Cambium Networks XR630, XR620 User Manual

Wireless Access Point
User’s Guide

January 11, 2016

Release 7.6

Wireless Access Points

XR and XD Series

All rights reserved. This document may not be reproduced or

disclosed in whole or in part by any means without the written

consent of Xirrus, Inc.

Part Number: 800-0022-001

(Revision T)

Trademarks

is a registered trademark of Xirrus, Inc. All other trademarks and

brand names are marks of their respective holders.

Please see Legal Notices, Warnings, Compliance Statements, and Warranty and
License Agreements in “Notices (XR-1000 to XR-6000 Indoor Models)” on

page 561.

Xirrus, Inc.
2101 Corporate Center Drive
Thousand Oaks, CA 91320
USA

Tel: 1.805.262.1600

1.800.947.7871 Toll Free in the US

Fax: 1.866.462.3980

www.xirrus.com

Wireless Access Point

Table of Contents

List of Figures..................................................................................... xv

Introduction......................................................................................... 1

The Xirrus Family of Products ............................................................................... 1

Nomenclature .................................................................................................... 2

Why Choose the Xirrus Access Point? .................................................................. 3

Wireless Access Point Product Overview ............................................................ 4

XR Wireless AP Product Family ..................................................................... 5

XR-320 Wall Mounted 2-Radio Access Points ....................................... 5

XR-500 Series 2-Radio Access Points ...................................................... 6

XR-600 Series 2-Radio Access Points ...................................................... 7

XR-1000 Series 2-Radio Access Points .................................................... 8

XD4-130 4-Radio High Density Access Points ...................................... 9

XR-2006 Series 2- and 4-Radio High Density Access Points ............. 10

XR-2005 Series 2- and 4-Radio Access Points ...................................... 11

XR-4006 Series 4- to 8-Radio High Density Access Points ................. 12

XR-4000 Series 4- to 8-Radio High Density Access Points (not ending

in “6”) ................................................................................................. 13

XR-6000 Series 8- to 16-Radio High Density Access Points ............... 14

Enterprise Class Security ............................................................................... 14

Deployment Flexibility .................................................................................. 15

Power over Ethernet (POE) .................................................................... 16

Enterprise Class Management ...................................................................... 16

Key Features and Benefits ..................................................................................... 18

High Capacity and High Performance ........................................................ 18

Extended Coverage ......................................................................................... 18

Flexible Coverage Schemes .................................................................... 19

Non-Overlapping Channels .......................................................................... 20

SDMA Optimization ...................................................................................... 20

Fast Roaming ................................................................................................... 20

Ease of Deployment ........................................................................................ 20

Powerful Management ................................................................................... 20

Secure Wireless Access .................................................................................. 20

i

Wireless Access Point

Applications Enablement .............................................................................. 21

Advanced Feature Sets .......................................................................................... 21

Xirrus Advanced RF Performance Manager (RPM) .................................. 21

Xirrus Advanced RF Security Manager (RSM) .......................................... 22

Xirrus Advanced RF Analysis Manager (RAM) ......................................... 23

Xirrus Application Control ............................................................................ 24

About this User’s Guide ........................................................................................ 25

Organization .................................................................................................... 25

Notes and Cautions ........................................................................................ 27

Screen Images .................................................................................................. 27

Product Specifications ........................................................................................... 27

Installing the Wireless AP............................................................... 29

Installation Prerequisites ...................................................................................... 29

Optional Network Components ................................................................... 31

Client Requirements ....................................................................................... 31

Planning Your Installation .................................................................................... 32

General Deployment Considerations .......................................................... 32

Coverage and Capacity Planning ................................................................. 34

Placement .................................................................................................. 34

RF Patterns ................................................................................................ 35

Capacity and Cell Sizes ........................................................................... 36

Fine Tuning Cell Sizes ............................................................................. 37

Roaming Considerations ........................................................................ 39

Allocating Channels ................................................................................ 39

Other Factors Affecting Throughput .................................................... 41

About IEEE 802.11ac ....................................................................................... 42

Up to Eight Simultaneous Data Streams — Spatial Multiplexing ..... 44

MIMO (Multiple-In Multiple-Out) ........................................................ 44

MU-MIMO (Multi-User Multiple-In Multiple-Out) ........................... 45

Higher Precision in the Physical Layer ................................................ 47

80 MHz and 160 MHz Channel Widths (Bonding) ............................ 48

802.11ac Data Rates ................................................................................. 49

ACExpress™ ............................................................................................ 50

802.11ac Deployment Considerations .......................................................... 50

Failover Planning ............................................................................................ 52

Switch Failover Protection ..................................................................... 54

ii

Wireless Access Point

Power Planning ............................................................................................... 55

Power over Ethernet ................................................................................ 55

Security Planning ........................................................................................... 56

Wireless Encryption ................................................................................ 56

Authentication ......................................................................................... 56

Meeting PCI DSS Standards ................................................................... 57

Meeting FIPS Standards ......................................................................... 57

Port Requirements .......................................................................................... 58

Network Management Planning .................................................................. 62

WDS Planning ................................................................................................. 63

Common Deployment Options .................................................................... 66

Installation Workflow ........................................................................................... 67

Installing Your Wireless AP ................................................................................. 69

Choosing a Location ....................................................................................... 69

Wiring Considerations ............................................................................ 69

Mounting and Connecting the AP .............................................................. 72

Dismounting the AP ....................................................................................... 72

Powering Up the Wireless AP .............................................................................. 72

AP LED Operating Sequences ...................................................................... 73

LED Boot Sequence ................................................................................. 73

LED Operation when AP is Running ................................................... 74

Zero-Touch Provisioning and Ongoing Management .................................... 75

XMS-Cloud Next Generation (XMS-9500-CL-x) ................................. 75

XMS-Enterprise ........................................................................................ 75

If you are not using XMS ........................................................................ 76

AP Management Interfaces .................................................................................. 76

User Interfaces ................................................................................................. 76

Using the Serial Port ....................................................................................... 78

Using the Ethernet Ports to Access the AP ................................................. 78

Starting the WMI ............................................................................................. 79

Logging In ........................................................................................................ 79

Licensing ................................................................................................................. 80

Performing the Express Setup Procedure ........................................................... 80

Securing Low Level Access to the AP .......................................................... 81

The Web Management Interface................................................... 85

Managing APs Locally or Using XMS ................................................................ 85

iii

Wireless Access Point

An Overview .......................................................................................................... 86

Structure of the WMI ............................................................................................. 87

User Interface ......................................................................................................... 89

Logging In ............................................................................................................... 92

Applying Configuration Changes ....................................................................... 93

Character Restrictions .................................................................................... 93

Viewing Status on the Wireless AP................................................ 95

Access Point Status Windows .............................................................................. 96

Access Point Summary ................................................................................... 96

Content of the Access Point Summary Window ................................. 97

Access Point Information ............................................................................. 102

Access Point Configuration ......................................................................... 103

Admin History .............................................................................................. 104

Network Status Windows ................................................................................... 104

Network ......................................................................................................... 105

Network Map ................................................................................................ 106

Content of the Network Map Window .............................................. 106

Spanning Tree Status .................................................................................... 109

Routing Table ................................................................................................ 110

ARP Table ...................................................................................................... 110

DHCP Leases ................................................................................................. 111

Connection Tracking/NAT ......................................................................... 111

CDP List ......................................................................................................... 112

LLDP List ....................................................................................................... 113

Network Assurance ...................................................................................... 113

Undefined VLANs ........................................................................................ 114

RF Monitor Windows .......................................................................................... 115

IAP Monitoring ............................................................................................. 116

Spectrum Analyzer .................................................................................... 117

Rogues ........................................................................................................... 120

Channel History ............................................................................................ 122

Radio Assurance ........................................................................................... 124

Station Status Windows ...................................................................................... 126

Stations ........................................................................................................... 127

Location Map ................................................................................................. 129

RSSI ................................................................................................................. 132

iv

Wireless Access Point

Signal-to-Noise Ratio (SNR) ........................................................................ 134

Noise Floor ..................................................................................................... 135

Max by IAP .................................................................................................... 137

Station Assurance ......................................................................................... 138

Statistics Windows ............................................................................................... 139

IAP Statistics Summary ................................................................................ 139

Per-IAP Statistics ........................................................................................... 140

Network Statistics ......................................................................................... 142

VLAN Statistics ............................................................................................. 143

WDS Statistics ................................................................................................ 144

IDS Statistics .................................................................................................. 145

Filter Statistics ............................................................................................... 147

Station Statistics ............................................................................................ 147

Per-Station Statistics ..................................................................................... 149

Application Control Windows ........................................................................... 150

About Application Control ......................................................................... 150

Application Control ...................................................................................... 152

Stations (Application Control) .................................................................... 156

System Log Window ........................................................................................... 157

IDS Event Log Window ...................................................................................... 158

Configuring the Wireless AP........................................................ 161

Express Setup ........................................................................................................ 163

Network ................................................................................................................. 169

Interfaces ....................................................................................................... 170

Network Interface Ports ........................................................................ 171

Bonds and Bridging ...................................................................................... 173

DNS Settings .................................................................................................. 180

Cisco Discovery Protocol (CDP) Settings .................................................. 181

LLDP Settings ................................................................................................ 182

Services .................................................................................................................. 185

Time Settings (NTP) ..................................................................................... 186

NetFlow .......................................................................................................... 189

Wi-Fi Tag ....................................................................................................... 190

Location .......................................................................................................... 191

System Log ..................................................................................................... 193

About Using Splunk for Xirrus APs ................................................... 196

v

Wireless Access Point

SNMP .............................................................................................................. 197

DHCP Server ................................................................................................. 200

Proxy Services ............................................................................................... 202

About Proxy Forwarding ..................................................................... 203

Proxy Forwarding for HTTPS .............................................................. 204

Summary of Proxy Forwarding Behavior on the AP ....................... 205

About Using a Proxy Client for Management Traffic ...................... 210

VLANs ................................................................................................................... 213

Understanding Virtual Tunnels .......................................................... 214

VLAN Pools ............................................................................................ 215

VLAN Management ..................................................................................... 216

Tunnels .................................................................................................................. 220

About Xirrus Tunnels ........................................................................... 220

Tunnel Management .................................................................................... 221

SSID Assignments ......................................................................................... 223

VLAN Assignments ...................................................................................... 224

Security .................................................................................................................. 225

Understanding Security ........................................................................ 226

Certificates and Connecting Securely to the WMI ............................ 229

Using the AP’s Default Certificate ...................................................... 230

Using an External Certificate Authority ............................................. 231

Admin Management .................................................................................... 231

Admin Privileges .......................................................................................... 233

Admin RADIUS ............................................................................................ 235

About Creating Admin Accounts on the RADIUS Server ............. 235

Management Control ................................................................................... 238

Access Control List ....................................................................................... 248

Global Settings .............................................................................................. 250

External Radius ............................................................................................. 254

About Creating User Accounts on the RADIUS Server .................. 255

Internal Radius .............................................................................................. 258

Active Directory ............................................................................................ 260

Rogue Control List ........................................................................................ 264

OAuth 2.0 Management ............................................................................... 265

SSIDs ...................................................................................................................... 268

Understanding SSIDs ............................................................................ 269

Understanding QoS Priority on the Wireless AP ............................. 271

vi

Wireless Access Point

High Density 2.4G Enhancement—Honeypot SSID ......................... 275

SSID Management ........................................................................................ 277

SSID List (top of page) .......................................................................... 278

SSID Limits and Scheduling ................................................................ 284

Web Page Redirect (Captive Portal) Configuration ........................ 287

Whitelist Configuration for Web Page Redirect .............................. 293

Web Page Redirect for Purple WiFi Venues ..................................... 294

WPA Configuration .............................................................................. 297

Authentication Service Configuration ............................................... 297

Active IAPs .................................................................................................... 298

Per-SSID Access Control List ...................................................................... 299

Honeypots ...................................................................................................... 300

Personal Wi-Fi ............................................................................................... 302

Groups ................................................................................................................... 304

Understanding Groups ......................................................................... 304

Using Groups ......................................................................................... 305

Group Management ..................................................................................... 306

Group Limits .......................................................................................... 309

IAPs ........................................................................................................................ 311

Understanding Fast Roaming .............................................................. 312

IAP Settings ................................................................................................... 313

Global Settings ............................................................................................. 319

Beacon Configuration ........................................................................... 321

Station Management ............................................................................. 322

Advanced Traffic Optimization .......................................................... 324

Global Settings .11an .................................................................................... 335

Global Settings .11bgn .................................................................................. 341

Global Settings .11n ...................................................................................... 347

Global Settings .11ac ..................................................................................... 350

Global Settings .11u ...................................................................................... 352

Understanding 802.11u ......................................................................... 352

Advanced RF Settings .................................................................................. 358

About Standby Mode ............................................................................ 358

RF Monitor .............................................................................................. 359

RF Resilience .......................................................................................... 360

RF Power and Sensitivity ..................................................................... 361

RF Spectrum Management ................................................................... 362

vii

Wireless Access Point

Station Assurance .................................................................................. 365

Hotspot 2.0 ..................................................................................................... 367

Understanding Hotspot 2.0 .................................................................. 367

NAI Realms .................................................................................................... 370

Understanding NAI Realm Authentication ....................................... 370

NAI EAP ......................................................................................................... 371

Intrusion Detection ....................................................................................... 373

DoS Attacks ............................................................................................ 374

Impersonation Attacks .......................................................................... 375

About Blocking Rogue APs .................................................................. 376

RF Intrusion Detection and Auto Block Mode .................................. 377

DoS Attack Detection Settings ............................................................. 379

Impersonation Detection Settings ....................................................... 379

LED Settings .................................................................................................. 380

DSCP Mappings ............................................................................................ 381

Roaming Assist .............................................................................................. 382

WDS ....................................................................................................................... 385

About Configuring WDS Links .................................................................. 385

Long Distance Links ..................................................................................... 387

WDS Client Links ......................................................................................... 387

Filters ..................................................................................................................... 391

Filter Lists ...................................................................................................... 392

Filter Management ....................................................................................... 395

Clusters .................................................................................................................. 401

Cluster Management ................................................................................... 401

Mobile .................................................................................................................... 406

AirWatch ........................................................................................................ 406

User Procedure for Wireless Access ................................................... 408

Using Tools on the Wireless AP................................................... 411

System Tools ......................................................................................................... 412

About Licensing and Upgrades ........................................................... 412

System ..................................................................................................... 414

Remote Boot Services ............................................................................ 416

Configuration Management ................................................................. 417

Diagnostics ............................................................................................. 421

Application Control Signature File Management ............................. 422

viii

Wireless Access Point

Web Page Redirect (Captive Portal) ................................................... 423

Network Tools ........................................................................................ 424

Progress Bar and Status Frame ............................................................ 426

CLI ......................................................................................................................... 426

API Documentation ............................................................................................. 428

Status/Settings ....................................................................................... 429

GET Requests ......................................................................................... 429

Trying a GET Request ........................................................................... 430

API Documentation Toolbar ................................................................ 432

Options .................................................................................................................. 433

Logout .................................................................................................................... 434

The Command Line Interface...................................................... 435

Establishing a Secure Shell (SSH) Connection ................................................. 435

Getting Started with the CLI .............................................................................. 437

Entering Commands .................................................................................... 437

Getting Help .................................................................................................. 437

Top Level Commands ......................................................................................... 440

Root Command Prompt ............................................................................... 440

configure Commands ................................................................................... 441

show Commands .......................................................................................... 445

statistics Commands ..................................................................................... 450

Configuration Commands .................................................................................. 452

acl .................................................................................................................... 452

admin .............................................................................................................. 453

auth ................................................................................................................. 454

cdp ................................................................................................................... 454

clear ................................................................................................................. 456

cluster ............................................................................................................. 458

contact-info .................................................................................................... 459

date-time ........................................................................................................ 460

dhcp-server .................................................................................................... 461

dns ................................................................................................................... 462

file .................................................................................................................... 463

filter ................................................................................................................. 467

Air Cleaner ............................................................................................. 468

group .............................................................................................................. 471

ix

Wireless Access Point

hostname ........................................................................................................ 471

interface .......................................................................................................... 472

load ................................................................................................................. 473

location ........................................................................................................... 473

location-reporting ......................................................................................... 474

management .................................................................................................. 475

mdm ................................................................................................................ 477

more ................................................................................................................ 478

netflow ............................................................................................................ 479

no ..................................................................................................................... 480

quick-config ................................................................................................... 481

quit .................................................................................................................. 482

authentication-server ................................................................................... 482

reboot .............................................................................................................. 484

reset ................................................................................................................. 484

restore ............................................................................................................. 485

roaming-assist ............................................................................................... 486

run-tests .......................................................................................................... 487

security ........................................................................................................... 489

snmp ............................................................................................................... 490

ssid .................................................................................................................. 491

syslog .............................................................................................................. 492

tunnel .............................................................................................................. 493

uptime ............................................................................................................. 494

vlan .................................................................................................................. 494

wifi-tag ........................................................................................................... 495

Sample Configuration Tasks .............................................................................. 497

Configuring a Simple Open Global SSID .................................................. 498

Configuring a Global SSID using WPA-PEAP ......................................... 499

Configuring an SSID-Specific SSID using WPA-PEAP ........................... 500

Enabling Global IAPs ................................................................................... 501

Disabling Global IAPs .................................................................................. 502

Enabling a Specific IAP ................................................................................ 503

Disabling a Specific IAP ............................................................................... 504

Setting Cell Size Auto-Configuration for All IAPs .................................. 505

Setting the Cell Size for All IAPs ................................................................ 506

Setting the Cell Size for a Specific IAP ....................................................... 507

x

Wireless Access Point

Configuring VLANs on an Open SSID ...................................................... 508

Configuring Radio Assurance Mode (Loopback Tests) .......................... 509

Appendices..................................................................................... 511

Appendix A: Quick Reference Guide ........................................... 513

Factory Default Settings ...................................................................................... 513

Host Name ..................................................................................................... 513

Network Interfaces ....................................................................................... 513

Serial ........................................................................................................ 513

Gigabit 1 and Gigabit 2 ......................................................................... 514

Server Settings ............................................................................................... 514

NTP .......................................................................................................... 514

Syslog ...................................................................................................... 514

SNMP ...................................................................................................... 515

DHCP .............................................................................................................. 515

Default SSID .................................................................................................. 516

Security .......................................................................................................... 516

Global Settings - Encryption ............................................................... 516

External RADIUS (Global) .................................................................. 517

Internal RADIUS .................................................................................... 518

Administrator Account and Password ...................................................... 518

Management .................................................................................................. 518

Keyboard Shortcuts ............................................................................................. 519

Appendix B: FAQ and Special Topics ..........................................521

General Hints and Tips ....................................................................................... 521

Frequently Asked Questions .............................................................................. 522

Multiple SSIDs ............................................................................................... 522

Security ........................................................................................................... 524

VLAN Support .............................................................................................. 527

AP Monitor and Radio Assurance Capabilities ............................................... 529

Enabling Monitoring on the AP .......................................................... 529

How Monitoring Works ............................................................................... 529

Radio Assurance ........................................................................................... 530

Radio Assurance Options ..................................................................... 531

RADIUS Vendor Specific Attribute (VSA) for Xirrus ..................................... 532

Location Service Data Formats .......................................................................... 533

xi

Wireless Access Point

Euclid Location Server ................................................................................. 533

Non-Euclid Location Server ........................................................................ 533

Upgrading the AP Using the Boot Loader ....................................................... 537

Sample Output for the Upgrade Procedure: ............................................. 539

Appendix C: Notices (XD and XR500/600 Series Only) ..........543

Notices ................................................................................................................... 543

EU Directive 1999/5/EC Compliance Information ........................................ 549

Compliance Information (Non-EU) ................................................................... 556

Safety Warnings ................................................................................................... 557

Translated Safety Warnings ............................................................................... 558

Software License and Product Warranty Agreement ..................................... 559

Hardware Warranty Agreement ....................................................................... 559

Appendix D: Notices (XR-1000 to XR-6000 Indoor Models) ...561

Notices ................................................................................................................... 561

EU Directive 1999/5/EC Compliance Information ........................................ 566

Compliance Information (Non-EU) ................................................................... 573

Safety Warnings ................................................................................................... 575

Translated Safety Warnings ............................................................................... 576

Software License and Product Warranty Agreement ..................................... 578

Hardware Warranty Agreement ....................................................................... 578

Appendix E: Medical Usage Notices ...........................................579

Appendix F: Auditing PCI DSS ....................................................585

Payment Card Industry Data Security Standard Overview .......................... 585

PCI DSS and Wireless .......................................................................................... 586

The Xirrus AP PCI Compliance Configuration ............................................... 587

The pci-audit Command ..................................................................................... 588

Additional Resources .......................................................................................... 589

Appendix G: Implementing FIPS Security ..................................591

Securing the AP Physically ................................................................................. 591

Operator Required Actions .................................................................. 591

Applying Tamper Evident Seals ......................................................... 592

To implement FIPS 140-2, Level 2 using WMI ................................................. 593

To implement FIPS 140-2, Level 2 using CLI: .................................................. 596

To check if AP is in FIPS mode: ......................................................................... 596

xii

Wireless Access Point

About FIPS Configuration .................................................................................. 597

Glossary of Terms.......................................................................... 599

Index................................................................................................ 611

xiii

Wireless Access Point

xiv

Wireless Access Point

List of Figures

Figure 1. Xirrus AP ..................................................................................................... 1

Figure 2. Wireless AP (XR Series) ............................................................................ 4

Figure 3. Wireless Coverage Patterns .................................................................... 15

Figure 4. XP8 - Power over Ethernet Usage .......................................................... 16

Figure 5. WMI: AP Status......................................................................................... 17

Figure 6. Layout of IAPs (XR-7630)........................................................................ 18

Figure 7. Coverage Schemes (XR-7230 shown)..................................................... 19

Figure 8. Wall Thickness Considerations .............................................................. 33

Figure 9. Unit Placement.......................................................................................... 34

Figure 10. Full (Normal) Coverage........................................................................... 35

Figure 11. Adjusting RF Patterns.............................................................................. 35

Figure 12. Custom Coverage ..................................................................................... 36

Figure 13. Connection Rate vs. Distance.................................................................. 36

Figure 14. Transmit Power......................................................................................... 37

Figure 15. Auto Cell Size Options............................................................................. 38

Figure 16. Overlapping Cells..................................................................................... 39

Figure 17. Allocating Channels Manually............................................................... 40

Figure 18. Spatial Multiplexing................................................................................. 44

Figure 19. MIMO Signal Processing......................................................................... 45

Figure 20. MU-MIMO with Four Antennas ............................................................ 46

Figure 21. Physical Layer Data Encoding................................................................ 47

Figure 22. Channel Bonding (Channels 36-64 shown)........................................... 49

Figure 23. Maximum 802.11ac Data Rates............................................................... 49

Figure 24. Port Failover Protection........................................................................... 52

Figure 25. Switch Failover Protection ..................................................................... 54

Figure 26. Port Requirements for XMS .................................................................... 58

Figure 27. WDS Link................................................................................................... 63

Figure 28. A Multiple Hop WDS Connection ......................................................... 64

Figure 29. WDS Failover Protection ......................................................................... 64

Figure 30. Installation Workflow .............................................................................. 67

Figure 31. AP Placement ............................................................................................ 69

Figure 32. LED Locations........................................................................................... 72

Figure 33. Network Interface Ports—XR-520 (left); XR-1000 Series (right) ........ 76

Figure 34. Network Interface Ports—XR-600 Series ............................................. 77

List of Figures xv

Wireless Access Point

Figure 35. Network Interfaces—XR-2000 Series (left); XR-2005/2006 (right) .... 77

Figure 36. Network Interface Ports—XR-4000 Series ............................................ 77

Figure 37. Network Interface Ports—XR-6000 Series ............................................ 77

Figure 38. Web Management Interface .................................................................... 86

Figure 39. WMI: Frames............................................................................................. 89

Figure 40. WMI Header.............................................................................................. 90

Figure 41. WMI Command Log ................................................................................ 91

Figure 42. WMI: Utility Buttons................................................................................ 91

Figure 43. Logging In to the Wireless AP................................................................ 92

Figure 44. AP Summary ............................................................................................. 96

Figure 45. Disabled IAP (Partial View).................................................................... 99

Figure 46. IAP Cells .................................................................................................... 99

Figure 47. Network Assurance and Operating Status......................................... 100

Figure 48. AP Information ....................................................................................... 102

Figure 49. Show Configuration ............................................................................... 103

Figure 50. Admin Login History............................................................................. 104

Figure 51. Network Settings .................................................................................... 105

Figure 52. Network Map.......................................................................................... 106

Figure 53. Spanning Tree Status.............................................................................. 109

Figure 54. Routing Table.......................................................................................... 110

Figure 55. ARP Table ................................................................................................ 110

Figure 56. DHCP Leases........................................................................................... 111

Figure 57. Connection Tracking.............................................................................. 111

Figure 58. CDP List ................................................................................................... 112

Figure 59. LLDP List................................................................................................. 113

Figure 60. Network Assurance................................................................................ 113

Figure 61. Undefined VLANs.................................................................................. 114

Figure 62. RF Monitor — IAPs ................................................................................. 116

Figure 63. RF Monitor — IAPs ................................................................................. 116

Figure 64. RF Spectrum Analyzer........................................................................... 118

Figure 65. Intrusion Detection/Rogue AP List..................................................... 120

Figure 66. RF Monitor — Channel History............................................................. 122

Figure 67. RF Monitor — Channel History (Rotated) ........................................... 123

Figure 68. RF Monitor — Channel History (Text) ................................................. 123

Figure 69. Radio Assurance..................................................................................... 124

Figure 70. Stations..................................................................................................... 127

Figure 71. Location Map........................................................................................... 129

xvi List of Figures

Wireless Access Point

Figure 72. Controls for Location Map .................................................................... 130

Figure 73. Station RSSI Values ................................................................................ 132

Figure 74. Station RSSI Values — Colorized Graphical View ............................. 133

Figure 75. Station Signal-to-Noise Ratio Values................................................... 134

Figure 76. Station SNR Values — Colorized Graphical View.............................. 134

Figure 77. Station Noise Floor Values.................................................................... 135

Figure 78. Station Noise Floor Values — Colorized Graphical View................. 136

Figure 79. Max by IAP.............................................................................................. 137

Figure 80. Station Assurance ................................................................................... 138

Figure 81. IAP Statistics Summary Page................................................................ 139

Figure 82. Individual IAP Statistics Page .............................................................. 141

Figure 83. Network Statistics................................................................................... 142

Figure 84. VLAN Statistics....................................................................................... 143

Figure 85. WDS Statistics ......................................................................................... 144

Figure 86. IDS Statistics Page .................................................................................. 145

Figure 87. Filtered IDS Statistics ............................................................................. 146

Figure 88. Filter Statistics ......................................................................................... 147

Figure 89. Station Statistics ...................................................................................... 147

Figure 90. Individual Station Statistics Page......................................................... 149

Figure 91. Application Control ............................................................................... 152

Figure 92. Application Control (Pie Charts).......................................................... 154

Figure 93. Application Control (Station Traffic)................................................... 155

Figure 94. Stations (Application Control).............................................................. 156

Figure 95. System Log (Alert Level Highlighted) ................................................ 157

Figure 96. IDS Event Log ......................................................................................... 158

Figure 97. WMI: Express Setup............................................................................... 163

Figure 98. LEDs are Switched On........................................................................... 168

Figure 99. Network Interfaces................................................................................. 169

Figure 100. Network Settings .................................................................................... 170

Figure 101. Network Bonds and Bridging............................................................... 173

Figure 102. Bridging Traffic....................................................................................... 174

Figure 103. Port Modes (a, b)..................................................................................... 176

Figure 104. Port Modes (c, d)..................................................................................... 177

Figure 105. Mirroring Traffic..................................................................................... 179

Figure 106. DNS Settings............................................................................................ 180

Figure 107. CDP Settings............................................................................................ 181

Figure 108. LLDP Settings ......................................................................................... 182

List of Figures xvii

Wireless Access Point

Figure 109. Services..................................................................................................... 185

Figure 110. Time Settings (Manual Time)................................................................ 186

Figure 111. Time Settings (NTP Time Enabled)...................................................... 187

Figure 112. NetFlow.................................................................................................... 189

Figure 113. Wi-Fi Tag.................................................................................................. 190

Figure 114. Location.................................................................................................... 191

Figure 115. System Log .............................................................................................. 193

Figure 116. SNMP ....................................................................................................... 197

Figure 117. DHCP Management............................................................................... 200

Figure 118. Proxy Forwarding Example.................................................................. 203

Figure 119. Set up a Proxy Server on each Client (Windows) .............................. 206

Figure 120. Specify Proxy Servers (Windows)........................................................ 207

Figure 121. Set up a Proxy Server on each Client (Apple) .................................... 208

Figure 122. Specify Proxy Servers (Apple).............................................................. 209

Figure 123. Proxy Forwarding................................................................................... 210

Figure 124. Proxy Client for Management Traffic.................................................. 211

Figure 125. VLANs...................................................................................................... 213

Figure 126. VLAN Management............................................................................... 216

Figure 127. Tunnel Summary.................................................................................... 220

Figure 128. Tunnel Management .............................................................................. 221

Figure 129. Tunnel SSID Assignments..................................................................... 223

Figure 130. Tunnel VLAN Assignments.................................................................. 224

Figure 131. Security..................................................................................................... 225

Figure 132. Import Xirrus Certificate Authority..................................................... 230

Figure 133. Admin Management .............................................................................. 231

Figure 134. Admin Privileges.................................................................................... 233

Figure 135. Admin RADIUS...................................................................................... 236

Figure 136. Management Control ............................................................................. 238

Figure 137. Pre-login Banner ..................................................................................... 239

Figure 138. Management Transports........................................................................ 240

Figure 139. Management Modes............................................................................... 242

Figure 140. HTTPS (X.509) Certificate...................................................................... 245

Figure 141. External Certificate Authority .............................................................. 246

Figure 142. Access Control List................................................................................. 248

Figure 143. Global Settings (Security) ...................................................................... 250

Figure 144. External RADIUS Server ....................................................................... 254

Figure 145. Internal RADIUS Server ........................................................................ 258

xviii List of Figures

Wireless Access Point

Figure 146. Active Directory Server ......................................................................... 261

Figure 147. Finding the Domain Name from Active Directory............................ 262

Figure 148. Rogue Control List ................................................................................. 264

Figure 149. OAuth 2.0 Management - Token List .................................................. 266

Figure 150. SSIDs......................................................................................................... 268

Figure 151. Four Traffic Classes................................................................................ 271

Figure 152. Priority Level—IEEE 802.1p (Layer 2)................................................. 272

Figure 153. Priority Level—DSCP (DiffServ - Layer 3) ......................................... 272

Figure 154. SSID Management.................................................................................. 277

Figure 155. SSID Management—Encryption, Authentication, Accounting ...... 281

Figure 156. WPR Internal Splash Page Fields (SSID Management)..................... 287

Figure 157. Customizing an Internal Login or Splash Page.................................. 292

Figure 158. Whitelist Configuration for WPR......................................................... 293

Figure 159. Purple WiFi Guest Access ..................................................................... 294

Figure 160. Setting Active IAPs per SSID ................................................................ 298

Figure 161. Per-SSID Access Control List................................................................ 299

Figure 162. Honeypot Whitelist ................................................................................ 301

Figure 163. Personal Wi-Fi......................................................................................... 302

Figure 164. Groups...................................................................................................... 304

Figure 165. Group Management ............................................................................... 306

Figure 166. IAPs........................................................................................................... 311

Figure 167. Source of Channel Setting ..................................................................... 311

Figure 168. IAP Settings ............................................................................................. 313

Figure 169. Global Settings (IAPs)............................................................................ 319

Figure 170. Multicast Processing .............................................................................. 324

Figure 171. Additional Optimization Settings........................................................ 330

Figure 172. Global Settings .11an.............................................................................. 335

Figure 173. Global Settings .11bgn ........................................................................... 341

Figure 174. Global Settings .11n................................................................................ 347

Figure 175. Global Settings .11ac .............................................................................. 350

Figure 176. 802.11u Global Settings.......................................................................... 353

Figure 177. Advanced RF Settings............................................................................ 358

Figure 178. Station Assurance (Advanced RF Settings) ........................................ 366

Figure 179. Hotspot 2.0 Settings................................................................................ 369

Figure 180. NAI Realms ............................................................................................. 370

Figure 181. NAI EAP .................................................................................................. 371

Figure 182. Intrusion Detection Settings.................................................................. 373

List of Figures xix

Wireless Access Point

Figure 183. LED Settings............................................................................................ 380

Figure 184. DSCP Mappings...................................................................................... 381

Figure 185. Roaming Assist ....................................................................................... 383

Figure 186. WDS.......................................................................................................... 385

Figure 187. Configuring a WDS Link....................................................................... 386

Figure 188. WDS Client Links ................................................................................... 387

Figure 189. Filters........................................................................................................ 391

Figure 190. Filter Lists ................................................................................................ 392

Figure 191. Filter Management ................................................................................. 395

Figure 192. Filter Category or Application.............................................................. 399

Figure 193. Clusters .................................................................................................... 401

Figure 194. Cluster Management.............................................................................. 402

Figure 195. Viewing Statistics in Cluster Mode...................................................... 404

Figure 196. AirWatch Settings................................................................................... 406

Figure 197. System Tools............................................................................................ 412

Figure 198. Remote Boot Services............................................................................. 416

Figure 199. Configuration Management.................................................................. 417

Figure 200. Saving the Diagnostic Log..................................................................... 421

Figure 201. Managing Application Control Signature files .................................. 422

Figure 202. Managing WPR Splash/Login page files............................................ 423

Figure 203. System Command (Ping)....................................................................... 424

Figure 204. Radius Ping Output................................................................................ 425

Figure 205. CLI Window............................................................................................ 426

Figure 206. API Documentation................................................................................ 428

Figure 207. API — GET Request Details ................................................................. 429

Figure 208. API — GET Request Response ............................................................. 431

Figure 209. API Documentation Toolbar................................................................. 432

Figure 210. WMI Display Options............................................................................ 433

Figure 211. Login Window ........................................................................................ 434

Figure 212. Logging In................................................................................................ 436

Figure 213. Help Window.......................................................................................... 438

Figure 214. Full Help .................................................................................................. 438

Figure 215. Partial Help.............................................................................................. 439

Figure 216. Air Cleaner Filter Rules ......................................................................... 469

Figure 217. Configuring a Simple Open Global SSID............................................ 498

Figure 218. Configuring a Global SSID using WPA-PEAP................................... 499

Figure 219. Configuring an SSID-Specific SSID using WPA-PEAP..................... 500

xx List of Figures

Wireless Access Point

Figure 220. Enabling Global IAPs............................................................................. 501

Figure 221. Disabling Global IAPs............................................................................ 502

Figure 222. Enabling a Specific IAP.......................................................................... 503

Figure 223. Disabling a Specific IAP......................................................................... 504

Figure 224. Setting Cell Size Auto-Configuration for All IAPs............................ 505

Figure 225. Setting the Cell Size for All IAPs.......................................................... 506

Figure 226. Setting the Cell Size for a Specific IAP ................................................ 507

Figure 227. Configuring VLANs on an Open SSID................................................ 508

Figure 228. Configuring Radio Assurance Mode (Loopback Testing)................ 510

Figure 229. Sample output of pci-audit command................................................. 589

Figure 230. Tamper Evident Seal Application for Indoor Enclosure .................. 592

Figure 231. Tamper Evident Seal Application Close-up ....................................... 593

Figure 232. AP Information ....................................................................................... 594

Figure 233. Security - Management Control Window.......................................... 595

List of Figures xxi

Wireless Access Point

xxii List of Figures

Wireless Access Point

z

z

z

z

z

z

z

Introduction

This chapter introduces the Xirrus Family of Products, with an overview of its key
features and benefits.

“The Xirrus Family of Products” on page 1.
“Why Choose the Xirrus Access Point?” on page 3.

“Wireless Access Point Product Overview” on page 4.
“Key Features and Benefits” on page 18.

The Xirrus Family of Products

“Advanced Feature Sets” on page 21.

“About this User’s Guide” on page 25.

Figure 1. Xirrus AP

The Xirrus family of products includes the following:

Xirrus High Density Wireless Access Points

Xirrus APs are designed to provide distributed intelligence, integrated
switching capacity, application-level intelligence, increased bandwidth,
and smaller size. The radios support IEEE802.11 ac, a, b, g, and n clients,
and feature the capacity and performance needed to replace switched

Introduction 1

Ethernet to the desktop. Modular radios allow you to increase the
number of radios, upgrade to more powerful radios, or even upgrade
later to future technologies like 802.11ac and 802.11ad as they are
introduced.

Wireless Access Point

z

z

Xirrus Management System (XMS)

XMS is used for managing large wireless deployments from a centralized
Web-based interface. Xirrus offers XMS-Cloud—a software as a service
option for XMS, providing zero-touch provisioning and initial startup for
new AP deployments. XMS is capable of managing large numbers of APs,
including automated software and firmware upgrades for the network.

Another option is XMS, hosted on your own server. It manages all aspects
of your Xirrus wireless network. For customers using the XMS-9000-CL-x
Cloud-hosted version, all AP management is performed via the cloud.
For detailed information, refer to the XMS User’s Guide.

Xirrus-supplied Power over Ethernet (POE) Injectors and POE+
Switches

Xirrus offers 24- and 48-port enterprise-class L2+ gigabit managed access
switches with IEEE802.3at PoE+, four 1G/10G SFP+ ports, and stacking.
One-, two-, and eight-port POE injectors are also available for a range of
AP power requirements.

Nomenclature

Throughout this User’s Guide, Xirrus Wireless Access Points are referred to as
simply APs or APs. In some instances, the terms product and unit are also used.
When discussing specific products from the Xirrus family, the product name is
used (for example, XR-4830). The Wireless AP’s operating system is referred to as
the ArrayOS (AOS). The Web Management Interface for browser-based
management of the AP is referred to as WMI.

APs have very flexible radio capabilities — each of the radios may be
independently configured to support IEEE802.11a, 11b, 11g, or 11n clients or a
combination of client types. On APs featuring 802.11ac, this option is also
included. One radio may be assigned as the RF monitor radio, supporting
intrusion detection and prevention, self-monitoring, and other services. Radios
support both 2.4GHz and 5 GHz, and are named iap1, iap2, ... iapn.

The Xirrus Management System is referred to as XMS. The Power over Ethernet
system may be referred to as POE.

2 Introduction

Wireless Access Point

z

z

z

z

z

Why Choose the Xirrus Access Point?

The deployment of wireless is a necessity as businesses strive for greater
flexibility in the workplace and the need for employee mobility rises. The user
community is placing spiraling and often unanticipated demands on the wireless
network, with the rapid proliferation of devices such as iPads and wireless
enabled phones. Xirrus High Density APs have the capability to support the large
number of user devices present in today’s environments, with superior range and
coverage.

Wireless has come a long way in the past few years and now offers the
performance, reliability and security that Enterprise customers have come to
expect from their networks. The technology is being driven by these major IEEE
standards:

802.11ac

Operates in the 5 GHz range, using a number of advanced techniques to
achieve a maximum speed of 1.3 Gbps. These techniques include
improvements on the methods used for 802.11n, below.

802.11n

Uses multiple antennas per radio to boost transmission speed as high as
450Mbps, increasing throughput, range, and maximum number of users.

802.11n is backwards compatible with 802.11a/b/g.

802.11a

Operates in the 5 GHz range with a maximum speed of 54 Mbps.

802.11b

Operates in the 2.4 GHz range with a maximum speed of 11 Mbps.

802.11g

Supports a higher transmission speed of 54 Mbps in the 2.4 GHz range
and is backwards compatible with 802.11b.

Whether you have just a few users or many users, the Xirrus AP has the
scalability and flexibility to serve your needs.

Introduction 3

Wireless Access Point

See Also

Key Features and Benefits
Wireless Access Point Product Overview
The Xirrus Family of Products

Wireless Access Point Product Overview

The Wireless AP is a high capacity, multi-mode device designed with up to four
times the coverage and eight times the bandwidth and user density compared
with legacy thin access point wireless products. Its distributed intelligence
eliminates the use of separate controllers and their accompanying bottlenecks.
Each radio, with its directional high-gain antennas, can achieve up to 1.3 Gbps
throughput.

Figure 2. Wireless AP (XR Series)

The Wireless AP (regardless of the product model) is Wi-Fi® compliant and
simultaneously supports 802.11ac (on .11ac models), 802.11a, 802.11b, 802.11g, and

802.11n clients. The multi-state design allows you to assign radios to 2.4 GHz and
5 GHz bands (or both) in any desired arrangement. Integrated switching and
active enterprise class features such as VLAN support and multiple SSID
capability enable robust network compatibility and a high level of scalability and
system control. The Xirrus Management System (XMS) allows global
management of hundreds of APs from a central location.

Multiple versions of the AP with different numbers of IAPs support a variety of
deployment applications.

4 Introduction