SERVICES

4 In the Task List panel, select Mobility Profile.

The Create Mobility Profiles wizard appears.

5 In the Profile Name box, type the name of the Mobility Profile.

The name can be up to 16 alphanumeric characters, and it cannot contain tabs.

The Mobility Profile Name has to be defined as an authorization attribute in the defined users or user groups in the local database.

6 In the Ports list, specify ports to include in the Mobility Profile:

 All—Include all MAP or wired authentication ports. Go to step 10.

 Selected—Include a selected list of ports. Go to the next step.

 None—Include no ports. Go to step 10.

7 Select the ports to be included in the Mobility Profile and click Add.

8 Click Next. In the Distributed MAPs list, specify the Distributed MAPs to

include in the Mobility Profile:

 All—Include all Distributed MAPs. Go to step 10.

 Selected—Include a selected list of Distributed MAPs. Go to the next

step.

 None—Include no Distributed MAPs. Go to step 10.

9 Select the Distributed MAPs to be included in the Mobility Profile and

click Add.

10 Click Finish to save the changes and close the wizard.

What’s Next? After you create Guest services, you can create another service.

For information about configuring an additional service, refer to:

 “Configure Voice over Wireless IP Service” on page 83

You can create your RF environment, and deploy your configuration and enable monitoring.

For information about creating your RF environment, refer to:

 “Using RF Auto-Tuning” on page 97

 “Using RF Auto-Tuning with Modelling” on page 105

 “Using RF Planning” on page 121

Configure Voice over Wireless IP Service 83

For information about deploying your configuration and enabling monitoring your network, refer to:

 “Managing and Monitoring Your Network” on page 155.

Configure Voice over Wireless IP Service

Voice over Wireless IP (VoWIP) is a new technology, merging VoIP (Voice over IP) with 802.11 wireless LANs to create a wireless telephone system. Organizations that add VoWIP to their wireless LANs can deploy and manage voice and data over a single wireless backbone, reserving some portion of network bandwidth to support real-time voice communications.

For a VoWIP service (sometimes also referred to simply as VoIP, or Voice over IP), you can configure either local or RADIUS server authentication, and add Access Lists (ACLs) to restrict user access.

This section contains the following information about how to configure VoWIP services:

 “Task Table” on page 83

 “Step Summary” on page 85

 “Create a Service Profile for WMM VoWIP Devices” on page 87

 “Create a Service Profile for SVP VoWIP Devices” on page 90

 “Create a Service Profile for Avaya VoWIP Devices” on page 92

Table 12 contains the tasks you must perform to configure Guest access services. The table contains references to the section “Example: Configure Employee Access” on page 55. The references are provided in case you want to refer back to detailed steps. However, be sure to use the configurable options for VoWIP access services set forth in the “Step Summary” on page 85. The “Step Summary” provides the configurable options you should set.

Tas k Ta b l e Table 12 contains the tasks you need to perform to create VoWIP access

services. For a summary of configurable items, see “Step Summary” on page 85.

84 CHAPTER 3: CONFIGURING WIRELESS SERVICES

Table 12 Creating a Service for VoWIP Access

Ta sk Path Primary Parameters to Configure

“Create a Radio Profile” on page 56

1 Tool bar option: select

Configuration.

2 Organizer panel: expand the

WX switch.

3 Expand Wireless.

4 Click Radio Profiles.

5 Select Radio Profile in the Task

List.

From the Create Radio Profile wizard:

 Radio profile name: enter a name

For SpectraLink, from the Radio Profile Properties dialog:

 802.11 attributes: change DTIM to 3

After you create the service profile, you can map it to the radio profile.

After you install the MAPs, you can map their radios to the radio profile.

Note: The examples in this chapter configure the radio profile first. However, you also can configure the radio profile later as part of service profile configuration.

“Create a Service Profile for Voice” on page 86

“Set Up a VLAN for VoWIP on WX Switches” on page 94

1 Tool bar option: select

Configuration.

2 Organizer panel: expand the

WX switch.

3 Expand Wireless.

4 Click Wireless Services.

5 Select Voice Service Profile in

the Task List.

1 Tool bar option: select

Configuration.

2 Organizer panel: expand the

WX switch.

3 Expand System.

4 Click VLANs.

5 Select VLAN in the Task List.

From the Create Service Profile wizard:

 Service profile name: edit name

 SSID name: enter name

 SSID Type: use Clear (unencrypted)

 VLAN Name: enter name

 Authentication server: select LOCAL

 Radio profile: select one

From the Create VLAN wizard:

 VLAN Name: enter name

 VLAN ID: select number

 IP Address: enter IP Address

 Ports: select them and move them to the voice

VLAN

For SpectraLink, from the VLAN Properties dialog:

 IGMP: disable

SVP requires IGMP snooping to be disabled.

Configure Voice over Wireless IP Service 85

Step Summary The following list summarizes the fields selected or configuration items

entered in the example that follows to configure VoWIP access:

1 Create a radio profile.

 From the Radio Profile wizard, enter RadioProfileVoic as the Name of

the radio profile.

 Click Finish.

 Select the radio profile and click Properties.

 Select the 802.11 Attributes and change the DTIM Period to 3.

 Click OK.

2 Create a Voice service profile.

 From the Voice Service Profile wizard, click Next and enter

Voice-WMM, Voice-SVP, Voice-Avaya, or Voice-Vocera

as the Name

of the service profile and WMM, SVP, Avaya, or Vocera as the SSID.

 Select the Vendor (SpectraLink, Avaya, Vocera, or Other).

 Click Next. Select the access type. (The examples in this section use

Open Access.)

 Click Next. Select the data encryption method. (The examples in this

section use WPA and disable Static WEP.)

 Click Next. Leave TKIP enabled and click Next.

 Click Next. Type a passphrase from 8 to 63 characters long in the

Pre-shared Key box and click Generate.

 Click Next. Type voice-vlan as the VLAN name to place voice users in.

 Click Next. (If the device supports WMM, select WMM.)

 Click Next. Select RadioProfileVoic in the Radio Profiles list.

 Click Finish.

3 Set up a VLAN on the WX switches.

 From the Create VLAN wizard, enter voice-vlan as the VLAN name.

 Click Next. Select the VLAN ports. Click Move to use them exclusively

in this VLAN.

 Click Finish.

 Select the VLAN and click Properties.

 Select IGMP and deselect Enabled to disable IGMP snooping.

86 CHAPTER 3: CONFIGURING WIRELESS SERVICES

Create a Radio Profile

for Voice

This procedure is similar to the procedure in “Create a Radio Profile” on page 56, but has additional steps to change the delivery traffic indication map (DTIM) interval to 3.

To create a radio profile for voice service

1 Select Configuration on the toolbar.

2 In the Organizer panel, expand the WX switch.

3 Expand Wireless, then select Radio Profiles.

4 In the Task List panel, select Radio Profile.

5 The Create Radio Profiles wizard is displayed.

6 Enter the name of the radio profile (for example, RadioProfileVoic), then

click Next at the bottom of the wizard.

7 If MAPs are already configured, select the radios to map to the radio

profile, then click Move.

3WXM removes the radios from the radio profile they are in and places them in the new profile.

If you have not configured the MAPs in 3WXM yet, no radios are listed. You can map the radios to the radio profile later.

8 Click Finish to save the changes and close the wizard.

The new radio profile appears in the Content panel.

Create a Service Profile for Voice

9 If you are configuring voice service for SpectraLink devices, do the

following:

a Select the radio profile in the Radio Profiles table and click Properties.

b Click the 802.11 Attributes tab.

c In the DTIM Period box, change the value to 3.

d Click OK.

The Voice Service Profile wizard tailors its options based on the vendor you select. The wizard has the following vendor options:

 SpectraLink

 Avaya

 Vocera

 Other

Configure Voice over Wireless IP Service 87

The SpectraLink, Avaya, and Vocera options configure service for proprietary VoWIP solutions from these vendors. If you are configuring VoWIP for devices that use the Wi-Fi Multimedia (WMM) standard, or a proprietary solution other than one of the listed vendors’, use the Other option.

Create a Service Profile for WMM VoWIP Devices

1 Select Configuration on the toolbar.

2 In the Organizer panel, expand the WX switch.

3 Expand Wireless, then select Wireless Services.

4 In the Task List panel, select Voice Service Profile.

The Voice Service Profile wizard is displayed.

5 Click Next.

6 Change the service profile name to Voice-WMM, and use the name

WMM for the SSID.

7 Select Other from the Vendor drop-down list.

8 Click Next. Select Open Access and deselect MAC Access.

88 CHAPTER 3: CONFIGURING WIRELESS SERVICES

9 Click Next. Select WPA and deselect Static WEP.

Configure Voice over Wireless IP Service 89

10 Click Next. Leave TKIP enabled and click Next.

11 Click Next. Type a passphrase from 8 to 63 characters long in the

Pre-shared Key box and click Generate.

90 CHAPTER 3: CONFIGURING WIRELESS SERVICES

12 Click Next. Type or select the name of the VLAN you want to place voice

users in. For this example, use voice-vlan.

Typing the VLAN name here does not actually configure the VLAN. To configure a VLAN, see “Set Up VLANs on WX Switches” on page 66.

13 Click Next. Select Enable WMM.

14 Click Next. Select RadioProfileVoic in the Radio Profiles list.

15 Click Finish.

Create a Service Profile for SVP VoWIP Devices

1 Select Configuration on the toolbar.

2 In the Organizer panel, expand the WX switch.

3 Expand Wireless, then select Wireless Services.

4 In the Task List panel, select Voice Service Profile.

The Voice Service Profile wizard is displayed.

5 Click Next.

6 Change the service profile name to Voice-SVP, and use the name SVP for

the SSID.

Configure Voice over Wireless IP Service 91

7 Leave SpectraLink selected in the Vendor drop-down list.

8 Click Next. Select Open Access and deselect MAC Access.

9 Click Next. Select WPA and deselect Static WEP.

10 Click Next. Leave TKIP enabled and click Next.

11 Click Next. Type a passphrase from 8 to 63 characters long in the

Pre-shared Key box and click Generate.

12 Click Next. Type or select the name of the VLAN you want to place SVP

users in. For this example, use voice-vlan.

Typing the VLAN name here does not actually configure the VLAN. To configure a VLAN, see “Set Up VLANs on WX Switches” on page 66.

13 Click Next.

14 Click Next. The wizard displays the ACL that will automatically be added

to the configuration by the wizard. The first rule in the ACL provides high

-priority treatment of SVP traffic by marking IP protocol 119 (SVP) packets with CoS 7. The second rule permits all other traffic in the VLAN.

15 Click Next. Select RadioProfileVoic in the Radio Profiles list.

16 Click Finish.

92 CHAPTER 3: CONFIGURING WIRELESS SERVICES

Create a Service Profile for Avaya VoWIP Devices

1 Select Configuration on the toolbar.

2 In the Organizer panel, expand the WX switch.

3 Expand Wireless, then select Wireless Services.

4 In the Task List panel, select Voice Service Profile.

The Voice Service Profile wizard is displayed.

5 Click Next.

6 Change the service profile name to Voice-Avaya, and use the name Avaya

for the SSID.

7 Select Avaya in the Vendor drop-down list.

8 Click Next. Select Open Access and deselect MAC Access.

9 Click Next. Select WPA and deselect Static WEP.

10 Click Next. Leave TKIP enabled and click Next.

11 Click Next. Type a passphrase from 8 to 63 characters long in the

Pre-shared Key box and click Generate.

12 Click Next. Type or select the name of the VLAN you want to place Avaya

users in. For this example, use voice-vlan.

Typing the VLAN name here does not actually configure the VLAN. To configure a VLAN, see “Set Up VLANs on WX Switches” on page 66.

13 Click Next.

14 Click Next. The wizard displays the ACL that will automatically be added

to the configuration by the wizard.

Configure Voice over Wireless IP Service 93

15 Click Next. Select RadioProfileVoic in the Radio Profiles list.

16 Click Finish.

Create a Service Profile for Vocera VoWIP Devices

1 Select Configuration on the toolbar.

2 In the Organizer panel, expand the WX switch.

3 Expand Wireless, then select Wireless Services.

4 In the Task List panel, select Voice Service Profile.

The Voice Service Profile wizard is displayed.

5 Click Next.

6 Change the service profile name to Voice-Vocera, and use the name

VoceraBadges for the SSID.

7 Select Vocera in the Vendor drop-down list.

8 Click Next. Leave MAC Access selected.

9 Click Next. Leave Static WEP selected.

10 Specify the WEP keys.

 For each key (up to four), type the key value in the corresponding key box.

 By default, data in unicast and multicast packets are encrypted using

WEP key 1. To use another key for either type of packet, select the key number in the WEP Unicast Key Index or WEP Multicast Key Index box.

94 CHAPTER 3: CONFIGURING WIRELESS SERVICES

11 Click Next. Type or select the name of the VLAN you want to place SVP

users in. For this example, use voice-vlan.

Typing the VLAN name here does not actually configure the VLAN. To configure a VLAN, see “Set Up VLANs on WX Switches” on page 66.

12 Click Create to add MAC users to the switch’s local database.

a In the User MAC Address box, type the MAC address for the user

device, using colons (:) as delimiters. You must specify all 6 bytes of the MAC address.

b In the MAC User Group list, select the MAC user group that the user

device belongs to if the group is already configured.

c In the VLAN Name box, select or type the name of the VLAN that the

user device belongs to (1 to 16 alphanumeric characters, with no spaces or tabs). The WX switch will authorize the user for that VLAN. For more information on VLANs, see “Viewing and Configuring VLANs” in the Wireless LAN Switch Manager Reference Manual.

d Click Next. In the attribute row you want to configure, click the

Attribute Value column. (See the “Authorization Attributes” section in the “Configuring Authentication, Authorization, and Accounting Parameters” chapter of the Wireless LAN Switch Manager Reference

Manual.)

e Click Finish.

13 Click Next. Select RadioProfileVoic in the Radio Profiles list.

14 Click Finish.

Set Up a VLAN for VoWIP on WX Switches

This procedure is similar to the procedure in “Set Up VLANs on WX Switches” on page 66, except IGMP snooping is disabled on the VLAN.

To set up a VLAN for VoWIP on a WX switch

1 Select Configuration on the toolbar.

2 In the Organizer panel, expand the WX switch.

3 Expand System, then select VLANs.

4 In the Task List panel, select VLAN.

The Create VLAN wizard is displayed.

5 Enter a name such as vlan-voice and use the VLAN ID suggested by the

wizard.

What’s Next? 95

6 Click Next. Select the ports you want to use in the VLAN and click Add

or Move.

 The Add button adds the ports to the new VLAN without removing

them from any other VLANs.

 The Move button removes the ports from all other VLANs, and places

them in the new VLAN.

The ports appear in the Current Members list.

To tag ports in the VLAN, select Tag and edit the tag value. (Tagging is required if you click Add, because the ports are then members of multiple VLANs.)

7 Click Next. (Optional) To assign an IP interface to the VLAN, edit the IP

address or select DHCP Client. To enable the IP interface, select Interface Enabled.

8 Click Finish.

The new VLAN appears in the Content panel.

For SVP, continue with the following steps, to disable IGMP snooping. For VoWIP types that do not require IGMP to be disabled, you can stop here.

9 Select the VLAN in the VLANs table and click Properties.

10 Click the IGMP tab.

11 Deselect Enabled, to disable IGMP snooping on the VLAN.

12 Click OK.

What’s Next? After you create VoWIP access services, you can create another service.

For information about configuring an additional service, refer to:

 “Configure Guest Access Services” on page 69

You can create your RF environment, and deploy your configuration and enable monitoring.

For information about creating your RF environment, refer to:

 “Using RF Auto-Tuning” on page 97

 “Using RF Auto-Tuning with Modelling” on page 105

 “Using RF Planning” on page 121

96 CHAPTER 3: CONFIGURING WIRELESS SERVICES

For information about deploying your configuration and enabling monitoring your network, refer to:

 “Managing and Monitoring Your Network” on page 155.

USING RF AUTO-TUNING

What Is RF Auto-Tuning?

RF Auto-Tuning is a technique you can use to configure your RF (radio) network. RF Auto-Tuning is a quick method that requires minimal configuration and no RF planning or site surveys, and instead, relies on the AutoTune feature to set MAP channels and power settings.

This is a great way to quickly install a WX switch and MAPs, and observe how the network operates. The RF Auto-Tuning technique is best suited to networks containing fewer MAPs.

To learn more about the benefits of RF Auto-Tuning, see “RF Auto-Tuning” on page 32.

To use this technique:

1 Physically place your equipment (WX switches and MAPs) in their desired

locations.

2 Configure initial WX switch connectivity (configure IP addresses).

3 Upload the WX switch configuration into a 3WXM network plan.

4 Create a service profile.

5 Create a radio profile (or use the default radio profile).

6 Map your service profile to your radio profile.

7 Create your MAPs.

8 Apply a radio profile to each radio on a MAP.

9 Deploy your configuration.

98 CHAPTER 4: USING RF AUTO-TUNING

Place Your Equipment

Configure Initial WX Switch Connectivity

Upload the WX Switch Configuration into a 3WXM Network Plan

You will need to unpack and physically install your WX switches and MAPs. For information about installing your equipment, see “Equipment Installation” on page 42.

After installing a WX switch, you must prepare it for configuration and management by 3WXM, by configuring IP connectivity between the WX and 3WXM. Use the Web Quick Start (if available), or enter the quickstart command at the CLI prompt.

For more information about configuring initial WX switch connectivity, see the Wireless LAN Switch and Controller Quick Start Guide.

An administrative certificate is also required on the WX switch to enable management access by 3WXM. If the switch does not already have certificates, MSS automatically generates them the first time you boot using MSS Version 4.2 or later. You do not need to install certificates unless you want to replace the ones automatically generated by MSS. (For more information, see the “Certificates Automatically Generated by MSS” section in the “Managing Keys and Certificates” chapter of the

Wireless LAN Switch and Controller Configuration Guide.)

Retrieve the basic configuration information you added to the WX switch and upload it into 3WXM.

To upload the WX switch configuration into a 3WXM network plan

1 Select the Configuration tool bar option.

2 In the Task List panel, select Upload Wireless Switch.

3 In the IP Address box, type the IP address for the WX switch.

4 In the Enable Password box, type the enable password for the WX switch.

This password must match the enable password that was defined using the CLI command set enablepass. For more information, see the

Wireless LAN Switch and Controller Configuration Guide.

5 Click Next. The uploading progress is shown.

6 After the Successfully uploaded device message is displayed, click Next.

Create a Service Profile 99

3WXM uses its verification rules to check the switch’s configuration. If an item in the configuration generates an error or warning, 3WXM displays the error or warning message.

7 Review the verification messages to determine whether you will need to

make changes to the switch’s configuration after uploading it into 3WXM.

8 Click Next.

9 Click Finish.

10 If 3WXM displayed error or warning messages, select the Verification tool

bar option. (See the “Verifying Configuration Changes” chapter in the

Wireless LAN Switch Manager Reference Manual.)

Create a Service Profile

A service profile contains the configuration for the service you want to offer, such as employee access, guest access, or multi-hosted access.

For more information about service profiles, see “Wireless Configuration” on page 36. For more information about wireless services, see “Which Services To Provide?” on page 30.

To create a service profile

1 Select the Configuration tool bar option.

2 In the Organizer panel, click the plus sign next to the WX switch.

3 Click the plus sign next to Wireless.

4 Select Wireless Services.

5 In the Task List panel, select one of the following:

 802.1X Service Profile—Provides wireless access to 802.1X clients.

 Voice Service Profile—Provides wireless access to Voice over IP (VoIP)

devices.

 Web-Portal Service Profile—Provides wireless access to clients who log

in using a web page.

 Open Access Service Profile—Provides wireless access to clients

without requiring them to log in.

 Custom Service Profile—Provides wireless access based on the

combination of option you choose. (Use this option only if none of the other options applies to the type of service you want to offer.)

100 CHAPTER 4: USING RF AUTO-TUNING

A wizard for configuring the service profile appears.

6 Read the first page of the wizard and click Next.

7 Edit the service profile and type an SSID name.

8 Edit additional settings as applicable to the type of service profile you are

creating.

For information, see the following:

 “Configuring Wireless Services” on page 51

 “Viewing and Configuring Wireless Services” section in the

“Configuring Wireless Parameters” chapter of the Wireless LAN

Switch Manager Reference Manual

9 Click Finish.

Create a Radio Profile and Map the Service Profile to It

To create a radio profile and map a service profile to it

1 Select the Configuration tool bar option.

2 In the Organizer panel, click the plus sign next to the WX switch.

3 Click the plus sign next to Wireless.

4 Select Radio Profiles.

5 In the Task List panel, select Radio Profile.

6 In the Name box, type the name of the radio profile (1 to 16 characters,

with no spaces or tabs).

7 Click Next. Click Next again.

8 To map the radio profile to a service profile, select the service profile in

the Available Service Profiles list and click Add.

9 Click Finish.

3COM WX2200 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

ABOUT THIS GUIDE

Conventions Table 1 and Table 2 list conventions that are used throughout this guide.

Documentation The 3WXM documentation set includes the following documents.

Documentation Comments

GETTING STARTED

Hardware Requirements for 3WXM Client

Hardware Requirements for 3WXM Services

Software Requirements

Preparing for Installation

User Privileges Before you install 3WXM, make sure that you are logged in as a user who

Resource Allocation Table 5 contains general recommended guidelines for hardware

3WXM Services Options

Installing 3WXM 17

Unpacking Files

Using the Installation Wizard

Start 3WXM Services

Connect 3WXM Clients to 3WXM Services

To select monitoring settings

3WXM Interface 23

3WXM Access Control You can create a user account with administrator, provision, or monitor

To configure access control

Setting Preferences You can set network and user interface preferences, as well as

View Topology You can display a topology view of managed devices in your WLAN and

To display a topology view of your network

Getting Help Click Help from the Main menu bar to access different types of help:

PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

Which Services To Provide?

Network Plan 31

RF Coverage Area What is an RF coverage area?: An RF coverage area is the geographical area

RF Auto-Tuning To use the RF Auto-Tuning technique:

RF Planning To do RF Planning, you provide detailed information about your site and

Configuration 35

Authentication

Authorization

Accounting

Configure Basic WX Switch Properties

Configure WX Switch Connection Information

Configure Boot Information

Equipment Installation

Deployment 43

Management and Monitoring

Network Status 3WXM provides summary status on devices in the network at the

RF Monitoring RF monitoring provides you with current and historical information about

Client Monitoring Client monitoring provides current and historical information about the

Rogue Detection A rogue AP is an access point that is not authorized to operate in or near

Event Logging 3WXM incorporates a powerful and flexible display interface for all

Verification Both configuration verification and network verification rules are checked

Reporting 3WXM uses a database to collect and store client, RF, and other system

RF Plan Optimization

CONFIGURING WIRELESS SERVICES

What are Services? A service is a concept (not a selectable item in the 3WXM interface) that

Configure Employee Access Services

Tas k Ta b l e Table 9 contains the tasks you need to perform to create a service for

Step Summary The following list summarizes the fields selected or configuration items

Create a Radio Profile

To create a radio profile

Configure RADIUS Servers

To configure the RADIUS server in 3WXM

To configure the RADIUS server

Create a Service Profile for 802.1X Access

To create an 802.1X service profile

View the Service Profile’s Access Rules

To view an 802.1X service profile’s access rules

To modify or create access rules

Set Up VLANs on WX Switches

To set up a VLAN on a WX switch

What’s Next? After you create Employee services, you can create additional services.

Configure Guest Access Services

Tas k Ta b l e Table 11 contains the tasks you need to perform to create Guest access services.

Step Summary The following list summarizes the fields selected or configuration items

Create a User Group and Guest Users

To create users

To create a user group and add users to it

Create a Service Profile for Guest Access with Web Login

View the Service Profile’s Access Rules

To create a Mobility Profile