Page 1
Dell PowerConnect W
AirWave 7.2
User Guide
Page 2
Copyright
© 2011 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks
®
registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System
, Mobile Edge Architecture®, People Move. Networks
®
, Aruba Wireless Networks®, the
Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners. Dell™, the Dell™
logo, and PowerConnect™ are trademarks of Dell Inc.
Open Source Code
Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General
Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used can be found at
this site:
www.arubanetworks.com/open_source
Legal Notice
The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client
devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc.
from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors.
Dell PowerConnect W AirWave 7.2 |User Guide 0510897-02 | March 2011
Page 3
Contents
About This Guide ....................................................................................................................................................11
Document Organization................................................................................................................... 11
Notice Icons ...................................................................................................................................... 12
Contacting Support ..........................................................................................................................12
Chapter 1 Introduction ........................................................................................................................13
AWMS—A Unified Wireless Network Command Center.......................................................... 13
AirWave Management Platform ............................................................................................ 13
Dell PowerConnect W Configuration .................................................................................... 14
VisualRF......................................................................................................................................14
RAPIDS....................................................................................................................................... 14
Master Console and Failover.................................................................................................. 15
Integrating AWMS into the Network and Organizational Hierarchy....................................... 15
Chapter 2 Installing AWMS................................................................................................................17
AWMS Hardware Requirements and Installation Media.......................................................... 17
Installing Linux CentOS 5 (Phase 1)...............................................................................................17
Installing AWMS Software (Phase 2) ...........................................................................................18
Getting Started.......................................................................................................................... 18
Step 1: Configuring Date and Time, Checking for Prior Installations .............................. 18
Date and Time...................................................................................................................18
Previous AWMS Installations ........................................................................................ 18
Step 2: Installing AWMS Software, Including AWMS....................................................... 19
Step 3: Checking the AWMS Installation .............................................................................19
Step 4: Assigning an IP Address to the AWMS System ....................................................19
Step 5: Naming the AWMS Network Administration System ........................................... 19
Step 6: Assigning a Host Name to the AWMS .................................................................... 20
Step 7: Changing the Default Root Password......................................................................20
Completing the Installation .....................................................................................................20
Configuring and Mapping Port Usage for AWMS....................................................................... 21
AWMS Navigation Basics ..............................................................................................................22
Status Section...........................................................................................................................22
Navigation Section...................................................................................................................23
Activity Section......................................................................................................................... 24
Help Links in the GUI................................................................................................................25
Common List Settings ..............................................................................................................25
Buttons and Icons ....................................................................................................................25
Getting Started with AWMS ........................................................................................................... 27
Chapter 3 Configuring AWMS............................................................................................................29
Before You Begin.............................................................................................................................. 29
Formatting the Top Header ............................................................................................................. 29
Customizing Columns in Lists .........................................................................................................30
Dell PowerConnect W AirWave 7.2 |User Guide | 3
Page 4
Resetting Pagination Records........................................................................................................ 31
Using the Pagination Widget.......................................................................................................... 31
Using CSV Export for Lists and Reports........................................................................................ 31
Defining Graph Display Preferences............................................................................................. 32
Customizing the Overview Subtab Display................................................................................... 32
Customized Search ..........................................................................................................................33
Setting Severe Alert Warning Behavior ....................................................................................... 34
Defining General AWMS Server Settings .................................................................................... 34
Defining AWMS Network Settings................................................................................................ 41
Creating AWMS Users ....................................................................................................................43
Creating AWMS User Roles ...........................................................................................................44
Enabling AWMS to Manage Your Devices ..................................................................................47
Configuring Communication Settings for Discovered Devices ........................................ 47
Loading Device Firmware Onto AWMS (optional)..............................................................49
Overview of the Device Setup > Upload Firmware & Files Page ............................. 49
Loading Firmware Files to AWMS................................................................................. 50
Using Web Auth Bundles in AWMS.............................................................................. 52
Configuring TACACS+ and RADIUS Authentication ................................................................... 52
Configuring TACACS+ Authentication ..................................................................................53
Configuring RADIUS Authentication and Authorization .................................................... 54
Integrating a RADIUS Accounting Server............................................................................ 55
Configuring Cisco WLSE and WLSE Rogue Scanning................................................................ 56
Introduction to Cisco WLSE.................................................................................................... 57
Configuring WLSE Initially in AWMS ....................................................................................57
Adding an ACS Server for WLSE ................................................................................... 57
Enabling Rogue Alerts for Cisco WLSE ........................................................................57
Configuring WLSE to Communicate with APs .............................................................58
Discovering Devices........................................................................................................ 58
Managing Devices ........................................................................................................... 58
Inventory Reporting .........................................................................................................58
Defining Access ...............................................................................................................58
Grouping ............................................................................................................................59
Configuring IOS APs for WDS Participation ........................................................................59
WDS Participation............................................................................................................ 59
Primary or Secondary WDS ...........................................................................................59
Configuring ACS for WDS Authentication............................................................................59
Configuring Cisco WLSE Rogue Scanning ........................................................................... 60
Configuring ACS Servers................................................................................................................. 61
Integrating AWMS with an Existing Network Management Solution (NMS) ........................ 62
Auditing PCI Compliance on the Network.................................................................................... 63
Introduction to PCI Requirements .........................................................................................64
PCI Auditing in the AWMS Interface ....................................................................................64
Enabling or Disabling PCI Auditing........................................................................................65
Deploying WMS Offload..................................................................................................................66
Overview of WMS Offload in AWMS .................................................................................... 66
General Configuration Tasks Supporting WMS Offload in AWMS..................................66
Additional Information Supporting WMS Offload ............................................................... 67
Chapter 4 Configuring and Using Device Groups in AWMS.........................................................69
AWMS Groups Overview ................................................................................................................ 70
Viewing All Defined Device Groups ......................................................................................71
Configuring Basic Group Settings .................................................................................................72
Adding and Configuring Group AAA Servers............................................................................... 79
4 | Dell PowerConnect W AirWave 7.2 | User Guide
Page 5
Configuring Group Security Settings.............................................................................................80
Configuring Group SSIDs and VLANs ...........................................................................................83
Configuring Radio Settings for Device Groups............................................................................ 87
An Overview of Cisco WLC Configuration.................................................................................... 92
Accessing Cisco WLC Configuration ....................................................................................92
Navigating Cisco WLC Configuration....................................................................................92
Configuring WLANs for Cisco WLC Devices................................................................................ 93
Defining and Configuring LWAPP AP Groups for Cisco Devices ..................................... 95
Viewing and Creating AP Groups ..........................................................................................95
Configuring Cisco Controller Settings...........................................................................................95
Configuring Wireless Parameters for Cisco Controllers............................................................ 96
Configuring Security Parameters and Functions ........................................................................ 96
Configuring Management Settings for Cisco .............................................................................. 96
Configuring Group PTMP Settings.................................................................................................97
Configuring Proxim Mesh Radio Settings..................................................................................... 97
Configuring Group MAC Access Control Lists............................................................................. 99
Specifying Minimum Firmware Versions for APs in a Group.................................................... 99
Comparing Device Groups ............................................................................................................ 100
Deleting a Group.............................................................................................................................101
Changing Multiple Group Configurations ................................................................................... 101
Modifying Multiple Devices..........................................................................................................102
Using Global Groups for Group Configuration ........................................................................... 105
Chapter 5 Discovering, Adding, and Managing Devices.............................................................107
Device Discovery Overview.......................................................................................................... 107
Discovering and Adding Devices................................................................................................. 107
SNMP/HTTP Scanning ..........................................................................................................107
Adding Networks for SNMP/HTTP Scanning............................................................108
Adding Credentials for SNMP/HTTP Scanning......................................................... 108
Defining a SNMP/HTTP Scan Set................................................................................ 109
Running a Scan Set........................................................................................................ 110
Enabling Cisco Discovery Protocol (CDP) .......................................................................... 111
Authorizing Devices to AWMS from APs/Devices > New Page ....................................111
Manually Adding Individual Devices .................................................................................. 112
Adding Devices with the Device Setup > Add Page ................................................ 112
Adding Multiple Devices from a CSV File................................................................... 114
Adding Universal Devices............................................................................................. 115
Assigning Devices to the Ignored Page .............................................................................116
Monitoring Devices........................................................................................................................116
Viewing Device Monitoring Statistics ................................................................................ 117
Understanding the APs/Devices > Monitor Pages for All Device Types ...................... 118
Monitoring Data Specific to Wireless Devices......................................................... 118
Evaluating Radio Statistics for an AP ................................................................................. 123
Overview of the Radio Statistics Page .......................................................................123
Viewing Real-Time ARM Statistics .............................................................................123
Issues Summary section............................................................................................... 123
802.11 Radio Counters Summary .................................................................................124
Radio Statistics Interactive graphs............................................................................. 124
Recent ARM Events Log................................................................................................ 125
Active Interfering Devices Table................................................................................. 126
Active BSSIDs................................................................................................................. 127
Monitoring Data for Wired Devices (Routers and Switches) .........................................127
Understanding the APs/Devices > Interfaces Page.........................................................129
Dell PowerConnect W AirWave 7.2 |User Guide | 5
Page 6
Auditing Device Configuration .............................................................................................130
Using Device Folders (Optional) .......................................................................................... 131
Configuring and Managing Devices............................................................................................ 132
Moving a Device from Monitor Only to Manage Read/Write Mode.............................. 132
Configuring AP Settings ........................................................................................................133
Configuring Device Interfaces for Cisco Catalyst Switches ........................................... 138
Individual Device Support and Firmware Upgrades ........................................................ 141
Troubleshooting a Newly Discovered Device with Down Status .......................................... 143
Setting up Dell Spectrum Analysis in AWMS............................................................................ 144
Spectrum Configurations and Prerequisites ..................................................................... 144
Setting up a Permanent Spectrum Dell AP Group ............................................................ 145
Configuring an Individual AP to run in Spectrum Mode ..................................................145
Configuring a Controller to use the Spectrum Profile ......................................................146
Chapter 6 Creating and Using Templates ......................................................................................149
Group Templates ............................................................................................................................149
Templates are helpful configuration tools that allow AWMS to manage virtually all device settings. A template uses variables to adjust for minor configuration differences
between devices. ...................................................................................................................149
Supported Device Templates ............................................................................................... 149
Template Variables ................................................................................................................149
Viewing and Adding Templates ...................................................................................................150
Configuring General Template Files and Variables .................................................................. 153
Configuring General Templates ...........................................................................................154
IOS Configuration File Template: ................................................................................. 155
Device Configuration File on APs/Devices > Audit Configuration Page ...............155
Using Template Syntax..........................................................................................................155
Using Directives to Eliminate Reporting of Configuration Mismatches ........................ 155
Ignore_and_do_not_push Command ......................................................................... 156
Push_and_exclude Command .....................................................................................156
Using Conditional Variables in Templates ......................................................................... 156
Using Substitution Variables in Templates ........................................................................157
Using AP-Specific Variables ................................................................................................158
Configuring Cisco IOS Templates ................................................................................................ 158
Applying Startup-config Files ............................................................................................... 159
WDS Settings in Templates .................................................................................................. 159
SCP Required Settings in Templates .................................................................................. 159
Supporting Multiple Radio Types via a Single IOS Template ......................................... 160
Configuring Single and Dual-Radio APs via a Single IOS Template .............................. 160
Configuring Cisco Catalyst Switch Templates........................................................................... 160
Configuring Symbol Controller / HP WESM Templates............................................................ 161
Configuring a Global Template..................................................................................................... 162
Chapter 7 Using RAPIDS and Rogue Classification .....................................................................165
Introduction to RAPIDS .................................................................................................................165
Viewing Overall Network Health on the RAPIDS > Overview Page....................................... 166
Setting Up RAPIDS ......................................................................................................................... 167
Basic Configuration................................................................................................................ 167
Rogue Containment Options ................................................................................................. 168
Additional Settings................................................................................................................. 169
Defining RAPIDS Rules..................................................................................................................169
Controller Classification with WMS Offload...................................................................... 170
Device OUI Score ................................................................................................................... 170
Rogue Device Threat Level...................................................................................................171
6 | Dell PowerConnect W AirWave 7.2 | User Guide
Page 7
Viewing and Configuring RAPIDS Rules............................................................................. 171
Deleting or Editing a Rule.............................................................................................. 173
Recommended RAPIDS Rules.............................................................................................. 173
Using RAPIDS Rules with Additional AWMS Functions.................................................. 174
Viewing Rogues on the RAPIDS > List Page.............................................................................. 174
Overview of the RAPIDS > Detail Page....................................................................................... 176
Viewing Ignored Rogue Devices ......................................................................................... 177
Using RAPIDS Workflow to Process Rogue Devices....................................................... 177
Score Override................................................................................................................................177
Audit Log .......................................................................................................................................... 178
Additional Security Resources..................................................................................................... 179
Chapter 8 Performing Daily Administration in AWMS.................................................................181
Overview of Triggers and Alerts .................................................................................................. 181
Viewing Triggers..................................................................................................................... 181
Creating New Triggers ..........................................................................................................181
Setting Triggers for Devices......................................................................................... 184
Setting Triggers for Radios........................................................................................... 184
Setting Triggers for Discovery ..................................................................................... 185
Setting Triggers for Users............................................................................................. 185
Setting Triggers for RADIUS Authentication Issues ................................................ 185
Setting Triggers for IDS Events.................................................................................... 186
Setting Triggers for AWMS Health .............................................................................186
Delivering Triggered Alerts................................................................................................... 187
Viewing Alerts.........................................................................................................................187
Responding to Alerts.............................................................................................................. 188
Monitoring and Supporting WLAN Users................................................................................... 188
Overview of the Users Pages ............................................................................................... 189
Monitoring WLAN Users with the Users > Connected and Users > All Pages............189
Supporting Guest WLAN Users With the Users > Guest Users Page ...........................191
Supporting RFID Tags With the Users > Tags Page ......................................................... 193
Evaluating and Diagnosing User Status and Issues................................................................. 194
Evaluating User Status with the Users > User Detail Page.............................................194
Using the Deauthenticate User Feature ............................................................................. 195
Evaluating User Status with the Users > Diagnostics Page ........................................... 195
Managing Mobile Devices with SOTI MobiControl and AWMS ............................................198
Overview of SOTI MobiControl ............................................................................................ 198
Prerequisites for Using MobiControl with AWMS............................................................198
Adding a Mobile Device Management Server for MobiControl..................................... 198
Accessing MobiControl from the Users > User Detail Page........................................... 199
Monitoring and Supporting AWMS with the Home Pages...................................................... 199
Monitoring AWMS with the Home > Overview Page.......................................................199
Viewing and Updating License Information.......................................................................201
Searching AWMS with the Home > Search Page ............................................................ 202
Accessing AWMS Documentation ..................................................................................... 203
Configuring Your Own User Information with the Home > User Info Page .................. 203
Monitoring and Supporting AWMS with the System Pages................................................... 205
Using the System > Status Page..........................................................................................206
Using the System > Event Log Page....................................................................................207
Using the System > Configuration Change Jobs Page .................................................... 207
Using the System > Performance Page..............................................................................208
Supporting AWMS Servers with the Master Console .............................................................211
Using the Public Portal on Master Console....................................................................... 212
Adding a Managed AMP with the Master Console..........................................................212
Using Global Groups with Master Console ........................................................................ 213
Dell PowerConnect W AirWave 7.2 |User Guide | 7
Page 8
Upgrading AWMS ..........................................................................................................................214
Upgrade Instructions ............................................................................................................. 214
Upgrading Without Internet Access ...................................................................................214
Backing Up AWMS ........................................................................................................................214
Viewing and Downloading Backups ...................................................................................214
Running Backup on Demand ................................................................................................ 215
Restoring from a Backup....................................................................................................... 215
Using AWMS Failover for Backup............................................................................................... 215
Navigation Section of AWMS Failover ............................................................................... 216
Adding Watched AWMS Stations ....................................................................................... 216
Chapter 9 Creating, Running, and Emailing Reports ....................................................................219
Overview of AWMS Reports......................................................................................................... 219
Reports > Definitions Page Overview .................................................................................219
Reports > Generated Page Overview ................................................................................. 221
Using Daily Reports........................................................................................................................222
Viewing Generated Reports ................................................................................................. 222
Using Custom Reports ...........................................................................................................222
Using the Capacity Planning Report ................................................................................... 223
Using the Configuration Audit Report .................................................................................225
Using the Device Summary Report ..................................................................................... 226
Using the Device Uptime Report..........................................................................................228
Using the IDS Events Report ................................................................................................ 229
Using the Inventory Report ................................................................................................... 230
Using the Memory and CPU Utilization Report.................................................................. 231
Using the Network Usage Report........................................................................................ 232
Using the New Rogue Devices Report ............................................................................... 232
Using the New Users Report ................................................................................................ 234
Using the PCI Compliance Report ....................................................................................... 235
Using the Port Usage Report................................................................................................ 236
Using the RADIUS Authentication Issues Report .............................................................236
Using the RF Health Report................................................................................................... 237
Using the Rogue Containment Audit Report ......................................................................239
Using the User Session Report ............................................................................................239
Defining Reports ............................................................................................................................. 242
Emailing and Exporting Reports ................................................................................................... 245
Emailing Reports in General Email Applications ............................................................... 245
Emailing Reports to Smarthost............................................................................................. 245
Exporting Reports to XML or CSV ........................................................................................ 246
Transferring Reports Using FTP........................................................................................... 246
Chapter 10 Using the AWMS Helpdesk............................................................................................247
AWMS Helpdesk Overview ..........................................................................................................247
Monitoring Incidents with Helpdesk ........................................................................................... 247
Creating a New Incident with Helpdesk..................................................................................... 249
Creating New Snapshots or Incident Relationships................................................................. 250
Using the Helpdesk Tab with an Existing Remedy Server....................................................... 251
Appendix A Package Management for AWMS................................................................................255
Yum for AWMS ...............................................................................................................................255
Appendix B Third-Party Security Integration for AWMS ...............................................................257
Bluesocket Integration .................................................................................................................. 257
Bluesocket Configuration ..................................................................................................... 257
8 | Dell PowerConnect W AirWave 7.2 | User Guide
Page 9
ReefEdge Integration ..................................................................................................................... 257
ReefEdge Configuration ........................................................................................................ 258
HP ProCurve 700wl Series Secure Access Controllers Integration ......................................258
Example Network Configuration .......................................................................................... 258
HP ProCurve 700wl Series Configuration........................................................................... 258
Appendix C Access Point Notes .........................................................................................................261
Resetting Cisco (VxWorks) Access Points................................................................................. 261
Connecting to the AP ............................................................................................................. 261
Determining the Boot-Block Version ..................................................................................262
Resetting the AP (for Boot-Block Versions from 1.02 to 11.06)....................................... 262
Resetting the AP (for Boot-Block Versions 11.07 and Higher)........................................ 263
Cisco IOS Dual Radio Template ...................................................................................................263
Speed Issues Related to Cisco IOS Firmware Upgrades......................................................... 264
AWMS Firmware Upgrade Process............................................................................................264
Appendix D Initiating a Support Connection.....................................................................................265
Network Requirements.................................................................................................................. 265
Procedure ........................................................................................................................................ 265
Appendix E Cisco Clean Access Integration (Perfigo) ...................................................................267
Prerequisites for Integrating AWMS with Cisco Clean Access............................................. 267
Adding AWMS as RADIUS Accounting Server.........................................................................267
Configuring Data in Accounting Packets ...................................................................................267
Appendix F HP Insight Install Instructions for AWMS Servers ....................................................269
Appendix G Installing AWMS on VMware ESX (3i v. 3.5) ...............................................................271
Creating a New Virtual Machine to Run AWMS.......................................................................271
Installing AWMS on the Virtual Machine................................................................................... 271
AWMS Post-Installation Issues on VMware.............................................................................272
Appendix H Third-Party Copyright Information ................................................................................273
Packages .........................................................................................................................................273
Net::IP:...................................................................................................................................... 273
Net-SNMP: .............................................................................................................................. 273
Crypt::DES perl module (used by Net::SNMP): .................................................................. 275
Perl-Net-IP:.............................................................................................................................. 276
Berkeley DB 1.85:.................................................................................................................... 276
SWFObject v. 1.5:.................................................................................................................... 276
mod_auth_tacacs - TACACS+ authentication module: ...................................................277
Index .......................................................................................................................................................................279
Dell PowerConnect W AirWave 7.2 |User Guide | 9
Page 10
10 | Dell PowerConnect W AirWave 7.2 | User Guide
Page 11
About This Guide
This preface provides an overview of this guide and contact information for Dell, and includes the following
sections:
“Document Organization” on page11
“Notice Icons” on page12
“Contacting Support” on page12
Document Organization
This user guide includes instructions and examples of the graphical user interface (GUI) for installation,
configuration, and daily operation of AirWave Wireless Management Suite. This includes wide deployment of
wireless access points (APs), device administration, rogue detection and classification, wireless controller devices,
security, reports, and additional features of AWMS.
Table 1 Document Organization and Purposes
Chapter Description
Chapter 1, “Introduction” Introduces and presents the AirWave Wireless Management Suite, components, and
Chapter 2, “Installing AWMS” Describes system and network requirements, Linux OS installation, and AWMS
Chapter 3, “Configuring AWMS” Describes the primary and required configurations for startup and launch of AWMS, with
Chapter 4, “Configuring and Using
Device Groups in AWMS”
Chapter 5, “Discovering, Adding,
and Managing Devices”
Chapter 6, “Creating and Using
Templates”
Chapter 7, “Using RAPIDS and
Rogue Classification”
Chapter 8, “Performing Daily
Administration in AWMS”
Chapter 9, “Creating, Running, and
Emailing Reports”
general network functions.
installation.
frequently used optional configurations.
Describes configuration and deployment for group device profiles.
Describes how to discover and manage devices on the network.
Describes and illustrates the use of templates in group and global device configuration.
Describes the RAPIDS module of AWMS, and enhanced rogue classification supported in
AWMS .
Describes common daily operations and tools in AWMS, to include general user
administration, the use of triggers and alerts, network monitoring, and backups.
Describes AWMS reports, scheduling and generation options, and distribution of reports
from AWMS.
Chapter 10, “Using the AWMS
Helpdesk”
Appendix A, “Package Management
for AWMS”
Appendix B, “Third-Party Security
Integration for AWMS”
Appendix C, “Access Point Notes” Provides guidelines and suggestions for APs in AWMS.
Dell PowerConnect W AirWave 7.2 |User Guide About This Guide | 11
Describes how to use the AWMS Helpdesk GUI and related functions.
Describes the Yum packaging management system, and provides advisories on
alternative methods that may cause issues with AWMS.
Describes additional and optional security configurations in AWMS.
Page 12
Table 1 Document Organization and Purposes (Continued)
Chapter Description
Appendix D, “Initiating a Support
Connection”
Appendix E, “Cisco Clean Access
Integration (Perfigo)”
Appendix F, “HP Insight Install
Instructions for AWMS Servers”
Appendix G, “Installing AWMS on
VMware ESX (3i v. 3.5)”
Appendix H, “Third-Party Copyright
Information”
Index Provides extensive citation of and links to document topics, with emphasis on the AWMS
Provides instructions about how to create and use a support connection between AWMS
and AirWave Wireless Support.
Provides instructions for integrating Cisco Clean Access within AWMS.
Provides instructions for installing HP Insight on AWMS servers.
Provides instructions for an alternative installation option on VMware ESX for AWMS.
Presents multiple copyright statements from multiple equipment vendors that
interoperate with AWMS.
GUI and tasks relating to AWMS installation and operation.
Notice Icons
This document uses the following notice icons to emphasize advisories for certain actions, configurations, or
concepts:
NOTE: Indicates helpful suggestions, pertinent information, and important things to remember.
CAUTION: Indicates a risk of damage to your hardware or loss of data.
WARNING: Indicates a risk of personal injury or death.
Contacting Support
Table 2 Website contact
Website
Main Website dell.com
Support Website support.dell.com
Documentation Website support.dell.com/manuals
12 | About This Guide Dell PowerConnect W AirWave 7.2 | User Guide
Page 13
Chapter 1
Introduction
Thank you for choosing Dell PowerConnect W AirWave Wireless Management Suite, or AWMS. AWMS makes
it easy and efficient to manage your wireless network by combining industry-leading functionality with an
intuitive user interface, enabling network administrators and helpdesk staff to support and control even the
largest wireless networks in the world.
This User Guide provides instructions for the installation, configuration, and operation of the AirWave Wireless
Management Suite. This chapter includes the following topics:
“AWMS—A Unified Wireless Network Command Center” on page13
“Integrating AWMS into the Network and Organizational Hierarchy” on page15
If you have any questions or comments, please contact Dell support at support.dell.com.
AWMS—A Unified Wireless Network Command Center
AWMS is the only network management software that offers you a single intelligent console from which to
monitor, analyze, and configure wireless networks in automatic fashion. Whether your wireless network is simple
or a large, complex, multi-vendor installation, AWMS manages it all.
The AirWave Wireless Management Suite supports hardware from leading wireless vendors including Dell
PowerConnect W, Avaya, Cisco (Aironet and WLC), Enterasys, Juniper Networks, LANCOM Systems, Meru,
Nomadix, Nortel, ProCurve by HP, Proxim, Symbol, Trapeze, Tropos, and many others.
The components of the AirWave Wireless Management Suite are listed here, and detailed below:
The AirWave Management Platform (AMP) wireless network management software, including the ArubaOS
Configuration feature that supports global and group configuration of Dell PowerConnect W devices
VisualRF location and RF mapping software module
RAPIDS rogue access point detection software module
Master Console and Failover tabs
AirWave Management Platform
The AirWave Management Platform (AMP) is the centerpiece of the Dell PowerConnect W AirWave Wireless
Management Solution, offering the following functions and benefits:
Core network management functionality:
Network discovery
Configuration of APs & controllers
Automated compliance audits
Firmware distribution
Monitoring of every device and user connected to the network
Real-time and historical trend reports
Granular administrative access
Role-based (for example, Administrator contrasted with Help Desk)
Network segment (for example, "Retail Store" network contrasted with "Corporate HQ" network)
Dell PowerConnect W AirWave 7.2 |User Guide Introduction | 13
Page 14
Flexible device support
Thin, thick, mesh network architecture
Multi-vendor support
Current and legacy hardware support
Dell PowerConnect W Configuration
AWMS supports global and group-level configuration of ArubaOS (AOS), the operating system, software suite,
and application engine that operates Dell PowerConnect W mobility and centralizes control over the entire
mobile environment. For a complete description of AOS, refer to the ArubaOS User Guide in
support.dell.com/manuals.
AWMS consolidates ArubaOS configuration and pushes global Dell PowerConnect W configurations from
within AWMS.
Two pages in AWMS support Dell PowerConnect W Configuration:
Device Setup > Dell PowerConnect W Configuration for global Dell PowerConnect W Configuration
Groups > Dell PowerConnect W Config for group-level Dell PowerConnect W Configuration
For additional information that includes a comprehensive inventory of all pages and settings that support Dell
PowerConnect W Configuration, refer to the Dell PowerConnect W Configuration Guide located in AWMS
under Home > Documentation.
VisualRF
VisualRF is a powerful tool for monitoring and managing radio frequency (RF) dynamics within your wireless
network, to include the following functions and benefits:
Accurate location information for all wireless users and devices
Up-to-date heat maps and channel maps for RF diagnostics
Adjusts for building materials.
Supports multiple antenna types.
Floor plan, building, and campus views
Visual display of errors and alerts
Easy import of existing floor plans and building maps
Planning of new floor plans and AP placement recommendations
RAPIDS
RAPIDS is a powerful and easy-to-use tool for monitoring and managing security on your wireless network, to
include the following features and benefits:
Automatic detection of unauthorized wireless devices
Rogue device classification that supports multiple methods of rogue detection
Wireless detection:
Uses authorized wireless APs to report other devices within range.
Calculates and displays rogue location on VisualRF map.
Wired network detection:
Discovers rogue APs located beyond the range of authorized APs/sensors.
Queries routers and switches.
Ranks devices according to the likelihood they are rogues.
14 |Introduction Dell PowerConnect W AirWave 7.2 | User Guide
Page 15
Multiple tests to eliminate false positive results.
Provides rogue discovery that identifies the switch and port to which a rogue device is connected.
Master Console and Failover
The AWMS Master Console and Failover tools enable network-wide information in easy-to-understand
presentation, to entail operational information and high-availability for failover scenarios. The benefits of these
tools include the following:
Provides network-wide visibility, even when the WLAN grows to 50,000+ devices
Executive Portal allows executives to view high-level usage and performance data
Aggregated alerts
Failover
Many-to-one failover
One-to-one failover
The Master Console and Failover servers can be configured with a Device Down trigger that generates an alert if
communication is lost. In addition to generating an alert, the Master Console or Failover server can also send
email or NMS notifications about the event. See “Supporting AWMS Servers with the Master Console” on
page211.
Integrating AWMS into the Network and Organizational Hierarchy
AWMS generally resides in the NOC and communicates with various components of your WLAN infrastructure.
In basic deployments, AWMS communicates solely with indoor wireless access points (and WLAN controllers
over the wired network. In more complex deployments, AWMS seamlessly integrates and communicates with
authentication servers, accounting servers, TACACS+ servers, routers, switches, network management servers,
wireless IDS solutions, helpdesk systems, indoor wireless access points, mesh devices. AWMS has the flexibility to
manage devices on local networks, remote networks, and networks using Network Address Translation (NAT).
AWMS communicates over-the-air or over-the-wire using a variety of protocols.
The power, performance, and usability of the AWMS solution become more apparent when considering the
diverse components within a WLAN. Table 3 itemizes such network components, as an example.
Table 3 Components of a WLAN
Component Description
Autonomous AP Standalone device which performs radio and authentication functions
Thin AP Radio-only device coupled with WLAN controller to perform authentication
WLAN controller Used in conjunction with thin APs to coordinate authentication and roaming
NMS Network Management Systems and Event Correlation (OpenView, Tivoli, and so forth)
RADIUS Authentication RADIUS authentication servers (Funk, FreeRADIUS, ACS, or IAS)
RADIUS Accounting AWMS itself serves as a RADIUS accounting client
Wireless Gateways Provide HTML redirect and/or wireless VPNs
TACACS+ Used to authenticate AWMS administrative users
Routers/Switches Provide AWMS with data for user information and AP and Rogue discovery
Help Desk Systems Remedy EPICOR
Rogue APs Unauthorized APs not registered in the AWMS database of managed APs
Dell PowerConnect W AirWave 7.2 |User Guide Introduction | 15
Page 16
The flexibility of AWMS enables it to integrate seamlessly into your business hierarchy as well as your network
topology. AWMS facilitates various administrative roles to match each individual user's role and responsibility.
A Help Desk user may be given read-only access to monitoring data without being permitted to make
configuration changes.
A U.S.-based network engineer may be given read-write access to manage device configurations in North
America, but not to control devices in the rest of the world.
A security auditor may be given read-write access to configure security policies across the entire WLAN.
NOC personnel may be given read-only access to monitoring all devices from the Master Console.
16 |Introduction Dell PowerConnect W AirWave 7.2 | User Guide
Page 17
Chapter 2
Installing AWMS
This chapter contains information and procedures for installing and launching the AirWave Wireless
Management Suite (AWMS), and includes the following topics:
“AWMS Hardware Requirements and Installation Media” on page17
“Installing Linux CentOS 5 (Phase 1)” on page17
“Installing AWMS Software (Phase 2)” on page18
“Configuring and Mapping Port Usage for AWMS” on page21
“AWMS Navigation Basics” on page22
“Getting Started with AWMS” on page27
CAUTION: AWMS does not support downgrading to older versions. Significant data could be lost or compromised in such a
downgrade. In unusual circumstances requiring that you return to an earlier version of AWMS, we recommend you perform a
fresh installation of the earlier AWMS version, and then restore data from a pre-upgrade backup.
AWMS Hardware Requirements and Installation Media
The AWMS installation CD includes all software (including the Linux OS) required to complete the installation
of the AirWave Wireless Management Suite. AWMS supports any hardware that is Red Hat Enterprise Linux 5
certified. By default, all installs are based on a 64-bit operating system.
AWMS hardware requirements vary by version. As additional features are added to AWMS, increased hardware
resources become necessary. For the most recent hardware requirements, refer to the Dell PowerConnect W
AirWave Sizing Guide from support.dell.com/manuals.
AWMS is intended to operate as a soft appliance. Other applications should not run on the same installation.
Additionally, local shell users can access data on AWMS, so it is important to restrict access to the shell only to
authorized users.
You can create sudo users in place of root for companies that don't allow root logins.
Installing Linux CentOS 5 (Phase 1)
Perform the following steps to install the Linux CentOS 5 operating system. The Linux installation is a
prerequisite to installing AWMS on the network management system.
CAUTION: This procedure erases the hard drive(s) on the server.
1. Insert the AWMS installation CD-ROM into the drive and boot the server.
2. If this is a new installation of the AWMS software, type install and press Enter.
To configure the partitions manually, type expert and press Enter.
The following message appears on the screen:
Welcome to AWMS Installer Phase I
- To install a new AMP, type install <ENTER>.
WARNING: This will ERASE all data on your hard drive.
Dell PowerConnect W AirWave 7.2 |User Guide Installing AWMS | 17
Page 18
- To install AWMS and manually configure hard drive settings, type expert <ENTER>.
boot:
3. Allow the installation process to continue. Installing the CentOS software (Phase I) takes 10 to 20 minutes to
complete. This process formats the hard drive and launches Anaconda to install all necessary packages.
Anaconda gauges the progress of the installation.
Upon completion, the system will prompt you to eject the installation CD and reboot the system.
4. Remove the CD from the drive and store in a safe location.
Installing AWMS Software (Phase 2)
Getting Started
After the reboot, the GRUB screen appears.
1. Press Enter or wait six seconds, and the system automatically loads the kernel.
2. When the kernel is loaded, log into the server using the following credentials:
login = root
password = admin
3. Start the AWMS software installation script by executing the ./amp-install command.
Type
./amp-install at the command prompt and press Enter to execute the script.
Step 1: Configuring Date and Time, Checking for Prior Installations
Date and Time
The following message appears, and this step ensures the proper date and time are set on the server:
------------------------ Date and Time Configuration -----------------Current Time: Fri Nov 21 09:18:12 PST 2008
1) Change Date and Time
2) Change Time Zone
0) Finish
Ensure that you enter the accurate date and time during this process. Errors will arise later in the installation if
the specified date varies significantly from the actual date, especially if the specified date is in the future and it is
fixed later. It is recommended to configure ntpd to gradually adjust your clock to the correct time.
1. Select 1 to set the date and select 2 to set the time zone. Press Enter after each configuration to return to the
message menu above.
CAUTION: Changing these settings after the installation can cause data loss, especially for time-series data such as bandwidth
and client count graphs. Avoid delayed configuration.
2. Press 0 to complete the configuration of date and time information, and to continue to the next step.
Previous AWMS Installations
The following message appears after date and time are set:
Welcome to AWMS Installer Phase 2
STEP 1: Checking for previous AWMS installations
If a previous version of AWMS software is not discovered, the installation program automatically proceeds to
“Step 2: Installing AWMS Software, Including AWMS” on page19. If a previous version of the software is
discovered, the following message appears on the screen:
18 | Installing AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 19
The installation program discovered a previous version of the software. Would you
like to reinstall AWMS? This will erase AWMS's database. Reinstall (y/n)?
Type y and press Enter to proceed.
CAUTION: This action erases the current database, including all historical information. To ensure that the AWMS database is
backed up prior to reinstallation, answer `n` at the prompt above and contact your Value Added Reseller or directly contact Dell
support.
Step 2: Installing AWMS Software, Including AWMS
The following message appears while AWMS software is transferred and compiled:
STEP 2: Installing AWMS software
This will take a few minutes.
Press Alt-F9 to see detailed messages.
Press Alt-F1 return to this screen.
This step requires no user input, but you can follow the instructions to monitor its progress and switch back to
the installation screen.
Step 3: Checking the AWMS Installation
After the AWMS software installation is complete, the following message appears:
STEP 3: Checking AWMS installation
Database is up.
AWMS is running version: (version number)
This step requires no user input. Proceed to the next step as prompted to do so.
Step 4: Assigning an IP Address to the AWMS System
While the AWMS primary network interface accepts a DHCP address initially during installation,
AWMS does not function when launched unless a static IP is assigned. Complete these tasks to assign the static IP
address. The following message appears:
STEP 4: Assigning AWMS's address
AWMS must be configured with a static IP.
--------------- Primary Network Interface Configuration -------------
1) IP Address : xxx.xxx.xxx.xxx
2) Netmask : xxx.xxx.xxx.xxx
3) Gateway : xxx.xxx.xxx.xxx
4) Primary DNS : xxx.xxx.xxx.xxx
5) Secondary DNS: xxx.xxx.xxx.xxx
9) Commit Changes
0) Exit (discard changes)
If you want to configure a second network interface, please
use AWMS's web interface, AMP Setup --> Network Tab
1. Enter the network information.
NOTE: The Secondary DNS setting is an optional field.
2. Commit the changes by typing 9 and pressing Enter.
To discard the changes, type 0 and press Enter.
Step 5: Naming the AWMS Network Administration System
Upon completion of the previous step, the following message appears:
Dell PowerConnect W AirWave 7.2 |User Guide Installing AWMS | 19
Page 20
STEP 5: Naming AWMS
AWMS name is currently set to: New AWMS
Please enter a name for your AWMS:
At the prompt, enter a name for your AWMS server and press Enter.
Step 6: Assigning a Host Name to the AWMS
Upon completion of the previous step, the following message appears on the screen:
STEP 6: Assigning AWMS's hostname
Does AWMS have a valid DNS name on your network (y/n)?
1. If AWMS does not have a valid host name on the network, enter n at the prompt. The following appears:
Generating SSL certificate for < IP Address >
2. If AWMS does have a valid host name on the network, enter y at the prompt. The following appears:
Enter AWMS's DNS name:
3. Type the AWMS DNS name and press Enter. The following message appears:
Generating SSL certificate for < IP Address >
Proceed to the next step as the system prompts you.
Step 7: Changing the Default Root Password
Upon completion of the prior step, the following message appears:
STEP 7: Changing default root password.
You will now change the password for the 'root' shell user.
Changing password for user root.
New Password:
Enter the new root password and press Enter. The Linux root password is similar to a Windows administrator
password. The root user is a super user who has full access to all commands and directories on the computer.
This password should be kept as secure as possible because it allows full access to the machine. This password is
not often needed on a day-to-day basis, but is required to perform AWMS upgrades and advanced
troubleshooting. If you lose this password, contact Dell support at support.dell.com for resetting instructions.
Completing the Installation
Upon completion of all previous steps, the following message appears:
CONGRATULATIONS! AWMS is configured properly.
To access AWMS web console, browse to https://<IP Address>
Login with the following credentials:
Username: admin
Password: admin
To view the Phase 1 installation log file, type cat /root/install.log.
To view the Phase 2 installation log file, type cat /tmp/amp-install.log.
To access the AWMS GUI, enter the AWMS IP address in the address bar of any browser. The AWMS GUI
then prompts for your license key. If you are entering a dedicated Master Console or AWMS Failover license,
refer to “Supporting AWMS Servers with the Master Console” on page 211 for additional information.
20 | Installing AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 21
Configuring and Mapping Port Usage for AWMS
The following diagram itemizes the communication protocols and ports necessary for AWMS to communicate
with wireless LAN infrastructure devices, including access points (APs), controllers, routers, switches, and
RADIUS servers. Assign or adjust port usage on the network administration system as required to support these
components.
Table 4 AWMS Protocol and Port Chart
Port Ty pe Protocol Description Direction Device Type
21 TCP FTP Firmware distribution > APs or controllers
22 TCP SSH Configure devices > APs or controllers
22 TCP SSH Configure AWMS from CLI < Laptop or workstation
22 TCP VTUN Support connection (optional) > AirWave support home office
22 TCP SCP Transfer configuration files or FW < APs or controllers
23 TCP Telnet Configure devices > APs or controllers
23 TCP VTUN Support connection (Optional) > AirWave support home office
25 TCP SMTP Support email (optional) > AirWave support email server
49 UDP TACACS AWMS Administrative Authentication > Cisco TACACS+
53 UDP DNS DNS lookup from AWMS > DNS Server
69 UDP TFTP Transfer configuration files or FW < APs or controllers
80 TCP HTTP Configure devices > Legacy APs
80 TCP VTUN Support connection (optional) > AirWave support home office
161 UDP SNMP Get and Set operations > APs or controllers
162 UDP SNMP Traps from devices < APs or controllers
162 UDP SNMP Traps from AWMS > NMS
443 TCP HTTPS Web management < Laptop or workstation
443 TCP HTTPS WLSE polling > WLSE
443 TCP VTUN Support connection (optional) > AirWave support home office
1701 TCP HTTPS AP and rogue discovery > WLSE
1741 TCP HTTP WLSE polling > WLSE
1813 UDP RADIUS Retrieve client authentication info < Accounting Server
1813 UDP RADIUS Retrieve client authentication info < APs or controllers
1813 UDP RADIUS Outbound from AWMS to a RADIUS
server for AWMS admin authentication
> RADIUS server
2002 TCP HTTPS Retrieve client authentication info > ACS
5050 UDP RTLS Real Time Location Feed < Dell thin APs
8211 UDP PAPI Real Time Feed < > WLAN switches
ICMP Ping Probe > APs or controllers
Dell PowerConnect W AirWave 7.2 |User Guide Installing AWMS | 21
Page 22
AWMS Navigation Basics
Every AWMS page contains three basic sections, as illustrated in :
Status Section
Navigation Section
Activity Section
The AWMS pages also contain Help links with GUI-specific help information and certain standard buttons.
Status Section
The Status section is a snapshot view of overall WLAN performance and provides direct links for immediate
access to key system components. The Status section remains at the top of all pages in the AWMS and RAPIDS
modules. AWMS includes the ability to customize the contents of the Status section from the Home > User
Info page, to include support for both wireless and wired network components. Refer to “Configuring Your Own
User Information with the Home > User Info Page” on page203.
The table below describes these elements in further detail.
Table 5 Status Section Components of the AWMS GUI
Field Description
New Devices The number of wireless APs or wireless LAN controllers that have been discovered by AWMS but not yet
managed by network administrators. When selected, AWMS directs you to a page that displays a detailed
list of devices awaiting authorization.
Up The number of managed authorized devices that are currently responding to AWMS requests. When
selected, AWMS shows a detailed list of all Up devices.
Down The number of managed, authorized devices that are not currently responding to AWMS SNMP requests.
Mismatched The total number of Mismatched devices. A device is considered mismatched when the desired
Rogue The number of devices that have been classified by the RAPIDS rules engine above the threshold defined on
Users The number of wireless users currently associated to the wireless network via all the APs managed by
Alerts Displays the number of non-acknowledged AWMS alerts generated by user-configured triggers. When
Severe Alerts
(conditional)
Device Types to
Include in Header
Stats
When selected, AWMS shows a detailed list of all Down devices.
configuration in AWMS does not match the actual device configuration read from the device.
the Home > User Info page.
AWMS. When selected, AWMS shows a list of users that are associated.
selected, AWMS shows a detailed list of active alerts.
When triggers are given a severity of Critical, they generate Severe Alerts. When a Severe Alert exists, a
new component appears at the right of the Status field in bold red font. Only users configured on the Home >
User Info page to be enabled to view critical alerts can see Severe Alerts. The functionality of Severe Alerts
is the same as that described above for Alerts. Unlike Alerts, the Severe Alerts section is hidden if there are
no Severe Alerts.
You can support statistics for any combination of the following device types:
Autonomous APs
Controllers
Routers/Switches
Thin APs
Universal Devices
Refer to “Configuring Your Own User Information with the Home > User Info Page” on page203.
Search Search performs partial string searches on a large number of fields including the notes, version, secondary
22 | Installing AWMS Dell PowerConnect W AirWave 7.2 | User Guide
version, radio serial number, device serial number, LAN MAC, radio MAC and apparent IP of all the APs as
well as the client MAC, VPN user, LAN IP, VPN IP fields.
Page 23
Navigation Section
The Navigation Section displays tabs for all main GUI pages within AWMS. The top bar is a static navigation bar
containing tabs for the main components of AWMS, while the lower bar is context-sensitive and displays the
subtabs for the highlighted tab.
Table 6 Components and Subtabs of the AWMS Navigation Screen
Main Tab Description Subtabs
Home The Home tab provides basic AWMS information including system name,
host name, IP address, current time, running time, and software version.
The Home page also provides a central point for network status
information and monitoring tools, giving graphical display of network
activity, and links to many of the most frequent tools in AWMS. For
additional information, refer to “Monitoring and Supporting AWMS with
the Home Pages” on page199.
Helpdesk The Helpdesk pages provide an interface for support and diagnostic tools.
For additional information refer to Chapter 10, “Using the AWMS
Helpdesk” on page247.
Groups The Groups pages provide information on the logical "groups" of devices
that have been established for efficient monitoring and configuration. For
additional information, see Chapter 4, “Configuring and Using Device
Groups in AWMS” on page69.
NOTE: Some of the focused subtabs will not appear for all groups.
Focused subtabs are visible based on the device type field on the
Groups > Basic page. This subtab is the first page to appear when adding
or editing groups.
NOTE: When individual device configurations are specified, device-level
settings override the Group-level settings to which a device belongs.
Overview
Search
Documentation
License
User Info
Incidents
Setup
List
Focused Subtabs
Monitor
Basic
Templates
Security
SSIDs
AAA Servers
Radio
Dell Config
Cisco WLC Config
PTMP
Proxim Mesh
MAC ACL
Firmware
Compare
APs/Devices The APs/Devices pages provide detailed information about all authorized
APs and wireless LAN switches or controllers on the network, including
all configuration and current monitoring data.
These pages interact with several additional pages in AWMS. One
chapter to emphasize the APs/Devices pages is Chapter 5, “Discovering,
Adding, and Managing Devices” on page107.
NOTE: When specified, device-level settings override the default Grouplevel settings.
Users The Users pages provide detailed information about all client devices and
users currently associated to the WLAN. For additional information, refer
to “Monitoring and Supporting WLAN Users” on page188.
Dell PowerConnect W AirWave 7.2 |User Guide Installing AWMS | 23
List
New
Up
Down
Mismatched
Ignored
Focused Subtabs
Manage
Interfaces
Audit
Compliance
Containment Status
Connected
All
Guest Users
User Detail
Diagnostics
Tags
Page 24
Table 6 Components and Subtabs of the AWMS Navigation Screen (Continued)
Main Tab Description Subtabs
Reports The Reports pages list all the standard and custom reports generated by
AWMS. AWMS supports 13 reports in the AWMS module. For additional
information, refer to Chapter 9, “Creating, Running, and Emailing Reports”
on page219.
System The System pages provide information about AWMS operation and
administration, including overall system status, the job scheduler, trigger/
alert administration, and so forth.
For additional information, refer to “Monitoring and Supporting AWMS
with the System Pages” on page205.
Device Setup The Device Setup pages provide the ability to add, configure, and monitor
devices, to include setting AP discovery parameters, performing firmware
management, defining VLANs, and so forth. For additional information,
refer to “Enabling AWMS to Manage Your Devices” on page47.
AMP Setup The AMP Setup pages provide all information relating to the configuration
of AWMS itself and its connection to your network. This page entails
several processes, configurations, or tools in AWMS. For additional
information, start with Chapter 3, “Configuring AWMS” on page29.
NOTE: The AMP Setup pages may not be visible, depending on the role of
the logged-in user and license set in AWMS.
Generated
Definition
Detail
Status
Event Log
Triggers
Alerts
Backups
Configuration Change Jobs
Firmware Upgrade Jobs
Performance
Discover
Add
Communication
Dell Configuration (if global
Dell Configuration is enabled)
Upload Files
General
Network
Users
Roles
Guest Users
Authentication
MDM Server
WLSE
ACS
NMS
RADIUS Accounting
PCI Compliance
RAPIDS The RAPIDS pages provide all information relating to rogue access
points, including methods of discovery and lists of discovered and
possible rogues. For additional information, refer to Chapter 7, “Using
RAPIDS and Rogue Classification” on page165.
NOTE: The RAPIDS pages may not be visible, depending on the role and
license set in AWMS.
VisualRF VisualRF pages provide graphical access to floor plans, client location,
and RF visualization for floors, buildings, and campuses that host your
network. For additional information, refer to the VisualRF User Guide in
Home > Documentation. VisualRF may not be visible depending on the
role and license set in AWMS.
Overview
List
IDS Events
Setup
Rules
Score Override
Audit Log
Floor Plans
Setup
Import
Audit Log
NOTE: The AMP Setup tab varies with user role. The RAPIDS and VisualRF tabs appear based on the license entered on the
Home > License page, and might not be visible on your AWMS view.
Activity Section
The Activity section displays all detailed configuration and monitoring information, and is where you implement
changes.
24 | Installing AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 25
Help Links in the GUI
The Help link is available on every page within AWMS. When selected, this launches a PDF document with
information describing the AWMS page that is currently displayed.
NOTE: Adobe Reader must be installed to view the settings and default values in the PDF help file.
Common List Settings
All of the lists in AWMS have some common options. All lists are paginated with a configurable number of items
per page. Selecting the Records Per Page dropdown menu enables you select or enter the number of rows that
appear at a time in the list. The next down arrow displays a dropdown menu that allows you to select the exact
page you would like to view, as shown in Figure 1.
The Choose Columns option, illustrated on Figure 1, allows you to configure the columns that are presented in
the list and the order in which they are presented. To disable a column, clear its checkbox. To reorder the
columns, drag a row to the appropriate new position. When you are satisfied with the enabled columns and their
order, select Save at the top of the columns list.
Figure 1 Common List Settings Choose Columns Illustration
These settings are user specific. To reset them, select Reset List Preferences on Home > User Info.
Buttons and Icons
Standard buttons and icons are used throughout the AWMS as follows:
Table 7 Standard Buttons and Icons of the AWMS User Page
Function Image
Acknowledge Acknowledges and clears an AWMS alert.
Add Adds the object to both AWMS' database and the onscreen display list.
Add Folder Adds a new folder to hierarchically organize APs.
Alert Indicates an alert.
Apply Applies all "saved" configuration changes to devices on the WLAN.
Attach Attaches a snapshot of an AWMS screen to a Helpdesk incident.
Audit Reads device configuration, compare to desired, and update status.
Bandwidth Displays current bandwidth for group.
Choose Chooses a new Helpdesk incident to be the Current Incident.
a
Description
Create Creates a new Helpdesk incident.
Customize Ignores selected settings when calculating the configuration status.
Delete Deletes an object from AWMS' database.
Dell PowerConnect W AirWave 7.2 |User Guide Installing AWMS | 25
Page 26
Table 7 Standard Buttons and Icons of the AWMS User Page (Continued)
Function Image
a
Description
Down Indicates down devices and radios.
Drag and Drop Dragging and dropping objects with this icon changes the sequence of items in relation to
each other. Refer to “Using RAPIDS and Rogue Classification” on page165 as one example
of drag-and-drop.
Duplicate Duplicates or makes a copy of the configuration of an AWMS object.
Edit Edits the object properties.
Email Links to email reports.
Filter Filters rogue list by score and/or ad hoc status.
Google Earth Views device's location in Google Earth (requires plug-in).
Manage Manages the object properties.
Mismatched Indicates mismatched device configuration, in which the most recent configuration in AWMS
and the current configuration on a device are mismatched.
Monitor Indicates an access point is in “monitor only" mode.
Ignore Ignores specific device(s) - devices selected with check boxes.
Import Updates a Group's desired settings to match current settings.
New Devices Indicates new access points and devices.
Poll Now Polls device (or controller) immediately, override group polling settings.
Preview Displays a preview of changes applicable to multiple groups.
Print Prints the report.
Reboot Reboots devices or AWMS.
Refresh Refreshes the display of interactive graphs when settings have changed.
Relate Relates an AP, Group or Client to a Helpdesk incident.
Replace Hardware Confers configuration and history of one AP to a replacement device.
Revert Returns all configurable data on the screen to its original status.
Rogue Indicates a rogue access point and links to RAPIDS.
Run Runs a new user-defined report.
Save Saves the information on the page in the AWMS database.
Save & Apply Saves changes to AWMS' database and apply all changes to devices.
Scan Scans for devices and rogues using selected networks.
Schedule Schedules a window for reports, device changes, or maintenance.
Search Searches AWMS for the specified name, MAC or IP address.
Set Time Range Sets the time range for interactive graphs to the range specified.
Up Indicates access points which are in the up status.
Update Firmware Applies a new firmware image to an AP/device.
26 | Installing AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 27
Table 7 Standard Buttons and Icons of the AWMS User Page (Continued)
Function Image
User Indicates a user.
View Historical
Graph in New
Window
VisualRF Links to VisualRF - real time visualization.
XML Links to export XHTML versions of reports.
a. Not all AWMS GUI components are itemized in graphic format in this table.
a
Description
Displays all data series for the selected graph over the last two hours, last day, last week,
last month, and last year in one page.
Getting Started with AWMS
This topic describes how to perform an initial launch of the AWMS network management solution.
Use your browser to navigate to the static IP address assigned to the internal page of the AWMS. Enter the User
Name and Password as admin/admin for your initial login, and then select OK.
After successful authentication, your browser launches the Home > Overview page.
NOTE: AWMS pages are protected via SSL. Some browsers will display a confirmation dialog for your self-signed certificate.
Signing your certificate will prevent this dialog from displaying. Dell recommends changing the default login and password on the
AMP Setup > Users page. Refer to the procedure “Creating AWMS User Roles” on page44 for additional information.
Dell PowerConnect W AirWave 7.2 |User Guide Installing AWMS | 27
Page 28
28 | Installing AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 29
Chapter 3
Configuring AWMS
This chapter contains the following procedures to deploy initial AWMS configuration:
“Formatting the Top Header” on page29
“Customizing Columns in Lists” on page30
“Resetting Pagination Records” on page31
“Using the Pagination Widget” on page31
“Using CSV Export for Lists and Reports” on page31
“Defining Graph Display Preferences” on page32
“Customizing the Overview Subtab Display” on page32
“Setting Severe Alert Warning Behavior” on page34
“Defining General AWMS Server Settings” on page34
“Defining AWMS Network Settings” on page41
“Creating AWMS Users” on page43
“Creating AWMS User Roles” on page44
“Enabling AWMS to Manage Your Devices” on page47
“Configuring TACACS+ and RADIUS Authentication” on page52
“Configuring Cisco WLSE and WLSE Rogue Scanning” on page56
“Configuring ACS Servers” on page61
“Integrating AWMS with an Existing Network Management Solution (NMS)” on page62
“Auditing PCI Compliance on the Network” on page63
“Deploying WMS Offload” on page66
NOTE: Additional configurations of multiple types are available after basic configuration is complete.
Before You Begin
Remember to complete the required configurations in this chapter before proceeding. Dell support remains available
to you for any phase of AWMS installation.
Formatting the Top Header
The AWMS interface centers around a horizontal row of tabs with nested subtabs.
A row of statistics hyperlinks called Top Header Stats above the tabs represents many commonly used subtabs.
These hyperlinks provide the ability to view certain key statistics by mousing over, such as number and type of
Down devices, and serve as shortcuts to frequently viewed subtabs. Figure 2 illustrates the navigation bar. For
more details on hyperlinks, tabs and subtabs, see “AWMS Navigation Basics” on page22.
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 29
Page 30
Figure 2 Navigation Bar Displaying Home Subtabs and Down Device Statistics
You can control which Top Header Stats links appear from the AMP Setup > General page, as described in
“Defining General AWMS Server Settings” on page34. Top Header Stats can also be customized for individual
user on the Home > User Info page. There you can select the statistics to display for certain device types, and
override the AMP Setup page.
All possible display options for users are shown in Figure 3, and these fields are described in detail in “Configuring
Your Own User Information with the Home > User Info Page” on page203.
Figure 3 Home > User Info Top Header Display Options
You can also set the severity level of critical alerts displayed for a user role. For details including a description of
what constitutes a severe alert, see “Setting Severe Alert Warning Behavior” on page34.
Customizing Columns in Lists
Customize the columns for any list table selecting Choose Columns as shown in Figure 4. Use the up/down
arrows to change the order in which the column heads appear.
Figure 4 Choose Columns Dropdown List
For more information on the universal list elements, see “Common List Settings” on page25.
You can also control which column heads appear for each user role by selecting Yes in the Customize Header
Columns field, as also appears in Figure 3. This exposes the Choose Columns for Roles dropdown menu in all
tables shown in Figure 5.
The first column shows the user roles that were customized, if any. The second column allows you to establish left
to right columns and order them using the arrows.
30 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 31
Figure 5 Table With Choose Columns for Roles Menu Selected
Resetting Pagination Records
To control the number of records in any individual list, select the link with Records Per Page mouseover text at
the top left of the table, as shown in Figure 6. AWMS remembers each list table’s pagination preferences.
Figure 6 Records Per Page Dropdown Menu
To reset all AMP list Records Per Page preferences, you can select Reset in the Display Preferences section of the
Home > User Info page, as shown in Figure 7.
Figure 7 Home > User Info > Display Preferences section
Using the Pagination Widget
The pagination widget is located at the top and bottom of every list table, as shown in Figure 8.
Figure 8 Pagination Widget
Use the down arrow next to Page 1 to see all the page numbers for that table in a dropdown menu. From here,
you can jump to any portion of the table. Select the > symbol to jump to the next page, and >| to jump to the
last page.
Using CSV Export for Lists and Reports
Some tables have an Export to CSV setting you can use export the data as a spreadsheet. See Figure 9 for an
example of a list with the Export to CSV option selected.
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 31
Page 32
Figure 9 List with Export to CSV Selected
AWMS also enables CSV exporting of all report types. For more information, see “Exporting Reports to XML or
CSV” on page246.
Defining Graph Display Preferences
Many of the graphs in AWMS are Flash-based, which allows you adjust the graph settings attributes, as shown in
Figure 10.
Figure 10 Flash Graphs on the Home > Overview Page
This Flash-enabled GUI allows for custom settings and adjustments, as follows:
Drag the slider at the bottom of the screen to move the scope of the graph between one year ago and the
current time.
Drag the slider between graphs to change the relative sizes of each.
Deselect checkboxes to change the data displayed on each graph. The button with green arrows refreshes data
on the graph.
The Show All link displays all of the available checkboxes supporting the Flash graphs.
Once a change to the slider bars or to the display boxes has been made, the same change can be applied to all
other Flash graphs with an apply button (appears on mouse-over only).
For non-Flash graphs, select the graph to open a popup window that shows historical data.
A non-Flash version of the AWMS user page is available if desired; instead of Flash it uses the RRD graphs that
were used in earlier versions of AWMS. Contact Dell support for more information on activating this feature in
the AWMS database.
Customizing the Overview Subtab Display
You can rearrange or remove widgets appearing on the Home > Overview dashboard by selecting Customize to
the right of this window, as shown in Figure 11.
Figure 11 Customize Button on the Home > Overview Page
The Customize workspace is shown in Figure 12.
32 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 33
Figure 12 Customize Overview Page
The Available Widgets section on the left with no gridlines holds all possible (available) graphical elements
(widgets). Select any blue widget tile with a verbal description enclosed, and it immediately turns into a graphical
element with a description.
Drag the widgets you want to appear on the Overview dashboard across to the gridlines and arrange them in the
right section, within the gridlines. A widget snaps back to the nearest available gridline if you drop it across two or
more lines, and turns red if you attempt to place it over gridlines already occupied by widgets.
Green widgets are properly placed and set to appear when you select Save. Widgets that remain in the left section
will not appear (although they can be reinstated by selecting Restore Defaults).
Customized Search
You can customize search results to display only desired categories of matches on the Home > User Info page.
Go to the Search Preferences section and select Yes in the Customize Search field, then select or unselect
categories of results and save your changes. Customized search is turned off by default, and all boxes are selected.
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 33
Page 34
Figure 13 Home > User Info Customized Search Preferences
Setting Severe Alert Warning Behavior
You can control the alert levels users can see on the Alerts statistics hyperlink from the Home > User Info page.
These settings will apply unless and until other users change settings for themselves. When a trigger is assigned a
severity of Critical, it generates a severe alert. When a severe alert exists, a new component appears at the right of
the Status field in bold red font.
Only users who are enabled for viewing critical alerts on the Home > User Info page can see severe alerts. The
Severe Alert Threshold dropdown menu, located in the Top Header Stats section of the Home > User Info page
is shown in Figure 14.
Figure 14 Home > User Info > Severe Alert Threshold Dropdown Menu
Defining General AWMS Server Settings
This section describes all pages accessed from the AMP Setup tab and describes two pages in the Device Setup
tab—the Communication and Upload Files pages. Once required and optional configurations in this chapter are
complete, continue to later chapters in this document to create and deploy device groups and device
configuration and discovery on the network.
The first step in configuring AWMS is to specify the general settings for the AWMS server. Figure 15 illustrates
the AMP Setup > General page:
34 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 35
Figure 15 AMP Setup > General Page Illustration
Perform the following steps to configure AWMS server settings globally across the product (for all users).
1. Browse to the AMP Setup > General page, locate the General area, and enter the information described in
Table 8:
Table 8 AMP Setup > General > General Section Fields and Default Values
Setting Default Description
System Name AWMS Defines your name for the AWMS server, with a maximum limit of 20 alphanumeric
characters.
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 35
Page 36
Table 8 AMP Setup > General > General Section Fields and Default Values (Continued)
Setting Default Description
Automatically
No Launches a drop-down menu that specifies the behavior AWMS should follow
monitor/manage new
devices
Default Group Access
Points
Device Configuration
Daily If enabled, this setting defines the interval of queries which compares actual
Audit Interval
when it discovers a new device. Devices are placed in the default group which is
defined in the next field. Choose one of these options:
Monitor Only: AWMS compares the current configuration with the policy, and
displays any discrepancies on the APs/Devices > Audit page, but does not
change the configuration of the device.
Manage Read/Write: AWMS compares the device's current configuration
settings with the Group configuration settings and automatically updates the
device's configuration to match the Group policy. Automatically placing
devices in Managed Read/Write mode will overwrite the configuration with the
desired configuration in AWMS, and should only be used when you are certain
AWMS has the correct configuration. This can be risky, and generally, devices
should be placed in Monitor Only mode as the default.
Thin APs Only: Only thin APs will be automatically authorized in Monitor Only
mode. This setting is ideal for mixed environments of thin and autonomous APs,
or for very large subnets in which you don’t want to auto-monitor all switches.
Sets the device group that this AWMS server uses as the default for device-level
configuration. Select a device group from the drop-down menu. A group must first
be defined on the Groups > List page to appear in this drop-down menu. For
additional information, refer to Chapter 4, “Configuring and Using Device Groups in
AWMS” on page69.
device settings to the Group configuration policies stored in the AWMS database. If
the settings do not match, the AP is flagged as mismatched and AWMS sends an
alert via email, log, or SNMP.
Dell PowerConnect W recommends enabling this feature with a frequency of Daily
or more frequently to ensure that your AP configurations comply with your
established policies.
Automatically Repair
Misconfigured
Devices
Send Debugging
Messages
Nightly Maintenance
Time (00:00 - 23:59)
Disabled If enabled, this setting automatically reconfigures the settings on the device when
the device is in Manage mode and AWMS detects a variance between actual
device settings and the Group configuration policy in the AWMS database.
Enabled If enabled, AWMS automatically emails any system errors to Dell Support to assist
in debugging.
04:15 Specifies the local time of day AWMS should perform daily maintenance. During
maintenance, AWMS cleans the database, performs backups, and completes a few
other housekeeping tasks. Such processes should not be performed during peak
hours of demand.
AWMS User
Authorization Lifetime
(0-240 min)
Check for Software
Updates
120 Sets the amount of time, in minutes, that an AWMS user session lasts before the
user must authenticate when a new browser window is opened. Setting the lifetime
to 0 requires the user to log in every time a new browser window is opened.
Yes Enables AWMS to check automatically for multiple update types. Check daily for
AWMS updates, to include enhancements, device template files, important security
updates, and other important news. This setting requires a direct internet
connection via AWMS.
2. Select the Top Header Stats to be displayed at the top of the interface. For more detailed information about
each option, refer to Table 5 on page 22.
3. On the AMP Setup > General page, locate the Display section and select the Group tabs and options to
appear by default in new device groups.
NOTE: Changes to this section apply across all of AWMS. These changes affect all users and all new device groups.
36 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 37
Table 9 describes the settings and default values in this section.
Table 9 AMP Setup > General > Display Fields and Default Values
Setting Default Description
Use fully qualified
domain names
Show vendor-specific
device settings for
Look up wireless user
hostnames
DNS Hostname
Lifetime
Device
Troubleshooting Hint
No Sets AWMS to use fully qualified domain names for APs instead of the AP name. For
example, "testap.yourdomain.com" would be used instead of "testap."
This option is supported only for Cisco IOS, Dell PowerConnect W, Aruba Networks,
and Alcatel-Lucent devices.
All Devices Displays a drop-down menu that determines which Group tabs and options are
viewable by default in new groups, and selects the device types that use fully qualified
domain names. This field has three options, as follows:
All Device—When selected, AWMS displays all Group tabs and setting options.
Only Devices on this AMP—When selected, AWMS hides all options and tabs that
do not apply to the APs and devices currently on AWMS.
Selected device type—When selected, a new field appears listing many device
types. This option allows you to specify the device types for which AWMS displays
group settings. You can override this setting.
Yes Enables AWMS to look up the DNS for new user hostnames. This setting can be
turned off to troubleshoot performance issues.
24 hours Defines the length of time, in hours, for which a DNS server hostname remains valid on
AWMS, after which AWMS refreshes DNS lookup:
1 hour
2 hours
4 hours
12 hours
24 hours
N/A The message included in this field is displayed along with the Down if a device’s
upstream device is up. This applies to all APs and controllers but not to routers and
switches.
4. Locate the Device Configuration section and adjust settings for whether certain changes can be pushed to
devices in Monitor Only mode. Table 10 describes the settings and default values of this section.
Table 10 AMP Setup > General > Device Configuration Fields and Default Values
Setting Default Description
Guest User
Configuration
Disabled Enables or prevents guest users to/from pushing configurations to devices. Options are
Disabled (default), Enabled for Devices in Manage (Read/Write), Enabled for all
Devices.
Allow WMS offload
configuration in
monitor-only mode
No When Ye s is selected, you can enable the ArubaOS WMS offload feature on the Groups
> Basic page for WLAN switches in Monitor Only mode. Enabling WMS offload does
not cause a controller to reboot. This option is supported only for Aruba Networks and
Dell PowerConnect W devices.
Allow disconnecting
users while in monitoronly mode
Allow non-UTF8
No Sets whether you can deauthenticate a user for a device in monitor-only mode. If set to
No, the Deauthenticate User button for in a Users > User Detail page is enabled only for
Managed devices.
No Whether AMP can use character sets other than UTF-8 for configuration settings.
characters
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 37
Page 38
Table 10 AMP Setup > General > Device Configuration Fields and Default Values (Continued)
Setting Default Description
Use Global Dell
PowerConnect W
Configuration
Yes Enables Dell PowerConnect W configuration profile settings to be globally configured
and then assigned to device groups. If disabled, settings can be defined entirely within
Groups > Dell PowerConnect W Config instead of globally.
NOTE: Changing this setting may require importing configuration on your devices.
When an existing Aruba configuration setup is to be converted from global to group,
follow these steps:
1. Set all the devices to Monitor Only mode before setting the flag.
2. Each device Group will need to have an import performed from the Audit page of
some controller in the AMP group.
3. All of the thin APs need to have their settings imported after the device group
settings have finished importing.
4. If the devices were set to Monitor Only mode, set them back to Managed mode.
5. Locate the External Logging section and adjust settings to send audit and system events to an external syslog
server. Table 11 describes these settings and default values.
Table 11 AMP Setup > General > External Syslog Fields and Default Values
Setting Default Description
Syslog Server N/A Enter the IP address of the syslog server.
Syslog Port 514 Enter the port of the syslog server.
Include event log messages No Select Yes to send event log messages to an external syslog server.
Event log facility local1 Select the facility for the event log from the drop-down menu.
Include audit log messages No Select Ye s to send audit log messages to an external syslog server.
Audit log facility local1 Select the facility for the audit log from the drop-down menu.
6. Locate the Historical Data Retention section and specify the number of days you wish to keep client session
records and rogue discovery events. Table 12 describes the settings and default values of this section. Many
settings can be set to have no expiration date.
Table 12 AMP Setup > General > Historical Data Retention Fields and Default Values
Setting Default Description
Inactive User Data
(2-1500 days)
User Association
History (2-550 days)
Tag History
(2-550 days)
Rogue AP Discovery
Events
(2-550 days)
Reports
(2-550 days)
60 Defines the number of days AWMS stores basic information about inactive users. Dell
PowerConnect W recommends a shorter setting of 60 days for customers with high user
turnover such as hotels. The longer you store inactive user data, the more hard disk space
you require.
14 Defines the number of days AWMS stores client session records. The longer you store
client session records, the more hard disk space you require.
14 Sets the number of days AWMS retains location history for Wi-Fi tags.
14 Defines the number of days AWMS stores Rogue Discovery Events. The longer you store
discovery event records, the more hard disk space you require.
60 Defines the number of days AWMS stores Reports. Large numbers of reports, over 1000,
can cause the Reports > List page to be slow to respond.
38 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 39
Table 12 AMP Setup > General > Historical Data Retention Fields and Default Values (Continued)
Setting Default Description
Automatically
Acknowledged Alerts
(0-550 days, zero
disables)
Acknowledged Alerts
(2-550 days)
Traps from managed
devices
(0-550 days, zero
disables)
Archived Device
Configurations
(1-100)
Guest Users
(0-550 days, zero
disables)
Closed Helpdesk
Incidents
(0-550 days, zero
disables)
Inactive SSIDs
(0-550 days, zero
disables)
14 Defines automatically acknowledged alerts as the number of days AWMS retains alerts
that have been automatically acknowledged. Setting this value to 0 disables this function,
and alerts will never expire or be deleted from the database.
60 Defines the number of days AWMS retains information about acknowledged alerts. Large
numbers of Alerts, over 2000, can cause the System > Alerts page to be slow to respond.
14 Defines the number of days AWMS retains information about SNMP traps from Managed
Devices. Setting this value to 0 disables this function, and the trap information will never
expire or be deleted from the database.
10 Sets the number of archived configurations to retain for each device.
30 Sets the number of days that AWMS is to support any guest user. A value of 0 disables this
function, and guest users will never expire or be deleted from the AWMS database.
30 Sets the number of days that AWMS is to retain records of closed Helpdesk incidents
once closed. Setting this value to 0 disables this function, and Helpdesk information will
never expire or be deleted from the database.
425 Sets the number of days AWMS retains historical information after AWMS last saw a
client on a specific SSID. Setting this value to 0 disables this function, and inactive SSIDs
will never expire or be deleted from the database.
Inactive Interfaces (0550 days, zero
disables)
Interface Status
History
(0-550 days, zero
disables)
Interfering Devices (0550 days, zero
disables)
425 Sets the number of days AWMS retains inactive interface information after the interface
has been removed or deleted from the device. Setting this value to 0 disables this function,
and inactive interface information will never expire or be deleted from the database.
425 Sets the number of days AWMS retains historical information on interface status. Setting
this value to 0 disables this function.
14 Sets the number of days AWMS retains historical information on interfering devices.
Setting this value to 0 disables this function.
7. Locate the Default Firmware Upgrade Options section and adjust settings as required. This section allows
you to configure the default firmware upgrade behavior for AWMS. Table 13 describes the settings and
default values of this section.
Table 13 AMP Setup > General > Default Firmware Upgrade Options Fields and Default Values
Setting Default Description
Allow Firmware
Upgrades in Monitor
Only mode
Simultaneous Jobs
(1-20)
No If Yes is selected, AWMS upgrades the firmware for APs in Monitor Only mode. When
AWMS upgrades the firmware in this mode, the desired configuration are not be pushed
to AWMS. Only the firmware is applied. The firmware upgrade may result in configuration
changes. AWMS does not correct those changes when the AP is in Monitor Only mode.
20 Defines the number of jobs AWMS runs at the same time. A job can include multiple APs.
Simultaneous
Devices Per Job
(1-1000)
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 39
20 Defines the number of devices that can be in the process of upgrading at the same time.
AWMS only runs one TFTP transfer at a time. As soon as the transfer to a device has
completed, the next transfer begins, even if the first device is still in the process of
rebooting or verifying configuration.
Page 40
Table 13 AMP Setup > General > Default Firmware Upgrade Options Fields and Default Values (Continued)
Setting Default Description
Failures Before
Stopping (0-20)
1 Sets the default number of upgrade failures before AWMS pauses the upgrade process.
User intervention is required to resume the upgrade process. Setting this value to 0
disables this function.
8. Locate the Additional AMP Services section, and adjust settings as required. Table 14 describes the settings
and default values of this section.
Table 14 AMP Setup > General > Additional AMP Services Fields and Default Values
Setting Default Description
Enable FTP Server No Enables or disables the FTP server on AMP. The FTP server is only used to manage Cisco
Enable RTLS Collector No Enables or disables the RTLS Collector, which is used to allow ArubaOS controllers to send
Aironet 4800 APs. Dell PowerConnect W recommends disabling the FTP server if you do
not have any Cisco Aironet 4800 APs in the network.
signed and encrypted RTLS (real time locating system) packets to VisualRF-- in other
words, AWMS becomes the acting RTLS server. The RTLS server IP address must be
configured on each controller. This function is used for VisualRF to improve location
accuracy and to locate chirping asset tags. This function is supported only for Dell
PowerConnect W, Alcatel-Lucent and Aruba Networks devices.
With selection of Yes , the following additional fields appear, which you should populate to
match the settings configured on the controller:
RTLS Port—Specify the port for the AWMS RTLS server.
RTLS Username—Enter the user name used by the controller to decode RTLS
messages.
RTLS Password—Enter the RTLS server password that matches the controllers’ value.
Use Embedded Mail
Server
Process User Roaming
Traps from Cisco WLC
Enable AMON data
collection
Yes Enables or disables the embedded mail server that is included with AWMS.This field
supports a Send Test Email button for testing server functionality. This button prompts you
with a To and From field in which you must enter valid email addresses, and a button to
send a test email.
Yes AMP now parses client association and authentication traps from Cisco WLC controllers
to give real time information on users connected to the wireless network.
Yes Allows AMP to collect enhanced data from Dell PowerConnect W devices on certain
firmware versions; see the Dell PowerConnect W AirWave Best Practices Guide in Home
> Documentation for more details.
9. Locate the Performance Tuning section. Performance tuning is unlikely to be necessary for many AWMS
implementations, and likely provides the most improvements for customers with extremely large Pro or
Enterprise installations. Please contact Dell support if you think you might need to change any of these
settings. Table 15 describes the settings and default values of this section.
Table 15 AMP Setup > General > Performance Tuning Fields and Default Values
Setting Default Description
Monitoring
Processes
Maximum Number of
Configuration
Processes
Based on the
number of
cores for your
server
5 Increases the number of processes that are pushing configurations to your
Optional setting configures the throughput of monitoring data. Increasing this
setting allows AWMS to process more data per second, but it can take
resources away from other AWMS processes. Please contact Dell support if
you think you might need to increase this setting for your network.
devices, as an option. The optimal setting for your network depends on the
resources available, especially RAM. Please contact Dell support if you think
you might need to increase this setting for your network.
40 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 41
Table 15 AMP Setup > General > Performance Tuning Fields and Default Values (Continued)
Setting Default Description
Maximum Number of
Audit Processes
Verbose Logging of
SNMP Configuration
SNMP Rate Limiting
for Monitored
Devices
RAPIDS Processing
Priority
3 Increases the number of processes that audit configurations for your devices,
as an option. The optimal setting for your network depends on the resources
available, especially RAM. Contact Dell support if you are considering
increasing this setting for your network.
No Enables or disables logging detailed records of SNMP configuration
information.
No When enabled, AWMS fetches SNMP data more slowly, potentially reducing
device CPU load. Dell PowerConnect W recommends enabling this global
setting when monitoring Dell PowerConnect W controllers only if your network
contains a majority of legacy controllers (800, 2400, 5000, controllers that use
Supervisor Module II). If your network mainly uses newer processors (3000
series, 600 series, the M3 module in the 6000 series), Aruba strongly
recommends disabling this setting.
Low Defines the processing and system resource priority for RAPIDS in relation to
AWMS as a whole.
When AWMS is processing data at or near its maximum capacity, reducing the
priority of RAPIDS can ensure that processing of other data (such as client
connections and bandwidth) is not adversely impacted.
The default priority is Low. You can also tune your system performance by
changing group poll periods.
10. Select Save when the General Server settings are complete and whenever making subsequent changes.
What Next?
Go to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter before proceeding. Dell support remains available to you for
any phase of AWMS installation.
Defining AWMS Network Settings
The next step in configuring AWMS is to confirm the AMP network settings. Define these settings by navigating
to the AMP Setup > Network page. Figure 16 illustrates the contents of this page.
Figure 16 AMP Setup > Network Page Illustration
Perform the following steps to define the AWMS network settings:
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 41
Page 42
1. Locate the Primary and Secondary Network Interface sections. The information in these sections should
match what you defined during initial network configuration and should not require changes. Table 16
describes the settings and default values.
Table 16 Primary and Secondary Network Interface Fields and Default Values
Setting Default Description
IP Address None Sets the IP address of the AWMS network interface.
This address must be a static IP address.
Hostname None Sets the DNS name assigned to the AWMS server.
Subnet Mask None Sets the subnet mask for the primary network interface.
Gateway None Sets the default gateway for the network interface.
Primary DNS IP None Sets the primary DNS IP address for the network interface.
Secondary DNS IP None Sets the secondary DNS IP address for the network interface.
Secondary Network
Interface
No Select Yes to enable a secondary network interface. You must also define the IP
address and subnet mask.
2. On the AMP Setup > Network page, locate the Network Time Protocol (NTP) section. The Network Time
Protocol is used to synchronize the time between AWMS and your network reference NTP server. NTP servers
synchronize with external reference time sources, such as satellites, radios, or modems.
NOTE: Specifying NTP servers is optional. NTP servers synchronize the time on the AWMS server, not on individual access points.
To disable NTP services, clear both the Primary and Secondary NTP server fields. Any problem related to
communication between AWMS and the NTP servers creates an entry in the event log. Table 17 describes the
settings and default values in more detail. For more information on ensuring that AMP servers have the
correct time, please see support.ntp.org/bin/view/Servers/NTPPoolServers.
Table 17 AMP Setup > Network > Secondary Network Fields and Default Values
Setting Default Description
Primary ntp1.yourdomain.com Sets the IP address or DNS name for the primary NTP server.
Secondary ntp2.yourdomain.com Sets the IP address or DNS name for the secondary NTP server.
3. On the AMP Setup > Network page, locate the Static Routes area. This section displays network, subnet
mask, and gateway settings that you have defined elsewhere from a command-line interface.
NOTE: This section does not enable you to configure new routes or remove existing routes.
4. Select Save when you have completed all changes on the AMP Setup > Network page, or select Revert to
return to the last settings. Save restarts any affected services and may temporarily disrupt your network
connection.
What Next?
Go to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter before proceeding. Dell support remains available to you for
any phase of AWMS installation.
42 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 43
Creating AWMS Users
AWMS installs with only one AMP user—the admin, who is authorized to:
define additional users with varying levels of privilege, be it manage read/write or monitoring.
limit the viewable devices as well as the level of access a user has to the devices.
Each general user that you add needs a Username, a Password, and a Role. Use unique and meaningful user
names as they are recorded in the log files when you or other users make changes in AWMS.
NOTE: Username and password are not required if you configure AWMS to use RADIUS or TACACS authentication. You do not
need to add individual users to the AWMS server if you use RADIUS or TACACS authentication.
The user role defines the user type, access level, and the top folder for that user. User roles are defined on the
AMP Setup > Roles page. Refer to the next procedure in this chapter for additional information, “Creating
AWMS User Roles” on page44.
The admin user can provide optional additional information about the user including the user's real name, email
address, phone number, and so forth.
Perform the following steps to display, add, edit, or delete AWMS users of any privilege level. You must be an
admin user to complete these steps.
1. Go to the AMP Setup > Users page. This page displays all users currently configured in AWMS. Figure 17
illustrates the contents and layout of this page.
Figure 17 AMP Setup > Users Page Illustration
2. Select Add to create a new user, select the pencil icon to edit an existing user, or select a user and select
Delete to remove that user from AWMS. When you select Add or the edit icon, the Add User page appears,
illustrated in Figure 18.
Figure 18 AMP Setup > Users > Add/Edit User Page Illustration
3. Enter or edit the settings on this page. Table 18 describes these settings in additional detail.
Table 18 AMP Setup > User > Add/Edit User Fields and Default Values
Setting Default Description
Username None Sets the username as an alphanumeric string. The Username is used when logging in to AWMS and
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 43
appears in AWMS log files.
Page 44
Table 18 AMP Setup > User > Add/Edit User Fields and Default Values (Continued)
Setting Default Description
Role None Specifies the User Role that defines the Top viewable folder, type and access level of the user
specified in the previous field.
The admin user defines user roles on the AMP Setup > Roles page, and each user in the system is
assigned to a role.
Password None Sets the password for the user being created or edited. Enter an alphanumeric string without
spaces, and enter the password again in the Confirm Password field.
NOTE: Because the default user's password is identical to the name, Dell PowerConnect W strongly
recommends that your change this password.
Name None Allows you to define an optional and alphanumeric text field that takes note of the user's actual
Email Address None Allows you to specify a specific email address that will propagate throughout many additional
Phone None Allows you to enter an optional phone number for the user.
Notes None Enables you to cite any additional notes about the user, including the reason they were granted
name.
pages in AWMS for that user, including reports, triggers, and alerts.
access, the user's department, or job title.
4. Select Add to create the new user, Save to retain changes to an existing user, or Cancel to cancel out of this
screen. The user information you have configured appears on the AMP Setup > Users page and the user
propagates to all other AWMS pages and relevant functions.
NOTE: AWMS enables user roles to be created with access to folders within multiple branches of the overall hierarchy. This
feature assists non-administrator users who support a subset of accounts or sites within a single AWMS deployment, such as help
desk or IT staff.
What Next?
Go to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter before proceeding. Dell support remains available to you for
any phase of AWMS installation.
Creating AWMS User Roles
The AMP Setup > Roles page defines the viewable devices, the operations that can be performed on devices, and
general AWMS access. VisualRF uses the same user roles as defined for AWMS—users can see floor plans that
contain an AP to which they have access in AWMS, although only visible APs appear on the floor plan.
Users can also see any building that contains a visible floor plan, and any campus that contains a visible building.
NOTE: In VisualRF > Setup > Server Settings, a new flag added in AWMS 7.2 allows you to restrict the visibility of empty floor plans
to the role of the user who created them. In previous versions, a floor plan without APs could be visible to all users. By default, this
setting is set to No.
When a new role is added to AWMS, VisualRF must be restarted for the new user to be enabled. Refer to the
VisualRF User Guide in Home > Documentation for additional information.
User roles can be created that have access to folders within multiple branches of the overall hierarchy. This
feature assists non-administrative users, such as help desk or IT staff, who support a subset of accounts or sites
within a single AWMS deployment. You can restrict user roles to multiple folders within the overall hierarchy
44 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 45
even if they do not share the same top-level folder. Non-admin users are only able to see data and users for devices
within their assigned subset of folders.
Perform the following steps to view, add, edit, or delete user roles:
1. Go to the AMP Setup > Roles page. This page displays all roles currently configured in AWMS. Figure 19
illustrates the contents and layout of this page.
Figure 19 AMP Setup > Roles Page Illustration
2. Select Add to create a new role, select the pencil icon to edit an existing role, or select a checkbox and select
Delete to remove that role from AWMS. When you select Add or the edit icon, the Add/Edit Role page
appears, illustrated in Figure 20.
Figure 20 AMP Setup > Roles > Add/Edit Role Page Illustration
3. Enter or edit the settings on this page. Table 19 describes these settings in additional detail.
As explained earlier in this section, Roles define the type of user-level access, the user-level privileges, and the
view available to the user for device groups and devices in AWMS. Table 19 describes the settings and default
values of this section.
Table 19 AMP Setup > Roles > Add/Edit Roles Fields and Default Values
Setting Default Description
Name None Sets the administrator-definable string that names the role. Dell PowerConnect W recommends
that the role name give an indication of the devices and groups that are viewable, as well as the
privileges granted to that role.
Enabled Yes Disables or enables the role. Disabling a role prevents all users of that role from logging in to
AWMS.
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 45
Page 46
Table 19 AMP Setup > Roles > Add/Edit Roles Fields and Default Values (Continued)
Setting Default Description
Type AP/Device
Manager
Defines the type of role. AWMS supports the following role types:
AMP Administrator—The AMP Administrator has full access to AWMS and all of the
devices. Only the AMP Administrator can create new users or access the AMP Setup page.
AP/Device Manager—AP/Device Managers have access to a limited number of devices
and groups based on the Top folder and varying levels of control based on the Access
Level.
AirWave Management Client—The AirWave Management Client (AMC) software allows
WiFi-enabled devices to serve as additional sensors to gather data for RAPIDS. Use this
role type to set up a client to be treated as a user with the AMC role. The user information
defined in AMC must match the user with the Dell PowerConnect W Management Client
type.
Guest Access Sponsor—Limited-functionality role to allow helpdesk or reception desk
staff to grant wireless access to temporary personnel. This role only has access to the
defined top folder of APs.
AP/Device
Access Level
None Defines the privileges the role has over the viewable APs. AWMS supports three privilege
levels, as follows:
Manage (Read/Write)—Manage users can view and modify devices and Groups.
Audit (Read Only)—Audit users have read only access to the viewable devices and Groups.
Audit users have access to the APs/Devices > Audit page, which may contain sensitive
information including AP passwords.
Monitor (Read Only)—Monitor users have read-only access to devices and groups and
VisualRF. Monitor users cannot view the APs/Devices > Audit page which may contain
sensitive information, including passwords.
Top Folder None Defines the Top viewable folder for the role. The role is able to view all devices and groups
contained by the Top folder. The top folder and its subfolders must contain all of the devices in
any of the groups it can view.
NOTE: AWMS enables user roles to be created with access to folders within multiple branches
of the overall hierarchy. This feature assists non-administrator users who support a subset of
accounts or sites within a single AWMS deployment, such as help desk or IT staff.
User roles can be restricted to multiple folders within the overall hierarchy, even if they do not
share the same top-level folder. Non-administrator users are only able to see data and users for
devices within their assigned subset of folders.
RAPIDS None Sets the RAPIDS privileges, which are set separately from the APs/Devices. This field specifies
the RAPIDS privileges for the role, and options are as follows:
None— Cannot view the RAPIDS tab or any Rogue APs.
Read Only—The user can view the RAPIDS pages but cannot make any changes to rogue
APs or perform OS scans.
Read/Write—The user may ignore, delete, override scores and perform OS scans.
Helpdesk No Sets the role to support helpdesk users, with parameters that are specific to the needs of
helpdesk personnel supporting users on a wireless network.
Enable Adobe
Flash
Yes Enables the Adobe Flash application for all users who are assigned this role. Adobe Flash
supports dynamic graphics on the Home > Overview page, VisualRF, Quickview functions, and
additional AWMS pages.
NOTE: This field is only visible if a specific flag is set in the AWMS database. By default this
option is hidden and Flash is enabled for all users.
Allow creation
of Guest Users
Yes If this option is enabled, users with an assigned role of Monitoring or Audit can be given access
to guest user account creation along with the option to allow a sponsor to change its
username. A custom message can also be included. The Guest User Preferences section does
not apear if Guest User Configuration is disabled in AMP Setup > General.
What Next?
Go to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter before proceeding. Dell support remains available to you for
any phase of AWMS installation.
46 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 47
Enabling AWMS to Manage Your Devices
Once AWMS is installed and active on the network, the next task is to define the basic settings that allow AWMS
to communicate with and manage your devices. Device-specific firmware files are often required or are highly
desirable. Furthermore, the use of Web Auth bundles is advantageous for deployment of Cisco WLC wireless
LAN controllers when they are present on the network.
This section contains the following procedures:
Configuring Communication Settings for Discovered Devices
Loading Device Firmware Onto AWMS (optional)
Overview of the Device Setup > Upload Firmware & Files Page
Loading Firmware Files to AWMS
Configuring Communication Settings for Discovered Devices
To configure AWMS to communicate with your devices, to define the default shared secrets, and to set SNMP
polling information, navigate to the Device Setup > Communication page, illustrated in Figure 21.
Figure 21 Device Setup > Communication Page Illustration
Perform the following steps to define the default credentials and SNMP settings for the wireless network.
1. On the Device Setup > Communication page, locate the Default Credentials area. Enter the credentials for
each device model on your network. The default credentials are assigned to all newly discovered APs.
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 47
Page 48
The Edit button edits the default credentials for newly discovered devices. To modify the credentials for
existing devices, use the APs/Devices > Manage page or the Modify Devices link on the APs/Devices > List
page.
NOTE: Community strings and shared secrets must have read-write access for AWMS to configure the devices. Without readwrite access, AWMS may be able to monitor the devices but cannot apply any configuration changes.
2. Browse to the Device Setup > Communication page, locate the SNMP Settings section, and enter or revise
the following information. Table 20 lists the settings and default values.
Table 20 Device Setup > Communication > SNMP Settings Fields and Default Values
Setting Default Description
SNMP Timeout 3 Sets the time, in seconds, that AWMS waits for a response from a device after
sending an SNMP request.
SNMP Retries 3 Sets the number of times AWMS tries to poll a device when it does not receive a
response within the SNMP Timeout Period or the Group's Missed SNMP Poll
Threshold setting (1-100). If AWMS does not receive an SNMP response from the
device after the specified number of retries, AWMS classifies that device as Down.
3. Locate the SNMP v3 Informs section. Select Add New SNMP v3 User to reveal its configuration section.
AMP users will need to configure all v3 users that are configured on the controller; the SNMP Inform receiver
in the AMP will be restarted when users are changed or added to the controller.
Username - Username of the SNMP v3 user as configured on the controller.
Auth Protocol - Can be MD5 or SHA. The default setting is SHA.
Auth and Priv Passphrases - Enter the auth and priv passphrases for the user as configured on the
controller.
Priv Protocol - Can be DES or AES. The default setting is DES.
4. Locate the Telnet/SSH Settings section, and complete or adjust the default value for the field. Table 21
shows the setting and default value.
Table 21 Telnet/SSH Sett
ings Fields and Default Values
Setting Default Description
Telnet/SSH Timeout
(3-120 sec)
10 Sets the timeout period in seconds used when performing Telnet and SSH commands.
5. Locate the HTTP Discovery Settings section and adjust the default value. Table 22 shows the setting and
default value.
Table 22 HTTP Discovery Settings Fields and Default Values
Setting Default Description
HTTP Timeout
(3-120 sec)
48 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
5 Sets the timeout period in seconds used when running an HTTP discovery scan.
Page 49
6. Locate the ICMP Settings section and adjust the default value as required. Table 23 shows the setting and
default value.
Table 23 Device Setup > Communication > ICMP Settings Fields and Default Values
Setting Default Description
Attempt to ping
devices that
were
unreachable
via SNMP
Yes When Ye s is selected, AWMS attempts to ping the AP device.
Select No if performance is affected in negative fashion by this function. If a large number
of APs are unreachable by ICMP, likely to occur where there is in excess of 100 APs, the
timeouts start to impede network performance.
NOTE: If ICMP is disabled on the network, select No to avoid the performance penalty caused
by numerous ping requests.
7. Locate the Cisco Aironet VxWorks User Creation Options section. You only need to provide this information
if you use VxWorks-based Cisco APs on your network, as follows:
Aironet 340
Aironet 350
Aironet 1200
Select one of the three options listed. Table 24 describes the settings and default values of this section.
Table 24 Cisco Aironet VxWorks User Creation Options Fields and Default Values
Setting Default Description
Do not modify
security/SNMP
settings
Create and use
specified user
N/A Enables AWMS using only an existing user account on the AP, as defined in the Cisco VxWorks
Username/Password section in the Default Secrets area. This user account must have all
permissions set.
N/A Enables AWMS to create a new user account, specified below, on each AP with all
permissions enabled.
8. Locate the Symbol 4131, Cisco Aironet IOS and Nomadix AG2000w SNMP Initialization area. Select one
of the options listed. Table 25 describes the settings and default values
Table 25 Device Setup > Communications Fields and Default Values
Setting Default Description
Do Not Modify
SNMP Settings
Enable read-write
SNMP
Yes When selected, specifies that AWMS not modify any SNMP settings. If SNMP is not already
initialized on the Symbol, Nomadix, and Cisco IOS APs, AWMS is not able to manage them.
No When selected, and when on networks where the Symbol, Nomadix, and Cisco IOS APs do
not have SNMP initialized, this setting enables SNMP so the devices can be managed by
AWMS.
Loading Device Firmware Onto AWMS (optional)
Overview of the Device Setup > Upload Firmware & Files Page
AWMS enables automated firmware distribution to the devices on your network. Once you have downloaded the
firmware files from the vendor, you can upload this firmware to AWMS for distribution to devices via the Device
Setup > Upload Firmware & Files page.
This page lists all firmware files on AWMS with file information. This page also enables you to add new firmware
files, to delete firmware files, and to add New Web Auth Bundle files.
The following additional pages support firmware file information:
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 49
Page 50
Firmware files uploaded to AWMS appear as options in the drop-down menus on the Group > Firmware
page and on individual APs/Devices > Manage pages.
Use the AMP Setup page to configure AWMS-wide default firmware options.
Table 26 below itemizes the contents, settings, and default values for the Upload Firmware & Files page.
Table 26 Device Setup > Upload Firmware & Files Fields and Default Values
Setting Default Description
Type Aruba
Controller
(any model)
Owner Role None Displays the user role that uploaded the firmware file. This is the role that has access to
Description None Displays a user-configurable text description of the firmware file.
Server Protocol None Displays the file transfer protocol by which the firmware file was obtained from the server.
Use Group File
Server
Firmware Filename None Displays the name of the file that was uploaded to AWMS and to be transferred to an AP
Firmware Version None Displays the firmware version number. This is a user-configurable field.
Firmware MD5
Checksum
Firmware File Size None Displays the size of the firmware file in bytes.
HTML Filename None Supporting HTML, displays the name of the file that was uploaded to AWMS and to be
HTML Version None Supporting HTML, displays the version of HTML used for file transfer.
HTML MD5
Checksum
None Displays the name of the file server supporting the group.
None Displays the MD5 checksum of the file after it was uploaded to AWMS. The MD5
None Supporting HTML, displays the MD5 checksum of the file after it was uploaded to AWMS.
Displays a drop-down list of the primary AP makes and models that AWMS supports with
automated firmware distribution.
the file when an upgrade is attempted.
when the file is used in an upgrade.
checksum is used to verify that the file was uploaded to AWMS without issue. The
checksum should match the checksum of the file before it was uploaded.
transferred to an AP when the file is used in an upgrade.
The MD5 checksum is used to verify that the file was uploaded to AWMS without issue.
The checksum should match the checksum of the file before it was uploaded.
HTML File Size None Supporting HTML, displays the size of the file in bytes.
Desired Firmware
File for Specified
Groups
None The firmware file is set as the desired firmware version on the Groups > Firmware Files
page of the specified groups. You cannot delete a firmware file that is set as the desired
firmware version for a group.
Loading Firmware Files to AWMS
Perform the following steps to load a device firmware file onto AWMS:
1. Go to the Device Setup > Upload Firmware & Files page.
2. Select Add. The Add Firmware File page appears. Figure 22 illustrates this page.
50 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 51
Figure 22 Device Setup > Add New Firmware Page Illustration
3. Select Supported Firmware Versions and Features to view supported firmware versions.
NOTE: Unsupported and untested firmware may cause device mismatches and other problems. Please contact Dell support
before installing non-certified firmware.
4. Enter the appropriate information and select Add. The file uploads to AWMS and once complete, this file
appears on the Device Setup > Upload Firmware & Files page. This file also appears on additional pages that
display firmware files (such as the Group > Firmware page and on individual APs/Devices > Manage pages).
5. You can also import a CSV list of groups and their external TFTP firmware servers. Table 27 itemizes the
settings of this page.
Table 27 Supported Firmware Versions and Features Fields and Default Values
Setting Default Description
Type Aruba
Controller
Firmware Version None Provides a user-configurable field to specify the firmware version number. Appears if you
Description None Provides a user-configurable text description of the firmware file.
Upload firmware
files (and use built-in
firmware)
Use an external
firmware file server
Use Group File
Server
Built-in Selects the TFTP server that access points use to download their firmware. The built-in
N/A You can also choose to assign the external TFTP server on a per-group basis. If you select
Disabled If you opt to use an external firmware file server, this additional option appears. This
Indicates the firmware file is used with the specified type. If you select an IOS device from
the Type drop-down menu, you have the option of choosing a server protocol of TFTP or
FTP. If you choose FTP, you may later notice that the firmware files are pushed to the
device more quickly.
With selection of some types, particularly Cisco controllers, you can specify the boot
software version.
did not select the default Aruba Controller type.
TFTP server is recommended.
If you choose to use an external TFTP server, enter the File Server IP Address and the
Firmware Filename.
this option, you must enter the IP address on the Groups > Firmware page. Complete the
Firmware File Server IP Address field.
NOTE: With selection of some Types, you are prompted with the Server Protocol field that
lets you select which protocol to use, and this varies from device to device. If you select
FTP, AWMS uses an anonymous user for file upload.
setting instructs AWMS to use the server that is associated with the group instead of
defining a server.
Firmware File Server
IP Address
Firmware Filename None Enter the name of the firmware file that needs to be uploaded. Ensure that the firmware
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 51
None Provides the IP address of the External TFTP Server (like SolarWinds) used for the
firmware upgrade. This option displays when the user selects the Use an external
firmware file option.
file is in the TFTP root directory. If you are using a non-external server, you select Choose
File to find your local copy of the file.
Page 52
NOTE: Additional fields may appear for multiple device types. AWMS prompts you for additional firmware information as required.
For example, Intel and Symbol distribute their firmware in two separate files: an image file and an HTML file. Both files must be
uploaded to AWMS for the firmware to be distributed successfully via AWMS.
6. Select Add to import the firmware file.
To delete a firmware file that has already been uploaded to AWMS, return to the Device Setup > Upload
Firmware & Files page, select the checkbox for the firmware file and select Delete.
NOTE: A firmware file may not be deleted if it is the desired version for a group. Use the Group > Firmware page to investigate this
potential setting and status.
Using Web Auth Bundles in AWMS
Web authentication bundles are configuration files that support Cisco WLC wireless LAN controllers. This
procedure requires that you have local or network access to a Web Auth configuration file for Cisco WLC
devices.
Perform these steps to add or edit Web Auth bundles in AWMS.
1. Go to the Device Setup > Upload Firmware & Files page. This page displays any existing Web Auth bundles
that are currently configured in AWMS, and allows you to add or delete Web Auth bundles.
2. Scroll to the bottom of the page. Select Add New Web Auth Bundle to create a new Web Auth bundle (see
Figure 23), or select the pencil icon next to an existing bundle to edit. You may also delete Web Auth bundles
by selecting that bundle with the checkbox, and selecting Delete.
Figure 23 Add Web Auth Bundle Page Illustration
3. Enter a descriptive label in the description field. This is the label used to identify and track Web Auth bundles
on the page.
4. Enter the path and filename of the Web Auth configuration file in the Web Auth Bundle field or select
Choose File to locate the file.
5. Select Add to complete the Web Auth bundle creation, or Save if replacing a previous Web Auth
configuration file, or Cancel to abort the Web Auth integration.
For additional information and a case study that illustrates the use of Web Auth bundles with Cisco WLC
controllers, refer to the following document on Cisco.com:
Wireless LAN controller Web Authentication Configuration Example, Document ID: 69340
www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml
Configuring TACACS+ and RADIUS Authentication
As an optional configuration, you can set AWMS to use an external user database to simplify password
management for AWMS administrators and users. This section contains the following procedures:
Configuring TACACS+ Authentication
Configuring RADIUS Authentication and Authorization
Integrating a RADIUS Accounting Server
52 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 53
Configuring TACACS+ Authentication
For TACACS+ capability, you must configure the IP/Hostname of the TACACS+ server, the TCP port, and the
server shared secret. This TACACS+ configuration is for AWMS users, and does not affect APs or users logging
into APs.
1. Go to the AMP Setup > Authentication page. This page displays current status of TACACS+. Figure 24
illustrates this page when neither TACACS+ nor RADIUS authentication is enabled in AWMS.
Figure 24 AMP Setup > Authentication Page Illustration
2. Select No to disable or Yes to enable TACACS+ authentication. If you select Yes, several new fields appear.
Complete the fields described in Table 28.
Table 28 AMP Setup > Authentication Fields and Default Values
Field Default Description
Primary Server Hostname/IP
Address
Primary Server Port 49 Enter the port for the primary TACACS+ server.
Primary Server Secret N/A Specify and confirm the primary shared secret for the primary TACACS+
Secondary Server Hostname/IP
Address
Secondary Server Port 49 Enter the port for the secondary TACACS+ server.
Secondary Server Secret N/A Enter the shared secret for the secondary TACACS+ server.
N/A Enter the IP address or the hostname of the primary TACACS+ server.
server.
N/A Enter the IP address or hostname of the secondary TACACS+ server.
3. Select Save and continue with additional steps.
4. To configure Cisco ACS to work with AWMS, you must define a new service named AMP that uses https on
the ACS server.
The AMP https service is added to the TACACS+ (Cisco) interface under the Interface Configuration
tab.
Select a checkbox for a new service.
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 53
Page 54
Enter AMP in the service column and https in the protocol column.
Select Save.
5. Edit the existing groups or users in TACACS to use the “AMP service” and define a role for the group or user.
The role defined on the Group Setup page in ACS must match the exact name of the role defined on the
AMP Setup > Roles page.
The defined role should use the following format: role=<name_of_AMP_role>. One example is as
follows:
role=DormMonitoring
As with routers and switches, AWMS does not need to know usernames.
6. AWMS also needs to be configured as an AAA client.
On the Network Configuration page, select Add Entry.
Enter the IP address of AWMS as the AAA Client IP Address.
The secret should be the same value that was entered on the AMP Setup > TACACS+ page.
7. Select TACACS+ (Cisco IOS) in the Authenticate Using dropdown menu and select submit + restart.
NOTE: AWMS checks the local username and password store before checking with the TACACS+ server. If the user is found
locally, the local password and local role apply. When using TACAS+, it is not necessary or recommended to define users on the
AWMS server. The only recommended user is the backup administrator, in the event that the TACAS+ server goes down.
What Next?
Go to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter before proceeding. Dell support remains available to you for
any phase of AWMS installation.
Configuring RADIUS Authentication and Authorization
For RADIUS capability, you must configure the IP/Hostname of the RADIUS server, the TCP port, and the
server shared secret. Perform these steps to configuration RADIUS authentication:
1. Go to the AMP Setup > Authentication page. This page displays current status of RADIUS. Figure 25
illustrates this page.
54 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 55
Figure 25 AMP Setup > Authentication Page Illustration
2. Select No to disable or Yes to enable TACACS+ or RADIUS authentication. If you select Yes, several new
fields appear. Complete the fields described in Table 29.
Table 29 AMP Setup > Authentication Fields and Default Values
Field Default Description
Primary Server
Hostname/IP Address
Primary Server Port 1812 Enter the TCP port for the primary RADIUS server.
Primary Server Secret N/A Specify and confirm the primary shared secret for the primary RADIUS server.
Secondary Server
Hostname/IP Address
Secondary Server Port 1812 Enter the TCP port for the secondary RADIUS server.
Secondary Server
Secret
N/A Enter the IP address or the hostname of the primary RADIUS server.
N/A Enter the IP address or the hostname of the secondary RADIUS server.
N/A Enter the shared secret for the secondary RADIUS server.
3. Select Save to retain these configurations, and continue with additional steps in the next procedure.
Integrating a RADIUS Accounting Server
NOTE: AWMS checks the local username and password before checking with the RADIUS server. If the user is found locally, the
local password and role apply. When using RADIUS, it’s not necessary or recommended to define users on the AWMS server. The
only recommended user is the backup admin, in case the RADIUS server goes down.
Optionally, you can configure RADIUS server accounting on AMP Setup > RADIUS Accounting. This
capability is not required for basic AWMS operation, but can increase the user-friendliness of AWMS
administration in large networks. Figure 26 illustrates the settings of this optional configuration interface.
Perform the following steps and configurations to enable AWMS to receive accounting records from a separate
RADIUS server. Figure 26 illustrates the display of RADIUS accounting clients already configured, and Figure 27
illustrates the Add RADIUS Accounting Client page.
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 55
Page 56
Figure 26 AMP Setup > RADIUS Accounting Page Illustration
Figure 27 AMP Setup > RADIUS > Add RADIUS Accounting Client Page Illustration
1. To specify the RADIUS authentication server or network, browse to the AMP Setup > RADIUS Accounting
page and select Add, illustrated in Figure 27, and provide the information in Table 30.
2. Select Add.
Table 30 AMP Setup > RADIUS Accounting Fields and Default Values
Setting Default Description
Nickname None Sets a user-defined name for the authentication server.
IP/Network None Cites the IP address or DNS Hostname for the authentication server if you only want to accept
packets from one device. To accept packets from an entire network enter the IP/Netmask of the
network (for example, 10.51.0.0/24).
Shared Secret
(Confirm)
None Sets the Shared Secret that is used to establish communication between AWMS and the
RADIUS authentication server.
What Next?
For more information about configuring WLAN Gateways or WLAN controllers such as BlueSocket,
ReefEdge, or ProCurve wireless gateways, refer to “Third-Party Security Integration for AWMS” on page257.
Go to additional subtabs in AMP Setup to continue additional setup configurations.
Complete the required configurations in this chapter before proceeding. Dell support remains available to you for
any phase of AWMS installation.
Configuring Cisco WLSE and WLSE Rogue Scanning
The Cisco Wireless LAN Solution Engine (WLSE) includes rogue scanning functions that AWMS supports.
This section contains the following topics and procedures, and several of these sections have additional subprocedures:
Introduction to Cisco WLSE
Configuring WLSE Initially in AWMS
Configuring IOS APs for WDS Participation
Configuring ACS for WDS Authentication
Configuring Cisco WLSE Rogue Scanning
You must enter one or more CiscoWorks WLSE hosts to be polled for discovery of Cisco devices and rogue AP
information.
56 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 57
Introduction to Cisco WLSE
Cisco WLSE functions as an integral part of the Cisco Structured Wireless-Aware Network (SWAN)
architecture, which includes IOS Access Points, a Wireless Domain Service, an Access Control Server, and a
WLSE. In order for AWMS to obtain Rogue AP information from the WLSE, all SWAN components must be
properly configured. Table 31 describes these components.
Table 31 Cisco SWAN Architecture Components
SWAN Component Requirements
WDS (Wireless Domain
Services)
WDS Name
Primary and backup IP address for WDS devices (IOS AP or WLSM)
WDS Credentials APs within WDS Group
NOTE: WDS can be either a WLSM or an IOS AP. WLSM (WDS) can control up to 250 access
points. AP (WDS) can control up to 30 access points.
WLSE (Wireless LAN
Solution Engine)
ACS (Access Control
Server)
APs
IP Address
Login
IP Address
Login
APs within WDS Group
Configuring WLSE Initially in AWMS
Use the following general procedures to configure and deploy a WLSE device in AWMS:
Adding an ACS Server for WLSE
Enabling Rogue Alerts for Cisco WLSE
Configuring WLSE to Communicate with APs
Discovering Devices
Managing Devices
Inventory Reporting
Defining Access
Grouping
WDS Participation
Primary or Secondary WDS
Adding an ACS Server for WLSE
1. Go to the Devices > Discover > AAA Server page.
2. Select New from the drop-down list.
3. Enter the Server Name, Server Port (default 2002), Username, Password, and Secret.
4. Select Save.
Enabling Rogue Alerts for Cisco WLSE
1. Go to the Faults > Network Wide Settings > Rogue AP Detection page.
2. Select the Enable.
3. Select Apply.
Additional information about rogue device detection is available in “Configuring Cisco WLSE Rogue Scanning”
on page 60.
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 57
Page 58
Configuring WLSE to Communicate with APs
1. Go to the Device Setup > Discover page.
2. Configure SNMP Information.
3. Configure HTTP Information.
4. Configure Telnet/SSH Credentials.
5. Configure HTTP ports for IOS access points.
6. Configure WLCCP credentials.
7. Configure AAA information.
Discovering Devices
There are three methods to discover access points within WLSE, as follows:
Using Cisco Discovery Protocol (CDP)
Importing from a file
Importing from CiscoWorks
Perform these steps to discover access points.
1. Go to the Device > Managed Devices > Discovery Wizard page.
2. Import devices from a file.
3. Import devices from Cisco Works.
4. Import using CDP.
Managing Devices
Prior to enabling radio resource management on IOS access points, the access points must be under WLSE
management.
NOTE: AWMS becomes the primary management/monitoring vehicle for IOS access points, but for AWMS to gather Rogue
information, the WLSE must be an NMS manager to the APs.
Use these pages to make such configurations:
1. Go to Device > Discover > Advanced Options.
2. Select the method to bring APs into management Auto, or specify via filter.
Inventory Reporting
When new devices are managed, the WLSE generates an inventory report detailing the new APs. AWMS
accesses the inventory report via the SOAP API to auto-discover access points. This is an optional step to enable
another form of AP discovery in addition to AWMS' CDP, SNMP scanning, and HTTP scanning discovery for
Cisco IOS access points. Perform these steps for inventory reporting.
1. Go to Devices > Inventory > Run Inventory.
2. Run Inventory executes immediately between WLSE polling cycles.
Defining Access
AWMS requires System Admin access to WLSE. Use these pages to make these configurations.
1. Go to Administration > User Admin.
2. Configure Role and User.
58 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 59
Grouping
It’s much easier to generate reports or faults if APs are grouped in WLSE. Use these pages to make such
configurations.
1. Go to Devices > Group Management.
2. Configure Role and User.
Configuring IOS APs for WDS Participation
IOS APs (1100, 1200) can function in three roles within SWAN:
Primary WDS
Backup WDS
WDS Member
AMP monitors AP WDS role and displays this information on AP Monitoring page.
NOTE: APs functioning as WDS Master or Primary WDS will no longer show up as Down is the radios are enabled.
WDS Participation
Perform these steps to configure WDS participation.
1. Log in to the AP.
2. Go to the Wireless Services > AP page.
3. Select Enable participation in SWAN Infrastructure.
4. Select Specified Discovery and enter the IP address of the Primary WDS device (AP or WLSM).
5. Enter the Username and Password for the WLSE server.
Primary or Secondary WDS
Perform these steps to configure primary or secondary functions for WDS.
1. Go to the Wireless Services > WDS > General Setup page.
2. If the AP is the Primary or Backup WDS, select Use the AP as Wireless Domain Services.
Select Priority (set 200 for Primary, 100 for Secondary).
Configure the Wireless Network Manager (configure the IP address of WLSE).
3. If the AP is Member Only, leave all options unchecked.
4. Go to the Security > Server Manager page.
5. Enter the IP address and Shared Secret for the ACS server and select Apply.
6. Go to the Wireless Services > WDS > Server Group page.
7. Enter the WDS Group of AP.
8. Select the ACS server in the Priority 1 drop-down menu and select Apply.
Configuring ACS for WDS Authentication
ACS authenticates all components of the WDS and must be configured first. Perform these steps to make this
configuration.
1. Login to the ACS.
2. Go to the System Configuration > ACS Certificate Setup page.
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 59
Page 60
3. Install a New Certificate by selecting the Install New Certificate button, or skip to the next step if the
certificate was previously installed.
4. Select User Setup in the left frame.
5. Enter the Username that will be used to authenticate into the WDS and select Add/Edit.
6. Enter the Password that will be used to authenticate into the WDS and select Submit.
7. Go to the Network Configuration > Add AAA Client page.
8. Add AP Hostname, AP IP Address, and Community String (for the key).
9. Enter the Password that will be used to authenticate into the WDS and select Submit.
For additional and more general information about ACS, refer to “Configuring ACS Servers” on page61.
Configuring Cisco WLSE Rogue Scanning
The AMP Setup > WLSE page allows AWMS to integrate with the Cisco Wireless LAN Solution Engine
(WLSE). AWMS can discover APs and gather rogue scanning data from the Cisco WLSE.
Figure 28 illustrates and itemizes the AWMS settings for communication that is enabled between AWMS and
WLSE.
Figure 28 AMP Setup > WLSE > Add WLSE Page Illustration
Perform the following steps for optional configuration of AWMS for support of Cisco WLSE rogue scanning.
1. To add a Cisco WLSE server to AWMS, navigate to the AMP Setup > WLSE page and select Add.
Complete the fields in this page. Table 32 describes the settings and default values.
Table 32 AMP Setup > WLSE Fields and Default Values
Setting Default Description
Hostname/IP Address None Designates the IP address or DNS Hostname for the WLSE server, which must
already be configured on the Cisco WLSE server.
Protocol HTTP Specifies the protocol to be used when polling the WLSE.
Port 1741 Defines the port AWMS uses to communicate with the WLSE server.
Username None Defines the username AWMS uses to communicate with the WLSE server. The
username and password must be configured the same way on the WLSE server and
on AWMS.
The user needs permission to display faults to discover rogues and inventory API
(XML API) to discover manageable APs. As derived from a Cisco limitation, only
credentials with alphanumeric characters (that have only letters and numbers, not
other symbols) allow AWMS to pull the necessary XML APIs.
Password None Defines the password AWMS uses to communicate with the WLSE server. The
username and password must be configured the same way on the WLSE server and
on AWMS.
As derived from a Cisco limitation, only credentials with alphanumeric characters
(that have only letters and numbers, not other symbols) allow AWMS to pull the
necessary XML APIs.
60 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 61
Table 32 AMP Setup > WLSE Fields and Default Values (Continued)
Setting Default Description
Poll for AP Discovery; Poll
for Rogue Discovery
Last Contacted None Displays the last time AWMS was able to contact the WLSE server.
Polling Period 10 minutes Determines how frequently AWMS polls WLSE to gather rogue scanning data.
Yes Sets the method by which AWMS uses WLSE to poll for discovery of new APs and/or
new rogue devices on the network.
2. After you have completed all fields, select Save. AWMS is now configured to gather rogue information from
WLSE rogue scans. As a result of this configuration, any rogues found by WLSE appear on the RAPIDS >
Rogue page.
What Next?
Go to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter before proceeding. Dell support remains available to you for
any phase of AWMS installation.
Configuring ACS Servers
This is an optional configuration. The AMP Setup > ACS page allows AWMS to poll one or more Cisco ACS
servers for wireless username information. When you specify an ACS server, AWMS gathers information about
your wireless users. Refer to “Configuring TACACS+ and RADIUS Authentication” on page52 if you want to
use your ACS server to manage your AWMS users.
Perform these steps to configure ACS servers:
1. Go to the AMP Setup > ACS page. This page displays current ACS setup, as illustrated in Figure 29.
Figure 29 AMP Setup > ACS Page Illustration
2. Select Add to create a new ACS server, or select a pencil icon to edit an existing server. To delete an ACS
server, select that server and select Delete. When selecting Add or edit, the Details page appears, as
illustrated in Figure 30.
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 61
Page 62
Figure 30 AMP Setup > ACS > Add/Edit Details Page Illustration
3. Complete the settings on AMP Setup > ACS > Add/Edit Details. Table 33 describes these fields:
Table 33 AMP Setup > ACS > Add/Edit Details Fields and Default Values
Field Default Description
IP/Hostname
Protocol
Port
Username
Password
Polling Period
None Sets the DNS name or the IP address of the ACS Server.
HTTP Launches a drop-down menu specifying the protocol AWMS uses when it polls the ACS server.
2002 Sets the port through which AWMS communicates with the ACS.
AWMS generally communicates via SNMP traps on port 162.
None Sets the Username of the account AWMS uses to poll the ACS server.
None Sets the password of the account AWMS uses to poll the ACS server.
10 min Launches a drop-down menu that specifies how frequently AWMS polls the ACS server for
username information.
4. Select Add to finish creating the new ACS server, or Save to finish editing an existing ACS server.
5. The ACS server must have logging enabled for passed authentications. Enable the Log to CSV Passed
Authentications report option, as follows:
Log in to the ACS server, select System Configuration, then in the Select frame, select Logging.
Under Enable Logging, select CSV Passed Authentications. The default logging options function and
support AWMS. These include the two columns AWMS requires: User-Name and Caller-ID.
What Next?
Go to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter before proceeding. Dell support remains available to you for
any phase of AWMS installation.
Integrating AWMS with an Existing Network Management Solution (NMS)
This is an optional configuration. The AMP Setup > NMS configuration page allows AWMS to integrate with
other Network Management Solution (NMS) consoles. This configuration enables advanced and interoperable
functionality as follows:
AWMS can forward WLAN-related SNMP traps to the NMS, or AWMS can send SNMPv1 or SNMPv2 traps
to the NMS.
AWMS can be used in conjunction with Hewlett-Packard’s ProCurve Manager.
The necessary files for either type of NMS interoperability are downloaded from the AMP Setup > NMS page
as follows. For additional information, contact support.
Perform these steps to configure NMS support in AWMS:
62 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 63
1. Go to AMP Setup > NMS, illustrated in Figure 31.
Figure 31 AMP Setup > NMS Page Illustration
2. Select Add to integrate a new NMS server, or select the pencil icon to edit an existing server. Provide the
information described in Table 34:
Table 34 AMP Setup > NMS Integration Add/Edit Fields and Default Values
Setting Default Description
Hostname
Port
Community String
SNMP Version
Enabled
Send Configuration Traps
None Cites the DNS name or the IP address of the NMS.
162 Sets the port AWMS uses to communicate with the NMS.
NOTE: AWMS generally communicates via SNMP traps on port 162.
None Sets the community string used to communicate with the NMS.
v2C Sets the SNMP version of the traps sent to the Host.
Yes Enables or disables trap logging to the specified NMS.
Yes Enables NMS servers to transmit SNMP configuration traps.
3. The NMS Integration Add/Edit page includes the Netcool/OMNIbus Integration link to information and
instructions. The IBM Tivoli Netcool/OMNIbus operations management software enables automated event
correlation and additional features resulting in optimized network uptime.
4. The NMS Integration Add/Edit page includes the HP ProCurve Manager Integration link. Select this link
for additional information, zip file download, and brief instructions for installation with AWMS. Select Add
to finish creating the NMS server, or Save to configure an existing NMS server.
What Next?
Go to additional tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter before proceeding. Dell support remains available to you for
any phase of AWMS installation.
Auditing PCI Compliance on the Network
This section describes PCI requirements and auditing functions in AWMS, with the following topics:
Introduction to PCI Requirements
PCI Auditing in the AWMS Interface
Enabling or Disabling PCI Auditing
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 63
Page 64
Introduction to PCI Requirements
AWMS supports wide security standards and functions in the wireless network. One component of network
security is the optional deployment of Payment Card Industry (PCI) Auditing.
The Payment Card Industry (PCI) Data Security Standard (DSS) establishes multiple levels in which payment
cardholder data is protected in a wireless network. AWMS supports PCI requirements according to the standards
and specifications set forth by the following authority:
Payment Card Industry (PCI) Data Security Standard (DSS)
PCI Security Standards Council Website
https://www.pcisecuritystandards.org
PCI Quick Reference Guide, Version 1.2 (October 2008)
https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf
PCI Auditing in the AWMS Interface
PCI Auditing in AWMS allows you to monitor, audit, and demonstrate PCI compliance on the network. There
are five primary pages in which you establish, monitor, and access PCI auditing, as follows:
The AMP Setup > PCI Compliance page enables or disables PCI Compliance monitoring on the network,
and displays the current compliance status on the network. See “Enabling or Disabling PCI Auditing” on
page65.
The Reports > Definitions page allows you to create custom-configured and custom-scheduled PCI
Compliance reports. See “Reports > Definitions Page Overview” on page219.
The Reports > Generated page lists PCI Compliance reports currently available, and allows you to generate
the latest daily version of the PCI Compliance Report with a single select. Refer to “Reports > Generated
Page Overview” on page221.
The APs/Devices > PCI Compliance page enables you to analyze PCI Compliance for any specific device on
the network. This page is accessible when you select a specific device from the APs/Devices > Monitor page.
First, you must enable this function through AMP Setup. See “Enabling or Disabling PCI Auditing” on
page65.
The PCI Compliance Report offers additional information. Refer to “Using the PCI Compliance Report” on
page235. This report not only contains Pass or Fail status for each PCI requirement, but cites the action
required to resolve a Fail status when sufficient information is available.
NOTE: When any PCI requirement is enabled on AWMS, then AWMS grades the network as pass or fail for the respective PCI
requirement. Whenever a PCI requirement is not enabled in AWMS, then AWMS does not monitor the network’s status in relation
to that requirement, and cannot designate Pass or Fail network status. AWMS servers without a RAPIDS license and users without
RAPIDS enabled will not see the 11.1 PCI requirements in the PCI Compliance Report.
Table 35 PCI Requirements and Support in AWMS
Requirement Description
1.1 Monitoring configuration standards for network firewall devices
When Enabled: PCI Requirement 1.1 establishes firewall and router configuration standards.
A device fails Requirement 1.1 if there are mismatches between the desired configuration and the
configuration on the device.
When Disabled: firewall router and device configurations are not checked for PCI compliance, and
Pass or Fail status is not reported or monitored.
1.2.3 Monitoring firewall installation between any wireless networks and the cardholder data environment
When Enabled: A device passes requirement 1.2.3 if it can function as a stateful firewall.
When Disabled: firewall router and device installation are not checked for PCI compliance.
64 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 65
Table 35 PCI Requirements and Support in AWMS (Continued)
Requirement Description
2.1 Monitoring the presence of vendor-supplied default security settings
When Enabled: PCI Requirement 2 establishes the standard in which all vendor-supplied default
passwords are changed prior to a device’s presence and operation in the network.
A device fails requirement 2.1 if the username, passwords or SNMP credentials being used by AWMS
to communicate with the device are on a list of forbidden default credentials. The list includes common
vendor default passwords, for example.
When Disabled: device passwords and other vendor default settings are not checked for PCI
compliance.
2.1.1 Changing vendor-supplied defaults for wireless environments
When Enabled: A device fails requirement 2.1.1 if the passphrases, SSIDs, or other security-related
settings are on a list of forbidden values that AWMS establishes and tracks. The list includes common
vendor default passwords. The user can input new values to achieve compliance.
When Disabled: network devices are not checked for forbidden information and PCI Compliance is not
established.
4.1.1 Using strong encryption in wireless networks
When Enabled: PCI Requirement 4 establishes the standard by which payment cardholder data is
encrypted prior to transmission across open public networks. PCI disallows WEP encryption as an
approved encryption method after June 20, 2010. A device fails requirement 4.1.1 if the desired or actual
configuration reflect that WEP is enabled on the network, or if associated users can connect with WEP.
When Disabled: AWMS cannot establish a pass or fail status with regard to PCI encryption
requirements on the network.
11.4
Using intrusion-detection or intrusion-prevention systems to monitor all traffic
When Enabled: AWMS reports pass or fail status when monitoring devices capable of reporting IDS
events. Recent IDS events are summarized in the PCI Compliance report or the IDS Report.
When Disabled: AWMS does not monitor the presence of PCI-compliant intrusion detection or
prevention systems, nor can it report
Pass or Fail status with regard to IDS events.
Enabling or Disabling PCI Auditing
Perform these steps to verify status and to enable or disable AWMS support for PCI 1.2 requirements. enabling
one or all PCI standards on AWMS enables real-time information and generated reports that advise on Pass or
Fail status. The PCI auditing supported in AWMS is reported in Table 35.
1. To determine what PCI Compliance standards are enabled or disabled on AWMS, navigate to the AMP
Setup > PCI Compliance page, illustrated in Figure 32.
Figure 32 AMP Setup > PCI Compliance Page Illustration
2. To enable, disable, or edit any category of PCI Compliance monitoring in AWMS, select the pencil icon next
to the category. The Default Credential Compliance page displays for the respective PCI standard.
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 65
Page 66
3. Create changes as required. Specific credentials can be cited in the Forbidden Credentials section of any Edit
page to enforce PCI requirements in AWMS. Figure 33 shows one example.
Figure 33 Default Credential Compliance for PCI Requirements
4. Select Save.
5. To view and monitor PCI auditing on the network, use generated or daily reports. See Chapter 9, “Creating,
Running, and Emailing Reports” . In addition, you can view the real-time PCI auditing of any given device
online. Perform these steps:
a. Go to the APs/Devices > List page, select a specific device, and the Monitor page for that device displays.
The Monitor page displays a PCI Compliance subtab in the menu bar.
b. Select PCI Compliance to view complete PCI compliance auditing for that specific device.
What Next?
For more information about configuring WLAN Gateways or WLAN controllers such as BlueSocket,
ReefEdge, or ProCurve wireless gateways, refer to “Third-Party Security Integration for AWMS” on page257.
Go to other tabs in the AMP Setup section to continue additional setup configurations.
Complete the required configurations in this chapter before proceeding. Dell support remains available to you in
any phase of AWMS installation.
Deploying WMS Offload
Overview of WMS Offload in AWMS
This section describes the Dell PowerConnect W Wireless LAN Management Server (WMS) offload
infrastructure. WMS Offload is supported with the following two requirements:
ArubaOS Version 2.5.4 or later
AWMS Version 6.0 or later
The Dell PowerConnect W WMS feature is an enterprise-level hardware device and server architecture with
managing software for security and network policy. There are three primary components of the WMS
deployment:
Air Monitor AP devices establish and monitor RF activity on the network.
The WMS server manages devices and network activity, to include rogue AP detection and enforcement of
network policy.
The AWMS graphical user interface (GUI) allows users to access and use the WMS functionality.
WMS Offload is the ability to place the burden of the WMS server data and GUI functions on AWMS. WMS
master controllers provide this data so that AWMS can support rigorous network monitoring capabilities.
General Configuration Tasks Supporting WMS Offload in AWMS
WMS Offload must be enabled with a six-fold process and related configuration tasks, as follows:
66 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 67
1. Configure WLAN switches for optimal AWMS monitoring.
Disable debugging.
Ensure AWMS server is a trap receiver host.
Ensure proper traps are enabled.
2. Configure AWMS to optimally monitor the Dell infrastructure.
Enable WMS offload.
Configure SNMP communication.
Create a proper policy for monitoring Dell infrastructure.
Discover the infrastructure.
3. Configure device classification.
Set up rogue classification.
Set up rogue classification override.
Establish user classification override devices.
4. Deploy ArubaOS-specific monitoring features.
Enable remote AP and wired network monitoring.
View controller license information.
5. Convert existing floor plans to VisualRF, to include the following elements:
MMS
AOS
RF Plan
6. Use RTLS for increasing location accuracy (optional).
Enable RTLS service on the AWMS server.
Enable RTLS on ArubaOS Infrastructure.
Additional Information Supporting WMS Offload
For additional information, including detailed concepts, configuration procedures, restrictions, ArubaOS
infrastructure, and AWMS version differences in support of WMS Offload, refer to the Best Practices Guide from
support.dell.com/manuals.
Dell PowerConnect W AirWave 7.2 |User Guide Configuring AWMS | 67
Page 68
68 | Configuring AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 69
Chapter 4
Configuring and Using Device Groups in AWMS
This chapter describes the deployment of device groups within AWMS. The section below describes the pages or
focused subtabs available on the Groups tab. Note that the available subtabs can vary significantly from one
device group to another—one or more subtabs may not appear, depending on the Default Group display option
selected on the AMP Setup > General page and the types of devices you add to AMP.
Figure 34 Subtabs under the Group tab
List—This page is the default page in the Groups section of AWMS. It lists all groups currently configured in
AWMS and provides the foundation for all group-level configurations. See “Viewing All Defined Device
Groups” on page71.
Monitor—This page displays user and bandwidth information, lists devices in a given group, provides an Alert
Summary table for monitoring alerts for the group, and provides a detailed Audit Log for group-level activity.
NOTE: The Incidents portion of the Alert Summary table only increments the counter for incidents that are open and associated to
an AP in that group, associated with the group itself. It does not include incidents associated with any folder. To view all incidents
including those not associated to an AP, go to the Helpdesk > Incidents page.
Basic—This page appears when you create a new group on the Groups > List page. Once you define a group
name, AWMS displays the Basic page from which you configure many group-level settings. This page remains
available for any device group configured in AWMS. Refer to “Configuring Basic Group Settings” on page72.
Templates—This page manages templates for any device group. Templates allow you to manage the
configuration of Dell PowerConnect W, 3Com, Alcatel-Lucent, Aruba Networks, Cisco Aironet IOS, Cisco
Catalyst switches, Enterasys, HP, Nomadix, Nortel, Symbol and Trapeze devices in a given group using a
configuration file. Variables in such templates configure device-specific properties, such as name, IP address
and channel. Variables also define group-level properties. For additional information about using the
Templates page, refer to Chapter 6, “Creating and Using Templates” on page149.
Security—This page defines general security settings for device groups, to include RADIUS, encryption, and
additional security settings on devices. Refer to “Configuring Group Security Settings” on page80.
SSIDs—This page sets SSIDs, VLANs, and related parameters in device groups. Refer to “Configuring Group
SSIDs and VLANs” on page83.
AAA Servers—This page configures authentication, authorization, and accounting settings in support of
RADIUS servers for device groups. Refer to “Adding and Configuring Group AAA Servers” on page79.
Radio—This page defines general 802.11 radio settings for device groups. Refer to “Configuring Radio
Settings for Device Groups” on page87.
Dell Config—This page manages ArubaOS Device Groups, AP Overrides, and other profiles specific to Dell
PowerConnect W devices on the network. Use this page as an alternative to the Device Setup > Dell
Configuration page. The apperance of this page varies depending on whether AMP is configured for global
configuration or group configuration. For additional information, refer to the ArubaOS Configuration Guide
from support.dell.com/manuals.
Cisco WLC Config—This page consolidates controller-level settings from the Group Radio, Security, SSIDs,
Cisco WLC Radio and AAA Server pages into one navigation tree that is easier to navigate, and has familiar
layout and terminology. Bulk configuration for per-thin AP settings, previously configured on the Group
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 69
Page 70
LWAPP APs tab, can now be performed from Modify Devices on the APs/Devices > List page. Refer to “An
Overview of Cisco WLC Configuration” on page92.
PTMP—This page defines settings specific to Proxim MP devices when present. Refer to “Configuring Group
PTMP Settings” on page97.
Proxim Mesh—This page defines mesh AP settings specific to Proxim devices when present. Refer to
“Configuring Proxim Mesh Radio Settings” on page97.
MAC ACL—This page defines MAC-specific settings that apply to Proxim, Cisco VxWorks, Symbol, and
Procurve520 devices when present. Refer to “Configuring Group MAC Access Control Lists” on page99.
Firmware—This page manages firmware files for many devices. “Specifying Minimum Firmware Versions for
APs in a Group” on page99.
Compare—This page allows you to compare line item-settings between two device groups. On the Groups >
List page, select Compare Two Groups, select the two groups from the drop-down menus, then select
Compare. “Comparing Device Groups” on page100.
This chapter also provides the following additional procedures for group-level configurations:
“Deleting a Group” on page101
“Changing Multiple Group Configurations” on page101
“Modifying Multiple Devices” on page102
“Using Global Groups for Group Configuration” on page105
AWMS Groups Overview
Enterprise APs, controllers, routers, and switches have hundreds of variable settings that must be configured
precisely to achieve optimal performance and network security. Configuring all settings on each device
individually is time consuming and error prone. AWMS addresses this challenge by automating the processes of
device configuration and compliance auditing. At the core of this approach is the concept of Device Groups, with
the following functions and benefits:
AWMS allows certain settings to be managed efficiently at Group-level while others are managed at an
individual device level.
AWMS defines a Group as a subset of the devices on the wireless LAN, ranging in size from one device to
hundreds of devices that share certain common configuration settings.
Groups may be defined based on geography (such as “5th Floor APs”), usage or security policies (such as
“Guest Access APs”), function (such as “Manufacturing APs”), or any other appropriate variable.
Devices within a group may be from different vendors or hardware models. All devices within a Group share
certain basic configuration settings.
Typical group configuration variables include basic settings (SSID, SNMP polling interval, and so forth), security
settings (VLANs, WEP, 802.1x, ACLs, and so forth), and some radio settings (data rates, fragmentation
threshold, RTS threshold, DTIM, preamble, and so forth). When configuration changes are applied at a group
level, they are assigned automatically to every device within that group. Such changes must be applied with every
device in Managed mode. Monitor mode is the more common mode.
CAUTION: Always review the Audit page before pushing configuration to a device or group.
Individual device settings—such as device name, RF channel selection, RF transmission power, antenna settings,
and so forth—typically should not be managed at a group level and must be individually configured for optimal
performance. Individual AP settings are configured on the APs/Devices > Manage page.
70 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 71
You can create as many different groups as required. Administrators usually establish groups that range in size
from five to 100 wireless devices.
Group configuration can be enhanced with the AWMS Global Groups feature, which lets you create Global
Groups with configurations that are pushed to individual Subscriber Groups.
Viewing All Defined Device Groups
To display a list of all defined groups, browse to the Groups > List page, illustrated in Figure 35.
Figure 35 Groups > List Page Illustration
Table 36 describes the columns in the Groups > List page.
Table 36 Groups > List Columns
Column Description
Add New Group Launches a page that enables you to add a new group by name and to define group parameters for devices
in that group. For additional information, refer to “Configuring Basic Group Settings” on page72.
Manage
(wrench icon)
Name Uniquely identifies the group by location, vendor, department or any other identifier (such as "Accounting
Up/Down Status
Polling Period
Is Global Group If a group is designated as global, it may not contain APs but it may be used as a template for other groups.
Global Group Specifies which group this Subscriber Group is using as its template.
SSID The SSID assigned to supported device types within the group.
Total Devices Total number of devices contained in the group including APs, controllers, routers, or switches.
Down The number of devices within the group that are not reachable via SNMP or are no longer associated to a
Mismatched The number of devices within the group that are in a mismatched state.
Ignored The number of ignored devices in that group.
Users The number of mobile users associated with all APs within the group. To avoid double counting of users,
Goes to the Groups > Basic configuration page for that group. Hover your mouse over the icon to see a list of
shortcuts to group-specific subtabs that would appear across the navigation section if this group is
selected.
APs," "Floor 1 APs," "Cisco devices," "802.1x APs," and so forth).
The time between Up/Down SNMP polling periods for each device in the group. Detailed SNMP polling
period information is available on the Groups > Basic configuration page. Note that by default, most polling
intervals do not match the up/down period.
This column may also indicate Yes if this group has been pushed to the AMP from a Master Console.
controller. Note that thin APs are not directly polled with SNMP, but are polled through the controller. That
controller may report that the thin AP is down or is no longer on the controller. At this point, AWMS classifies
the device as down.
users are only listed in the group of the AP with which they are associated. Note that device groups with
only controllers in them report no users.
BW Bandwidth: A running average of the sum of bytes in and bytes out for the managed radio page.
Duplicate Creates a new group with the name Copy of <Group Name> with configuration settings. (Dell PowerConnect
W configuration settings will have to be manually added back.)
Changes Whether the group has unapplied changes.
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 71
Page 72
NOTE: When you first configure AWMS, there is only one default group labeled Access Points. If you have no other groups
configured, refer to “Configuring Basic Group Settings” on page72.
Configuring Basic Group Settings
The first default device group that AWMS sets up is the Access Points group, but you can use this procedure to
add and configure any device group. Perform these steps to configure basic group settings, then continue to
additional procedures to define additional settings as required.
1. Go to the Groups > List page. Existing device groups appear on this page.
2. To create a new group, select Add. Enter a group name and select Add. The Groups > Basic page appears.
To edit an existing device group, select the manage (wrench) icon next to the group. The Groups > Basic
page appears. If you mouse over an existing group’s wrench, a popup menu allows you to select Basic,
Templates, Security, SSIDs, AAA Servers, Radio, Dell PowerConnect W Config or Cisco WLC Config to
edit those pages as desired, as illustrated in Figure 36.
Figure 36 Pop-up When Hovering over Wrench Icon in Groups > List
Figure 37 illustrates an example Groups > Basic page.
72 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 73
Figure 37 Groups > Basic Page Illustration
3. Define the settings in the Basic and Global Group sections. Table 37 describes several typical settings and
default values of this Basic section.
Table 37 Basic and Global Groups Fields and Default Values
Setting Default Description
Name Defined when
first adding the
group
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 73
Displays or changes the group name. As desired, use this field to set the name to uniquely
identify the group by location, vendor, department, or any other identifier (such as
“Accounting APs,” “Cisco devices,” “802.1x APs,” and so forth).
Page 74
Table 37 Basic and Global Groups Fields and Default Values (Continued)
Setting Default Description
Missed SNMP
Poll Threshold
Regulatory
Domain
Timezone AMP System
Allow One-toOne NAT
Audit
Configuration on
Devices
Use Global
Group
1 Sets the number of Up/Down SNMP polls that must be missed before AWMS considers a
device to be down. The number of SNMP retries and the SNMP timeout of a poll can be set
on the Device Setup > Communication page.
United States Sets the regulatory domain in AWMS, limiting the selectable channels for APs in the group.
Allows group configuration changes to be scheduled relative to the time zone in which the
Tim e
No Allows AWMS to talk to the devices on a different IP address than the one configured on
Yes Auditing and pushing of configuration to devices can be disabled on all the devices in the
No When enabled, this field allows you to define the device group to be a Global Group. Refer
devices are located. This setting is used for scheduling group-level configuration changes.
the device.
NOTE: If enabled, the LAN IP Address listed on the AP/Devices > Manage configuration
page under the Settings area is different than the IP Address under the Device
Communication area.
group. Once disabled, all the devices in the groups will not be counted towards
mismatched devices.
to “Using Global Groups for Group Configuration” on page105.
4. Complete the SNMP Polling Periods section. The information in this section overrides default settings.
Table 38 describes the SNMP polling settings.
Table 38 SNMP Polling Periods Fields and Default Values
Setting Default Description
Up/Down Status Polling
Period
Override Polling Period for
Other Services
AP Interface Polling Period 5 minutes Sets the interval at which AWMS polls for radio monitoring and bandwidth being
User Data Polling Period 5 minutes Sets time between SNMP polls for User Data for devices in the group.
Thin AP Discovery Polling
Period
Device-to-Device link Polling
Period
802.11 Counters Polling Period 5 minutes Sets time between SNMP polls for 802.11 Counter information.
Rogue AP and Device
Location Data Polling Period
CDP Neighbor Data Polling
Period
5 minutes Sets time between Up/Down SNMP polling for each device in the group.
The Group SNMP Polling Interval overrides the global parameter configured on
the Device Setup > Communication page. An initial polling interval of 5 minutes is
best for most networks.
No Enables or disables overriding the base SNMP Polling Period. If you select Ye s,
the other settings in the SNMP Polling Periods section are activated, and you
can override default values.
used by a device.
5 minutes Sets time between SNMP polls for Thin AP Device Discovery. Controllers are the
only devices affected by this polling interval.
5 minutes Sets time between SNMP polls for Device-to-Device link polling. Mesh APs are
the only devices affected by this polling interval.
5 minutes Sets time between SNMP polls for Rogue AP and Device Location Data polling.
30 minutes Sets the frequency in which this group polls the network for Cisco Discovery
Protocol (CDP) neighbors.
5. Record additional information and comments about the group in the Notes section.
74 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 75
6. To configure which options and tabs are visible for the group, complete the settings in the Group Display
Options section. Table 39 describes the settings and default values.
Table 39 Group Display Options Fields and Default Values
Setting Default Description
Show device
settings for:
Only
devices on
this AMP
Drop-down menu determines which Group tabs and options are to be viewable by default in
new groups. Settings include the following:
All Devices—AWMS displays all Group tabs and setting options.
Only devices in this group—AWMS hides all options and tabs that do not apply to the
devices in the group. If you use this setting, then to get the group list to display the correct
SSIDs for the group, you must Save and Apply on the group.
Only devices on this AMP— hides all options and tabs that do not apply to the APs and
devices currently on AWMS.
Use system defaults—Use the default settings on AMP Setup > General
Selected device types—Allows you to specify the device types for which AWMS displays
Group settings.
Selected Device
Types
N/A This option appears if you chose to display selected device types, allowing you to select the
device types to display group settings. Use Select devices in this group to display only devices
in the group being configured.
7. To assign dynamically a range of static IP addresses to new devices as they are added into the group, locate the
Automatic Static IP Assignment section on the Groups > Basic configuration page. If you select Yes in this
section, additional fields appear. Complete these fields as required. Table 40 describes the settings and
default values This section is only relevant for a small number of device types, and will appear when they are
present.
Table 40 Automatic Static IP Assignment Fields and Default Values
Setting Default Description
Assign Static IP
Addresses to
No Enables AWMS to statically assign IP addresses from a specified range to all devices in the
Group.
Devices
Start IP Address Blank Sets the first address AWMS assigns to the devices in the Group.
Number of
Blank Sets the number of addresses in the pool from which AWMS can assign IP addresses.
Addresses
Subnet Mask Blank Sets the subnet mask to be assigned to the devices in the Group.
Subnet Gateway Blank Sets the gateway to be assigned to the devices in the Group.
Next IP Address Blank Defines the next IP address queued for assignment. This field is disabled for the initial Access
Points group.
8. To configure Spanning Tree Protocol on WLC devices and Proxim APs, locate the Spanning Tree Protocol
section on the Groups > Basic configuration page. Adjust these settings as required. Table 41 describes the
settings and default values.
Table 41 Spanning Tree Protocol Fields and Default Values
Setting Default Description
Spanning Tree
No Enables or disables Spanning Tree Protocol on WLSE devices and Proxim APs.
Protocol
Bridge Priority 32768 Sets the priority for the AP. Values range from 0 to 65535. Lower values have higher priority.
The lowest value is the root of the spanning tree. If all devices are at default the device with
the lowest MAC address will become the root.
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 75
Page 76
Table 41 Spanning Tree Protocol Fields and Default Values (Continued)
Setting Default Description
Bridge Maximum
Age
Bridge Hello
Time
Bridge Forward
Delay
20 Sets the maximum time, in seconds, that the device stores protocol information. The
supported range is from 6 to 40.
2 Sets the time, in seconds, between Hello message broadcasts.
15 Sets the time, in seconds, that the port spends in listening and learning mode if the spanning
tree has changed.
9. To configure NTP settings locate the NTP section and adjust these settings as required. Table 42 describes
the settings and default values.
Table 42 NTP Fields and Default Values
Setting Default Description
NTP Server #1,2,3 None Sets the IP address of the NTP server to be configured on the AP.
UTC Time Zone 0 Sets the hour offset from UTC time to local time for the AP. Times displayed in AWMS graphs and
logs use the time set on the AWMS server.
Daylight Saving
Time
No Enables or disables the advanced daylight saving time settings in the Proxim and HP ProCurve
420 sections of the Groups > Basic configuration page.
10. To configure settings specific to Cisco IOS/VxWorks, locate the Cisco IOS/VxWorks section and adjust these
settings as required. Table 43 describes the settings and default values.
Table 43 Cisco IOS/VxWorks Fields and Default Values
Setting Default Description
SNMP Version 2c The version of SNMP used by AWMS to communicate to the AP.
Cisco IOS CLI
Communication
Cisco IOS Config File
Communication
Track Usernames on
Cisco Aironet
VxWorks APs
Telnet The protocol AWMS uses to communicate with Cisco IOS devices. Selecting SSH
uses the secure shell for command line page (CLI) communication. Selecting Telnet
sends the data in clear text via Telnet.
TFTP The protocol AWMS uses to communicate with Cisco IOS devices. Selecting SCP
uses the secure copy protocol for file transfers. Selecting TFTP will use the insecure
trivial file transfer protocol. The SCP login and password should be entered in the
Telnet username and password fields.
No Configures VxWorks APs to send SNMP packets to AWMS.
76 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 77
11. To configure settings specific to Cisco WLC, locate the Cisco WLC section and adjust these settings as
required. Table 44 describes the settings and default values.
Table 44 Cisco WLC Fields and Default Values
Setting Default Description
SNMP Version 2c Sets the version of SNMP used by AWMS to communicate to WLC controllers.
CLI Communication Telnet Sets the protocol AWMS uses to communicate with Cisco IOS devices. Selecting SSH
uses the secure shell for command line page (CLI) communication. Selecting Telnet
sends the data in clear text via Telnet.
NOTE: When configuring Cisco WLC controllers, refer to “Configuring Wireless Parameters for Cisco Controllers” on page96.
12. To configure Proxim/Avaya specific settings locate the Proxim/Avaya section and adjust these settings as
required. Table 45 describes the settings and default values.
Table 45 Proxim/Avaya Fields and Default Values
Setting Default Description
SNMP Version 1 Sets the version of SNMP used by AWMS to communicate to the AP.
Enable DNS
Client
Primary DNS
server
Secondary DNS
server
Default DNS
domains
HTTP Server Port 80 Sets this port as the HTTP server port on all Proxim APs in the group.
Country Code United
No Enables the DNS client on the AP. Enabling the DNS client allows you to set some values on the
AP by hostname instead of IP address. If you select Ye s, additional DNS fields display.
Blank Sets the IP address of the Primary DNS server.
Blank Sets the IP address of the Secondary DNS server.
Blank Sets the default DNS domain used by the AP.
Configures AWMS to derive its time settings based on the country of location, as specified in
States
this field.
13. To configure HP ProCurve specific settings, locate the HP ProCurve section and adjust these settings as
required. Table 46 describes the settings and default values.
Table 46 HP ProCurve Fields and Default Values
Setting Default Description
SNMP Version 2c Sets the version of SNMP used by AWMS to communicate to the AP.
ProCurve XL/ZWeSM CLI
Communication
Telnet Sets the protocol AWMS uses to communicate with ProCurve XLWeSM devices.
Selecting SSH will use the secure shell for command line (CLI) communication.
Selecting Telnet will send the data in clear text via telnet.
Controller SNMP Version 2c Specifies the version of SNMP used by AWMS to communicate to the controller.
NOTE: DST Start Month, Start Day, End Month, End Day, and DST Offset are only visible if Daylight Saving Time is enabled in the
NTP section of the Groups > Basic configuration page.
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 77
Page 78
14. To configure Symbol settings, locate the Symbol section and adjust these settings as required. Table 47
describes the settings and default values of this section.
Table 47 Symbol Fields and Default Values
Setting Default Description
SNMP Version 2c Specifies the version of SNMP used by AWMS to communicate to the device.
Symbol Client
Inactivity Timeout
(3-600 min)
Symbol Controller
CLI Communication
Web Config
Interface
3 Sets the minutes of inactivity after which a client associated to a Symbol AP will be
considered "inactive." A lower value typically provides a more accurate representation of
current WLAN usage.
NOTE: For other APs, AWMS has more precise methods to determine when inactive clients
are no longer associated to an AP.
Telnet The connection type to support the command-line interface (CLI) connection. The options are
Telnet and secure shell (SSH). This is supported for WS5100, RFS4000, RFS6000 and RFS7000
devices only.
Yes Enables or disables the http/https configuration page for the Symbol 4131 devices.
15. To configure settings specific to DellPowerConnect W, locate the Aruba/Dell PowerConnect W section and
adjust these settings as required. Table 48 describes the settings and default values of this section.
Table 48 Aruba/Dell PowerConnect W Fields and Default Values
Setting Default Description
SNMP Version 2c The version of SNMP used by AWMS to communicate to the AP.
Offload WMS
database
No Configures commands previously documented in the Best Practices Guide in Home >
Documentation. When enabled, this feature allows AWMS to display historical information for
WLAN switches.
Changing the setting to Yes pushes commands via SSH to all WLAN switches in Monitor Only
mode without rebooting the controller. The command can be pushed to controllers in manage
mode (also without rebooting the controller) if the Allow WMS Offload setting on AMP Setup >
General is changed to Yes.
Dell PowerConnect
W GUI Config
Yes This setting selects whether you'd like to configure your Dell PowerConnect W devices using
the Groups > Dell PowerConnect W Config method (either global or group) or using Templates.
16. To configure settings for 3Com, Enterasys, Nortel, or Trapeze devices, locate the 3Com/Enterasys/Nortel/
Trapeze section and define the version of SNMP to be supported.
17. To configure support for routers and switches in the group, locate the Routers and Switches section and
adjust these settings as required. This section defines the frequency in which all devices in the group polled.
These settings can be disabled entirely as desired. Table 49 describes the settings and default values of this
section.
Table 49 Routers and Switches Fields and Default Values
Setting Default Description
Read ARP Table 4 hours Sets the frequency in which devices poll routers and switches for Address Resolution
Protocol (ARP) table information. This setting can be disabled, or set to poll for ARP
information in a range from every 15 seconds to 12 hours.
Read CDP Table for
Device Discovery
Read Bridge
Forwarding Table
4 hours Sets the frequency in which devices poll routers and switches for Cisco Discovery Protocol
(CDP) information. This setting can be disabled, or set to poll for CDP neighbor information in
a range from every 15 seconds to 12 hours.
4 hours Sets the frequency in which devices poll the network for bridge forwarding information. This
setting can be disabled, or set to poll bridge forwarding tables from switches in a range from
every 15 seconds to 12 hours.
78 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 79
Table 49 Routers and Switches Fields and Default Values (Continued)
Setting Default Description
Interface Up/Down
Polling Period
Interface
Bandwidth Polling
Period
Interface Error
Counter Polling
Period
Poll 802.3 error
counters
Poll Cisco interface
error counters
5 minutes Sets the frequency in which network interfaces are polled for up/down status. This setting
can be disabled, or set to poll from switches in a range from every 15 seconds to 30 minutes.
15
minutes
30
minutes
No Sets whether 802.3 error counters should be polled.
No Sets whether the interface error counters for Cisco devices should be polled.
Sets the frequency in which network interfaces are polled for bandwidth usage. This setting
can be disabled, or set to poll from switches in a range from every 5 minutes to 30 minutes.
Sets the frequency in which network interfaces are polled for up/down status. This setting
can be disabled, or set to poll bridge forwarding tables from switches in a range from every 5
minutes to 30 minutes.
18. To configure settings for universal devices on the network, including routers and switches that support both
wired and wireless networks, locate the Universal Devices, Routers and Switches section of the Groups >
Basic page and define the version of SNMP to be supported.
19. Select Save when the configurations of the Groups > Basic configuration page are complete to retain these
settings, but without pushing these settings to all devices in the group. Save is a good option if you intend to
make additional device changes in the group, and wish to wait until all configurations are complete before you
push all configurations at one time.
Select Save and Apply to make the changes permanent, or select Revert to discard all unapplied changes.
What Next?
Continue to additional sections in this chapter to create new groups or to edit existing groups.
Once general group-level configurations are complete, continue to later chapters in this document to add or edit
additional device-level configurations and to use several additional AWMS functions.
Adding and Configuring Group AAA Servers
Configure RADIUS servers on the Groups > AAA Servers page.
Once defined on this page, RADIUS servers are selectable in the drop-down menus on the Groups > Security
and Groups > SSIDs configuration pages. Perform these steps to create RADIUS servers.
NOTE: TACACS+ servers are configurable only for Cisco WLC devices. Refer to “Configuring Security Parameters and Functions”
on page96.
1. Go to the Groups > List page and select the group for which to define AAA servers by selecting the group
name. The Monitor page appears.
2. Select the AAA Servers page. The AAA Servers page appears, enabling you to add a RADIUS server. Figure 38
illustrate this page for AAA RADIUS Servers:
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 79
Page 80
Figure 38 Groups > AAA Servers Page Illustration
3. To add a RADIUS server or edit an existing server, select Add New RADIUS Server or the corresponding
pencil icon to edit an existing server. Table 50 describes the settings and default values of the Add/Edit page.
Table 50 Adding a RADIUS Server Fields and Default Values
Setting Default Description
Hostname/IP Address None Sets the IP Address or DNS name for RADIUS Server.
NOTE: IP Address is required for Proxim/ORiNOCO and Cisco Aironet IOS APs.
Secret and Confirm
Secret
Authentication No Sets the RADIUS server to perform authentication when this setting is enabled with Yes .
Authorization Port 1812 Sets the port used for communication between the AP and the RADIUS server.
Accounting No Sets the RADIUS server to perform accounting functions when enabled with
Accounting Port No Sets the port used for communication between the AP and the RADIUS server.
Timeout (Seconds) None Sets the time (in seconds) that the AP waits for a response from the RADIUS server.
Max Retries
(0-20)
None Sets the shared secret that is used to establish communication between AWMS and the
RADIUS server.
NOTE: The shared secret entered in AWMS must match the shared secret on the server.
Yes.
None Sets the number of times a RADIUS request is resent to a RADIUS server before failing.
NOTE: If a RADIUS server is not responding or appears to be responding slowly, consider
increasing the number of retries.
4. Select Add to complete the creation of the RADIUS server, or select Save if editing an existing RADIUS
server. The Groups > AAA Servers page displays this new or edited server. You can now reference this server
on the Groups > Security page.
AWMS supports reports for subsequent RADIUS Authentication. These are viewable by selecting Reports >
Generated, scrolling to the bottom of the page, and selecting Latest RADIUS Authentication Issues Report.
5. To make additional RADIUS configurations for device groups, use the Groups > Security page and continue
to the next topic.
Configuring Group Security Settings
The Groups > Security page allows you to set security policies for APs in a device group:
1. Select the device group for which to define security settings from the Groups > List page.
2. Go to Groups > Security. Some controls on this page interact with additional AWMS pages. Figure 39
illustrates this page and Table 51 explains the fields and default values.
80 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 81
Figure 39 Groups > Security Page Illustration
Table 51 Groups > Security Page Fields and Default Values
Setting Default Description
VLANs Section
VLAN Tagging and Multiple
SSIDs
Enabled This field enables support for VLANs and multiple SSIDs on the wireless network. If
this setting is enabled, define additional VLANs and SSIDs on the Groups > SSIDs
page. Refer to “Configuring Group SSIDs and VLANs” on page83.
Management VLAN ID Untagged This setting sets the ID for the management VLAN when VLANs are enabled in
AWMS. This setting is supported only for the following devices:
Proxim AP-600, AP-700, AP-2000, AP-4000
Avaya AP-3, Avaya AP-7, AP-4/5/6, AP-8
ProCurve520WL; ProCurve420
Enterasys AP3000
Permit RADIUS-Assigned
Dynamic VLANs
No This setting enables dynamic VLANs to be assigned by the RADIUS server. This
setting is supported only for HP ProCurve 420.
VLAN ID Format Hex This setting defines the naming convention for VLANs to be supported in AWMS.
The supported naming formats are ASCII and Hexadecimal.
Ethernet Untagged VLAN ID
(1-4094)
1 This field defines the VLAN that will use untagged Ethernet. The VLAN must be a
number between 1 and 4094, and defines the untagged VLAN ID for the RoamAbout
AP3000.
General Section
Create Closed Network No If enabled, the APs in the Group do not broadcast their SSIDs.
NOTE: Creating a closed network will make it more difficult for intruders to detect
your wireless network.
Block All Inter-client
Communication
No If enabled, this setting blocks client devices associated with an AP from
communicating with other client devices on the wireless network.
NOTE: This option may also be identified as PSPF (Publicly Secure Packet
Forwarding), which can be useful for enhanced security on public wireless
networks.
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 81
Page 82
Table 51 Groups > Security Page Fields and Default Values (Continued)
Setting Default Description
EAP Options Section
WEP Key Rotation Interval 300 Sets the frequency at which the Wired Equivalent Privacy (WEP) keys are rotated in
the device group being configured. The supported range is from 0 to 10,000,000
seconds.
Session Key Refresh Rate 0 Sets the frequency at which the general session key is refreshed in the device
group being configured. The supported range is from 1 to 40 minutes. This setting is
supported only for HP ProCurve 420.
Session Timeout 0 Sets the time at which the session times out for the device group being configured.
The supported range is from 0 to 65,535 seconds. This setting is supported only for
HP ProCurve 420.
Cisco TKIP No Sets the device group to use the Cisco Temporal Key Integrity Protocol (TKIP). If
enabled, TKIP provides per-packet key mixing, a message integrity check and a rekeying mechanism, thus fixing the flaws of WEP.
NOTE: TKIP can only be enabled when EAP-based security is used.
Cisco MIC Disabled Sets the device group to use the Cisco Message Integrity Check (MIC). Selecting
MMH encryption enables this function.
If enabled, Message Integrity Check (MIC) adds several bytes per packet to make it
more difficult to tamper with the packets.
RADIUS Authentication Servers Section
RADIUS Authentication
Server #1 - #4
Not selected Defines one or more RADIUS Authentication servers to be supported in this device
group. Select up to four RADIUS authentication servers from the four drop-down
menus.
Authentication Profile
Name
AMPDefined
For Proxim devices only, this field sets the name of the authentication profile to be
supported in this device group.
Server #1
Authentication Profile
Index
1 For Proxim devices only, this field sets the name of the authentication profile index
to be supported in this device group.
RADIUS Accounting Servers Section
RADIUS Accounting Server
#1 - #4
Not selected Defines one or more RADIUS Accounting servers to be supported in this device
group. Select up to four RADIUS accounting servers from the four drop-down
menus.
Authentication Profile
Name
Authentication Profile
Index
Accounting For Proxim devices only, this field sets the name of the accounting profile to be
supported in this device group.
3 For Proxim devices only, this field sets the name of the accounting profile index to
be supported in this device group.
MAC Address Authentication Section
MAC Address
Authentication
No If enabled, only MAC addresses known to the RADIUS server are permitted to
associate to APs in the Group.
MAC Address Format Single Dash Allows selection of the format for MAC addresses used in RADIUS authentication
and accounting requests:
Dash Delimited: xx-xx-xx-xx-xx-xx (default)
Colon Delimited: xx:xx:xx:xx:xx:xx
Single-Dash: xxxxxx-xxxxxx
No Delimiter: xxxxxxxxxxxx
This option is supported only for Proxim AP-600, AP-700, AP-2000, AP-4000, Avaya
AP3/4/5/6/7/8, HP ProCurve 520WL, ProCurve 420 v2.1.0 and higher.
82 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 83
Table 51 Groups > Security Page Fields and Default Values (Continued)
Setting Default Description
Authorization Lifetime 1800 Sets the amount of time a user can be connected before reauthorization is required.
The supported range is from 900 to 43,200 seconds.
Primary RADIUS Server
Reattempt Period
0 Specifies the time (in minutes) that the AP awaits responses from the primary
RADIUS server before communicating with the secondary RADIUS server, and so
forth
3. Select Save to retain these security configurations for the group, select Save and Apply to make the changes
permanent, or select Revert to discard all unapplied changes.
4. Continue with additional security-related procedures in this document for additional RADIUS and SSID
settings for device groups, as required.
Configuring Group SSIDs and VLANs
The Groups > SSIDs configuration page allows you to create and edit SSIDs and VLANs that apply to a device
group. Perform these steps to create or edit VLANs and to set SSIDs.
NOTE: WLANs that are supported from one or more Cisco WLC controllers can be configured on Groups > Cisco WLC Config.
Figure 40 illustrates an example of the Groups > SSIDs page.
Figure 40 Groups > SSIDs Page Illustration
NOTE: AWMS reports users by radio and by SSID. Graphs on the AP and controller monitoring pages display bandwidth in and out
based on SSID. AWMS reports can also be run and filtered by SSID. An option on the AMP Setup > General page can age out
SSIDs and their associated graphical data; by default, this is set to 365 days.
1. Go to Groups > List and select the group name for which to define SSIDs/VLANs.
2. Select the Groups > SSIDs configuration page. Table 52 describes the information that appears for SSIDs
and VLANs that are currently configured for the device group.
Table 52 Groups > SSIDs Fields and Descriptions
Field Description
SSID Displays the SSID associated with the VLAN.
VLAN ID Identifies the number of the primary VLAN SSID on which encrypted or unencrypted packets can
pass between the AP and the switch.
Name Displays the name of the VLAN.
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 83
Page 84
Table 52 Groups > SSIDs Fields and Descriptions (Continued)
Field Description
Encryption Mode Displays the encryption on the VLAN.
First or Second Radio
Enabled
First or Second Radio
Primary
Native VLAN Sets this VLAN to be the native VLAN. Native VLANs are untagged and typically used for
Enables the VLAN, SSID and Encryption Mode on the radio control.
Specifies which VLAN to be used as the primary VLAN. A primary VLAN is required.
NOTE: If you create an open network (see the Create Closed Network setting below) in which the
APs broadcast an SSID, the primary SSID is broadcast.
management traffic only. AWMS requires a Native VLAN to be set. For AP types do not require a
native VLAN, create a dummy VLAN, disable it on both radio controls, and ensure that it has the
highest VLAN ID.
3. Select Add to create a new SSID or VLAN, or select the pencil icon next to an existing SSID/VLAN to edit
that existing SSID or VLAN. The Add SSID/VLAN configuration page appears as illustrated in Figure 41 and
explained in Table 53.
Figure 41 Groups > SSIDs > Add SSID/VLAN Page Illustration
4. Locate the SSID/VLAN section on the Groups > SSIDs configuration page and adjust these settings as
required. This section encompasses the basic VLAN configuration. Table 53 describes the settings and default
values. Note that the displayed settings can vary.
Table 53 Groups > SSIDs > SSID/VLAN Section Fields and Default Values
Setting Default Description
Specify Interface Name Yes Enables or disables an interface name for the VLAN interface. Selecting No for this
option displays the Enable VLAN Tagging option.
Interface None Sets the interface to support the SSID/VLAN combination.
SSID None Sets the Service Set Identifier (SSID), which is a 32-character user-defined identifier
attached to the header of packets sent over a WLAN. It acts as a password when a
mobile device tries to connect to the network through the AP, and a device is not
permitted to join the network unless it can provide the unique SSID.
Name None Sets a user-definable name associated with SSID/VLAN combination.
VLAN ID None Indicates the number of the VLAN designated as the Native VLAN, typically for
84 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
management purposes
Page 85
Table 53 Groups > SSIDs > SSID/VLAN Section Fields and Default Values (Continued)
Setting Default Description
Service Priority (Cisco
VxWorks only)
Maximum Allowed
Associations (0-2007)
None Identifies the delivery priority which packets receive on the VLAN/SSID (VxWorks
only).
255 Indicates the maximum number of mobile users which can associate with the
specified VLAN/SSID.
NOTE: 0 means unlimited for Cisco.
Broadcast SSID (Cisco
WLC, Proxim and Symbol
4131 only)
No For specific devices as cited, this setting enables the AP to broadcast the SSID for
the specified VLAN/SSID. This setting works in conjunction with the Create Closed
Network setting on the Groups > Security configuration page. Proxim devices support
a maximum of four SSIDs.
NOTE: This option should be enabled to ensure support of legacy users.
Partial Closed System
(Proxim only)
Unique Beacon
(Proxim only)
Block All Inter-Client
No For Proxim only, this setting enables to AP to send its SSID in every beacon, but it
does not respond to any probe requests.
No For Proxim only, if more than one SSID is enabled, this option enables them to be sent
in separate beacons.
Yes This setting blocks communication between client devices based on SSID.
Communication
5. Locate the Encryption area on the Groups > SSIDs page and adjust these settings as required. Table 54
describes the settings and default values.
Table 54 Groups > SSIDs > Encryption Section Fields and Default Values
Setting Default Description
Encryption Mode No Encryption Drop-down menu determines the level of encryption required for devices to associate
to the APs. The drop-down menu options are as follows. Each option displays
additional encryption settings that must be defined. Complete the associated settings
for any encryption type chosen:
No Encryption
Optional WEP—Wired Equivalent Privacy, not PCI compliant as of 2010
Require WEP—Wired Equivalent Privacy, not PCI compliant as of 2010
Require 802.1x—Based on the WEP algorithm
Require Leap—Lightweight Extensible Authentication Protocol
802.1x+WEP—Combines the two encryption types shown
802.1x+LEAP—Combines the two encryption types shown
LEAP+WEP—Combines the two encryption types shown
Static CKIP—Cisco Key Integrity Protocol
WPA—Wi-Fi Protected Access protocol
WPA/PSK—Combines WPA with Pre-Shared Key encryption
WPA2—Wi-Fi Protected Access 2 encryption
WPA2/PSK—Combines the two encryption methods shown
xSec—FIPS-compliant encryption including Layer 2 header info
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 85
Page 86
6. Locate the EAP Options area on the Groups > SSIDs page, and complete the settings. Table 55 describes the
settings and default values.
Table 55 Groups > SSIDs > EAP Options Section Fields and Default Values
Setting Default Description
WEP Key Rotation
Interval
Cisco TKIP No If enabled, Cisco Temporal Key Integrity Protocol (TKIP) provides per-packet key
Cisco MIC Disabled If enabled, Cisco Message Integrity Check (MIC) adds several bytes per packet to
120 Time (in seconds) between WEP key rotation on the AP.
mixing, a message integrity check and a re-keying mechanism, thus fixing the flaws of
WEP.
NOTE: TKIP can only be enabled when EAP-based security is used.
make it more difficult to tamper with the packets.
7. Locate the RADIUS Authentication Servers area on the Groups > SSIDs configuration page and define the
settings. Table 56 describes the settings and default values.
Table 56 Groups > SSIDs > RADIUS Authentication Servers Fields and Default Values
Setting Default Description
RADIUS Authentication Server
1-3
(ProCurve420, Proxim only)
Authentication Profile Name
(Proxim Only)
Authentication Profile Index
(Proxim Only)
None Drop-down menu to select RADIUS Authentication servers previously entered on
the Groups > RADIUS configuration page. These RADIUS servers dictate how
wireless clients authenticate onto the network.
None Sets the Authentication Profile Name for Proxim AP-600, AP-700, AP-2000, AP-4000.
None Sets the Authentication Profile Index for Proxim AP-600, AP-700, AP-2000, AP-4000.
8. Select Save when the security settings and configurations in this procedure are complete.
NOTE: You may need to return to the Groups > Security configuration page to configure or reconfigure RADIUS servers.
9. Locate the RADIUS Accounting Servers area on the Groups > SSIDs configuration page and define the
settings. Table 57 describes the settings and default values.
Table 57 Groups > SSIDs > Radius Accounting Servers Fields and Default Values
Setting Default Description
RADIUS Accounting Server
1-3 (Proxim Only)
Accounting Profile Name
(Proxim Only)
Accounting Profile Index
(Proxim Only)
None Pull-down menu selects RADIUS Accounting servers previously entered on the Groups
> RADIUS
RADIUS Accounting packets for this SSID/VLAN.
None Sets the Accounting Profile Name for Proxim AP-600, AP-700, AP-2000, AP-4000.
None Sets the Accounting Profile Index for Proxim AP-600, AP-700, AP-2000, AP-4000.
configuration page. These RADIUS servers dictate where the AP sends
10. Select Save to retain these Security configurations for the group, select Save and Apply to make the changes
permanent, or select Revert to discard all unapplied changes.
11. Continue with additional security-related procedures in this document for additional RADIUS, and SSID
settings for device groups, as required.
86 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 87
Configuring Radio Settings for Device Groups
The Groups > Radio configuration page allows you to specify detailed RF-related settings for devices in a
particular group.
NOTE: If you have existing deployed devices, you may want to use the current RF settings on those devices as a guide for
configuring the settings in your default Group.
Perform the following steps to define RF-related radio settings for groups.
1. Go to the Groups > List page and select the group for which to define radio settings by selecting the group
name. Alternatively, select Add from the Groups > List page to create a new group, define a group name. In
either case, the Monitor page appears.
2. Go to the Groups > Radio page. Figure 42 illustrates this page.
Figure 42 Groups > Radio Page Illustration
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 87
Page 88
3. Locate the Radio Settings area and adjust these settings as required. Table 58 describes the settings and
default values.
Table 58 Groups > Radio > Radio Settings Fields and Default Values
Setting Default Description
Allow Automatic Channel
Selection (2.4, 5, and
4.9GHz Public Safety)
No If enabled, whenever the AP is rebooted it uses its radio to scan the airspace and
select its optimal RF channel based on observed signal strength from other radios.
NOTE: If you enable this feature, AWMS automatically reboots the APs in the group
when the change is implemented.
802.11b Data Rates
(Mbps)
Required:
1.0
2.0
Optional:
5.5
11.0
Displays pull-down menus for various data rates for transmitting data.
NOTE: This setting does not apply to Cisco LWAPP devices.
The three values in each of the pull-down menus are as follows:
Required—The AP transmits only unicast packets at the specified data rate;
multicast packets are sent at a higher data rate set to optional. (Corresponds to a
setting of yes on Cisco devices.)
Optional—The AP transmits both unicast and multicast at the specified data
rate. (Corresponds to a setting of basic on Cisco devices.)
Not Used—The AP does not transmit data at the specified data rate.
(Corresponds to a setting of no on Cisco devices.)
Frag Threshold Enabled No If enabled, this setting enables packets to be sent as several pieces instead of as one
block. In most cases, leave this option disabled.
Threshold Value 2337 If Fragmentation Threshold is enabled, this specifies the size (in bytes) at which
packets are fragmented. A lower Fragmentation Threshold
setting might be required
if there is a great deal of radio interference.
RTS/CTS Threshold
Enabled
No If enabled, this setting configures the AP to issue a RTS (Request to Send) before
sending a packet. In most cases, leave this option disabled.
RTS/CTS Threshold Value 2338 If RTS/CTS is enabled, this specifies the size of the packet (in bytes) at which the AP
sends the RTS before sending the packet.
RTS/CTS Maximum
Retries
32 If RTS/CTS is enabled, this specifies the maximum number of times the AP issues an
RTS before stopping the attempt to send the packet through the radio.
Acceptable values range from 1
to 128.
Maximum Data Retries 32 The maximum number of attempts the AP makes to send a packet before giving up
and dropping the packet. Acceptable values range from 1 to 255.
Beacon Period (19-5000
100 Time between beacons (in microseconds).
msec)
DTIM Period (1-255) 2 DTIM alerts power-save devices that a packet is waiting for them. This setting
configures DTIM packet frequency as a multiple of the number of beacon packets.
The DTIM Interval indicates how many beacons equal one cycle.
Ethernet Encapsulation RFC1042 This setting selects either the RFC1042 or 802.1h Ethernet encapsulation standard for
use by the group.
Radio Preamble Long This setting determines whether the APs uses a short or long preamble. The
preamble is generated by the AP and attached to the packet prior to transmission.
The short preamble is 50 percent shorter than the long preamble and thus may
improve wireless network performance.
NOTE: Because older WLAN hardware may not support the "short" preamble, the
"long" preamble is recommended as a default setting in most environments.
4. Certain APs offer proprietary settings or advanced functionality that differ from prevailing industry standards.
If you use these APs in the device group, you may wish to take advantage of this proprietary functionality.
88 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 89
To configure these settings, locate the proprietary settings areas on the Groups > Radio page and continue
with the additional steps in this procedure.
NOTE: Proprietary settings are only applied to devices in the group from the specific vendor and are not configured on devices
from vendors that do not support the functionality.
5. To configure HP ProCurve 420 settings exclusively, locate the HP ProCurve 420 section and adjust these
settings as required. Table 59 describes the settings and default values.
Table 59 Groups > Radio > HP ProCurve 420 Fields and Default Values
Setting Default Description
Slot Time Auto Short-slot-time mechanism, if used on a pure 802.11g deployment, improves WLAN
Multicast Data Rate 5.5Mbps Sets the maximum data rate of the multicast data packets.
Rogue Scanning Enabled If enabled the 420 APs in the group will scan for rogues.
Rogue Scanning Interval
(15-10080 min)
Rogue Scanning Duration
(50-1000 msec)
Rogue Scan Type Periodic Specifies the Rogue Scanning mode. When set to Dedicated, users are unable to
720 If rogue scanning is enabled, this setting controls the frequency with which scans
350 Specifies the amount of time, in milliseconds, the AP should spend performing the
throughput by reducing wait time for transmitter to assure clear channel
assessment.
are conducted (in minutes). Frequent scans provide the greatest security, but AP
performance and throughput available to user devices may be impacted modestly
during a rogue scan.
NOTE: This setting only applies to Periodic scans.
rogue scan. If the duration is set too high users may start to experience connectivity
issues.
NOTE: This setting only applies to periodic scans.
associate to the AP.
6. Locate the HP ProCurve 240, Enterasys AP 3000 and AP 4102 section and define the settings. Table 60
describes the settings and default values of this page.
Table 60 Groups > Radio > HP ProCurve 240, Enterasys AP 3000 and AP 4102 Fields and Default Values
Setting Default Description
Operational Mode 802.11b +
802.11g
Max Station Data Rate 54 Mbps The maximum data rate at which a user can connect to the AP.
Sets the radio operational mode for all of the ProCurve 420s, Enterasys 3000s and
4102sin the group to either b only, g only, or b + g.
7. Locate the Enterasys AP3000 and Enterasys AP4102 section and define the settings. Table 61 describes the
settings and default values of this page.
Table 61 Groups > Radio > Enterasys AP3000 and Enterasys AP4102 Fields and Default Values
Setting Default Description
802.11a Multicast Data
Rate
802.11b/g Multicast Data
Rate
Rogue Scanning Enabled If enabled AP 3000s and 4102s in the group with firmware 3.1.20 or newer will
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 89
6 Mbps Drop-down menu that specifies the a radio multicast data rate.
5.5 Mbps Drop-down menu that specifies the b/g multicast data rate.
passively scan for rogue APs at the specified interval for the specified amount of time.
This rogue scan will not break users' association to the network.
Page 90
Table 61 Groups > Radio > Enterasys AP3000 and Enterasys AP4102 Fields and Default Values (Continued)
Setting Default Description
Rogue Scan Interval (30-
720 Specifies the time, in minutes, between rogue scans.
10080 min)
Rogue Scan Duration
(200-1000 msec)
350 Specifies the amount of time, in milliseconds, the AP listens to rogues before returning
to normal operation.
8. Locate the Groups > VxWorks section and adjust these settings as required. Table 62 describes the settings
and default values of this page.
Table 62 Groups > Radio > VxWorks Fields and Default Values
Setting Default Description
Use Aironet
Extensions
Yes When enabled, this option allows Cisco devices to provide functionality not supported by
802.11 IEEE standards, including the following:
Load balancing—Allows the access point to direct Aironet clients to the optimum access
point.
Message Integrity Check (MIC)—Protects against bit-flip attacks.
Temporal Key Integrity Protocol (TKIP)—Key hashing algorithm that protects against IV
attacks.
Lost Ethernet
Action
Repeater
Mode
Pull-down menu that specifies the action to take when the Lost Ethernet Timeout threshold is
exceeded:
No Action—No action taken by the AP.
Repeater Mode—The AP converts to a repeater, disassociating all its clients while the
backbone is unavailable. If the AP can communicate with another root AP on the same
SSID, its clients will be able to re-associate and connect to the backbone. If the AP
cannot communicate with another root AP, clients are not allowed to re-associate.
Disable Radio—The AP disassociates its clients and disables the radio until it can
establish communication with the backbone.
Restrict SSID—The AP disassociates all clients and then allows clients to re-associate
with current SSID.
Lost Ethernet
Timeout
2 Specifies the time (in seconds) the AP waits prior to taking action when its backbone
connectivity is down. Actions are defined in the Lost Ethernet Action field.
(1-1000 secs)
Upgrade Radio
Firmware When
Yes If enabled, this setting mandates that the radio firmware be upgraded to a firmware version
compatible with the current version of AP firmware.
AP Firmware Is
Upgraded
9. To configure settings specific to the Proxim AP-600, AP-700, AP-2000, AP-4000; Avaya AP-3/4/5/6//7/8, and
ProCurve 520WL, locate the appropriate section of Groups > Radio page and define the required fields.
Table 63 describes the settings and default values.
Table 63 Groups > Radio > Proxim/Avaya/Procurve APs Fields and Default Values
Setting Default Description
Load Balancing No If enabled, this setting allows client devices associating to an AP with two radio cards
to determine which card to associate with, based on the load (number of clients) on
each card.
NOTE: This feature is only available when two 802.11b wireless cards are used in an
AP-2000.
Interference Robustness No If enabled, this option will fragment packets greater than 500 bytes in size to reduce
the impact of radio frequency interference on wireless data throughput.
90 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 91
Table 63 Groups > Radio > Proxim/Avaya/Procurve APs Fields and Default Values (Continued)
Setting Default Description
Distance Between APs Large This setting adjusts the receiver sensitivity. Reducing receiver sensitivity from its
maximum may help reduce the amount of crosstalk between wireless stations to
better support roaming users. Reducing the receiver sensitivity, user stations will be
more likely to connect with the nearest access point.
802.11g Operational
Mode
802.11abg Operational
Mode
802.11b Transmit Rate Auto
802.11g Transmit Rate Auto
802.11a Transmit Rate Auto
Rogue Scanning Yes If enabled, any ORiNOCO or Avaya APs in the group (with the appropriate firmware)
Rogue Scan Interval 15 minutes If rogue scanning is enabled, this setting controls the frequency with which scans are
802.11b
+802.11g
802.11b
+802.11g
Fallback
Fallback
Fallback
This setting sets the operational mode of all g radios in the group to either b only, g
only or b + g.
This setting sets the operational mode of all a/b/g radios in the group to either a only, b
only, g only or b + g.
This setting specifies the minimum transmit rate required for the AP to permit a user
device to associate.
This setting specifies the minimum transmit rate required for the AP to permit a user
device to associate.
This setting specifies the minimum transmit rate required for the AP to permit a user
device to associate.
will passively scan for rogue APs at the specified interval. This rogue scan will not
break users' association to the network.
NOTE: This feature can affect the data performance of the access point.
conducted (in minutes). Frequent scans provide the greatest security, but AP
performance and throughput available to user devices may be impacted modestly
during a rogue scan.
10. Locate the Proxim 4900M section and define the required fields. Table 64 describes the settings and default
values.
Table 64 Groups > Radio > Proxim 4900 Fields and Default Values
Setting Default Description
4.9GHz Public Safety
Channel Bandwidth
802.11a/4.9GHz Public
Safety Operational Mode
20 This setting specifies the channel bandwidth for the 4.9 GHz radio. It is only applicable
if you are running the 802.11a/4.9GHz radio in 4.9GHz mode.
802.11a This setting specifies if the AP will run the 802.11a/4.9GHz radio in 802.11a mode or in
4.9 GHz mode. Please note that 4.9 GHz is a licensed frequency used for public safety.
11. Locate the Symbol section and define the required fields. Table 65 describes the settings and default values.
Table 65 Groups > Radio > Symbol Fields and Default Values
Setting Default Description
Rogue Scanning Yes If enabled, Symbol APs with 3.9.2 or later firmware in the group will passively scan for rogue
Rogue Scanning
Interval (5-480 min)
240 If rogue scanning is enabled, this setting controls the frequency with which scans are
APs at the specified interval. This rogue scan will not break a user’s association to the
network.
conducted (in minutes). Frequent scans provide the greatest security, but AP performance
and throughput available to user devices may be impacted modestly during a rogue scan.
12. Select Save when radio configurations as described above are complete, select Save and Apply to make the
changes permanent, or select Revert to discard all unapplied changes.
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 91
Page 92
An Overview of Cisco WLC Configuration
The Groups > Cisco WLC Config page consolidates the settings for Cisco WLC devices from all group pages.
The Groups > SSIDs subtab applies to all device types except for Cisco WLC, which have WLANs configured
on the Cisco WLC Config page. It is not recommended to have HP Procurve 420s, Symbol 4131 and Proxim APs
in the same group as Cisco devices. Also, it is recommended that users set device preferences to Only devices in
this group. This topic describes how to access and navigate the Groups > Cisco WLC Config page.
Accessing Cisco WLC Configuration
Go to the Cisco WLC Config page in one of these two ways:
1. In Groups > List, select a group that has been defined to support Cisco devices and the Cisco WLC Config
option appears in the subtabs.
2. In Groups > List, create a new group to support Cisco devices with these steps:
Select Add from the Groups > List page to create a new group, enter a group name, and select Add.
Once AWMS prompts you with the Groups > Basic page, ensure that you enable device-specific settings
for Cisco WLC.
Once you select Save or Save and Apply, then the Groups > Cisco WLC Config subtab appears in the
navigation pane at the top in association with that group.
Navigating Cisco WLC Configuration
The navigation pane on the left side of the Groups > Cisco WLC Config page is expandable, and displays the
Cisco configurations supported and deployed. Figure 43 and Figure 44 illustrate this navigation pane.
You can pre-populate the group WLC settings from a controller in the same group by performing an import on
the controller’s Audit page.
Figure 43 Groups > Cisco WLC Config Page Illustration, collapsed view
Figure 44 Groups > Cisco WLC Config Page Illustration, expanded view
92 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 93
Configuring WLANs for Cisco WLC Devices
In Cisco WLC Config, WLANs are based on SSIDs or VLANs that are dedicated to Cisco WLC controllers.
Perform the following steps to define and configure WLANs for Cisco WLC controllers.
1. Go to the Groups > Cisco WLC Config page, and select WLANs in the navigation pane at left. This page
displays the SSIDs or VLANs that are available for use with Cisco WLC devices, and enables you to define
new SSIDs or VLANs. Figure 45 illustrates this page.
2. To change the ID/position of a WLAN on the controller by dragging and dropping, set the toggle to yes. Note
that the by setting this flag to yes, AMP will display a mismatch if the WLANs in the desired and device
config differ only on the order.
Figure 45 Groups > Cisco WLC Config > WLANS page illustration
3. To add or edit SSIDs or VLANs that are dedicated to Cisco WLC devices, either select the Add New SSID/
VLAN button, or select the pencil icon for an existing SSID/VLAN. A new page appears comprised of four
tabs, as follows:
General—Defines general administrative parameters for the Cisco WLC WLAN.
Security—Defines encryption and RADIUS servers.
QoS—Defines quality of service (QoS) parameters for the Cisco WLC WLAN.
Advanced—Defines advanced settings that are available only with Cisco WLC devices, for example, AAA
override, coverage, DHCP and DTIM period.
NOTE: Refer to Cisco documentation for additional information about Cisco WLC devices and related features.
Figure 46 Groups > Cisco WLC Config > WLANs > Add New SSID/VLAN > General Tab Illustration
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 93
Page 94
Figure 47 Groups > Cisco WLC Config > WLANs > Add New SSID/VLAN > Security Tab Illustration
Figure 48 Groups > Cisco WLC Config > WLANs > Add New SSID/VLAN > QoS Tab Illustration
Figure 49 Groups > Cisco WLC Config > WLANs > Add New SSID/VLAN > Advanced Tab Illustration
94 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 95
Defining and Configuring LWAPP AP Groups for Cisco Devices
The Groups > Cisco WLC Config > WLANs > Advanced > AP Groups page allows you to add/edit/delete AP
Groups on the Cisco WLC. LWAPP AP Groups are used to limit the WLANs available on each AP. Cisco thin
APs are assigned to LWAPP AP Groups.
Viewing and Creating AP Groups
1. Go to the Groups > Cisco WLC Config page, and select WLANs > Advanced > AP Groups in the
navigation pane at left. This page displays the configured LWAPP APs. Figure 50 illustrates this page.
Figure 50 Groups > Cisco WLC Config > WLANS > Advanced > AP Groups Page Illustration
2. To add a new LWAPP AP group, select Yes in the AP Groups section. Additional controls appear.
3. Select Add to create a new LWAPP AP group. To edit an existing LWAPP AP group, select the pencil icon
next to that group. Add one or more SSIDs and the interface/VLAN ID mapping on the Add/Edit page of the
LWAPP AP Group.
4. Select Save and Apply to make these changes permanent, or select Save to retain these changes to be pushed
to controllers at a later time.
Configuring Cisco Controller Settings
The Groups > Cisco WLC Config > Controller page defines general Cisco WLC settings, Multicast settings,
Cisco mobility groups to be supported on Cisco controllers, Network Transfer Protocol (NTP), and Spanning
Tree Protocol settings.
Go to the Groups > Cisco WLC Config > Controller page. This navigation is illustrated in Figure 51.
Figure 51 Groups > Cisco WLC Config > Controller Navigation
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 95
Page 96
Configuring Wireless Parameters for Cisco Controllers
This section illustrates the configuration of Wireless settings in support of Cisco WLC controllers. The navigation
for Wireless settings is illustrated in Figure 52.
Figure 52 Groups > Cisco WLC Config > Wireless Navigation Illustration
Configuring Security Parameters and Functions
AWMS enables you to configure many security settings that are specific to Cisco WLC controllers. This section
supports four overriding types of configuration, as follows:
AAA, to cover both RADIUS and TACACS+ server configuration
Priority Order
Wireless Protection Policies
Web Auth
Figure 53 illustrates these components and this navigation:
Figure 53 Groups > Cisco WLC Config > Security Navigation Illustration
Configuring Management Settings for Cisco
AWMS allows you to configure of SNMP and Syslog Server settings for Cisco WLC controllers. Users should be
able to configure up to four trap receivers on the Cisco WLC including the AMP IP that can be used in Global
Groups. To define SNMP and server settings, go to the Groups > Cisco WLC Config > Management page,
illustrated in Figure 54.
96 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Page 97
Figure 54 Groups > Cisco WLC Config > Management Navigation Illustration
Configuring Group PTMP Settings
The Groups > PTMP configuration page configures Point-to-Multipoint (PTMP) for all subscriber and base
stations in the device group. Subscriber stations must be in the same group as all base stations with which they
might connect.
Perform the following steps to configure these functions.
1. Go to the Groups > List page and select the group for which to define PTMP settings by selecting the group
name. Alternatively, select Add from the Groups > List page to create a new group, define a group name. In
either case, the Monitor page appears.
2. Select the PTMP tab in the AWMS navigation menu. Figure 55 illustrates this page.
Figure 55 Groups > PTMP Page Illustration
3. Define the settings on this page. Table 66 describes the settings and default values.
Table 66 Groups > PTMP Fields and Default Values
Setting Default Description
802.11a Radio Channel 58 Selects the channel used for 802.11a radios by the devices in this group.
802.11g Radio Channel 10 Selects the channel used for 802.11g radios by the devices in this group.
Channel Bandwidth 20 Defines the channel bandwidth used by the devices in this group.
Network Name Wireless Network Sets the Network name with a range of length supported from two to 32
alphanumeric characters.
Network Secret None Sets a shared password to authenticate clients to the network.
4. Select Save and Apply when configurations are complete to make them permanent, or select Save to retain
these settings prior to pushing to controllers at a later time.
Configuring Proxim Mesh Radio Settings
1. Go to the Groups > Proxim Mesh configuration page to configure Mesh-specific radio settings.
2. Define the settings as required for your network. Figure 56 illustrates this page. Table 67 and Table 68
describe the settings and default values.
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 97
Page 98
Figure 56 Groups > Proxim Mesh Page Illustration
The General section contains settings for mesh radio, number of mesh links, RSSI smoothing, roaming
threshold and de-auth client.
Table 67 Groups > Proxim Mesh > General Fields and Default Values
Setting Default Description
Mesh Radio 4.9/5Ghz Drop-down selects the radio that acts as the backhaul to the network.
Max Number of Mesh
Links
Neighbor RSSI
Smoothing
Roaming Threshold 80 Specifies the difference in cost between two paths that must be exceeded before
Deauth Client when
Uplink is Down
6 Sets the maximum number of mesh links allowed on an AP. This number includes
the uplink to the portal as well as downlinks to other mesh APs.
16 Specifies the number of beacons to wait before switching to a new link.
the AP roams. To switch to a new path it must have a cost that is less by at least the
roaming threshold. A high threshold results in fewer mesh roams.
Yes W it h Ye s selected, clients have authentication removed (are deauthenticated) if the
uplink is lost.
The Security section contains settings for SSID and enabling AES encryption.
Table 68 Groups > Proxim Mesh > Security Fields and Default Values
Setting Default Description
SSID None Sets the SSID used by the Mesh Radio to connect to the mesh network.
Enable AES No Enable or disable AES encryption.
3. The Mesh Cost Matrix configuration section contains settings for hop factor and maximum hops to portal,
RSSI factor and cut-off, medium occupancy factor and current medium occupancy weight. Adjust these
settings as required for your network. Table 69 describes these settings and default values.
Table 69 Groups > Proxim Mesh > Mesh Cost Matrix Fields and Default Values
Setting Default Description
Hop Factor 5 Sets the factor associated with each hop when calculating the best path to the portal AP.
Higher factors will have more impact when deciding the best uplink.
Maximum Hops to
Portal
RSSI Factor 5 Sets the factor associated with the RSSI values used when calculating the best path to
RSSI Cutoff 10 Specifies the minimum RSSI needed to become a mesh neighbor.
98 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
4 Set the maximum number of hops for the AP to reach the Portal AP.
the portal AP. Higher factors will have more impact when deciding the best uplink.
Page 99
Table 69 Groups > Proxim Mesh > Mesh Cost Matrix Fields and Default Values (Continued)
Setting Default Description
Medium Occupancy
Factor
Current Medium
Occupancy Weight
5 Sets the factor associated with Medium Occupancy when calculating the best path to the
portal AP. Higher factors will have more impact when deciding the best uplink.
7 Specifies the importance given to the most recently observed Medium Occupancy against
all of the previously viewed medium occupancies. Lower values place more importance
on previously observed Medium Occupancies.
4. Select Save when configurations are complete to retain these settings. Select Save and Apply to make the
changes permanent, or select Revert to discard all unapplied changes.
Configuring Group MAC Access Control Lists
This configuration is optional. If you use Symbol, Proxim, Cisco VxWorks, or ProCurve 520WL wireless APs,
AWMS enables you to specify the MAC addresses of devices that are permitted to associate with APs in the
Group. Other devices are not able to associate to APs in the Group, even if the users of those devices are
authorized users on the network.
NOTE: If Use MAC ACL is enabled for Cisco VxWorks, AWMS does not disable this feature on the AP; but the MAC list entered is
not populated on the AP. The individual MAC addresses must be entered manually on the AP. If you have APs from other vendors
in the Group, the ACL restrictions do not apply to those APs.
Perform the following steps to use the MAC ACL function.
1. Browse to the Groups > MAC ACL configuration page. Figure 57 illustrates this page.
Figure 57 Groups > MAC ACL Page Illustration
2. Select Yes on the Use MAC ACL drop-down menu. Enter all authorized MAC addresses, separated by white
spaces.
3. Select Save when configurations are complete to retain these settings. Select Save and Apply to make the
changes permanent, or select Revert to discard all unapplied changes.
Specifying Minimum Firmware Versions for APs in a Group
This configuration is optional. AWMS allows you the option of defining the minimum firmware version for each
AP type in a group on the Groups > Firmware configuration page. At the time that you define the minimum
version, AWMS automatically upgrades all eligible APs. When you add APs into the group in the future, you will
be able to upgrade APs in manual fashion. The firmware for an AP is not upgraded automatically when it is added
to a group. Perform the following steps to make this firmware configuration.
1. Browse to the Groups > Firmware configuration page. Figure 58 illustrates this page.
Dell PowerConnect W AirWave 7.2 | User Guide Configuring and Using Device Groups in AWMS | 99
Page 100
Figure 58 Groups > Firmware Page Illustration
2. For each device type in the group, specify the minimum acceptable firmware version. If no firmware versions
are listed, go to the Device Setup > Firmware configuration page to upload the firmware files to AWMS.
3. Select Upgrade to apply firmware preferences to devices in the group. Refer to the firmware upgrade help
under APs/Devices > Manage configuration page for detailed help on Firmware job options.
4. Select Save to save the firmware file as the desired version for the group.
5. If you have opted to assign an external TFTP server on a per-group basis on the Device Setup > Firmware
configuration page, you can enter the IP address in the Firmware Upgrade Options field on the top of this
configuration page.
6. Once you have defined your first group, you can configure that group to be the default group on your network.
When AWMS discovers new devices that need to be assigned to a management group, the default group
appears at the top of all drop-down menus and lists. Newly discovered devices are place automatically in the
default group if AWMS is set to Automatically Monitor/Manage New Devices on the AWMS configuration
page.
7. Browse to the Groups > List configuration page.
8. From the list of groups, check the Default radio button next to the desired default group to make it the
default.
Comparing Device Groups
You can compare two existing device groups with a detailed line-item comparison. Group comparison allows
several levels of analysis to include the following:
compare performance, bandwidth consumption, or troubleshooting metrics between two groups
debug one device group against the settings of a similar and better performing device group
use one group as a model by which to fine-tune configurations for additional device groups
This topic presumes that at least two device groups are at least partly configured in AWMS, each with saved
configurations. Perform the following steps to compare two existing device groups:
1. From the Groups > List page, select Compare two groups. Two drop-down menus appear.
2. Select the two groups to compare to each other in the drop-down menus, and select Compare. The Compare
page appears, displaying some or many configuration categories. Figure 59 illustrates this page.
100 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.2 | User Guide
Loading...