Aruba Airwave 8.2.4 User Manual

AirWave 8.2.4

User Guide

Open Source Code

This product includes codelicensed under the GNU General Public License, the GNU Lesser General Public License, and/or certain other open source licenses. A complete machine-readable copy of the source code corresponding to such code is available upon request. This offer is valid to anyone in receipt of this information and shall expirethree years following the date of the final distribution of this product version by HewlettPackard Enterprise Company. To obtain such source code, send a check or money order in the amount of US $10.00 to:

Hewlett-Packard Enterprise Company Attn: General Counsel 3000 Hanover Street Palo Alto, CA 94304 USA

Please specify the product and version for which you are requesting source code.

You may also request a copy of this source code free of charge at: http://hpe.com/software/opensource.

December 2017 | Rev. 01 AirWave 8.2.4 | User Guide

Contents

Introduction 13

A Unified Wireless Network Command Center 13

AirWave Management Platform 13 Controller Configuration 13 Instant Configuration 14 Switch Configuration 14 VisualRF 14

RAPIDS 14

Supporting Multiple AirWave Servers 15 Integrating AirWave into the Network and Organizational Hierarchy 15

Administrative Roles 16

Contacting Support 16

Configuring AirWave 18

Before You Begin 18 Formatting the Top Header 18 Customizing Columns in Lists 19 Resetting Pagination Records 21 Using the Pagination Widget 22 Using Export CSV for Lists and Reports 22 Defining Graph Display Preferences 22 Customizing the Dashboard 23

Adding Widgets 24

Available Widgets 24

Search Preferences 28

How to Use Search 29

Setting Severe Alert Warning Behavior 30 Defining General AirWave Server Settings 30

AMP Setup > General 30

General Settings 31 Automatic Authorization Settings 31 Aruba Instant Settings 32 Top Header Settings 33 Search Method 33 Home Overview Preferences 34 Display Settings 34 Device Configuration Settings 35 AMP Features 36 External Logging Settings 36 Historical Data Retention Settings 37 Firmware Upgrade Defaults 39 Additional AMP Services 40 Performance Settings 42

Defining AirWave Network Settings 44

Primary Network Interface Settings 44 Secondary Network Interface Settings 45

AirWave 8.2.4 | User Guide Contents | iii

Network Time Protocol (NTP) Settings 45

Static Routes 46 Creating AirWave Users 46 AirWave User Roles 48

User Roles and VisualRF 48

Creating AirWave User Roles 49 Configuring Login Message, TACACS+, RADIUS, and LDAP Authentication 54

Setting Up Login Configuration Options 54

Setting Up Certificate Authentication 55

Configuring Whitelists 55

Setting Up Single Sign-On 56

Specifying the Authentication Priority 56

Configuring RADIUS Authentication and Authorization 56

Integrating a RADIUS Accounting Server 58

Configuring TACACS+ Authentication 59

Configuring LDAP Authentication and Authorization 60 Enabling AirWave to Manage Your Devices 63

Configuring Communication Settings for Discovered Devices 63

Loading Device Firmware Onto the AirWave Server (optional) 65 Setting Up DeviceTypes 69

Configuring Cisco WLSE and WLSE Rogue Scanning 70

Introduction to Cisco WLSE 70 Initial WLSE Configuration 71

Adding an ACS Server for WLSE 71

Enabling Rogue Alerts for Cisco WLSE 71

Configuring WLSE to Communicate with APs 71

Discovering Devices 72

Managing Devices 72

Inventory Reporting 72

Defining Access 72

Grouping 72 Configuring IOS APs for WDS Participation 72

WDS Participation 73

Primary or Secondary WDS 73 Configuring ACS for WDS Authentication 73 Configuring Cisco WLSE Rogue Scanning 74

Configuring ACS Servers 75 Integrating NMS Servers 76

Add an NMS Server 76 Download the MIB Files 76

PCI Compliance Monitoring 76

Check Compliance 76 Enabling PCI Compliance Monitoring 77

Supported PCI Requirements 78

Deploying WMS Offload 79

WMS Offload Configuration 79

Integrating External Servers 80

Add a Juniper Network Director 80 Add a Brocade Network Advisor 80 Add an HPE Intelligent Management Center 80

iv | Contents AirWave 8.2.4 | User Guide

Configuring and Using Device Groups 82

AirWave Groups Overview 84

Viewing All Defined Device Groups 85

Configuring Basic Group Settings 87

Basic Configuration Settings 87 Global Group Settings 88 SNMP Polling Periods 88 Routers and Switches 89 Notes 90 GroupDisplay Options 90 Automatic Static IP Assignment 91 Spanning Tree Protocol 91 NTP 92 HPE Aruba/OfficeConnect Switch Configuration 92 Aruba 93 Aruba Instant 93 Cisco IOS/Catalyst 94 Cisco WLC 95 Proxim/ Avaya 95 HP ProCurve 96 Symbol 96 Juniper/3Com/Enterasys/Nortel/Trapeze 97 Universal Devices, Routers and Switches 97 Automatic Authorization 97

Adding and Configuring Group AAA Servers 97 Configuring Group Security Settings 99 Configuring Group SSIDs and VLANs 103 Configuring Radio Settings for Device Groups 107 Cisco WLC Group Configuration 111

Accessing Cisco WLC Configuration 111 Navigating Cisco WLC Configuration 111 Configuring WLANs for Cisco WLC Devices 112 Defining and Configuring LWAPP AP Groups for Cisco Devices 116 Viewing and Creating Cisco AP Groups 116 Configuring Cisco Controller Settings 116 Configuring Wireless Parameters for Cisco Controllers 117 Configuring Cisco WLC Security Parameters and Functions 117 Configuring Management Settings for Cisco WLC Controllers 118

Configuring Group PTMP Settings 118 Configuring Proxim Mesh Radio Settings 119 Configuring Group MAC Access Control Lists 121 Specifying Minimum Firmware Versions for Devices in a Group 121 Comparing Device Groups 123 Deleting a Group 125 Changing Multiple Group Configurations 125 Modifying Multiple Devices 127 Using Global Groups for Group Configuration 129

Creating a Global Group 130 Subscribing other Groups to a Global Group 131

AirWave 8.2.4 | User Guide Contents | v

Discovering and Adding Devices 132

SNMP/HTTP Scanning Overview 132

Adding Networks for SNMP/HTTP Scanning 132

Adding Credentials for Scanning 133

Defining a Scan Set 134

Running a Scan Set 134 The Cisco Discovery Protocol (CDP) 136 Manually Adding Devices 136

Adding Universal Devices 138

Adding Multiple Devices from a CSV File 139

Auditing Device Configuration 140 Management Modes 140 Ignoring Discovered Devices 141

Unignoring a Device 142

Troubleshooting a Newly Discovered Down Device 142

Monitoring the Network 145

Monitoring Basics 145

Customizing the Monitoring Page 146

First 25 Results 146

Creating Filtered Views 146

Editing Filtered Views 147

Showing Filters, Clearing Filters, Resetting Grouping 147 Using Device Folders 147

Adding device folders 147

Moving folders 147

Expanding folders 148

Monitoring Access Points, Mesh Devices, and Controllers 148

Device Information for Access Points, Mesh Devices, and Controllers 148 Radios 150 Wired Interfaces 151 Graphs for Access Points, Mesh Devices, and Controllers 151 Location 152 Connected Clients 153 AirMesh Links 154 RF Neighbors 154 CDPNeighbors 154 Evaluating Radio Statistics for an AP 154

Overview of the Radio Statistics Page 155

Viewing Real-Time ARM or AirMatch Statistics 155

Issues Summary section 155

802.11 Radio Counters Summary 156

Radio Statistics Interactive Graphs 156

Recent ARM Events Log 158

Detected Interfering Devices Table 159

Active BSSIDs Table 160 Monitoring Mesh Devices 160 Setting up Spectrum Analysis 161

Spectrum Configurations and Prerequisites 161 Setting up a Permanent Spectrum Aruba AP Group 161

Configuring an Individual AP to run in Spectrum Mode 162

vi | Contents AirWave 8.2.4 | User Guide

Configuring a Controller to use the Spectrum Profile 163

Monitoring Switches and Routers 164

Device Information for Switches and Routers 164 Graphs for Switches and Routers 165 Detailed Summary Tables 165

Neighbors 165

Connected Devices 167

Interfaces 168

Monitoring Controller Clusters 170

Sorting and Filtering Controller Cluster Data 170 Viewing Controller Cluster Details 170

Viewing Capacity Graphs 171

Viewing Controller Statistics 171 Monitoring Cluster Events 172 Where to Find Additional Cluster Information 172

Monitoring Clients 173

Monitoring Wired and Wireless Clients 174 Monitoring Rogue Clients 176 Supporting Wireless Guest Users 177 Supporting VPN Users 180 Monitoring RFID Tags 181

Troubleshooting Client Issues 182

Evaluating User Status 182

Enabling Mobile Device Access Control 183

Classifying Aruba Devices 184

Quick Links for Clients on Aruba Devices 184

Using the Deauthenticate Client Feature 185

Viewing the Client Association History 185

Viewing the Rogue Association History 186 Diagnosing Status and Connectivity 186

Using Topology 187

Navigate the Map 188 Change the Root Node 188 Change the Layout 188 Search for a Device 189 Respond to Alerts 189 Take Action from Quick Links 190

Tooltips 190

Device Details 190 Filter the Map 191 Status Icons 192

Configuring and Managing Devices 193

Moving a Device from Monitor Only to Manage Read/Write Mode 193 Configuring AP Settings 194 Setting a Maintenance Window for a Device 202 Configuring Device Interfaces for Switches 203 Individual Device Support and Firmware Upgrades 204

Creating and Using Templates 208

Group Templates 208

Supported Device Templates 208

AirWave 8.2.4 | User Guide Contents | vii

Template Variables 209

Viewing and Adding Templates 210 Configuring General Template Files and Variables 214

Configuring General Templates 214

IOS Configuration File Template 215

Device Configuration File on APs/Devices > Audit Configuration Page 215 Using Template Syntax 216 Using AP-Specific Variables 216 Using Directives to Eliminate Reporting of Configuration Mismatches 216

Ignore_and_do_not_push Command 217

Push_and_exclude Command 217 Using Conditional Variables in Templates 217 Using Substitution Variables in Templates 218

Configuring Templates for Aruba Instant 219 Configuring Templates for AirMesh 221 Configuring Cisco IOS Templates 221

Applying Startup-config Files 221 WDS Settings in Templates 222 SCP Required Settings in Templates 222 Supporting Multiple Radio Types via a Single IOS Template 222 Configuring Single and Dual-Radio APs via a Single IOS Template 223

Configuring Cisco Catalyst Switch Templates 223 Configuring Symbol Controller / HPE WESM Templates 223 Configuring a Global Template 225

Using RAPIDS and Rogue Classification 228

Introduction to RAPIDS 228 Viewing RAPIDS Summary 228 Setting Up RAPIDS 230

RAPIDS Setup 230

Basic Configuration 230

Classification Options 232

Containment Options 232

Filtering Options 233 Additional Settings 234

Defining RAPIDS Rules 234

Controller Classification with WMS Offload 234 Device OUI Score 235 Rogue Device Threat Level 235 Viewing and Configuring RAPIDS Rules 235

RAPIDS Classification Rule Properties 237

Deleting or Editing a Rule 239

Changing the Rule Priority 239 Recommended RAPIDS Rules 239 Using RAPIDS Rules with Additional AirWave Functions 239

Viewing Rogues 240

Predefined, Default Views for Rogue Devices 240 Filtered Views for RogueDevices 241

Overview of the RAPIDS > Detail Page 243

Important Considerations 244 Filter the Device Data 244

viii | Contents AirWave 8.2.4 | User Guide

Update Rogue Devices 244 Viewing Ignored Rogue Devices 245 Using RAPIDS Workflow to Process Rogue Devices 245

Score Override 245 Using the Audit Log 246 Additional Resources 247

Performing Daily Administration in AirWave 248

Using the System Pages 248

Checking the Status of AirWave Services 248

About the Tar Files 248

Important Log Files 248 Viewing Device Events 249 Using the Event Log 250 Viewing Triggers 251

Creating New Triggers 252

Types of Triggers 253

Device Triggers 254

Interface and Radio Triggers 256

Discovery Trigger 258

RADIUS Authentication Triggers 260

RADIUS Accounting Triggers 260

IDS Event Triggers 260

Health Triggers 261 About Alerts 261

Viewing System Alerts 262

Delivering Triggered Alerts 263

Responding to Alerts 264

Backing Up Your Data 264

Viewing and Downloading Backups 264

Monitoring Firmware Upgrade Jobs 264 Manage Configuration Change Jobs 265 Monitoring System Performance 266

Troubleshoot System Performance 269

Managing Mobile Devices with SOTI MobiControl and AirWave 269

Overview of SOTI MobiControl 269 Prerequisites for Using MobiControl with AirWave 270 Adding a Mobile Device Management Server for MobiControl 270 Accessing MobiControl from the Clients > Client Detail Page 271

About the Home Page 271

Monitoring Your Network Health 271 Monitoringwith AppRF 273 Using the UCC Dashboard 275

Viewing Call Details 275

Viewing UCC Charts, Graphs, and Tables 275

Viewing End-to-End Call Details 277

Get Call Summary 278

Using the UCCReport 279 Viewing RF Performance 279 Viewing RFCapacity 281 Viewing Network Deviations 283

AirWave 8.2.4 | User Guide Contents | ix

How Standard Deviation is Calculated 285 Accessing AirWave Documentation 285

Licensing in AirWave 285

Adding licenses 286 Viewing licenses 286

Configuring License Expiration Email Notifications 287 Configuring Your User Information 287

Supporting Multiple AirWave Servers 290

Using the Public Portal on Master Console 290 Adding a Managed AMP with the Master Console 291 Using Global Groups with Master Console 292

Logging out of AirWave 293

Creating, Running, and Sending Reports 294

What You Can Do With Reports 294

Track licenses 294

Improve Network Efficiency and User Experience 294

Monitor Clients and Devices 294

Show Compliance 295

Troubleshoot Device and Network Issues 295 Sorting Reports 296

About the Default Reports 296

Using the License Report 296 Using the Capacity Planning Report 297

Example Custom Report 297 Using the Memory and CPU Utilization Report 299 Using the Network Usage Report 299 Using the Port Usage Report 301 Using the RF Health Report 303 Using the Client Inventory Report 304

Example Custom Report 305 Using the Client Session Report 306 Using the Configuration Audit Report 308 Using the Device Summary Report 310 Using the Device Uptime Report 311 Using the Inventory Report 312

Example Custom Report 312 Using the Rogue Containment Audit Report 314 Using the PCI Compliance Report 315 Using the IDS Events Report 316 Using the Match Event Report 317 Using the New Clients Report 319 Using the New Rogue Devices Report 320 Using the RADIUS Reports 322

RADIUS Authentication Issues 322

RADIUSAccounting Issues 323 Using the Rogue Clients Report 324 Using the VPN Session Report 326

Creating Reports 327

Tips for Restricting Time Ranges 327 Reports > Generated Page Overview 327

x | Contents AirWave 8.2.4 | User Guide

Sending Reports 329

Sending Reports to a Smart Host 329

Using VisualRF 330

Features 331 Useful Terms 331 Starting VisualRF 332 Basic VisualRF Navigation 332

Network View Navigation 332 Customize Your Floor Plan View 333

Devices 334

Client Overlays 334

AP Overlays 334

Relation Lines 335

Floor Plan Features 335 Mesh View Navigation 335

Advanced VisualRF Settings 337

Server Settings 337 Location Settings 338 Location Calculation Timer Settings 339 Wall Attenuation Settings 342

Adding a Wall Attenuation 342 VisualRF Resource Utilization 343

Planning and Provisioning 343

Creating a New Campus 344 Creating a New Building 344 Adding a Floor Plan 345 Editing a Floor Plan Image 346

Cropping the Floor Plan Image 346

Copying a Floor Plan in the Same Building 347

Sizing a Non-CAD Floor Plan 347

Defining Floor Plan Boundaries 347 Defining Floor Plan Regions 347

Adding Region to a New Floor using the Floor Upload Wizard 347

Adding a Region to an Existing Floor Plan 348 Editing a Planning Region 349 Floor Plan Properties 349 Adding Deployed Access Points onto the Floor Plan 350 Adding Planned APs onto the Floor Plan 351 Auto-Matching Planned Devices 352 Printing a Bill of Materials Report 352

Increasing Location Accuracy 352

Adding Exterior Walls 353 Defining Stationary Devices 354 Fine-Tuning Location Service in VisualRF > Setup 355

Decreasing Grid Size 355

Enabling Dynamic Attenuation 355

Configuring Infrastructure 355

Deploying APs for Client Location Accuracy 356

Using VisualRF to Assess RF Environments 357

Viewing a Wireless User’s RF Environment 357

AirWave 8.2.4 | User Guide Contents | xi

Tracking Location History 358

Checking Signal Strength to Client Location 359 Viewing an AP’s Wireless RF Environment 359 Viewing a Floor Plan’s RF Environment 360 Viewing a Network, Campus, Building’s RF Environment 361 Viewing Campuses, Buildings, or Floors from a List View 361

Importing and Exporting in VisualRF 362

Exporting a campus 362 Importing from CAD 362 Batch Importing CAD Files 363

Requirements 363

Pre Processing Steps 363

Upload Processing Steps 363

Post Processing Steps 364

Sample Upload Instruction XML File 364

Common Importation Problems 364 Importing from an Aruba Controller 364

Pre-Conversion Checklist 365

Process on Controller 365

Process on AirWave 365

VisualRF Location APIs 365

Sample Device Location Response 365 Sample Site Inventory Response 366

About VisualRF Plan 366

Overview 366 Minimum requirements 367 VisualRF Plan Installation 367 Differences between VisualRF and VisualRF Plan 367

Appendix A Using FIPS Encryption NE

Enabling FIPS 140-2 Approved Mode NE

Appendix B AMP Command Line Interface NF

About the Command Line Interface NF

CLI Access NF Custom Modules NF How to Reset Your Password NF

CLI Options NF

Index NI

xii | Contents AirWave 8.2.4 | User Guide

Chapter 1

Introduction

Thank you for choosing AirWave 8.2.4.AirWave makes it easy and efficient to manage your wireless network by combining industry-leading functionality with an intuitive user interface, enabling network administrators and helpdesk staff to support and control even the largest wireless networks.

The User Guide provides instructions for the configuration and operation of AirWave. This section includes the following topics:

l "A Unified Wireless Network Command Center" on page 13

l "Integrating AirWave into the Network and Organizational Hierarchy " on page 15

Referto the AirWave Installation Guide for information on installing and upgrading AirWave.

A Unified Wireless Network Command Center

AirWave 8.2.4 is the only network management software that offers you a single intelligent console from which to monitor, analyze, and configure wireless networks in automatic fashion. Whether your wireless network is simple or a large, complex, multi-vendor installation, AirWave manages it all.

AirWave supports hardware from leading wireless vendors including: Aruba Networks®, ProCurve™ by HPE®, Avaya™, Cisco® (Aironet and WLC), Dell Networking W-Series, Enterasys®, Juniper Networks®, LANCOM Systems, Meru Networks®, Nortel Networks™, Proxim®, Symbol™, Trapeze™, Tropos™, and many others.

The components of AirWave are described in the next section.

AirWave Management Platform

The AirWave Management Platform (AirWave), provides the following functions and benefits:

l Core network management functionality, including network discovery, configuration of access points (APs) &

controllers, automated compliance audits, firmware distribution, monitoring of all devices and users connected to the network, and reports showing real-time and historical trends.

l Granular administrative access that is role-based and network-based. For more information about roles, see

"Administrative Roles" on page 16.

l Flexible device support for thin, thick, or mesh network architecture; multiple vendors; and current or legacy

hardware.

Controller Configuration

AirWave supports global and group-level configuration of ArubaOS (AOS), the operating system, software suite, and application engine that operates mobility and centralizes control over the entire mobile environment. For a complete description of ArubaOS, refer to the ArubaOS User Guide for your specific version.

AirWave consolidates and pushes global controller configurations from within AirWave.

Two pages in AirWave support controller configuration:

l Device Setup > Aruba Configuration for global Aruba Configuration. This page is available if Use Global Aruba

Configuration is set to Yes in AMP Setup > General.

l Groups > Controller Config for group-level configuration.

AirWave 8.2.4 | User Guide Introduction | 13

For additional information that includes a comprehensive inventory of all pages and settings that support Aruba Configuration, refer to the AirWave 8.2 Controller Configuration Guide.

Instant Configuration

Aruba Instant (Instant) is a system of access points in a Layer 2 subnet. The Instant APs (IAPs) are controlled by a single IAP that serves a dual role as both an IAP and primary Virtual Controller (VC), eliminating the need for dedicated controller hardware. This system can be deployed through a simplified setup process appropriate for smaller organizations, or for multiple geographically dispersed locations without an on-site administrator.

With AirWave, IT can centrally configure, monitor, and troubleshoot ArubaInstant WLANs, upload new software images, track devices, generate reports, and perform other vital management tasks, all from a remote location.

A Virtual Controller or Instant AP can authenticate to the AirWave server using a pre-shared key, or using twoway certificate-based authentication using an SSL certificate sent from AirWave to the Instant device. Virtual Controllers push data to AirWave via HTTPS. If your enterprise has a security policy that restricts the use of port 443 for inbound communication, you can change the port AirWave uses to communicate with Instant devices.

For additional information that includes a comprehensive inventory of all pages and settings that support Instant Configuration, refer to the Aruba Instant in AirWave 8.2 Deployment Guide.

Switch Configuration

AirWave supports group-level configuration of an Aruba Mobility Access Switch (MAS), the operating system, software suite, and application engine that operates mobility and centralizes control over the entire network environment. For a complete description of ArubaOS, refer to the ArubaOS User Guide for your specific Aruba Mobility Access Switch version.

AirWave consolidates and pushes group switch configurations from within AirWave using the Groups > Switch Config page. This page is available if Use Global Aruba Configuration is set to No in AMP Setup > General.

For additional information that includes a comprehensive inventory of all pages and settings that support Switch Configuration, refer to the AirWave8.2 Switch Configuration Guide available at support.arubanetworks.com.

VisualRF

VisualRF monitors and manages radio frequency (RF) dynamics within your wireless network. Visual RF provides:

l Accurate location information for all wireless users and devices.

l Up-to-date heat maps and channel maps for RF diagnostics; it adjusts for building materials and supports multiple

antenna types.

l Floor plan, building, and campus views.

l Visual display of errors and alerts.

l Easy importing of existing floor plans and building maps.

l Planning of new floor plans and AP placement recommendations.

RAPIDS

RAPIDS is a powerful and easy-to-use tool for monitoring and managing security on your wireless network. RAPIDs provides:

l Automatic detection of unauthorized wireless devices.

l Rogue device classification that supports multiple methods of rogue detection.

l Wireless detection, using authorized wireless APs to report other devices within range to calculate and display rogue

location on a VisualRF map.

14 | Introduction AirWave 8.2.4 | User Guide

l Wired network detection of rogue APs located beyond the range of authorized APs and sensors, routers, and

switches. RAPIDs ranks devices according to the likelihood they are rogues, runs multiple tests to eliminate false positive results, and identifies the switch and port to which a rogue device is connected.

Supporting Multiple AirWave Servers

You can monitor multiple AirWave servers using the Master Console. After you add the AirWave servers to Master Console, they will be polled for basic AirWave information.

The Overview page in the Master Console provides summary statistics for the entire network at a glance.

l Reports can be run from the Master Console to display information from multiple AirWave stations; because such

reports can be extremely large, reports can also be run as summary only so that they generate more quickly and finish as a manageable file size.

l The Master Console can also be used to populate group-level configuration on managed AirWave installations using

the Global Groups feature.

l The Master Console offers a display of devices that are in a Down or Error state anywhere on the network. This

information is supported on Master Console pages that display device lists such as Home > Overview and APs Devices > List.

l The Master Console and Failover servers can be configured with a Managed AMP Down trigger that generates an

alert if communication is lost to a managed or watched AirWave station. The Master Console or Failover server can also send email or NMS notifications about the event.

XMLAPIsare not supported on the Master Console.

If you have the Master Console license, you can also monitor your multiple AirWave servers using [[[Undefined variable airwave.Glass]]]. For more information, see the [[[Undefined variable airwave.Glass]]] 1.0.0 User Guide.

Integrating AirWave into the Network and Organizational Hierarchy

AirWave generally resides in the network operations center and communicates with various components of your WLAN infrastructure. In basic deployments, AirWave communicates solely with indoor wireless access points (and WLAN controllers over the wired network. In more complex deployments, AirWave seamlessly integrates and communicates with authentication servers, accounting servers, TACACS+ servers, LDAP servers, routers, switches, network management servers, wireless IDS solutions, helpdesk systems, indoor wireless access points, mesh devices. AirWave has the flexibility to manage devices on local networks, remote networks, and networks using Network Address Translation (NAT). AirWave communicates over-the-air or over-the-wire using a variety of protocols.

The power, performance, and usability of AirWave become more apparent when considering the diverse components within a WLAN. Table 1 itemizes some example network components.

Table 1: Components of a WLAN

Component Description

Autonomous AP Standalone device which performs radio and authentication functions

Thin AP Radio-only device coupled with WLAN controller to perform authentication

WLAN Controller Used in conjunction with thin APs to coordinate authentication and roaming

AirWave 8.2.4 | User Guide Introduction | 15

Table 1: Components of a WLAN (Continued)

Component Description

NMS Network Management Systems and Event Correlation (OpenView, Tivoli, and so forth)

RADIUS Authentication

RADIUS Accounting AirWave itself serves as a RADIUS accounting client

Wireless Gateways Provide HTML redirect and/or wireless VPNs

TACACS+ and LDAP Used to authenticate AirWave administrative users

Routers/Switches Provide AirWave with data for user information and AP and Rogue discovery

Help Desk Systems Remedy EPICOR

Rogue APs Unauthorized APs not registered in the AirWave database of managed APs

RADIUS authentication servers (ClearPass, Funk, FreeRADIUS, ACS, or IAS)

Administrative Roles

The flexibility of AirWave enables it to integrate seamlessly into your business hierarchy as well as your network topology. AirWave facilitates various administrative roles to match each individual user's role and responsibility:

l A Help Desk user can be given read-only access to monitoring data without being permitted to make configuration

changes.

l A U.S.-based network engineer can be given read-write access to manage device configurations in North America,

but not to control devices in the rest of the world.

l A security auditor can be given read-write access to configure security policies across the entire WLAN.

l NOC personnel can be given read-only access to monitoring all devices from the Master Console.

Contacting Support

Main Site arubanetworks.com

Support Site support.arubanetworks.com

Airheads Social Forums and Knowledge Base community.arubanetworks.com

North American Telephone 1-800-943-4526 (Toll Free)

1-408-754-1200

International Telephone arubanetworks.com/support-services/contact-support/

Software Licensing Site hpe.com/networking/support

End-of-life Information arubanetworks.com/support-services/end-of-life/

16 | Introduction AirWave 8.2.4 | User Guide

Security Incident Response Team (SIRT) Site: arubanetworks.com/support-services/security-bulletins/

Email: aruba-sirt@hpe.com

AirWave 8.2.4 | User Guide Introduction | 17

Configuring AirWave

This section contains the following procedures to deploy initial AirWave configuration:

l "Formatting the Top Header" on page 18

l "Customizing Columns in Lists" on page 19

l "Resetting Pagination Records" on page 21

l "Using the Pagination Widget" on page 22

l "Defining Graph Display Preferences" on page 22

l "Customizing the Dashboard" on page 23

l "Setting Severe Alert Warning Behavior" on page 30

l "Defining General AirWave Server Settings" on page 30

l "Defining AirWave Network Settings" on page 44

l "Creating AirWave User Roles" on page 49

l "Creating AirWave Users" on page 46

l "Configuring Login Message, TACACS+, RADIUS, and LDAP Authentication" on page 54

l "Enabling AirWave to Manage Your Devices" on page 63

l "Setting Up Device Types" on page 69

l "Configuring Cisco WLSE and WLSE Rogue Scanning" on page 70

l "Configuring ACS Servers" on page 75

l "Integrating NMS Servers" on page 76

l "PCI Compliance Monitoring" on page 76

l "Deploying WMS Offload" on page 79

Chapter 2

Additionalconfigurations are available after basic configuration is complete.

Before You Begin

Remember to complete the required configurations in this chapter before proceeding. Aruba support remains available to you for any phase of AirWave installation.

Formatting the Top Header

The AirWave interface centers around a horizontal row of tabs with nested subtabs. A row of statistics hyperlinks called Top Header Stats above the tabs represents commonly used subtabs. These hyperlinks provide the ability to view certain key statistics by mousing over, such as number and type of Down devices, and serve as shortcuts to frequently viewed subtabs.

Figure 1 illustrates the navigation bar. More information on hyperlinks, tabs, and subtabs is a available in the

AirWave 8.2.4 Installation Guide.

AirWave 8.2.4 | User Guide Configuring AirWave | 18

Figure 1: Navigation Bar Displaying Down Device Statistics

You can control the Top Header Stats links that appear from the AMP Setup > General page, as described in

"Defining General AirWave Server Settings" on page 30. Top Header Stats can also be customized for individual

users on the Home > User Info page. There you can select the statistics to display for certain device types and override the AMP Setup page.

All possible display options for users are show in Figure 2.

Aconfirmation message does not appear when you make modifications to the Top Header Stats.

Refer to "Configuring Your User Information" on page 287 for more information.

Figure 2: Home > User Info Top Header Stats Display Options

You can also set the severity level of critical alerts displayed for a user role. For details including a description of what constitutes a severe alert, see "Setting Severe Alert Warning Behavior" on page 30.

Customizing Columns in Lists

Customize the columns for any list table selecting drop-down list below the view name. Select the New option to create a new view with custom columns, or select Edit to change the columns in an existing view, as shown in the figure below.

Thedefault table views cannot be edited.

19 | Configuring AirWave AirWave 8.2.4 | User Guide

Figure 3: Edit View Drop down List

Drag and drop column headings from the Available Columns field to the desired location in the Current Columns field. The available columns vary, depending upon the list type.

Figure 4: Selecting Available List columns

Some tables allow you to control which column heads appear for each user role. Navigate to Home > User Info >Display Preferences , and then select Yes in the Customize Columns for Other Roles field. This exposes the Choose Columns for Roles drop down menu in all tables that support this feature.

The first column shows the user roles that were customized, if any. The second column allows you to establish left-to-right columns and order them using the arrows.

AirWave 8.2.4 | User Guide Configuring AirWave | 20

Figure 5: Table with Choose Columns for Roles Menu Selected

Resetting Pagination Records

To control the number of records in any individual list, select the link with Records Per Page mouseover text at the top left of the table, as shown in Figure 6. AirWave remembers each list’s pagination preferences.

Figure 6: Records Per Page Drop Down Menu

To reset all Records Per Page preferences, click the Reset reset button in the Display Preferences section of the Home > User Info page, as shown in Figure 7.

Figure 7: Home > User Info > Display Preferences section

21 | Configuring AirWave AirWave 8.2.4 | User Guide

Using the Pagination Widget

The pagination widget is located at the top and bottom of every list table, as shown in Figure 8.

Figure 8: Pagination Widget

Enter a page number into the Page field to jump to any portion of the table, or select the > symbol to advance to the next page, and >| to return to the previous page.

Using Export CSV for Lists and Reports

Some tables have a Export CSV ( ) option you can use to export the data as a spreadsheet. SeeFigure 9 for an example of a list with the Export CSV icon selected.

Figure 9: List with CSV Export Selected

AirWave also enables CSV exporting of all report types. For more information, see "Sending Reports" on page

329.

Defining Graph Display Preferences

Many of the graphs in AirWave are Highcharts, which allow you to adjust the graph settings attributes as shown in Figure 10.

AirWave 8.2.4 | User Guide Configuring AirWave | 22

Figure 10: Interactive Graphs on the Home > Overview Page

Highcharts are built with JavaScript, so the graphs can run directly through your browser without the need for additional client-side plugins. This makes it possible to view your AirWave charts on a mobile device.

These charts can be used and customized as follows.

l A Time Range selector in the upper right portion of the charts (including pop-up charts) allows you to select a

common or a custom date range for your data. The preconfigured ranges for AirWave charts are current 2 hours, 1 day, 1 week, and 1 year.

l Drop-down menus are available for viewing client and usage for specific SSIDs and/or all SSIDs. A search field is

available to help you quickly find a specific WLAN.

You can select up to six options from each drop-down menu. Once selected, each option will appear in the color-coded legend below the chart. Clicking on an option in this legend will disable or enable that information in the graph. Note that even if an option is disabled from viewing in the graph, that option will still remain in the legend until you deselect it from the drop-down menu.

l Max and Avg options allow you to change the chart view to show the maximum or average client and usage

information.

l Plot points display within the chart at varying intervals, depending on the selected time range. Tooltips and a plot line

appear as you hover over each plot point, showing you the detailed information for that specific time.

l Click on any chart to view a pop-up version. In this version, you can easily zoom in on a range of data by using your

mouse to drag a rectangle in the chart. While you are zoomed in, a Reset zoom button appears, enabling you to return to the original view. The pop-up charts also include a legend that displays the Last, Min, Max, and Avg values for the selected graph.

l Some charts include a drop-down option next to the graph title. For example, on the APs/Devices > Monitor page for

Radio Statistics, you can select the drop-down beside the graph title to view a graph for Client, Usage, Radio Channel, Radio Noise, Radio Power, Radio Errors, and 802.11 Counters information. In prior versions of AirWave, these graphs appeared as separate tabs.

Customizing the Dashboard

Click to customize the widgets that appear on your dashboard so you see only what you want in your reports. Figure11 shows an example where you drag the "Clients by Network" widget to the dashboard.

23 | Configuring AirWave AirWave 8.2.4 | User Guide

Figure 11: Drag a Widget to the Dashboard

Adding Widgets

The Home > Overview page displays the currently selected widgets (charts/graphs). You can change the widgets on this page by selecting the Customize link in the upper-right corner.

The Available Widgets section on the left holds all available graphical elements (widgets). Select any blue widget tile with a verbal description enclosed, and it immediately turns into a graphical element with a description.

Drag the widgets you want to appear on the Home > Overview dashboard across to the gridlines and arrange them in the right section, within the gridlines. A widget snaps back to the nearest available gridline if you drop it across two or more lines and turns red if you attempt to place it over gridlines already occupied by widgets. Widgets with a green top banner are properly placed and set to appear when you select Save. Widgets that remain in the left section will not appear; although they can be reinstated by selecting Restore Defaults.

Available Widgets

Table 2 describes the list of available widgets along with a description for each. Note that when a widget is

enabled, the information that displays can vary based on the user’s permission level. Certain roles, for example, limit the top folder that a user can view.

AirWave 8.2.4 | User Guide Configuring AirWave | 24

Table 2: Available Widgets

Widget Description

Client/Usage Graphs The Client graph is enabled by default and, by default, shows the

maximum number of attached clients over the last two hours. Select the Show All link to view more specific client information on the graph, such as the total and average clients for a specific SSID, the maximum VPN sessions, etc. The available check boxes within this graph are determined by the SSIDs that AirWave is aware of from polling the device.

The Usage graph is enabled by default and, by default, shows the average bits-per-second in/out information and average VPN in/out information. Select the Show All link to view usage information for specific SSIDs. The available checkboxes within this graph are determined by the SSIDs that AirWave is aware of from polling the device.

The information in these graphs is color coded to match the selected check boxes.

Monitoring and Config Pie The Monitoring Status pie shows the percentage of total devices that are

up and the number and percentage of devices that are currently down. Clicking within this pie chart takes you to the APs/Devices > Down page.

The Configuration Compliance pie shows the percentage of devices that are mismatched, good, unknown, and those with auditing disabled. It also provides a summary of the total number of devices that are mismatched. Clicking within this pie chart takes you to the APs/Devices > Mismatch page.

These pie charts are enabled by default.

Alert Summary The Alert Summary table is enabled by default and provides the number

of AirWave alerts, IDS events, and RADIUS authentication issues over the last 2 hours, the last 24 hours, and the total since the last AirWaveserver reboot.

l Click on AMP Alerts to drill down to more detailed alert information.

This information displays in the current page. You can return to the Alert Summary graph by selecting the Home Overview link.

l Click on IDS Events to drill to more detailed event information. This link

takes you to the RAPIDS > IDS Events page.

l Click on RADIUS Authentication Issues to drill to more detailed

RADIUS authentication information. This information displays in the current page. You can return to the Alert Summary graph by selecting the Home Overview link.

Quick Links The Quick Links section is enabled by default. This section provides the

user with easy navigation to a specific folder, group, report, or common task.

RAPIDS: Acknowledged The Acknowledged RAPIDS Devices pie chart shows the percentage of

acknowledged and unacknowledged RAPIDS that the user has visibility into. The RAPIDS information appears from the moment a rogue is discovered until it is deleted. Ignored rogues, however, are not included in this chart.

This chart also displays on the RAPIDS > Overview page.

25 | Configuring AirWave AirWave 8.2.4 | User Guide

Table 2: Available Widgets (Continued)

Widget Description

RAPIDS: Classification Pie The RAPIDS: Classification Pie shows the percentage of devices

classified as Valid, Suspected Neighbor, Suspected Valid, Suspected Rogue, Rogue, and Neighbor that are attached to AirWave. The RAPIDS information appears from the moment a rogue is discovered until it is deleted. Ignored rogues, however, are not included in this chart.

This pie chart can also be viewed on the RAPIDS > Overview page.

RAPIDS: Classification Summary

IDS Events The IDS Events table shows the number and type of attacks logged by the

RAPIDS: OS Pie The RAPIDS: OS Pie chart shows the top 9 rogue devices by OS, Others,

RAPIDS: OS Summary The RAPIDS: OS Summary table shows the top 9 rogue devices by OS,

The RAPIDS: Classification Summary table shows the number of devices classified as Valid, Suspected Valid, Neighbor, Suspected Neighbor, Suspected Rogue, Rogue, and Unclassified that are attached to AirWave. In addition, contained rogue information will appear if Manage rogue AP containment is set to Yes on the RAPIDS > Setup page.

The RAPIDS information appears from the moment a rogue is discovered until it is deleted. Note that ignored rogues are not included in this chart.

This table can also be viewed on the RAPIDS > Overview page.

intrusion detection system over the last 2 hours, the last 24 hours, and the total since the last AirWave server reboot. This is the same table that displays on the RAPIDS > Overview page.

Unknown, and Not Scanned. The RAPIDS information appears from the moment a rogue is discovered until it is deleted. Note that ignored rogues are not included in this chart.

This pie chart can also be viewed on the RAPIDS > Overview page.

Others, Unknown, and Not Scanned. The RAPIDS information appears from the moment a rogue is discovered until it is deleted. Note that ignored rogues are not included in this chart.

This table can also be viewed on the RAPIDS > Overview page.

Top Folders By AP Usage This chart lists the folders and the number of APs in each folder whose

usage is greater than the cutoff (or usage threshold). The cutoff represents 75% of the maximum usage, where the maximum usage is the AP with the highest usage regardless of the folder in which it resides. The cutoff value is displayed within the title, and this value can vary. The chart takes into account approved APs with radios based on the last 24 hours. In addition, this chart is updated every hour.

AirWave 8.2.4 | User Guide Configuring AirWave | 26

Table 2: Available Widgets (Continued)

Widget Description

Top Folders By A Radio Channel Usage

Top Folders By BG Radio Channel Usage

Top Folders By A Radio Client Count

This chart shows the folders and the number of 802.11a radios (5GHz) in each folder whose channel usage is greater than the cutoff (or usage threshold) as measured by Mbps. This cutoff is on the on the AMP Setup > General page using the Configure Channel Busy Threshold option. If this option is not configured, then the cutoff is 75% of the ‘maximum,’ where the ‘maximum’ refers to the AP that has the highest usage regardless of the folder in which it resides. The cutoff value is displayed within the title, and this value can vary. This chart takes into account approved APs with ‘A’ radios based on the last 24 hours. In addition, this chart is updated every hour.

This chart shows the folders and the number of 802.11b/g radios (2.4GHz) in each folder whose channel usage is greater than the cutoff (or usage threshold) as measured by Mbps. This cutoff is on the on the AMP Setup > General page using the Configure Channel Busy Threshold option. If this option is not configured, then the cutoff is 75% of the ‘maximum,’ where the ‘maximum’ refers to the AP that has the highest usage regardless of the folder in which it resides. The cutoff value is displayed within the title, and this value can vary. This chart takes into account approved APs with ‘BG’ radios based on the last 24 hours. In addition, this chart is updated every hour.

This chart shows the folders and the number of 802.11a radios (5GHz) in each folder whose client count is greater than the cutoff. The cutoff represents 75% of the ‘maximum,’ where the ‘maximum’ is the radio that has the highest client count regardless of the folder. The cutoff value is displayed within the title and can vary. This chart takes into account approved APs with A radios based on the last 24 hours. In addition, this chart is updated every hour.

Top Folders By BG Radio Client Count

Top Clients By Total Traffic The widget looks at currently connected clients as well has client historical

Clients By AOS Device Type This pie chart shows the percentage of clients that have attached to

Clients By Device Type This pie chart shows the percentage of clients that have attached to

This chart shows the folders and the number of 802.11b/g radios (2.4GHz) in each folder whose client count is greater than the cutoff. The cutoff represents 75% of the ‘maximum,’ where the ‘maximum’ is the radio that has the highest client count regardless of the folder. The cutoff value is displayed within the title and can vary. This chart takes into account approved APs with BG radios based on the last 24 hours. In addition, this chart is updated every hour.

information over the past 24 hours and then displays the top 10 clients with the must usage. You can click on a MAC address to view more information about any of the clients that display on this table. This table is updated every hour.

AirWave over the last 24 hours based on the AOS device type.

AirWave over the last 24 hours based on the device type (such as a specific operating system or smart phone type).

27 | Configuring AirWave AirWave 8.2.4 | User Guide

Table 2: Available Widgets (Continued)

Widget Description

Clients By Device Mfgr This pie chart shows the percentage of clients that have attached to

AirWave over the last 24 hours based on the client manufacturer.

Clients By Device Model This pie chart shows the percentage of clients that have attached to

AirWave over the last 24 hours based on the device model (such as the smart phone type).

Clients By Mfgr & Model This pie chart shows the percentage of clients that have attached to

AirWave over the last 24 hours based on the client manufacturer and model.

Clients By Device OS This pie chart shows the percentage of clients that have attached to

AirWave over the last 24 hours based on the device operating system (such as Windows or Android).

Clients By Device OS Detail This pie chart shows the percentage of clients that have attached to

AirWave over the last 24 hours based on the device operating system version (such as Windows NT 6.1).

Clients By Network Vendor This pie chart shows the percentage of clients that have attached to

AirWave over the last 24 hours based on each device’s network interface vendor.

Client Signal Distribution The Client Signal Distribution chart shows the number of attached

devices that have a signal quality within a set of ranges.

Search Preferences

For each user, you can customize the search results to display only desired categories of matches on the Home > User Info page. Go to the Search Preferences section and select the desired search type from the Search Method drop down. This search type will be used when a user types an entry in the Search field and then clicks

Enter without selecting a specific search type.

l Use System Defaults: The Search Method will be based on the system-wide configuration setting. This method is

configured on the AMP Setup > General page.

l Active clients + historical clients (exact match) + all devices: Commonly referred to as Quick Search, this looks at all

active and historical clients and all devices. This search is not case-sensitive. The results of this search display in a pop up window rather than on the Home > Search page. This pop up window includes top-level navigation that allows you to filter the results based on Clients, APs, Controllers, and Switches.

l Active clients + all categories: This looks at all active clients (not historical) and all categories. This search is not case-

sensitive. This search returns results on partial matches for user names if that user name is included in either the beginning or the end of a user name string

l Active clients + all categories (exact match): This looks at all active clients (not historical) and all categories. This

search returns only matches that are exactly as typed (IP, user name, device name, etc). This search is case-sensitive for all searched fields.

l Active + historical clients + all categories: This looks at all active and historical clients and all categories. This search is

not case-sensitive.

AirWave 8.2.4 | User Guide Configuring AirWave | 28

l Active + historical clients + all categories (exact match): This looks at all active and historical clients and all categories.

This search returns only matches that are exactly as typed (IP, user name, device name, etc). This search is casesensitive for all searched fields.

Aconfirmation message does not appear after you make modifications to Search Preferences.

Figure 12: Home > User Info Search Preferences

How to Use Search

The Search field at the top of every AirWave page provides a simple way to find devices, clients, groups, and rogues. You can search for things like notes, versions, serial numbers, IP addresses (IPv4 or IPv6), and MAC addresses.

To find something using the Search field:

1. Click .

2. In the Search field, type a keyword or the first few letters and numbers. For example, Figure 13 shows the the search results for "00:".

3. Select one of the following search methods:

n Press Enter. You can change this default search method preference in the Home >User Info page.

n Click the down arrow and select a method from the list of search options.

n Click to see quick search results, showing connected clients, which might already be your default

search method.

Results include hypertext links to additional pages, and the Filter icon over some columns allows for additional filtering of search returns.

Figure 13: Home > Search Page Illustration with Sample Hits on 00: (partial view)

For information on how to customize your search results, see "Configuring Your User Information" on page 287.

29 | Configuring AirWave AirWave 8.2.4 | User Guide

Setting Severe Alert Warning Behavior

You can control the alert levels you can see on the Alerts top header stats link using the Severe Alert Threshold drop down menu located in the Top Header Stats section of the Home > User Info page. The Severe Alert Threshold determines the severity level that results in a Severe Alert. Specify either Normal, Warning, Minor, Major, or Critical as the severity alert threshold value. These threshold values are tied to

triggers that are created on the System > Triggers page. For example, if a trigger is defined to result in a Critical alert, and if the Severe Alert Threshold here is defined as Major, then the list of Severe Alerts will include all Major and Critical alerts. Similarly, if this value is set to Normal, which is the lowest threshold, then the list of Severe Alerts will include all alerts.

When a Severe Alert exists, a new component named Severe Alerts will appear at the right of the Status field in bold red font. This field is hidden if there are no Severe Alerts. In addition, only users who are enabled for viewing Severe Alerts on the Home > User Info page can see severe alerts.

Defining General AirWave Server Settings

This section describes all pages accessed from the AMP Setup tab. It also describes two pages in the Device Setup tab: the Communication and Upload Files pages. After required and optional configuration tasks in this

chapter are complete, continue to later chapters in this document to create and deploy device groups and device configuration and discovery on the network.

Refer to the following topics for configuration information:

l "AMP Setup > General" on page 30

l "Defining AirWave Network Settings" on page 44

l "AirWave User Roles" on page 48

l "Creating AirWave Users" on page 46

l "Configuring Login Message, TACACS+, RADIUS, and LDAP Authentication" on page 54

l "Enabling AirWave to Manage Your Devices" on page 63

l "Setting Up Device Types" on page 69

AMP Setup > General

The first step in configuring AirWave is to specify the general settings for the AirWave server . illustrates the AMP Setup > General page. Select Save when the General Server settings are complete and whenever making

subsequent changes. These settings are applied globally across the product (for all users).

Refer to the following sections for information about the available settings:

l "General Settings" on page 31

l "Automatic Authorization Settings" on page 31

l "Aruba Instant Settings" on page 32

l "Top Header Settings" on page 33

l "Search Method" on page 33

l "Home Overview Preferences" on page 34

l "Display Settings" on page 34

l "Device Configuration Settings" on page 35

l "AMP Features" on page 36

l "External Logging Settings" on page 36

l "Historical Data Retention Settings" on page 37

l "Firmware Upgrade Defaults" on page 39

AirWave 8.2.4 | User Guide Configuring AirWave | 30

+ 349 hidden pages