Dell W-3200 User Manual

Download

Page 1

Dell PowerConnect

W-Series ArubaOS 6.1

User Guide

Page 2

. Dell™, the DELL™ logo, and PowerConnect™ are

, Aruba Wireless Networks®, the

trademarks of Dell Inc.

Originated in the USA. All other trademarks are the property of their respective owners.

Open Source Code

Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used can be found at this site:

http://www.arubanetworks.com/open_source

Legal Notice

The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide 0510845-01 | June 2011

Page 3

About this Guide ..................................................................................................................................................... 45

Audience............................................................................................................................................45

Fundamentals....................................................................................................................................45

WebUI.........................................................................................................................................45

CLI ............................................................................................................................................... 45

Related Documents..........................................................................................................................46

Conventions.......................................................................................................................................46

Contacting Support .......................................................................................................................... 47

Chapter 1 The Basic User-Centric Networks.................................................................................. 49

Configuring the User-Centric Network .........................................................................................49

Deployment and Configuration Tasks ...........................................................................................49

Deployment Scenario #1 ......................................................................................................... 50

Deployment Scenario #2 ......................................................................................................... 50

Deployment Scenario #3 ......................................................................................................... 51

Configuring the Controller...............................................................................................................52

Running the Initial Setup.........................................................................................................52

Connecting to the Controller after Initial Setup...................................................................53

Configuring a VLAN for Network Connection..............................................................................53

Creating and Updating a VLAN ..............................................................................................54

Viewing Existing VLAN IDs .............................................................................................54

Creating, Updating, and Deleting VLAN Pools.....................................................................54

Adding existing VLAN IDs to a VLAN Pool in the CLI .................................................54

Assigning and Configuring the Trunk Port ...........................................................................55

In the WebUI .....................................................................................................................55

In the CLI............................................................................................................................ 55

Configuring the Default Gateway...........................................................................................55

In the WebUI .....................................................................................................................55

In the CLI............................................................................................................................ 56

Configuring the Loopback for the Controller........................................................................56

In the WebUI ....................................................................................................................56

In the CLI............................................................................................................................ 56

Configuring the System Clock ................................................................................................57

Installing Licenses....................................................................................................................57

Connecting the Controller to the Network ...........................................................................57

Additional Configuration.................................................................................................................. 57

Chapter 2 Network Parameters......................................................................................................... 59

Configuring VLANs ...........................................................................................................................59

Creating and Updating VLANs................................................................................................59

Using the WebUI .............................................................................................................. 59

Using CLI............................................................................................................................ 60

Create a Bulk VLANs Using the WebUI........................................................................60

Using CLI............................................................................................................................ 60

Creating, Updating and Deleting VLAN Pools......................................................................60

Creating a VLAN pool Using the WebUI.......................................................................60

Updating a VLAN Pool .....................................................................................................61

Deleting a VLAN Pool ...................................................................................................... 61

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 3

Page 4

Create a VLAN Pool Using CLI ....................................................................................... 61

Viewing Existing VLAN IDs Using CLI ...........................................................................61

Adding Existing VLAN IDs Using CLI............................................................................. 61

Add a Bandwidth Contract to the VLAN............................................................................... 62

Optimize VLAN Broadcast and Multicast Traffic................................................................ 62

In the CLI............................................................................................................................ 62

In the WebUI .....................................................................................................................63

Configuring Ports..............................................................................................................................63

Classifying Traffic as Trusted or Untrusted .........................................................................63

About Trusted and Untrusted Physical Ports ..............................................................63

About Trusted and Untrusted VLANs............................................................................ 63

Configuring Trusted/Untrusted Ports and VLANs............................................................... 64

Using WebUI .....................................................................................................................64

Using CLI............................................................................................................................ 64

Configure Trusted/Untrusted Ports and VLANs in Trunk Mode .......................................65

Using the WebUI .............................................................................................................. 65

Using CLI............................................................................................................................ 65

About VLAN Assignments...............................................................................................................65

How a VLAN Obtains its IP Address......................................................................................66

Assigning a Static Address to a VLAN..................................................................................66

Using the WebUI .............................................................................................................. 66

Using CLI .................................................................................................................................... 66

Configuring a VLAN to Receive a Dynamic Address.......................................................... 66

Configuring Multiple Wired Uplink Interfaces (Active-Standby) ............................. 67

Enabling the DHCP Client........................................................................................................ 67

Using the WebUI .............................................................................................................. 67

Using the CLI .....................................................................................................................67

Enabling the PPPoE Client.......................................................................................................68

Using the WebUI .............................................................................................................. 68

Using CLI............................................................................................................................ 68

Default Gateway from DHCP/PPPoE..................................................................................... 68

Using the WebUI .............................................................................................................. 68

Using CLI............................................................................................................................ 68

Configuring DNS/WINS Server from DHPC/PPPoE............................................................ 68

Using the WebUI.......................................................................................................................69

Using CLI............................................................................................................................ 69

Configuring Source NAT to Dynamic VLAN Address......................................................... 69

Using the WebUI .............................................................................................................. 69

Using CLI............................................................................................................................ 70

Configuring Source NAT for VLAN Interfaces.....................................................................70

Example Configuration .................................................................................................... 70

Using the WebUI .............................................................................................................. 70

Using CLI............................................................................................................................ 71

Inter-VLAN Routing.................................................................................................................. 71

Using the WebUI to restrict VLAN routing...................................................................71

Using CLI............................................................................................................................ 72

Configuring Static Routes ............................................................................................................... 72

Using the WebUI.......................................................................................................................72

Using CLI .................................................................................................................................... 72

Configuring the Loopback IP Address .......................................................................................... 72

Using the WebUI.......................................................................................................................72

Using CLI .................................................................................................................................... 73

Using the CLI to reboot the controller................................................................................... 73

Configuring the Controller IP Address ..........................................................................................73

Using CLI .................................................................................................................................... 74

Configuring GRE Tunnels................................................................................................................. 74

Creating a Tunnel Interface.................................................................................................... 74

4 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 5

Using the WebUI .............................................................................................................. 74

Using CLI............................................................................................................................ 75

Directing Traffic into the Tunnel............................................................................................ 75

Static Routes..................................................................................................................... 75

Firewall Policy................................................................................................................... 75

Tunnel Keepalives............................................................................................................ 75

Chapter 3 RF Plan................................................................................................................................. 77

Supported Planning.......................................................................................................................... 77

Before You Begin.............................................................................................................................. 78

Task Overview...........................................................................................................................78

Planning Requirements ........................................................................................................... 78

Launching the RF Plan .....................................................................................................................79

Campus List Page..................................................................................................................... 80

Building List Pane.....................................................................................................................81

Building Specifications Overview..........................................................................................82

Building Dimension Page........................................................................................................ 82

AP Modeling Parameters Page..............................................................................................83

Radio Type......................................................................................................................... 85

Design Model.................................................................................................................... 85

Overlap Factor .................................................................................................................. 85

Users/AP............................................................................................................................ 86

Radio Properties (Desired Rates and HT Support Options) ...................................... 86

AM Modeling Page ..................................................................................................................87

Design Models.................................................................................................................. 88

Monitor Rates ................................................................................................................... 88

Planning Floors Page............................................................................................................... 88

Zoom................................................................................................................................... 89

Approximate Coverage Map .......................................................................................... 90

Floor Editor Dialog Box.................................................................................................... 90

Area Editor Dialog Box ....................................................................................................91

Access Point Editor Dialog Box .....................................................................................92

AP Plan Page.............................................................................................................................95

Initialize.............................................................................................................................. 95

Optimize ............................................................................................................................. 95

Fix All Suggested AP/AMs.............................................................................................. 96

AM Plan Page ........................................................................................................................... 96

Initialize.............................................................................................................................. 96

Optimize ............................................................................................................................. 96

Fix All Suggested AP/AMs.............................................................................................. 96

Exporting and Importing Files.................................................................................................97

Export Campus.................................................................................................................. 97

Import Campus.................................................................................................................. 97

Export Buildings Page ..................................................................................................... 97

Import Buildings Page .....................................................................................................98

Locate.........................................................................................................................................98

FQLN Mapper ............................................................................................................................ 98

Using the FQLN Mapper in the AP Provision Page...................................................................100

Using the WebUI.....................................................................................................................100

Using CLI .................................................................................................................................. 100

RF Plan Example ............................................................................................................................. 101

Sample Building......................................................................................................................101

Create a Building ...................................................................................................................102

Model the Access Points .....................................................................................................103

Model the Air Monitors ........................................................................................................103

Add and Edit a Floor............................................................................................................... 103

Adding the background image and naming the first floor............................................... 103

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 5

Page 6

Adding the background image and naming the second floor......................................... 104

Defining Areas ........................................................................................................................ 104

Creating a Don’t Care Area ..................................................................................................104

Creating a Don’t Deploy Area ............................................................................................... 105

Running the AP Plan .............................................................................................................105

Running the AM Plan ............................................................................................................ 106

Chapter 4 Access Points .................................................................................................................. 107

Basic Functions and Features......................................................................................................107

AP Names and Groups .................................................................................................................. 108

Creating an AP group.............................................................................................................109

in the WebUI ................................................................................................................... 109

Creating an AP group in the CLI................................................................................... 109

Assigning APs to an AP group ............................................................................................. 109

In the CLI.......................................................................................................................... 110

AP Configuration Profiles..............................................................................................................110

Wireless LAN Profiles............................................................................................................110

AP Profiles ............................................................................................................................... 112

QoS Profiles.............................................................................................................................113

RF Management Profiles.......................................................................................................113

Mesh Profiles .......................................................................................................................... 114

Other Profiles .......................................................................................................................... 114

Viewing Profile Errors............................................................................................................114

Profile Hierarchy............................................................................................................................. 114

Deploying APs................................................................................................................................. 116

Running the RF Plan............................................................................................................... 117

Ensure APs Can Connect to the Controller ........................................................................117

Configure Firewall Settings .......................................................................................... 117

Enable Controller Discovery......................................................................................... 117

From a DNS Server ........................................................................................................ 118

From a DHCP Server ......................................................................................................118

Using the Aruba Discovery Protocol (ADP) ...............................................................118

Ensure APs Can Obtain IP Addresses.................................................................................119

Enabling the DHCP server on the controller in the WebUI ..................................... 119

Enable the DHCP server on the controller in the CLI ............................................... 119

Provisioning APs for Mesh ................................................................................................... 120

Installing APs on the Network..............................................................................................120

Updating the RF Plan..............................................................................................................120

Provisioning Installed APs ............................................................................................................120

Remote AP (RAP) vs Campus AP (CAP).............................................................................. 121

AP Provisioning Wizard.........................................................................................................121

Provisioning an Individual AP...............................................................................................121

Provisioning Multiple APs using a Provisioning Profile........................................... 124

Assigning Provisioning Profiles ...................................................................................124

Troubleshooting.............................................................................................................. 125

Configuring a Provisioned AP....................................................................................................... 125

AP Installation Modes ........................................................................................................... 125

In the WebUI ...................................................................................................................125

In the CLI.......................................................................................................................... 126

Renaming an AP ..................................................................................................................... 126

Renaming in the WebUI ................................................................................................ 126

Renaming in the CLI .......................................................................................................126

Optimize APs Over Low-Speed Links.................................................................................. 127

Configuring the Bootstrap Threshold.......................................................................... 127

Prioritizing AP heartbeats............................................................................................. 130

AP Redundancy ...................................................................................................................... 130

6 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 7

In the WebUI ...................................................................................................................130

In the CLI.......................................................................................................................... 130

AP Maintenance Mode ......................................................................................................... 131

In the WebUI ...................................................................................................................131

In the CLI.......................................................................................................................... 131

Managing AP LEDs.................................................................................................................131

Disabling LEDs in the WebUI........................................................................................ 132

Enable or Disable LEDs in the CLI................................................................................ 132

Configuring Blinking LEDs in the CLI........................................................................... 132

Managing RF Interference............................................................................................................132

RF Optimization ....................................................................................................................... 132

In the WebUI ...................................................................................................................132

In the CLI.......................................................................................................................... 133

RF Event Configuration .......................................................................................................... 133

In the WebUI ...................................................................................................................134

In the CLI.......................................................................................................................... 135

AP Channel Assignments..............................................................................................................135

20 MHz and 40 MHz Static Channel Assignments ............................................................135

In the WebUI ...................................................................................................................136

In the CLI.......................................................................................................................... 137

Channel Switch Announcement (CSA)............................................................................... 137

In the WebUI ...................................................................................................................137

In the CLI.......................................................................................................................... 137

Automatic Channel and Transmit Power Selection..........................................................137

AP Console Settings....................................................................................................................... 137

Chapter 5 Virtual APs........................................................................................................................ 139

Virtual AP Profiles .......................................................................................................................... 139

Excluding a virtual AP profile from an AP in the WebUI.......................................... 140

Excluding a virtual AP profile from an AP in the CLI ................................................ 140

Configuring a Virtual AP ................................................................................................................140

Configuring the WLAN...........................................................................................................141

Configuring the User Role..................................................................................................... 142

In the WebUI ...................................................................................................................142

In the CLI.......................................................................................................................... 142

Configuring Authentication Servers.................................................................................... 142

In the WebUI ...................................................................................................................142

In the CLI.......................................................................................................................... 142

Configuring Authentication................................................................................................... 143

In the WebUI ...................................................................................................................143

In the CLI.......................................................................................................................... 144

Applying the Virtual AP..........................................................................................................144

In the WebUI ...................................................................................................................144

In the CLI.......................................................................................................................... 148

Creating a new SSID Profile................................................................................................. 148

In the WebUI ...................................................................................................................148

In the CLI.......................................................................................................................... 152

Configuring an SSID for Suite-B cryptography .........................................................152

Guest WLAN............................................................................................................................152

Configuring the VLAN ............................................................................................................ 153

In the WebUI ...................................................................................................................153

In the CLI.......................................................................................................................... 153

Configuring the Guest Role................................................................................................... 153

In the WebUI ...................................................................................................................153

In the CLI.......................................................................................................................... 153

Configuring the Guest Virtual AP......................................................................................... 154

In the WebUI ...................................................................................................................154

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 7

Page 8

In the CLI.......................................................................................................................... 154

Enable 802.11k Support..........................................................................................................155

In the WebUI ...................................................................................................................155

In the CLI.......................................................................................................................... 156

Example Configuration...........................................................................................................156

Configuring a High-Throughput Virtual AP................................................................................. 157

In the WebUI ........................................................................................................................... 157

In the CLI .................................................................................................................................. 160

Managing High-throughput Profiles....................................................................................161

Chapter 6 Adaptive Radio Management (ARM) ........................................................................... 163

ARM Overview ................................................................................................................................163

ARM Support for 802.11n.......................................................................................................163

Monitoring Your Network with ARM................................................................................... 164

Noise and Error Monitoring.......................................................................................... 164

Application Awareness................................................................................................. 164

ARM Profiles ................................................................................................................................... 164

Creating a New ARM Profile ................................................................................................165

Copying an Existing Profile ................................................................................................... 165

Deleting a Profile.................................................................................................................... 166

Configuring ARM Settings.....................................................................................................166

In the WebUI ...................................................................................................................166

In the CLI.......................................................................................................................... 169

Assigning an ARM Profile to an AP Group.................................................................................170

In the WebUI ........................................................................................................................... 170

In the CLI .................................................................................................................................. 170

Multi-Band ARM and 802.11a/802.11g Traffic............................................................................ 171

Band Steering ................................................................................................................................. 171

Steering Modes ...................................................................................................................... 171

Enabling Band Steering.........................................................................................................172

In the WebUI ...................................................................................................................172

In the CLI.......................................................................................................................... 172

Traffic Shaping................................................................................................................................ 173

Enabling Traffic Shaping....................................................................................................... 173

In the WebUI ...................................................................................................................173

In the CLI.......................................................................................................................... 173

Spectrum Load Balancing............................................................................................................. 174

RX Sensitivity Tuning Based Channel Reuse.............................................................................174

Non-802.11 Noise Interference Immunity................................................................................... 175

ARM Metrics ...................................................................................................................................175

ARM Troubleshooting....................................................................................................................176

Too many APs on the Same Channel.................................................................................. 176

Wireless Clients Report a Low Signal Level ......................................................................176

Transmission Power Levels Change Too Often.................................................................177

APs Detect Errors but Do Not Change Channels.............................................................. 177

APs Don’t Change Channels Due to Channel Noise......................................................... 177

Chapter 7 Remote Access Points.................................................................................................... 179

Overview ..........................................................................................................................................179

Configuring the Secure Remote Access Point Service ........................................................... 180

Configure a Public IP Address for the Controller.............................................................. 181

Using the WebUI to Create a DMZ Address..............................................................181

Using CLI.......................................................................................................................... 181

Configure the VPN Server..................................................................................................... 181

8 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 9

Using the WebUI ............................................................................................................ 181

Using CLI.......................................................................................................................... 182

CHAP Authentication Support over PPPoE........................................................................ 182

Configure the Remote AP User Role ...................................................................................183

Using the WebUI ............................................................................................................ 183

Using CLI.......................................................................................................................... 184

Configure VPN Authentication............................................................................................. 184

Using the WebUI ............................................................................................................ 184

Using CLI.......................................................................................................................... 185

Configuring Internal Database for Authentication............................................................185

Using the WebUI ............................................................................................................ 185

Configure VPN authentication using the internal database ................................... 187

Add the user to the internal database ........................................................................187

Using CLI to configure the internal DB for a RAP user ............................................187

Provision the AP ..................................................................................................................... 187

Creating a Remote AP Whitelist...........................................................................................188

Revoking an AP............................................................................................................... 189

Deploying a Branch Office/Home Office Solution..................................................................... 189

Configuring the branch office AP ........................................................................................189

Troubleshooting Remote AP................................................................................................. 190

Local Debugging............................................................................................................. 190

Remote AP Summary..................................................................................................... 190

Multihoming on remote AP (RAP)................................................................................ 192

Seamless failover from backup link to primary link on RAP ................................... 192

Remote AP Connectivity................................................................................................ 192

Remote AP Diagnostics................................................................................................. 193

Enabling Double Encryption.......................................................................................................... 194

Using the WebUI ............................................................................................................ 194

Using CLI.......................................................................................................................... 194

Advanced Configuration Options.................................................................................................194

Understanding Remote AP Modes of Operation............................................................... 194

Fallback Mode.........................................................................................................................196

Backup Configuration Behavior for Wired Ports ......................................................196

Configuring the fallback mode .............................................................................................197

Using WebUI to configure the AAA profile................................................................197

Using CLI.......................................................................................................................... 197

Using the WebUI to configure virtual AP profile....................................................... 198

Using CLI.......................................................................................................................... 198

Configuring the DHCP Server on the Remote AP.............................................................. 199

Using the WebUI ............................................................................................................ 199

Using CLI.......................................................................................................................... 200

Advanced Backup Configuration Options.......................................................................... 200

Using the WebUI to configure the session ACL........................................................201

Using the WebUI to configure the AAA profile .........................................................202

Using the WebUI to define the backup configuration.............................................. 202

Using the CLI to configure the session ACL............................................................... 203

Using the CLI to configure the AAA profile................................................................203

Using the CLI to define the backup configuration .................................................... 203

DNS Controller Setting .......................................................................................................... 204

Specify the DNS name using the WebUI ................................................................... 204

Backup Controller List ........................................................................................................... 205

Configuring the LMS and backup LMS IP addresses using WebUI ......................205

Configuring the LMS and Backup LMS IP Addresses Using CLI ........................... 205

Remote AP Failback............................................................................................................... 206

Using the WebUI ............................................................................................................ 206

Using the CLI ...................................................................................................................206

RAP Local Network Access..................................................................................................206

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 9

Page 10

Using the WebUI ............................................................................................................ 206

Using CLI.......................................................................................................................... 207

Remote AP Authorization Profiles .......................................................................................207

Add or Edit a Remote AP Authorization Profile .........................................................207

Access Control Lists and Firewall Policies........................................................................ 208

Split Tunneling ........................................................................................................................ 208

Configuring Split Tunneling .......................................................................................... 208

Configuring the Session ACL................................................................................................ 209

Using the WebUI ............................................................................................................ 209

Using the CLI ...................................................................................................................210

Configuring ACL for restricted LD homepage access...................................................... 211

Using CLI.......................................................................................................................... 211

Configuring the AAA Profile and the Virtual AP Profile ...................................................212

Using the WebUI ............................................................................................................ 212

Using CLI.......................................................................................................................... 212

Configuring split tunneling in the virtual AP profile..................................................212

Using the CLI to configure split tunneling in the virtual AP profile ........................213

Using the WebUI to list the corporate DNS servers ................................................ 213

Using the CLI to list the corporate DNS servers .......................................................213

Wi-Fi Multimedia ............................................................................................................................ 214

Uplink Bandwidth Reservation.....................................................................................................214

Bandwidth Reservation for Uplink Voice Traffic....................................................... 214

Configuring Bandwidth Reservation ...................................................................................214

Using the WebUI ............................................................................................................ 214

Using CLI.......................................................................................................................... 215

Chapter 8 Secure Enterprise Mesh ................................................................................................ 217

Mesh Access Points ......................................................................................................................217

Mesh Portals ........................................................................................................................... 218

Mesh Points.............................................................................................................................218

Mesh Clusters ......................................................................................................................... 219

Mesh Links....................................................................................................................................... 219

Link Metrics.............................................................................................................................220

Optimizing Links ...................................................................................................................... 220

Mesh Profiles ..................................................................................................................................221

Mesh Cluster Profile .............................................................................................................. 221

Mesh Radio Profile.................................................................................................................221

RF Management (802.11a and 802.11g) Profiles................................................................ 221

Adaptive Radio Management Profiles........................................................................222

High-Throughput Profiles.............................................................................................. 222

Mesh High-Throughput SSID Profile...................................................................................222

Wired AP Profile..................................................................................................................... 223

Mesh Recovery Profile.......................................................................................................... 223

Mesh Solutions ...............................................................................................................................223

Thin AP Services with Wireless Backhaul Deployment.................................................. 224

Point-to-Point Deployment....................................................................................................224

Point-to-Multipoint Deployment...........................................................................................224

High-Availability Deployment............................................................................................... 225

Before You Begin............................................................................................................................ 226

Pre-Deployment Considerations.......................................................................................... 226

Outdoor-Specific Deployment Considerations.................................................................. 226

Configuration Considerations............................................................................................... 226

Post-Deployment Considerations........................................................................................ 226

Dual-Port AP Considerations................................................................................................227

Mesh Radio Profiles.......................................................................................................................227

Managing Mesh Profiles In the WebUI.............................................................................. 227

10 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 11

Creating a New Profile ..................................................................................................227

Assigning a Profile to a Mesh AP or AP Group.........................................................230

Editing a Profile............................................................................................................... 230

Deleting a Profile............................................................................................................ 231

Managing Mesh Profiles In the CLI..................................................................................... 231

Creating or Modifying a Profile.................................................................................... 231

Viewing Profile Settings................................................................................................ 231

Assigning a Profile to an AP Group............................................................................. 231

Deleting a Mesh Radio Profile ..................................................................................... 232

RF Management (802.11a and 802.11g) Profiles ........................................................................232

Managing 802.11a/802.11g Profiles In the WebUI.............................................................232

Creating a Profile............................................................................................................ 232

Assigning an 802.11a/802.11g Profile ..........................................................................236

Assigning a High-throughput Profile........................................................................... 237

Assigning an ARM Profile............................................................................................. 237

Editing an 802.11a/802.11g Profile................................................................................ 238

Deleting a Profile............................................................................................................ 238

Managing 802.11a/802.11g Profiles In the CLI ...................................................................239

Creating or Modifying a Profile.................................................................................... 239

Viewing RF Management Settings ..............................................................................240

Assigning a 802.11a/802.11g Profile ............................................................................ 240

Deleting a Profile............................................................................................................ 240

Mesh High-Throughput SSID Profiles......................................................................................... 240

Managing Profiles In the WebUI .........................................................................................240

Creating a Profile............................................................................................................ 240

Assigning a Profile to an AP Group............................................................................. 242

Editing a Profile............................................................................................................... 242

Deleting a Profile............................................................................................................ 243

Managing Profiles In the CLI................................................................................................ 243

Creating or Modifying a Profile.................................................................................... 243

Assigning a Profile to an AP Group............................................................................. 243

Viewing High-throughput SSID Settings ....................................................................243

Deleting a Profile............................................................................................................ 244

Mesh Cluster Profiles .................................................................................................................... 244

Deployments with Multiple Mesh Cluster Profiles ...........................................................244

Managing Mesh Cluster Profiles In the WebUI ................................................................245

Creating a Profile............................................................................................................ 245

Associating a Profile to Mesh APs.............................................................................. 246

Editing a Profile............................................................................................................... 247

Deleting a Mesh Cluster Profile................................................................................... 247

Managing Mesh Cluster Profiles In the CLI....................................................................... 247

Viewing Mesh Cluster Profile Settings.......................................................................248

Associating Mesh Cluster Profiles.............................................................................. 248

Excluding a Mesh Cluster Profile from a Mesh Node..............................................248

Deleting a Mesh Cluster Profile................................................................................... 249

Ethernet Ports for Mesh ................................................................................................................249

Configure bridging on the Ethernet port............................................................................. 249

Configuring Ethernet Ports for Secure Jack Operation................................................... 250

In the WebUI ...................................................................................................................250

In the CLI.......................................................................................................................... 250

Extending the Life of a Mesh Network................................................................................251

In the WebUI ...................................................................................................................251

In the CLI.......................................................................................................................... 251

Provisioning Mesh Nodes.............................................................................................................251

Outdoor AP Parameters ........................................................................................................ 252

Provisioning Caveats ............................................................................................................. 252

Provisioning Mesh Nodes.....................................................................................................253

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 11

Page 12

In the WebUI ...................................................................................................................253

In the CLI.......................................................................................................................... 253

AP Boot Sequence .........................................................................................................................254

Mesh Portal ............................................................................................................................. 254

Mesh Point...............................................................................................................................254

Air Monitoring and Mesh...................................................................................................... 254

Verifying the Network....................................................................................................................255

Verification Checklist..................................................................................................... 255

CLI Examples................................................................................................................... 255

Remote Mesh Portals .................................................................................................................... 256

How RMP Works .................................................................................................................... 257

Creating a Remote Mesh Portal In the WebUI.................................................................. 257

Provisioning the AP........................................................................................................ 257

Defining the Mesh Private VLAN................................................................................. 258

Selecting a Mesh Radio Profile ................................................................................... 259

Selecting an RF Management Profile .........................................................................259

Adding a Mesh Cluster Profile .....................................................................................259

Configuring a DHCP Pool .............................................................................................. 260

Configuring the VLAN ID of the Virtual AP Profile ....................................................260

Provisioning a Remote Mesh Portal In the CLI.................................................................. 261

Additional Information........................................................................................................... 261

Chapter 9 Authentication Servers................................................................................................... 263

Important Points to Remember .................................................................................................... 263

Servers and Server Groups .......................................................................................................... 263

Configuring Servers ....................................................................................................................... 264

Configuring a RADIUS Server...............................................................................................264

In the WebUI ...................................................................................................................265

In the CLI.......................................................................................................................... 265

RADIUS Server Authentication Codes........................................................................ 265

RADIUS Server Fully Qualified Domain Names................................................................. 266

Set a DNS Query Interval...................................................................................................... 266

In the WebUI ...................................................................................................................266

In the CLI.......................................................................................................................... 266

Configuring an LDAP Server ................................................................................................. 266

In the WebUI ...................................................................................................................267

In the CLI.......................................................................................................................... 267

Configuring a TACACS+ Server............................................................................................268

In the WebUI ...................................................................................................................268

In the CLI.......................................................................................................................... 268

Configuring a Windows Server............................................................................................ 269

In the WebUI ...................................................................................................................269

In the CLI.......................................................................................................................... 269

Internal Database...........................................................................................................................269

Configuring the Internal Database ......................................................................................269

In the WebUI ...................................................................................................................270

In the CLI.......................................................................................................................... 270

RAP Static Inner IP Address.................................................................................................270

In the WebUI ...................................................................................................................270

In the CLI.......................................................................................................................... 271

Managing Internal Database Files ......................................................................................271

Exporting files in the WebUI......................................................................................... 272

Importing files in the WebUI......................................................................................... 272

In the CLI.......................................................................................................................... 272

Internal Database Utilities .................................................................................................... 272

Deleting All User............................................................................................................. 272

12 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 13

Repairing the Internal Database.................................................................................. 272

Server Groups .................................................................................................................................273

Configuring Server Groups ................................................................................................... 273

In the WebUI ...................................................................................................................273

In the CLI.......................................................................................................................... 273

Configuring Server List Order and Fail-Through ...............................................................273

In the WebUI ...................................................................................................................274

In the CLI.......................................................................................................................... 274

Configuring Dynamic Server Selection...............................................................................274

In the WebUI ...................................................................................................................275

In the CLI.......................................................................................................................... 276

Configuring Match FQDN Option .........................................................................................276

In the WebUI ...................................................................................................................276

In the CLI.......................................................................................................................... 276

Trimming Domain Information from Requests................................................................... 276

In the WebUI ...................................................................................................................277

In the CLI.......................................................................................................................... 277

Configuring Server-Derivation Rules ..................................................................................277

In the WebUI ...................................................................................................................278

In the CLI.......................................................................................................................... 278

Configuring a Role Derivation Rule for the Internal Database .......................................279

In the WebUI ...................................................................................................................279

In the CLI.......................................................................................................................... 279

Assigning Server Groups .............................................................................................................. 279

User Authentication............................................................................................................... 279

Management Authentication................................................................................................280

In the WebUI ...................................................................................................................280

In the CLI.......................................................................................................................... 280

Accounting .............................................................................................................................. 280

RADIUS Accounting....................................................................................................... 280

In the WebUI ...................................................................................................................282

In the CLI.......................................................................................................................... 282

TACACS+ Accounting ............................................................................................................ 282

Configuring Authentication Timers.............................................................................................. 282

Setting an Authentication Timer.......................................................................................... 283

In the WebUI ...................................................................................................................283

In the CLI.......................................................................................................................... 283

Chapter 10 802.1x Authentication...................................................................................................... 285

Overview of 802.1x Authentication ..............................................................................................285

Supported EAP Types............................................................................................................ 286

Authentication with a RADIUS Server................................................................................ 286

Authentication Terminated on Controller........................................................................... 287

Configuring 802.1x Authentication...............................................................................................288

Using the WebUI ............................................................................................................ 289

Using the CLI ...................................................................................................................293

Configuring and Using Certificates with AAA FastConnect............................................ 294

Using the WebUI ............................................................................................................ 294

Using the CLI ...................................................................................................................294

Configuring User and Machine Authentication.................................................................295

Role Assignment with Machine Authentication Enabled................................................ 295

Example Configurations................................................................................................................. 296

Authentication with an 802.1x RADIUS Server.................................................................. 297

Configuring Roles and Policies ............................................................................................297

Creating the Student Role and Policy .........................................................................297

Creating the Faculty Role and Policy ..........................................................................298

Creating the Guest Role and Policy............................................................................. 299

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 13

Page 14

Creating Roles and Policies for Sysadmin and Computer.......................................300

Creating an Alias for the Internal Network Using CLI..............................................301

Configuring the RADIUS Authentication Server................................................................301

Using the WebUI ............................................................................................................ 301

Using the CLI ...................................................................................................................302

Configure 802.1x Authentication.......................................................................................... 302

Using the WebUI ............................................................................................................ 302

Using the CLI ...................................................................................................................303

Configure VLANs .................................................................................................................... 303

Using the WebUI ............................................................................................................ 303

Using the CLI ...................................................................................................................304

Configuring the WLANs.........................................................................................................304

Configuring the Guest WLAN ...............................................................................................304

Using the WebUI ............................................................................................................ 304

Using the CLI ...................................................................................................................305

Configuring the Non-Guest WLANs ....................................................................................305

Using the WebUI ............................................................................................................ 305

Using the CLI ...................................................................................................................306

Authentication with the Controller’s Internal Database.................................................. 306

Configuring the Internal Database ......................................................................................306

Using the WebUI ............................................................................................................ 307

Using the CLI ...................................................................................................................307

Configuring a server rule using the WebUI ............................................................... 307

Configuring a server rule using the CLI ......................................................................307

Configure 802.1x Authentication.......................................................................................... 307

Using the WebUI ............................................................................................................ 307

Using the CLI ...................................................................................................................308

Configure VLANs .................................................................................................................... 308

Using the WebUI ............................................................................................................ 308

Using the CLI ...................................................................................................................309

Configuring the WLANs.........................................................................................................309

Configuring the Guest WLAN ...............................................................................................309

Using the WebUI ............................................................................................................ 309

Using the CLI ...................................................................................................................310

Configuring the Non-Guest WLANs ....................................................................................310

Using the WebUI ............................................................................................................ 310

Using the CLI ...................................................................................................................311

Mixed Authentication Modes ............................................................................................... 312

Using the CLI ...................................................................................................................312

Advanced Configuration Options for 802.1x...............................................................................312

Configuring reauthentication with Unicast Key Rotation ................................................312

Using the WebUI ............................................................................................................ 313

Using the CLI ...................................................................................................................313

Chapter 11 Certificate Revocation.................................................................................................... 315

About OCSP and CRL ..................................................................................................................... 315

Controller as OCSP and CRL Clients.................................................................................... 315

Configuring the Controller as an OCSP Client............................................................................ 316

In the WebUI ........................................................................................................................... 316

In the CLI .................................................................................................................................. 317

Configuring the Controller as a CRL Client .................................................................................318

In the WebUI ........................................................................................................................... 318

In the CLI .................................................................................................................................. 318

Configuring the Controller as a OCSP Responder..................................................................... 318

In the WebUI ........................................................................................................................... 318

In the CLI .................................................................................................................................. 319

14 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 15

Chapter 12 Roles and Policies........................................................................................................... 321

Policies............................................................................................................................................. 321

Access Control Lists (ACLs)..................................................................................................322

Creating a Firewall Policy ..................................................................................................... 322

In the WebUI ...................................................................................................................324

In the CLI.......................................................................................................................... 324

Creating a Network Service Alias .......................................................................................324

In the WebUI ...................................................................................................................324

In the CLI.......................................................................................................................... 325

Creating an ACL White List................................................................................................... 325

Configuring a White List Bandwidth Contract in the WebUI .................................. 325

Configuring the ACL White List in the WebUI............................................................ 325

Configuring the White List Bandwidth Contract in the CLI...................................... 326

Configuring the ACL White List in the CLI .................................................................. 326

User Roles........................................................................................................................................ 326

Creating a User Role.............................................................................................................. 327

In the WebUI ...................................................................................................................327

In the CLI.......................................................................................................................... 327

Bandwidth Contracts............................................................................................................. 328

Configuring a Bandwidth Contract in the WebUI ..................................................... 328

Assigning a Bandwidth Contract to a User Role in the WebUI ..............................328

Configuring and Assigning Bandwidth Contracts in the CLI...................................329

Bandwidth Contract Exceptions ..........................................................................................329

Viewing the Current Exceptions List ...........................................................................329

Configuring Bandwidth Contract Exceptions ............................................................ 329

User Role Assignments ................................................................................................................. 329

User Role in AAA Profile ....................................................................................................... 330

In the WebUI ...................................................................................................................330

In the CLI.......................................................................................................................... 330

User-Derived Roles or VLANs.............................................................................................. 330

Device Identification...................................................................................................... 331

Configuring a User-derived Role or VLAN in the WebUI.........................................332

Configure a User-derived Role or VLAN in the CLI...................................................332

User-Derived Role Example.......................................................................................... 333

Default Role for Authentication Method.............................................................................333

In the WebUI ...................................................................................................................334

In the CLI.......................................................................................................................... 334

Server-Derived Role...............................................................................................................334

VSA-Derived Role...................................................................................................................334

Global Firewall Parameters .......................................................................................................... 335

Chapter 13 Dashboard Monitoring.................................................................................................... 339

Performance.................................................................................................................................... 339

Clients.......................................................................................................................................339

APs............................................................................................................................................339

Using Dashboard Histograms...............................................................................................340

Usage................................................................................................................................................ 340

Clients.......................................................................................................................................340

APs............................................................................................................................................340

Security ............................................................................................................................................341

Potential Issues ..............................................................................................................................341

WLANs .............................................................................................................................................341

Access Points .................................................................................................................................342

Clients............................................................................................................................................... 342

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 15

Page 16

Chapter 14 Stateful and WISPr Authentication.............................................................................. 345

Stateful Authentication Overview................................................................................................ 345

WISPr Authentication Overview..................................................................................................345

Important Points to Remember .................................................................................................... 346

Configuring Stateful 802.1x Authentication................................................................................346

In the WebUI ........................................................................................................................... 346

In the CLI .................................................................................................................................. 347

Configuring Stateful NTLM Authentication................................................................................347

In the WebUI ........................................................................................................................... 347

In the CLI .................................................................................................................................. 348

Configuring WISPr Authentication ..............................................................................................348

In the WebUI ........................................................................................................................... 348

In the CLI .................................................................................................................................. 349

Chapter 15 Captive Portal................................................................................................................... 351

Captive Portal Overview................................................................................................................351

Policy Enforcement Firewall Next Generation (PEFNG) License ...................................351

Controller Server Certificate.................................................................................................352

Captive Portal in the Base ArubaOS ........................................................................................... 352

Configuring Captive Portal via the WebUI..........................................................................353

Configuring Captive Portal via the CLI ................................................................................354

Captive Portal with the PEFNG License......................................................................................354

Configuring Captive Portal via the WebUI..........................................................................355

Configuring Captive Portal via the CLI ................................................................................356

Example Authentication with Captive Portal ............................................................................. 357

Creating a Guest-logon User Role....................................................................................... 357

Creating an Auth-guest User Role....................................................................................... 358

Configuring Policies and Roles in the WebUI.................................................................... 358

Time Range...................................................................................................................... 358

Aliases.............................................................................................................................. 359

Auth-Guest-Access Policy ........................................................................................... 359

Block-Internal-Access Policy ......................................................................................360

Drop-and-Log Policy...................................................................................................... 361

Guest-logon Role............................................................................................................ 361

Guest-Logon Role........................................................................................................... 362

Configuring Policies and Roles in the CLI...........................................................................362

Time Range...................................................................................................................... 362

Aliases.............................................................................................................................. 362

Guest-Logon-Access Policy......................................................................................... 362

Auth-Guest-Access Policy ........................................................................................... 363

Block-Internal-Access Policy ......................................................................................363

Drop-and-Log Policy...................................................................................................... 363

Guest-Logon Role........................................................................................................... 363

Auth-Guest Role ............................................................................................................. 363

Configuring Guest VLANs.............................................................................................................. 363

In the WebUI ........................................................................................................................... 363

In the CLI .................................................................................................................................. 364

Captive Portal Authentication ...................................................................................................... 364

Modifying the Initial User Role ............................................................................................. 365

Configuring the AAA Profile..................................................................................................365

Configuring the WLAN...........................................................................................................365

User Account Administration............................................................................................... 366

Captive Portal Configuration Parameters...........................................................................366

Optional Captive Portal Configurations....................................................................................... 368

Per-SSID Captive Portal Page.............................................................................................. 368

16 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 17

Changing the Protocol to HTTP............................................................................................ 369

Proxy Server Redirect............................................................................................................370

Redirecting Clients on Different VLANs..............................................................................371

Web Client Configuration with Proxy Script ......................................................................371

Personalizing the Captive Portal Page........................................................................................ 372

Creating Walled Garden Access ................................................................................................. 374

Creating Walled Garden Access .........................................................................................374

Using the WebUI to create Walled Garden access .................................................374

Using the CLI to create walled garden access .........................................................375

Chapter 16 Advanced Security.......................................................................................................... 377

Securing Client Traffic...................................................................................................................378

Securing Wireless Clients.....................................................................................................378

In the WebUI ...................................................................................................................379

In the CLI.......................................................................................................................... 379

Securing Wired Clients..........................................................................................................379

In the WebUI ...................................................................................................................380

In the CLI.......................................................................................................................... 381

Securing Wireless Clients Through Non-Dell APs ...........................................................381

In the WebUI ...................................................................................................................381

In the CLI.......................................................................................................................... 382

Securing Clients on an AP Wired Port................................................................................ 382

In the WebUI ...................................................................................................................382

In the CLI.......................................................................................................................... 383

Securing Controller-to-Controller Communication...................................................................384

Configuring Controllers for xSec..........................................................................................384

In the WebUI ...................................................................................................................384

In the CLI.......................................................................................................................... 385

Configuring the Odyssey Client on Client Machines ................................................................ 385

Installing the Odyssey Client ................................................................................................ 385

Chapter 17 Virtual Private Networks................................................................................................ 389

Planning a VPN Configuration......................................................................................................389

Selecting an IKE protocol......................................................................................................390

Suite-B Encryption Licensing............................................................................................... 390

IKEv2 Clients............................................................................................................................391

Supported VPN AAA Deployments......................................................................................391

Certificate Groups .................................................................................................................. 391

VPN Authentication Profiles.........................................................................................................392

Configuring a Basic VPN for L2TP/IPsec.................................................................................... 393

In the WebUI ........................................................................................................................... 393

Define Authentication Method and Server Addresses............................................ 393

Define Address Pools ....................................................................................................393

Enable Source NAT........................................................................................................ 394

Select Certificates.......................................................................................................... 394

Define IKEv1 Shared Keys ............................................................................................ 394

Configure IKE Policies ...................................................................................................395

Set the IPsec Dynamic Map......................................................................................... 396

Finalize your WebUI changes ...................................................................................... 396

Configuring a VPN for L2TP/IPsec with IKEv2 ...........................................................................397

In the WebUI ........................................................................................................................... 397

Define Authentication Method and Server Addresses............................................ 397

Define Address Pools ....................................................................................................397

Enable Source NAT........................................................................................................ 398

Select Certificates.......................................................................................................... 398

Configure IKE Policies ...................................................................................................398

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 17

Page 18

Set the IPsec Dynamic Map......................................................................................... 399

Finalize your WebUI changes ...................................................................................... 400

Configuring a VPN for Smart Card Clients.................................................................................. 401

Smart Card clients using IKEv2............................................................................................ 401

Smart Card Clients using IKEv1............................................................................................ 401

Configuring a VPN for Clients with User Passwords................................................................ 402

In the WebUI ........................................................................................................................... 402

In the CLI .................................................................................................................................. 403

Configuring Remote Access VPNs for XAuth ............................................................................403

Configuring VPNs for XAuth Clients using Smart Cards.................................................. 403

Configuring a VPN for XAuth Clients Using a Username/Password .............................404

Remote Access VPNs for PPTP ...................................................................................................405

In the WebUI ........................................................................................................................... 405

In the CLI .................................................................................................................................. 406

Site-to-Site VPNs............................................................................................................................ 406

Third-Party Devices ............................................................................................................... 406

Site-to-Site VPNs with Dynamic IP Addresses................................................................. 406

VPN Topologies ...................................................................................................................... 407

Configuring Site-to-Site VPNs.............................................................................................. 407

In the WebUI ...................................................................................................................407

In the CLI.......................................................................................................................... 409

Dead Peer Detection..............................................................................................................410

Default IKE policies................................................................................................................ 411

VPN Dialer ....................................................................................................................................... 411

Configuring the VPN Dialer................................................................................................... 411

In the WebUI ...................................................................................................................411

In the CLI.......................................................................................................................... 412

Assigning a Dialer to a User Role........................................................................................ 412

In the WebUI ...................................................................................................................412

In the CLI.......................................................................................................................... 412

Chapter 18 Virtual Intranet Access................................................................................................... 415

VIA Connection Manager.............................................................................................................. 415

How it Works...........................................................................................................................415

Installing the VIA Connection Manager .............................................................................416

On Microsoft Windows Computers............................................................................. 416

On Apple MacBooks...................................................................................................... 416

Upgrade Workflow................................................................................................................. 417

Minimal Upgrade............................................................................................................ 417

Complete Upgrade ......................................................................................................... 417

VIA Compatibility .................................................................................................................... 417

Configuring the VIA Controller ..................................................................................................... 417

Before you Begin....................................................................................................................417

Supported Authentication Mechanisms.............................................................................417

Authentication mechanisms supported in VIA 1.x.................................................... 418

Suite B Cryptography Support..............................................................................................418

Configuring VIA Settings....................................................................................................... 418

Using WebUI to Configure VIA............................................................................................. 419

Enable VPN Server Module.......................................................................................... 419

Create VIA User Roles................................................................................................... 419

Create VIA Authentication Profile ...............................................................................420

Create VIA Connection Profile .....................................................................................421

Configure VIA Web Authentication.............................................................................423

Associate VIA Connection Profile to User Role ........................................................424

Configure VIA Client WLAN Profiles ...........................................................................424

Re-branding VIA and Downloading the Installer ......................................................426

18 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 19

Using CLI to Configure VIA....................................................................................................428

Create VIA Roles ............................................................................................................ 428

Create VIA Authentication Profiles .............................................................................428

Create VIA Connection Profiles ...................................................................................428

Configure VIA web authentication ..............................................................................428

Associate VIA connection profile to user role ..........................................................428

Configure VIA client WLAN profiles............................................................................ 428

Customize VIA logo, landing page and downloading installer ............................... 429

Configuring MAC-Based Authentication....................................................................................431

Configuring the MAC Authentication Profile .....................................................................431

Chapter 19 MAC-based Authentication........................................................................................... 431

Using the WebUI to configure a MAC authentication profile.................................432

Using the CLI to configure a MAC authentication profile........................................ 432

Configuring Clients .........................................................................................................................432

Using the WebUI to configure clients in the internal database .....................................432

Using the CLI to configure clients in the internal database............................................ 432

Chapter 20 Control Plane Security.................................................................................................... 433

Control Plane Security Overview.................................................................................................433

Configuring Control Plane Security .............................................................................................434

In the WebUI ...................................................................................................................434

In the CLI.......................................................................................................................... 435

Managing the Campus AP Whitelist ...................................................................................435

Viewing Entries in the Campus AP Whitelist .............................................................436

Modifying an AP in the Campus AP Whitelist ........................................................... 437

Revoking an AP via the Campus AP Whitelist...........................................................438

Deleting an AP Entry from the Campus AP Whitelist ...............................................439

Purging the Campus AP Whitelist ............................................................................... 439

Whitelists on Master and Local Controllers .............................................................................. 439

Campus AP Whitelist Synchronization ...............................................................................440

Viewing and Managing the Master or Local Switch Whitelists..................................... 441

Viewing the Master or Local Switch Whitelist.......................................................... 441

Deleting an Entry from the Master or Local Switch Whitelist ................................441

Purging the Master or Local Switch Whitelist ..........................................................442

Environments with Multiple Master Controllers ....................................................................... 442

Configuring Networks with a Backup Master Controller ................................................442

Configuring Networks with Clusters of Master Controllers............................................ 443

Creating a Cluster Root ................................................................................................. 443

Creating a Cluster Member .......................................................................................... 444

Viewing Controller Cluster Settings ............................................................................445

Replacing a Controller on a Multi-Controller Network ............................................................ 445

Replacing Controllers in a Single Master Network.......................................................... 445

Replacing a Local Controller ........................................................................................445

Replacing a Master Controller (With No Backup)....................................................446

Replacing a Redundant Master Controller ................................................................ 447

Replacing Controllers in a Multi-Master Network............................................................447

Replacing a Local Controller in a Multi-Master Network ....................................... 447

Replacing a Cluster Member Controller (With no Backup)..................................... 447

Replacing a Redundant Cluster Member Controller ................................................ 448

Replacing a Cluster Root Controller with no Backup Controller ............................448

Replacing a Redundant Cluster Root Controller ....................................................... 449

Configuring Control Plane Security after Upgrading................................................................449

Troubleshooting Control Plane Security..................................................................................... 450

Certificate Problems .............................................................................................................. 450

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 19

Page 20

Verifying Certificates ............................................................................................................. 450

Disabling Control Plane Security......................................................................................... 451

Verify Whitelist Synchronization..........................................................................................451

Supported APs........................................................................................................................ 452

Rogue APs ............................................................................................................................... 452

Chapter 21 Adding Local Controllers................................................................................................ 453

Moving to a Multi-Controller Environment.................................................................................453

Configuring a Preshared Key................................................................................................454

Using the WebUI to configure a Local Controller PSK ............................................ 454

Using the WebUI to configure a Master Controller PSK .........................................454

Using the CLI to configure a PSK................................................................................. 455

Configuring a Controller Certificate.....................................................................................455

Using the CLI to configure a Local Controller Certificate........................................455

Using the CLI to configure the Master Controller Certificate .................................455

Configuring Local Controllers.......................................................................................................455

Configuring the Local Controller.......................................................................................... 456

Using the Initial Setup ................................................................................................... 456

Using the Web UI ........................................................................................................... 456

Using the CLI ...................................................................................................................456

Configuring Layer-2/Layer-3 Settings .................................................................................456

Configuring Trusted Ports..................................................................................................... 457

Configuring Local Controller Settings................................................................................. 457

Configuring APs...................................................................................................................... 457

Using the WebUI to configure the LMS IP.................................................................457

Using the CLI to configure the LMS IP........................................................................ 458

Chapter 22 Remote Nodes.................................................................................................................. 459

Creating Remote Node Profiles.................................................................................................... 459

Adding a New Remote Node Profile ...................................................................................460

Defining Remote Node Address Pools................................................................................461

OSPF and Static Routes.........................................................................................................462

Configuration Examples.........................................................................................................462

Create a remote node profile ....................................................................................... 463

Define VLANs for a remote node profile and assign a wired aaa profile to each

VLAN................................................................................................................................. 463

Identify the RN interfaces to be used as access ports for each VLAN ................ 463

Configure each VLAN interface with an internal IP address.................................. 463

Manage and configure the uplink network connection .......................................... 464

Configure the uplink network connection and define a static IPsec route map . 464

Configure user roles and passwords for administrative users .............................. 464

Define the server used for name and address resolution.......................................464

Define the OSPF settings for the upstream router.................................................... 464

(Optional) Define SNMP settings................................................................................. 464

Specify that the RN use its internal database to authenticate clients.................. 464

Define NAT settings and identify the interface for outgoing RADIUS packets ... 464

Define DHCP pools for a RN tunnel.............................................................................464

Define RN DHCP pools for each VLAN .......................................................................465

Configuring the Remote Node Whitelist .....................................................................................466

Adding an RN to the whitelist............................................................................................... 467

Viewing Remote Node Whitelist Settings ..........................................................................467

Installing the Remote Node at the Remote Site ........................................................................ 467

Monitoring and Managing Remote Nodes.................................................................................468

Editing a Remote Node Configuration................................................................................. 468

Monitoring a Remote Node...................................................................................................469

20 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 21

In the WebUI ...................................................................................................................469

In the CLI.......................................................................................................................... 469

RN Troubleshooting ............................................................................................................... 470

Chapter 23 IP Mobility......................................................................................................................... 471

Dell Mobility Architecture.............................................................................................................471

Configuring Mobility Domains ......................................................................................................472

Configuring a Mobility Domain ............................................................................................. 473

Using the WebUI ............................................................................................................ 473

Using the CLI ...................................................................................................................473

Joining a Mobility Domain .................................................................................................... 474

In the WebUI ...................................................................................................................474

In the CLI.......................................................................................................................... 474

Example Configuration...........................................................................................................474

Configuring Mobility using the WebUI........................................................................ 475

Configuring Mobility using the CLI.......................................................................................476

Tracking Mobile Users .................................................................................................................. 476

Mobile Client Roaming Status.............................................................................................. 476

Viewing mobile client status using the WebUI ......................................................... 476

Viewing mobile client status using the CLI ................................................................476

Viewing user roaming status using the CLI ............................................................... 477

Viewing specific client information using the CLI .................................................... 478

Mobile Client Roaming Locations........................................................................................ 478

In the WebUI ...................................................................................................................478

In the CLI.......................................................................................................................... 478

HA Discovery on Association...............................................................................................478

Setting up Mobility Association Using CLI.................................................................478

Advanced Mobility Functions.......................................................................................................478

Configuring Advanced Mobility Functions Using the WebUI ................................. 478

Configuring Mobility Functions Using CLI ..................................................................480

Proxy Mobile IP.......................................................................................................................481

Proxy DHCP ............................................................................................................................. 481

Revocations.............................................................................................................................481

Bridge Mode Mobility ....................................................................................................................481

Mobility Multicast........................................................................................................................... 483

Proxy IGMP and Proxy Remote Subscription.................................................................... 483

Inter-controller Mobility........................................................................................................ 483

Configuring Mobility Multicast Using the WebUI .....................................................484

Configuring Mobility Multicast Using the CLI............................................................485

Example............................................................................................................................ 485

Chapter 24 VRRP.................................................................................................................................. 487

Redundancy Parameters............................................................................................................... 487

Configuring the Local Controller for Redundancy.............................................................488

In the WebUI ...................................................................................................................489

In the CLI.......................................................................................................................... 489

Configuring the LMS IP..........................................................................................................489

In the WebUI ...................................................................................................................489

In the CLI.......................................................................................................................... 489

Configuring the Master Controller for Redundancy .........................................................489

Configuring Database Synchronization.............................................................................. 491

In the WebUI ...................................................................................................................491

In the CLI.......................................................................................................................... 491

Incremental Configuration Synchronization...................................................................... 492

In the CLI.......................................................................................................................... 492

Configuring Master-Local Controller Redundancy........................................................... 492

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 21

Page 22

Chapter 25 RSTP .................................................................................................................................. 495

Migration and Interoperability ..................................................................................................... 495

Rapid Convergence........................................................................................................................495

Edge Port and Point-to-Point................................................................................................ 496

Configuring RSTP............................................................................................................................ 496

In the WebUI ........................................................................................................................... 496

In the CLI .................................................................................................................................. 497

Monitoring RSTP.....................................................................................................................498

Troubleshooting..............................................................................................................................498

Chapter 26 PVST+................................................................................................................................ 501

Interoperability and Best Practices ............................................................................................ 501

Configure using the CLI ................................................................................................................. 501

Configure using the WebUI........................................................................................................... 502

Chapter 27 W-600 Series Controller ................................................................................................. 503

Important Points to Remember .................................................................................................... 503

Internal Access Point (AP)............................................................................................................ 504

USB Cellular Modems.................................................................................................................... 504

Functional Description...........................................................................................................504

Mode-Switching..................................................................................................................... 504

USB Modems Commands ..................................................................................................... 504

Uplink Manager ..................................................................................................................... 505

Cellular Profile.........................................................................................................................506

Dialer Group ............................................................................................................................ 507

Configuring a Supported USB Modem........................................................................................ 508

Configuring a New USB Modem..................................................................................................509

Configuring the Profile and Modem Driver ........................................................................509

Configuring the TTY Port ....................................................................................................... 511

Testing the TTY Port...............................................................................................................512

Selecting the Dialer Profile ................................................................................................... 512

Linux Support .......................................................................................................................... 513

NAS (Network-Attached Storage)............................................................................................... 513

NAS Device Setup..................................................................................................................513

Configuring in the CLI.............................................................................................................514

Managing NAS Devices........................................................................................................ 515

Mounting and Unmounting Devices ................................................................................... 515

Print Server...................................................................................................................................... 516

Printer Setup Using the CLI...................................................................................................516

Additional Commands for Managing Printers ...................................................................517

Sample Topology and Configuration ...........................................................................................518

Remote Branch 2—W-650 Controller .................................................................................519

W-3200 Central Office Controller—Active......................................................................... 520

W-3200 Central Office Controller—Backup....................................................................... 522

Upgrading and Migrating ..............................................................................................................523

Chapter 28 OSPFv2 .............................................................................................................................. 525

Important Points to Remember .................................................................................................... 525

WLAN Scenario ..............................................................................................................................525

WLAN Topology......................................................................................................................526

WLAN Routing Table..............................................................................................................526

Branch Office Scenario.................................................................................................................526

Branch Office Topology.........................................................................................................527

22 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 23

Branch Office Routing Table ................................................................................................527

Configuring OSPF............................................................................................................................ 528

Deployment Best Practices ..........................................................................................................530

Sample Topology and Configuration ...........................................................................................531

Remote Branch 1.................................................................................................................... 531

Remote Branch 2.................................................................................................................... 532

W-3200 Central Office Controller—Active......................................................................... 533

W-3200 Central Office Controller—Backup....................................................................... 535

Chapter 29 Wireless Intrusion Prevention....................................................................................... 537

Reusable Wizard............................................................................................................................. 537

Wizard Intrusion Detection ................................................................................................... 538

Wizard Intrusion Protection..................................................................................................539

Protection for Infrastructure ........................................................................................539

Protection for Clients..................................................................................................... 539

Monitoring Dashboard................................................................................................................... 540

Rogue AP Detection.......................................................................................................................541

Classification Terminology....................................................................................................541

Classification Methodology.................................................................................................. 542

Match Methods ..............................................................................................................542

Match Types ................................................................................................................... 542

Suspected Rogue Confidence Level ...........................................................................543

AP Classification Rules..........................................................................................................543

SSID specification.......................................................................................................... 543

SNR specification........................................................................................................... 543

Discovered-AP-Count specification ........................................................................... 543

Example Rules................................................................................................................. 544

Rule Matching.........................................................................................................................544

Intrusion Detection......................................................................................................................... 544

Infrastructure Intrusion Detection.......................................................................................544

Detect 802.11n 40MHz Intolerance Setting................................................................547

Detect Active 802.11n Greenfield Mode..................................................................... 547

Detect Ad hoc Networks............................................................................................... 547

Detect Ad hoc Network Using Valid SSID ................................................................. 547

Detect AP Flood Attack .................................................................................................547

Detect AP Impersonation.............................................................................................. 548

Detect AP Spoofing........................................................................................................ 548

Detect Bad WEP............................................................................................................. 548

Detect Beacon Wrong Channel................................................................................... 548

Detect Client Flood Attack ............................................................................................548

Detect CTS Rate Anomaly............................................................................................. 548

Detect RTS Rate Anomaly............................................................................................. 548

Detect Devices with an Invalid MAC OUI .................................................................. 548

Detect Invalid Address Combination .......................................................................... 548

Detect Overflow EAPOL Key......................................................................................... 549

Detect Overflow IE .........................................................................................................549

Detect Malformed Frame-Assoc Request ................................................................. 549

Detect Malformed Frame-Auth.................................................................................... 549

Detect Malformed Frame-HT IE................................................................................... 549

Detect Malformed Frame-Large Duration.................................................................. 549

Detect Misconfigured AP ............................................................................................. 549

Detect Windows Bridge................................................................................................ 549

Detect Wireless Bridge................................................................................................. 549

Detect Broadcast Deauthentication ...........................................................................549

Detect Broadcast Disassociation................................................................................ 550

Detect Netstumbler........................................................................................................ 550

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 23

Page 24

Detect Valid SSID Misuse............................................................................................. 550

Detect Wellenreiter ....................................................................................................... 550

Client Intrusion Detection ..................................................................................................... 550

Detect Block ACK DoS .................................................................................................. 552

Detect ChopChop Attack............................................................................................... 552

Detect Disconnect Station Attack...............................................................................552

Detect EAP Rate Anomaly ............................................................................................ 552

Detect FATA-Jack Attack Structure ...........................................................................553

Detect Hotspotter Attack ..............................................................................................553

Detect Meiners Power Save DoS Attack...................................................................553

Detect Omerta Attack.................................................................................................... 553

Detect Rate Anomalies.................................................................................................. 553

Detect TKIP Replay Attack ........................................................................................... 553

Detect Unencrypted Valid Clients ............................................................................... 553

Detect Valid Client Misassociation .............................................................................553

Detect AirJack................................................................................................................ 554

Detect ASLEAP ...............................................................................................................554

Detect Null Probe Response ........................................................................................554

Intrusion Protection ....................................................................................................................... 554

Infrastructure Intrusion Protection .....................................................................................554

Protect 40MHz 802.11 High Throughput Devices......................................................555

Protect 802.11n High Throughput Devices................................................................. 555

Protect from Adhoc Networks .....................................................................................555

Protect From AP Impersonation .................................................................................. 555

Protect Misconfigured AP ............................................................................................555

Protect SSID.................................................................................................................... 555

Rogue Containment........................................................................................................ 555

Suspected Rogue Containment ................................................................................... 555

Client Intrusion Protection.................................................................................................... 556

Protect Valid Stations.................................................................................................... 556

Protect Windows Bridge............................................................................................... 556

WLAN Management System ........................................................................................................556

Configuring WMS via the WebUI.........................................................................................556

Configuring WMS via the CLI ...............................................................................................557

Configuring Local WMS Settings ................................................................................ 557

Managing the WMS Database .................................................................................... 557

Client Blacklisting...........................................................................................................................558

Methods of Blacklisting.........................................................................................................558

Manual Blacklisting ............................................................................................................... 558

Authentication Failure Blacklisting .....................................................................................559

Attack Blacklisting ................................................................................................................. 559

Blacklist Duration ................................................................................................................... 560

Removing a Client from Blacklisting....................................................................................560

Chapter 30 WIP Advanced Features ................................................................................................ 561

TotalWatch ......................................................................................................................................561

Channel Types and Qualifiers...............................................................................................561

Monitoring ............................................................................................................................... 562

Scanning Spectrum................................................................................................................562

Channel Dwell Time ............................................................................................................... 562

Channel Visiting...................................................................................................................... 563

Age out of Devices................................................................................................................. 563

TotalWatch Administration...........................................................................................................563

Configuring Per Radio Settings............................................................................................ 563

Configuring Per AP Setting................................................................................................... 564

Licensing..................................................................................................................................565

Tarpit Shielding...............................................................................................................................565

24 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 25

Tarpit Shielding Administration.................................................................................................... 565

Configuring Tarpit Shielding................................................................................................. 566

Licensing..................................................................................................................................566

Chapter 31 Link Aggregation Control Protocol ............................................................................... 567

Important Points to Remember .................................................................................................... 567

Configuring LACP............................................................................................................................ 567

In the CLI .................................................................................................................................. 567

In the WebUI ........................................................................................................................... 569

Best Practices................................................................................................................................. 569

Sample Configuration .................................................................................................................... 570

Chapter 32 Management Access...................................................................................................... 571

Certificate Authentication for WebUI Access...........................................................................571

Configuring Certificate Authentication for WebUI Access............................................. 571

In the WebUI ...................................................................................................................571

In the CLI.......................................................................................................................... 572

Public Key Authentication for SSH Access ............................................................................... 572

In the WebUI ...................................................................................................................572

In the CLI.......................................................................................................................... 573

Radius Server Authentication ...................................................................................................... 573

Radius Server Username/Password Authentication........................................................573

In the WebUI ...................................................................................................................573

In the CLI.......................................................................................................................... 573

RADIUS Server Authentication with VSA...........................................................................574

RADIUS Server Authentication with Server-Derivation Rule .........................................574

Configuring a Value-of Server-derivation Rule in the WebUI................................. 574

In the CLI.......................................................................................................................... 575

Configuring a set-value server-derivation rule in the WebUI................................. 575

In the CLI.......................................................................................................................... 576

Disabling Authentication of Local Management User Accounts................................... 576

In the WebUI ...................................................................................................................576

In the CLI.......................................................................................................................... 576

Verifying the configuration ................................................................................................... 576

Resetting the Admin or Enable Password.......................................................................... 576

Bypassing the Enable Password Prompt ...........................................................................577

Setting an Administrator Session Timeout.........................................................................577

Setting a CLI Session Timeout ..................................................................................... 577

Setting a WebUI Session Timeout............................................................................... 578

Management Password Policy ....................................................................................................578

Defining a Management Password Policy......................................................................... 578

In the WebUI ...................................................................................................................578

Management Authentication Profile Parameters............................................................. 580

Managing Certificates ...................................................................................................................580

About Digital Certificates...................................................................................................... 581

Obtaining a Server Certificate.............................................................................................. 581

In the WebUI ...................................................................................................................582

In the CLI.......................................................................................................................... 582

Obtaining a Client Certificate................................................................................................582

Importing Certificates............................................................................................................ 583

In the WebUI ...................................................................................................................583

In the CLI.......................................................................................................................... 583

Viewing Certificate Information........................................................................................... 583

Imported Certificate Locations.............................................................................................584

Checking CRLs ........................................................................................................................ 584

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 25

Page 26

Configuring SNMP.......................................................................................................................... 585

SNMP Parameters for the Controller.................................................................................. 585

In the WebUI ...................................................................................................................586

In the CLI.......................................................................................................................... 586

Configuring Logging .......................................................................................................................586

In the WebUI ...................................................................................................................588

In the CLI.......................................................................................................................... 588

Guest Provisioning ......................................................................................................................... 588

Configuring the Guest Provisioning Page...........................................................................588

In the WebUI ...................................................................................................................588

Configuring the SMTP Server and Port in the WebUI.............................................. 591

Configuring an SMTP server and port in the CLI ...................................................... 592

Creating Email Messages in the WebUI..................................................................... 592

Configuring a Guest Provisioning User............................................................................... 593

In the WebUI ...................................................................................................................593

In the CLI.......................................................................................................................... 594

Customizing the Guest Access Pass........................................................................... 595

Creating Guest Accounts...................................................................................................... 595

Guest Provisioning User Tasks ....................................................................................596

Importing Multiple Guest Entries................................................................................. 597

Optional Configurations.........................................................................................................600

Restricting one Captive Portal Session for each Guest........................................... 601

Setting the Maximum Time for Guest Accounts .......................................................601

Managing Files on the Controller................................................................................................. 601

Transferring ArubaOS Image Files...................................................................................... 602

In the WebUI ...................................................................................................................602

In the CLI.......................................................................................................................... 603

Backing Up and Restoring the Flash File System..............................................................603

Backup the Flash File System in the WebUI..............................................................603

Backup the Flash File Systemin the CLI...................................................................... 603

Restore the Flash File System in the WebUI.............................................................. 603

Restore the Flash File System Using CLI ....................................................................603

Copying Log Files....................................................................................................................603

In the WebUI ...................................................................................................................603

In the CLI.......................................................................................................................... 603

Copying Other Files ................................................................................................................ 604

In the WebUI ...................................................................................................................604

In the CLI.......................................................................................................................... 604

Setting the System Clock .............................................................................................................. 604

Manually Setting the Clock ................................................................................................... 604

In the WebUI ...................................................................................................................604

In the CLI.......................................................................................................................... 604

Clock Synchronization........................................................................................................... 605

In the WebUI ...................................................................................................................605

In the CLI.......................................................................................................................... 605

Configuring NTP Authentication.......................................................................................... 605

In the WebUI ...................................................................................................................605

In the CLI.......................................................................................................................... 606

Chapter 33 Spectrum Analysis .......................................................................................................... 607

Overview ..........................................................................................................................................607

Spectrum Analysis Clients.................................................................................................... 609

Hybrid AP Channel Changes.................................................................................................610

Hybrid APs Using Mode-Aware ARM................................................................................. 610

Creating Spectrum Monitors and Hybrid APs ........................................................................... 611

Converting APs to Hybrid APs .............................................................................................. 611

In the WebUI ...................................................................................................................611

26 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 27

In the CLI.......................................................................................................................... 612

Converting an Individual AP to a Spectrum Monitor........................................................ 612

In the WebUI ...................................................................................................................612

In the CLI.......................................................................................................................... 612

Converting a Group of APs to Spectrum Monitors ...........................................................613

In the WebUI ...................................................................................................................613

In the CLI.......................................................................................................................... 613

Configuring the Spectrum Profile ........................................................................................613

In the WebUI ...................................................................................................................614

In the CLI.......................................................................................................................... 615

Connecting Spectrum Devices to the Spectrum Analysis Client ........................................... 615

View Connected Spectrum Analysis Devices ...................................................................616

Disconnecting a Spectrum Device...................................................................................... 617

Configuring the Spectrum Analysis Dashboards ......................................................................618

Selecting a Spectrum Monitor............................................................................................. 618

Changing Graphs within a Spectrum View ........................................................................619

Renaming a Spectrum Analysis Dashboard View ............................................................619

Saving a Dashboard View.....................................................................................................620

Resizing an Individual Graph................................................................................................ 620

Customizing Spectrum Analysis Graphs..................................................................................... 621

Spectrum Analysis Graph Configuration Options .............................................................621

Active Devices................................................................................................................ 622

Active Devices Table..................................................................................................... 623

Active Devices Trend .................................................................................................... 625

Channel Metrics .............................................................................................................627

Channel Metrics Trend.................................................................................................. 628

Channel Summary Table ...............................................................................................630

Device Duty Cycle ..........................................................................................................631

Channel Utilization Trend.............................................................................................. 633

Devices vs Channel........................................................................................................ 634

FFT Duty Cycle ................................................................................................................ 635

Interference Power........................................................................................................ 637

Quality Spectrogram...................................................................................................... 638

Real-Time FFT ................................................................................................................. 639

Swept Spectrogram....................................................................................................... 641

Recording Spectrum Analysis Data ............................................................................................ 644

Creating a Spectrum Analysis Record................................................................................ 644

Saving the Recording.............................................................................................................645

Playing a Spectrum Analysis Recording ............................................................................645

Non-Wi-Fi Interferers .................................................................................................................... 646

Spectrum Analysis Session Log................................................................................................... 647

Viewing Spectrum Analysis Data via the CLI............................................................................. 648

Spectrum Analysis Troubleshooting Tips................................................................................... 649

Spectrum Monitors support One Client per Radio............................................................ 649

Converting a Spectrum Monitor back to an AP or Air Monitor ......................................649

Browser Issues.......................................................................................................................649

Loading a Spectrum View..................................................................................................... 649

Issues with Adobe Flash Player 10.1...................................................................................649

Spectrum Analysis Syslog Messages.................................................................................649

Chapter 34 Software Licenses........................................................................................................... 651

Terminology..................................................................................................................................... 651

Licenses ...........................................................................................................................................652

License Types ......................................................................................................................... 652

Multi-Controller Network ..............................................................................................................653

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 27

Page 28

License Usage................................................................................................................................. 653

Interaction ....................................................................................................................................... 654

Best Practices................................................................................................................................. 655

Installing a License ........................................................................................................................ 655

Enabling a new license on your controller.........................................................................655

Software License Email.........................................................................................................656

Locating the System Serial Number....................................................................................656

Obtaining a Software License Key ......................................................................................656

Creating a software license key ..................................................................................657

Applying the Software License Key in the WebUI............................................................ 657

Applying the Software License Key in the License Wizard.............................................657

Deleting a License..........................................................................................................................657

Moving Licenses............................................................................................................................. 657

Resetting the Controller................................................................................................................. 658

Chapter 35 IPv6 Support..................................................................................................................... 659

About IPv6........................................................................................................................................ 659

IPv6 Topology.................................................................................................................................. 659

IPv6 Support for Controller and AP ............................................................................................. 660

Configure IPv6 Interface Address .......................................................................................662

Using WebUI ...................................................................................................................662

Using CLI.......................................................................................................................... 663

Configure IPv6 Static Neighbor............................................................................................663

Using WebUI ...................................................................................................................663

Using CLI.......................................................................................................................... 663

Configure IPv6 Default Gateway and Static IPv6 Routes ................................................663

Using WebUI ...................................................................................................................663

Using CLI.......................................................................................................................... 664

Manage Controller IP Address.............................................................................................664

Using WebUI ...................................................................................................................664

Using CLI.......................................................................................................................... 664

Configure Multicast Listener Discovery (MLD)................................................................. 664

Using WebUI ...................................................................................................................664

Using CLI.......................................................................................................................... 665

Debug IPv6 Controller............................................................................................................665

Using WebUI ...................................................................................................................665

Using CLI.......................................................................................................................... 665

Provision IPv6 AP ................................................................................................................... 666

Using WebUI ...................................................................................................................666

Using CLI.......................................................................................................................... 666

IPv6 Extension Header (EH) Filtering........................................................................................... 666

Using CLI .................................................................................................................................. 666

Captive Portal over IPv6 ................................................................................................................667

Configuring Captive Portal over IPv6 ..................................................................................667

ArubaOS Support for IPv6 Clients................................................................................................ 667

Enabling IPv6...........................................................................................................................667

Supported Network Configuration.......................................................................................667

Network Connection for Windows IPv6 Clients................................................................ 668

ArubaOS Features that Support IPv6 ..........................................................................................669

Authentication.........................................................................................................................669

Firewall Functions .................................................................................................................. 669

Firewall Policies......................................................................................................................671

Creating an IPv6 firewall policy ...................................................................................672

Assigning an IPv6 Policy to a User Role..................................................................... 673

DHCPv6 Passthrough/Relay..................................................................................................673

28 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 29

IPv6 User Addresses...................................................................................................................... 673

Viewing or Deleting User Entries ......................................................................................... 673

User Roles................................................................................................................................673

Viewing Datapath Statistics for IPv6 Sessions .................................................................674

Important Points to Remember .................................................................................................... 674

Chapter 36 Voice and Video............................................................................................................... 675

Voice and Video License Requirements.....................................................................................675

Configuring Voice and Video ........................................................................................................675

Setting up Net Services.........................................................................................................675

Using Default Net Services .......................................................................................... 676

Creating Custom Net Services..................................................................................... 676

Configuring User Roles..........................................................................................................676

Using the Default User Role ......................................................................................... 677

Creating or Modifying Voice User Roles ....................................................................677

Using the User-Derivation Roles ................................................................................. 679

Configuring Firewall Settings for Voice and Video ALGs.................................................680

Using WebUI ...................................................................................................................680

Using CLI.......................................................................................................................... 680

Additional Video Configurations ..........................................................................................680

Configuring Video over WLAN enhancements ......................................................... 680

Pre-requisites ................................................................................................................. 681

Using CLI.......................................................................................................................... 681

Using the WebUI ............................................................................................................ 684

QoS for Voice and Video ............................................................................................................... 688

VoIP Call Admission Control Profile ....................................................................................688

Using the WebUI ............................................................................................................ 688

Using CLI.......................................................................................................................... 689

Wi-Fi Multimedia .................................................................................................................... 689

Enabling WMM............................................................................................................... 690

Configurable WMM AC Mapping ................................................................................690

Dynamic WMM Queue Management......................................................................... 692

WMM Queue Content Enforcement.................................................................................... 694

Using the WebUI ............................................................................................................ 695

Using CLI.......................................................................................................................... 695

Extended Voice and Video Functionalities.................................................................................695

QoS for Microsoft Office OCS and Apple Facetime.......................................................... 695

Microsoft OCS................................................................................................................. 695

Apple Facetime............................................................................................................... 695

WPA Fast Handover...............................................................................................................696

Using the WebUI to enable WPA fast handover....................................................... 696

Using the CLI to enable WPA fast handover ............................................................. 696

Mobile IP Home Agent Assignment ....................................................................................696

VoIP-Aware ARM Scanning................................................................................................. 696

Using the WebUI ............................................................................................................ 697

Using CLI.......................................................................................................................... 697

Voice-Aware 802.1x ............................................................................................................... 697

Using the WebUI to disable voice awareness for 802.1x ........................................697

Using the CLI to disable voice awareness for 802.1x...............................................697

SIP Authentication Tracking.................................................................................................697

Using the WebUI to configure the SIP client user role............................................ 698

Using the CLI to configure the SIP client user role .................................................. 698

Real Time Call Quality Analysis............................................................................................698

Using the Web UI ........................................................................................................... 698

Using CLI.......................................................................................................................... 699

SIP Session Timer .................................................................................................................. 700

Using the WebUI ............................................................................................................ 700

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 29

Page 30

Using CLI.......................................................................................................................... 701

Voice and Video Traffic Awareness for Encrypted Signaling Protocols ......................701

Using the WebUI ............................................................................................................ 702

Using the CLI ...................................................................................................................702

Wi-Fi Edge Detection and Handover for Voice Clients ....................................................702

Using the WebUI ............................................................................................................ 703

Using CLI.......................................................................................................................... 703

Dial Plan for SIP Calls............................................................................................................ 704

Dial Plan Format ............................................................................................................. 704

Configuring Dial Plans ...................................................................................................704

Enhanced 911 Support...........................................................................................................707

Voice over Remote Access Point ........................................................................................708

Battery Boost .......................................................................................................................... 708

Using the WebUI ............................................................................................................ 708

Using the CLI ...................................................................................................................709

Advanced Voice Troubleshooting ............................................................................................... 709

Viewing Troubleshooting Details on Voice Client Status ................................................709

Using the WebUI ............................................................................................................ 709

Using CLI.......................................................................................................................... 710

Viewing Troubleshooting Details on Voice Call CDRs......................................................711

Using the WebUI ............................................................................................................ 711

Using CLI.......................................................................................................................... 712

Enabling Voice Logs...............................................................................................................712

Using the WebUI ............................................................................................................ 712

Using CLI.......................................................................................................................... 713

Viewing Voice Traces............................................................................................................713

Using the WebUI ............................................................................................................ 713

Using CLI.......................................................................................................................... 714

Viewing Voice Configurations.............................................................................................. 714

Using CLI.......................................................................................................................... 714

Chapter 37 External Services Interface........................................................................................... 717

Understanding ESI.......................................................................................................................... 717

Understanding the ESI Syslog Parser.........................................................................................719

ESI Parser Domains ............................................................................................................... 719

Peer Controllers......................................................................................................................720

Syslog Parser Rules............................................................................................................... 721

Condition Pattern Matching ......................................................................................... 721

User Pattern Matching.................................................................................................. 722

ESI Configuration Overview..........................................................................................................722

Configuring Health-Check Method, Groups, and Servers............................................... 722

In the WebUI ...................................................................................................................723

In the CLI.......................................................................................................................... 723

Defining the ESI Server ......................................................................................................... 723

In the WebUI ...................................................................................................................723

In the CLI.......................................................................................................................... 724

Defining the ESI Server Group .............................................................................................724

In the WebUI ...................................................................................................................724

In the CLI.......................................................................................................................... 724

Redirection Policies and User Role..................................................................................... 724

In the WebUI ...................................................................................................................725

In the CLI.......................................................................................................................... 725

ESI Syslog Parser Domains and Rules................................................................................726

Managing Syslog Parser Domains in the WebUI..............................................................726

Adding a new syslog parser domain........................................................................... 726

Deleting an existing syslog parser domain................................................................ 726

Editing an existing syslog parser domain................................................................... 726

30 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 31

Managing Syslog Parser Domains in the CLI ....................................................................727

Adding a new syslog parser domain........................................................................... 727

Showing ESI syslog parser domain information .......................................................727

Deleting an existing syslog parser domain................................................................ 727

Editing an existing syslog parser domain................................................................... 727

Managing Syslog Parser Rules ............................................................................................ 727

In the WebUI ...................................................................................................................727

Adding a new parser rule ............................................................................................. 728

Deleting a syslog parser rule ....................................................................................... 728

Editing an existing syslog parser rule......................................................................... 728

Testing a Parser Rule .................................................................................................... 729

In the CLI.......................................................................................................................... 729

Adding a new parser rule ............................................................................................. 729

Showing ESI syslog parser rule information: ............................................................ 729

Deleting a syslog parser rule: ...................................................................................... 729

Editing an existing syslog parser rule......................................................................... 730

Testing a parser rule...................................................................................................... 730

Monitoring Syslog Parser Statistics....................................................................................730

In the WebUI ...................................................................................................................730

In the CLI.......................................................................................................................... 730

Example Route-mode ESI Topology ............................................................................................ 730

ESI server configuration on controller ....................................................................... 731

IP routing configuration on Fortinet gateway............................................................ 731

Configuring the Example Routed ESI Topology................................................................. 731

Health-Check Method, Groups, and Servers..................................................................... 732

Defining the Ping Health-Check Method............................................................................ 732

In the WebUI ...................................................................................................................732

In the CLI.......................................................................................................................... 732

Defining the ESI Server ......................................................................................................... 732

In the WebUI ...................................................................................................................732

In the CLI.......................................................................................................................... 733

Defining the ESI Server Group .............................................................................................733

In the WebUI ...................................................................................................................733

In the CLI.......................................................................................................................... 733

Redirection Policies and User Role..................................................................................... 734

In the WebUI ...................................................................................................................734

In the CLI.......................................................................................................................... 735

Syslog Parser Domain and Rules.........................................................................................735

Add a New Syslog Parser Domain in the WebUI...................................................... 735

Adding a New Parser Rule in the WebUI...................................................................736

In the CLI.......................................................................................................................... 736

Example NAT-mode ESI Topology...............................................................................................736

ESI server configuration on the controller................................................................. 737

Configuring the Example NAT-mode ESI Topology ..........................................................738

Configuring the NAT-mode ESI Example in the WebUI ...................................................738

In the WebUI ...................................................................................................................738

Configuring the ESI Group in the WebUI....................................................................739

Configure the ESI Servers in the WebUI ....................................................................739

Configuring the Redirection Filter in the WebUI .......................................................739

Configuring the Example NAT-mode Topology in the CLI................................................740

Configuring a Health-Check Ping ................................................................................ 740

Configuring ESI Servers ................................................................................................740

Configure an ESI Group, Add the Health-Check Ping and ESI Servers................. 740

Using the ESI Group in a Session Access Control List ............................................ 740

CLI Configuration Example 1......................................................................................... 740

CLI Configuration Example 2......................................................................................... 741

Basic Regular Expression Syntax................................................................................................741

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 31

Page 32

Character-Matching Operators ...........................................................................................742

Regular Expression Repetition Operators.......................................................................... 742

Regular Expression Anchors................................................................................................ 743

References .............................................................................................................................. 743

Chapter 38 External User Management........................................................................................... 745

Overview ..........................................................................................................................................745

Before you Begin....................................................................................................................745

How the ArubaOS XML API Works ............................................................................................. 745

Using the XML API Server ............................................................................................................ 745

Configuring the XML API Server.......................................................................................... 746

Associate the XML API Server to AAA profile ..................................................................746

Set up Captive Portal profile......................................................................................... 748

Associate Captive Portal profile to the an initial role............................................... 748

Creating an XML API Request.............................................................................................. 748

Monitoring External Captive Portal Usage Statistics....................................................... 749

XML Request ...................................................................................................................................750

Adding a User..........................................................................................................................750

Deleting a User ....................................................................................................................... 750

Authenticating a User............................................................................................................751

Blacklisting a User ................................................................................................................. 751

Querying a User Status..........................................................................................................751

XML Response ................................................................................................................................752

Default Response Format......................................................................................................752

Response Codes............................................................................................................. 752

Query Command Response Format..................................................................................... 753

Sample Code ................................................................................................................................... 754

Using XML API in C Language..............................................................................................754

Request and Response.................................................................................................. 757

XML API Request Parameters ..................................................................................... 757

XMl API Response ......................................................................................................... 758

Adding a Client................................................................................................................ 758

Deleting a Client ............................................................................................................. 759

Authenticating a Client.................................................................................................. 759

Querying Client Information.......................................................................................... 761

Blacklisting a Client ....................................................................................................... 762

Appendix A DHCP with Vendor-Specific Options............................................................................ 765

Windows-Based DHCP Server..................................................................................................... 765

Configuring Option 60.............................................................................................................765

To configure option 60 on the Windows DHCP server............................................. 765

Configuring Option 43.............................................................................................................766

To configure option 43 on the Windows DHCP server:............................................ 766

DHCP Relay Agent Information Option (Option 82) ...................................................................767

Configuring Option 82.............................................................................................................767

In the WebUI ...................................................................................................................767

In the CLI.......................................................................................................................... 767

Linux DHCP Servers .......................................................................................................................768

Appendix B External Firewall Configuration..................................................................................... 769

Communication Between Dell Devices ...................................................................................... 769

Network Management Access ....................................................................................................770

Virtual Internet Access (VIA)........................................................................................................ 770

Other Communications ..................................................................................................................770

32 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 33

Appendix C Behavior and Defaults .................................................................................................... 773

Mode Support ................................................................................................................................. 773

Basic System Defaults................................................................................................................... 774

Network Services...................................................................................................................774

Policies.....................................................................................................................................776

Roles ......................................................................................................................................... 778

Default Management User Roles................................................................................................. 780

Default Open Ports .........................................................................................................................783

Appendix D 802.1x Configuration IAS Windows .............................................................................. 787

Configuring Microsoft IAS ............................................................................................................ 787

RADIUS Client Configuration................................................................................................ 787

Remote Access Policies........................................................................................................788

Active Directory Database....................................................................................................788

Configuring Policies............................................................................................................... 788

Configuring RADIUS Attributes............................................................................................ 790

Configure Management Authentication using IAS...................................................................791

Configure the Controller to use IAS Management Authentication................................ 792

Verify Communication between the Controller and the RADIUS Server ......................794

Window XP Wireless Client Example Configuration ................................................................ 794

Appendix E Internal Captive Portal.................................................................................................... 799

Creating a New Internal Web Page ............................................................................................ 799

Basic HTML Example.............................................................................................................800

Installing a New Captive Portal Page ......................................................................................... 801

Displaying Authentication Error Message .................................................................................801

Reverting to the Default Captive Portal ...................................................................................... 802

Language Customization ...............................................................................................................802

Customizing the Welcome Page ..................................................................................................805

Customizing the Pop-Up box......................................................................................................... 807

Customizing the Logged Out Box .................................................................................................808

Appendix F Tunneled Nodes............................................................................................................... 811

Configuration Overview.................................................................................................................811

Configuring a Wired Tunneled Node Client ............................................................................... 812

Configuring an Access Port as a Tunneled Node Port ....................................................813

Configuring a Trunk Port as a Tunneled Node Port.......................................................... 813

Example Output...............................................................................................................................814

Appendix G VIA: End User Instructions............................................................................................. 815

Pre-requisites.................................................................................................................................. 815

Downloading VIA............................................................................................................................815

Installing VIA ...................................................................................................................................816

Using VIA ......................................................................................................................................... 816

Connection Details Tab ......................................................................................................... 816

Diagnostic Tab ........................................................................................................................ 817

Diagnostics Tools........................................................................................................... 817

Settings Tab.............................................................................................................................817

Troubleshooting......................................................................................................................817

Appendix H Provisioning RAP at Home............................................................................................. 819

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 33

Page 34

Provision the RAP using a Static IP Address.....................................................................819

Provision the RAP on a PPPoE Connection........................................................................820

Using 3G/EVDO USB Modem ................................................................................................ 821

Appendix I Acronyms and Terms...................................................................................................... 825

Acronyms......................................................................................................................................... 825

Terms................................................................................................................................................ 830

Index....................................................................................................................................................................... 837

34 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 35

Figures

Figure 1 Enable BCMC Optimization .............................................................................................................63

Figure 2 IP Address Assignment to VLAN via DHCP or PPPoE................................................................66

Figure 3 Assigning VLAN uplink priority—Active-Standby configuration ............................................. 67

Figure 4 Example: Source NAT using Controller IP Address.................................................................... 70

Figure 5 Default Inter-VLAN Routing ............................................................................................................71

Figure 6 Plan>Campus List Window .............................................................................................................80

Figure 7 Plan>Building List Pane................................................................................................................... 81

Figure 8 Plan>New Building>Overview Window ....................................................................................... 82

Figure 9 Plan>New Building>Specification Window................................................................................. 83

Figure 10 Plan>New Building>AP Modeling Parameters Window ........................................................... 84

Figure 11 AM Modeling Page .......................................................................................................................... 88

Figure 12 Planning Floors ................................................................................................................................. 89

Figure 13 Coverage Map Example .................................................................................................................. 90

Figure 14 Floor Editor Dialog Box ....................................................................................................................90

Figure 15 Area Editor Dialog Box .................................................................................................................... 91

Figure 16 Access Point Editor..........................................................................................................................93

Figure 17 AP Planning ......................................................................................................................................95

Figure 18 AP Groups........................................................................................................................................ 109

Figure 19 Profile Errors ................................................................................................................................... 114

Figure 20 AP Specific and AP Group Profile Hierarchies ......................................................................... 115

Figure 21 Other Profile Hierarchies .............................................................................................................. 116

Figure 22 APs Connected to Controller ........................................................................................................120

Figure 23 Virtual AP Configurations Applied to the same AP...................................................................139

Figure 24 Excluding a Virtual AP Profile from an AP.................................................................................. 140

Figure 25 Remote AP with a Private Network.............................................................................................179

Figure 26 Remote AP with Controller on Public Network ......................................................................... 180

Figure 27 Remote AP with Controller Behind Firewall............................................................................... 180

Figure 28 Remote AP in a Multi-Controller Environment........................................................................... 180

Figure 29 CHAP Authentication Using CHAP Secret ................................................................................. 182

Figure 30 Remote AP with Single Controller ............................................................................................... 189

Figure 31 Sample Backup Controller Scenario...........................................................................................205

Figure 32 Enable Remote AP Local Network Access ................................................................................207

Figure 33 Sample Split Tunnel Environment................................................................................................208

Figure 34 Enable Restricted Access to LD Homepage ..............................................................................212

Figure 35 Uplink Bandwidth Reservation.....................................................................................................215

Figure 36 Sample Mesh Clusters................................................................................................................... 219

Figure 37 Sample Wireless Backhaul Deployment ....................................................................................224

Figure 38 Sample Point-to-Point Deployment .............................................................................................224

Figure 39 Sample Point-to-Multipoint Deployment ....................................................................................225

Figure 40 Sample High-Availability Deployment......................................................................................... 225

Figure 41 Working of RMP.............................................................................................................................. 257

Figure 42 Provisioning an AP as a Remote Mesh Portal...........................................................................258

Figure 43 Server Group ...................................................................................................................................264

Figure 44 IP-Address parameter in the local database............................................................................. 271

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 35

Page 36

Figure 45 IP-Address parameter in the RAP Whitelist .............................................................................. 271

Figure 46 Domain-Based Server Selection Example .................................................................................275

Figure 47 802.1x Authentication with RADIUS Server ............................................................................... 287

Figure 48 802.1x Authentication with Termination on Controller .............................................................287

Figure 49 Upload a certificate........................................................................................................................ 316

Figure 50 View certificate details.................................................................................................................. 317

Figure 51 DHCP Option Rule...........................................................................................................................333

Figure 52 Wireless xSec Client Example...................................................................................................... 378

Figure 53 Wired xSec Client Example........................................................................................................... 380

Figure 54 Controller-to-Controller xSec Example.......................................................................................384

Figure 55 The regedit Window....................................................................................................................... 385

Figure 56 Modifying a regedit Policy ............................................................................................................386

Figure 57 The Funk Odyssey Client Profile................................................................................................... 386

Figure 58 Certificate Information................................................................................................................... 387

Figure 59 Network Profile...............................................................................................................................387

Figure 60 Site-to-Site VPN Configuration Components.............................................................................407

Figure 61 VIA - Associate User Role to VIA Authentication Profile ........................................................ 420

Figure 62 VIA - Creating a new server group for VIA authentication profile.........................................420

Figure 63 VIA - Enter a name for the server group..................................................................................... 421

Figure 64 VIA - Create VIA Connection Profile ........................................................................................... 421

Figure 65 VIA - Select VIA Authentication Profile......................................................................................424

Figure 66 VIA - Associate VIA Connection Profile to User Role .............................................................. 424

Figure 67 VIA - Create VIA Client WLAN Profile.........................................................................................425

Figure 68 VIA - Configure the SSID Profile ..................................................................................................425

Figure 69 VIA - Configure VIA Client WLAN Profile ................................................................................... 425

Figure 70 VIA - Customize VIA logo, Landing Page, and download VIA Installer ................................. 427

Figure 71 Control Plane Security Settings ...................................................................................................435

Figure 72 Local Switch Whitelist on a Master Controller ........................................................................ 440

Figure 73 A Cluster of Master Controllers using Control Plane Security ............................................... 443

Figure 74 Sequence numbers on Master and Local Controllers ............................................................. 452

Figure 75 Remote Nodes in a Network......................................................................................................... 460

Figure 76 Selecting an RN via the WLAN Controllers ............................................................................... 469

Figure 77 Routing of Traffic to Mobile Client within Mobility Domain..................................................... 472

Figure 78 Example Configuration: Campus-Wide ......................................................................................475

Figure 79 Bridge Mode Mobility ....................................................................................................................482

Figure 80 Inter-controller Mobility ................................................................................................................484

Figure 81 Redundant Topology: Master-Local Redundancy .................................................................... 493

Figure 82 Configuring RSTP............................................................................................................................ 497

Figure 83 Monitoring RSTP............................................................................................................................. 498

Figure 84 Cellular Profile Commands ........................................................................................................... 505

Figure 85 Uplink Commands...........................................................................................................................505

Figure 86 Connected Cellular Devices ........................................................................................................ 505

Figure 87 WebUI Uplink Manager.................................................................................................................506

Figure 88 Cellular Profile from the WebUI ..................................................................................................507

Figure 89 Configuring Dialer Group............................................................................................................... 508

Figure 90 Display supported USB modems ................................................................................................. 508

Figure 91 show usb verbose example (partial) ...........................................................................................508

Figure 92 show uplink...................................................................................................................................... 509

Figure 93 uplink cellular priority ....................................................................................................................509

Figure 94 show usb command .......................................................................................................................509

36 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 37

Figure 95 show usb verbose for profile and driver..................................................................................... 510

Figure 96 cellular profile new_card command ...........................................................................................510

Figure 97 Driver options.................................................................................................................................. 510

Figure 98 Driver=(none) ................................................................................................................................. 511

Figure 99 show usb ports 13 command........................................................................................................511

Figure 100 show usb test command ............................................................................................................... 511

Figure 101 Time out error example. ................................................................................................................ 511

Figure 102 Port I/O error ................................................................................................................................... 512

Figure 103 Device Ready State........................................................................................................................512

Figure 104 usb test extended. ..........................................................................................................................512

Figure 105 show dialer group example .......................................................................................................... 513

Figure 106 W-600 Series Topology................................................................................................................. 518

Figure 107 Branch Office OSPF Topology......................................................................................................527

Figure 108 General OSPF Configuration ........................................................................................................529

Figure 109 Add an OSPF Area..........................................................................................................................529

Figure 110 Edit OSPF VLAN Settings .............................................................................................................. 530

Figure 111 Sample OSPF Topology ................................................................................................................. 531

Figure 112 WIP Wizard...................................................................................................................................... 538

Figure 113 WIP Wizard’s Intrusion Detection ..............................................................................................539

Figure 114 WIP Wizard Intrusion Protection ................................................................................................540

Figure 115 WIP Monitoring Dashboard..........................................................................................................541

Figure 116 Resetting the Password ............................................................................................................... 577

Figure 117 Reconfigure the enable mode password ................................................................................... 577

Figure 118 Guest Provisioning Configuration Page—Guest Fields Tab.................................................... 589

Figure 119 Guest Provisioning Configuration Page—Page Design Tab...................................................591

Figure 120 Guest Provisioning Configuration Page—Email Tab................................................................592

Figure 121 Sample Guest Account Email – Sent to Sponsor ......................................................................593

Figure 122 Customized Guest Account Information Window.....................................................................595

Figure 123 Creating a Guest Account—Guest Provisioning Page ............................................................ 595

Figure 124 Creating a Guest Account—New Guest Window .................................................................... 596

Figure 125 Creating a Guest Account—Show Details Pop-up Window...................................................597

Figure 126 CVS File Format—Guest Entries Information............................................................................. 597

Figure 127 Importing a CSV file that contains Guest Entries ......................................................................598

Figure 128 Displaying the Guest Entries Log File..........................................................................................599

Figure 129 Viewing and Editing Guest Entries in the Log File.....................................................................599

Figure 130 Viewing Multiple Imported Guest Entries—Guest Provisioning Page .................................. 600

Figure 131 Printing Guest Account Information............................................................................................ 600

Figure 132 Viewing a list of Connected Spectrum Monitors ...................................................................... 617

Figure 133 Selecting a Spectrum Monitor .....................................................................................................618

Figure 134 Replacing a Graph in the Spectrum Analysis Dashboard ....................................................... 619

Figure 135 Renaming a Spectrum Dashboard View..................................................................................... 620

Figure 136 Save a Spectrum Analysis Dashboard Layout .......................................................................... 620

Figure 137 Resizing a Spectrum Analysis Graph ..........................................................................................621

Figure 138 Viewing Spectrum Analysis Graph Options ...............................................................................621

Figure 139 Active Devices Graph ....................................................................................................................622

Figure 140 Active Devices Table .....................................................................................................................623

Figure 141 Active Devices Trend Graph......................................................................................................... 626

Figure 142 Channel Metrics Graph ................................................................................................................. 628

Figure 143 Channel Metrics Trend Chart .......................................................................................................629

Figure 144 Channel Summary Table ............................................................................................................... 630

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 37

Page 38

Figure 145 Device Duty Cycle .......................................................................................................................... 632

Figure 146 Channel Utilization Trend ..............................................................................................................633

Figure 147 Devices vs Channel........................................................................................................................634

Figure 148 FFT Duty Cycle................................................................................................................................. 636

Figure 149 Interference Power........................................................................................................................637

Figure 150 Quality Spectrogram ......................................................................................................................639

Figure 151 Real-TIme FFT ................................................................................................................................. 640

Figure 152 Simple Line Graph of FFT Power Data ........................................................................................ 642

Figure 153 FFT Power Line Graph with Color ................................................................................................ 642

Figure 154 FFT Power Spectrogram Sample .................................................................................................642

Figure 155 Swept Spectrogram .......................................................................................................................643

Figure 156 Recording Spectrum Analysis Data ............................................................................................ 645

Figure 157 Saving Spectrum Analysis Data................................................................................................... 645

Figure 158 Playing a Recording with the Spectrum Playback Tool...........................................................646

Figure 159 Spectrum Analysis Session Logs................................................................................................. 648

Figure 160 Alert Flag.......................................................................................................................................... 653

Figure 161 IPv6 Topology.................................................................................................................................. 660

Figure 162 Supported Network Configuration............................................................................................... 668

Figure 163 Enable IGMP Proxy ........................................................................................................................ 685

Figure 164 Enable IGMP Snooping.................................................................................................................. 685

Figure 165 Enable Wireless Multimedia and Set DSCP Value ................................................................... 685

Figure 166 Set ACL to Prioritize Video Traffic ............................................................................................... 685

Figure 167 Apply ACL to User Role.................................................................................................................. 686

Figure 168 Apply ACL to Port............................................................................................................................ 686

Figure 169 Enabling Dynamic Multicast Optimization for Video and Set Threshold...............................686

Figure 170 Enable Multicast Rate Optimization ............................................................................................ 687

Figure 171 Enabling Video Aware Scan .........................................................................................................687

Figure 172 Configuring bandwidth management..........................................................................................687

Figure 173 Enable Firewall Multicast Shaping..............................................................................................687

Figure 174 Enable Real Time Analysis............................................................................................................699

Figure 175 Enabling SIP Session Timer..........................................................................................................701

Figure 176 Firewall Policies Tab......................................................................................................................702

Figure 177 Enabling Classify Media ................................................................................................................702

Figure 178 Configuring Handover for Voice Clients ..................................................................................... 703

Figure 179 Dialplan Profile................................................................................................................................ 705

Figure 180 Dialplan Details............................................................................................................................... 705

Figure 181 Select Dialplan Profile ...................................................................................................................706

Figure 182 View Dialplan Details.....................................................................................................................706

Figure 183 Enable Voice Logging .................................................................................................................... 712

Figure 184 Enable Logging for a Voice Client................................................................................................713

Figure 185 ESI-Fortinet Topology .................................................................................................................... 718

Figure 186 Load Balancing Groups .................................................................................................................719

Figure 187 ESI Parser Domains ....................................................................................................................... 720

Figure 188 Peer Controllers..............................................................................................................................721

Figure 189 Example Route-Mode Topology...................................................................................................731

Figure 190 Example NAT-Mode Topology ..................................................................................................... 737

Figure 191 Authentication Script Listing ........................................................................................................754

Figure 192 Adding a client—request and response .................................................................................... 758

Figure 193 Authenticating the client—request and response ...................................................................760

Figure 194 Blacklisting a Client—request and response............................................................................762

38 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 39

Figure 195 Scope Options Dialog Box. ........................................................................................................... 766

Figure 196 DHCP Scope Values.......................................................................................................................767

Figure 197 IAS RADIUS Clients........................................................................................................................787

Figure 198 IAS Remote Access Policies ........................................................................................................789

Figure 199 Policy Configuration Wizard—Authentication Methods ......................................................... 789

Figure 200 Policy Configuration Wizard—PEAP Properties.......................................................................790

Figure 201 RADIUS class Attribute Configuration ........................................................................................790

Figure 202 Example RADIUS Class Attribute for “student” ....................................................................... 791

Figure 203 Configuring a RADIUS Server for IAS Management Authentication.....................................793

Figure 204 Configuring a Server Group for IAS Management Authentication ........................................ 793

Figure 205 Testing a RADIUS Server .............................................................................................................794

Figure 206 Wireless Networks......................................................................................................................... 794

Figure 207 Networks to Access....................................................................................................................... 795

Figure 208 Wireless Network Association ................................................................................................... 796

Figure 209 Wireless Network Authentication ..............................................................................................797

Figure 210 Protected EAP Properties .............................................................................................................797

Figure 211 EAP MSCHAPv2 Properties ..........................................................................................................798

Figure 212 Sample Translated Page ...............................................................................................................805

Figure 213 Default Welcome Page.................................................................................................................. 805

Figure 214 Tunneled node configuration operation .....................................................................................812

Figure 215 Login to Download VIA ..................................................................................................................816

Figure 216 Downloading VIA set up file after authentication.....................................................................816

Figure 217 Show Advanced Settings..............................................................................................................819

Figure 218 Provision RAP using Static IP....................................................................................................... 820

Figure 219 Provision RAP on a PPPoE Connection ...................................................................................... 821

Figure 220 Provision using a pre-configured USB Modem ........................................................................ 822

Figure 221 Provision using a USB Modem with Custom Settings.............................................................. 822

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 39

Page 40

40 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 41

Tables

Table 1 Typographical Conventions ............................................................................................................46

Table 2 Contacting Dell Support .................................................................................................................. 47

Table 3 Classifying Trusted and Untrusted Traffic.................................................................................... 64

Table 4 Planning Worksheet - Building Dimensions ................................................................................ 78

Table 5 Planning Worksheet - AP Desired Rates (2.4 GHz Radio Properties)......................................79

Table 6 Planning Worksheet - AM Desired Rates .................................................................................... 79

Table 7 Definition of Campus List Buttons ................................................................................................. 80

Table 8 Building List Buttons ........................................................................................................................81

Table 9 New Building Specifications Parameters ....................................................................................83

Table 10 AP Modeling Parameters ................................................................................................................84

Table 11 Radio Type Definitions .....................................................................................................................85

Table 12 Design Model Radio Buttons ..........................................................................................................85

Table 13 Overlap Factor Values ..................................................................................................................... 86

Table 14 Radio Properties ............................................................................................................................... 86

Table 15 AM Modeling Radio Buttons .......................................................................................................... 88

Table 16 Design Model Radio Buttons ..........................................................................................................88

Table 17 Floor Planning Features...................................................................................................................89

Table 18 AP Property Search ......................................................................................................................... 99

Table 19 Sample Building ..............................................................................................................................101

Table 20 Create a Building ............................................................................................................................ 102

Table 21 AP Configuration Function Overview .......................................................................................... 107

Table 22 AP System Profile Configuration..................................................................................................128

Table 23 RF Optimization Profile Parameters.............................................................................................133

Table 24 RF Event Profile Parameters .........................................................................................................134

Table 25 20 MHz and 40 MHz Static Channel Configuration Options.....................................................136

Table 26 AP Console Commands ................................................................................................................. 138

Table 27 Applying WLAN Profiles to AP Groups ....................................................................................... 139

Table 28 Profiles for Example Configuration ..............................................................................................141

Table 29 AAA Profile Parameters ................................................................................................................ 143

Table 30 Virtual AP Profile Parameters ...................................................................................................... 145

Table 31 Basic SSID Profile Parameters .................................................................................................... 148

Table 32 Advanced SSID Profile Parameters ............................................................................................ 149

Table 33 802.11k Profile Parameters ........................................................................................................... 155

Table 34 High-Throughput Radio Profile Configuration Parameters ....................................................158

Table 35 High-Throughput SSID Profile Parameters ................................................................................159

Table 36 ARM Profile Types..........................................................................................................................165

Table 37 ARM Profile Configuration Parameters ...................................................................................... 166

Table 38 RAP Console Summary Tab Information .................................................................................... 190

Table 39 RAP Console Connectivity Tab Information ............................................................................... 192

Table 40 Remote AP Modes of Operation and Behavior ......................................................................... 195

Table 41 Mesh Link Metric Computation ....................................................................................................220

Table 42 Mesh Radio Profile Configuration Parameters..........................................................................228

Table 43 802.11a/802.11g RF Management Configuration Parameters.................................................233

Table 44 Mesh High-Throughput SSID Profile Configuration Parameters ...........................................241

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 41

Page 42

Table 45 Mesh Cluster Profile Configuration Parameters ....................................................................... 245

Table 46 RADIUS Server Configuration Parameters ................................................................................ 264

Table 47 RADIUS Authentication Response Codes .................................................................................. 265

Table 48 LDAP Server Configuration Parameters .....................................................................................266

Table 49 TACACS+ Server Configuration Parameters ............................................................................. 268

Table 50 Windows Server Configuration Parameters ..............................................................................269

Table 51 Internal Database Configuration Parameters............................................................................269

Table 52 Server Rule Configuration Parameters .......................................................................................277

Table 53 Server Types and Purposes..........................................................................................................279

Table 54 Authentication Timers ................................................................................................................... 282

Table 55 802.1x Authentication Profile Basic WebUI Parameters ......................................................... 289

Table 56 Role Assignment for User and Machine Authentication ......................................................... 295

Table 57 VLAN Assignment for User and Machine Authentication ....................................................... 296

Table 58 Mixed Authentication Modes .......................................................................................................312

Table 59 Firewall Policy Rule Parameters ..................................................................................................322

Table 60 User Role Parameters....................................................................................................................326

Table 61 Conditions for a User-Derived Role or VLAN .............................................................................331

Table 62 IPv4 Firewall Parameters .............................................................................................................. 335

Table 63 WISPr Authentication Profile Parameters ................................................................................. 349

Table 64 Captive Portal Authentication Profile Parameters....................................................................367

Table 65 Captive Portal login Pages ............................................................................................................368

Table 66 Ethernet Interface Port/ Wired AP Port Configuration Parameters.......................................383

Table 67 Suite-B Algorithms Supported by the ACR License..................................................................390

Table 68 Client Support for Suite-B ............................................................................................................. 390

Table 69 VPN Clients Supporting IKEv2 ...................................................................................................... 391

Table 70 Supported VPN AAA Deployments..............................................................................................391

Table 71 Predefined Authentication Profile settings ................................................................................392

Table 72 Default IKE Policy Settings ........................................................................................................... 411

Table 73 VIA Connectivity Behavior ............................................................................................................ 415

Table 74 VIA Compatibility Matrix................................................................................................................417

Table 75 VIA - Authentication Profile Parameters ....................................................................................420

Table 76 VIA - Connection Profile Options ................................................................................................. 421

Table 77 Configure VIA client WLAN profile ..............................................................................................426

Table 78 MAC Authentication Profile Configuration Parameters...........................................................431

Table 79 Control Plane Security Parameters .............................................................................................434

Table 80 Configure Campus AP Whitelist Parameters .............................................................................436

Table 81 View Campus AP Whitelist Parameters ..................................................................................... 436

Table 82 View the Campus AP Whitelist via the CLI .................................................................................437

Table 83 Control Plane Security Whitelists ................................................................................................439

Table 84 Master and Local Switch Whitelist Information ....................................................................... 441

Table 85 CLI Commands to Display Cluster Settings ................................................................................ 445

Table 86 Control Plane Security Upgrade Strategies ...............................................................................450

Table 87 Configuration Commands Available in Remote-Node Profile Mode......................................460

Table 88 Remote Node DHCP Address Pool Parameters ........................................................................ 462

Table 89 RN Provisioning Checklist .............................................................................................................468

Table 90 Useful RN Show Commands .........................................................................................................469

Table 91 Example entries .............................................................................................................................. 475

Table 92 Client Roaming Status....................................................................................................................477

Table 93 User Roaming status ......................................................................................................................477

Table 94 IP Mobility Configuration Parameters.........................................................................................478

42 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 43

Table 95 Command Syntax ............................................................................................................................485

Table 96 VRRP Parameters ........................................................................................................................... 487

Table 97 VRRP Commands ............................................................................................................................ 490

Table 98 Database Synchronization Command .........................................................................................491

Table 99 Incremental Configuration Synchronization Commands ......................................................... 492

Table 100 Port State Comparison...................................................................................................................495

Table 101 Port Role Descriptions ...................................................................................................................496

Table 102 RSTP Default Values ...................................................................................................................... 497

Table 103 W-600 Controller Series by the Numbers ...................................................................................503

Table 104 Multi-function Media Eject Button .............................................................................................. 516

Table 105 AP Classification Definition ......................................................................................................... 541

Table 106 Client Classification Definitions .................................................................................................. 542

Table 107 Infrastructure Detection Summary..............................................................................................544

Table 108 Client Detection Summary ............................................................................................................ 550

Table 109 Infrastructure Protection Summary ............................................................................................ 554

Table 110 Client Protection Summary ........................................................................................................... 556

Table 111 WMS Configuration Parameters..................................................................................................556

Table 112 Frequency to Channel Mapping ...................................................................................................562

Table 113 Management Password Policy Settings .................................................................................... 578

Table 114 Allowed Characters in a Management User Password .......................................................... 579

Table 115 Management Authentication Profile Parameters .....................................................................580

Table 116 CSR Parameters..............................................................................................................................582

Table 117 Certificate Show Commands ........................................................................................................ 584

Table 118 Imported Certificate Locations.....................................................................................................584

Table 119 SNMP Parameters for the Controller ..........................................................................................585

Table 120 Software Modules ..........................................................................................................................586

Table 121 Logging Levels ................................................................................................................................ 587

Table 122 Guest Provisioning—Guest Field Descriptions ......................................................................... 589

Table 123 File Transfer Configuration Parameters ..................................................................................... 602

Table 124 Device support for spectrum analysis ........................................................................................ 607

Table 125 Spectrum Analysis Graphs ........................................................................................................... 608

Table 126 Spectrum Profile Parameters .......................................................................................................614

Table 127 Spectrum Device Selection Information .................................................................................... 616

Table 128 Active Devices Graph Options .................................................................................................... 622

Table 129 Active Devices Table Options ..................................................................................................... 624

Table 130 Active Devices Trend Options ......................................................................................................626

Table 131 Channel Metrics Options...............................................................................................................628

Table 132 Channel Metrics Trend Options ................................................................................................... 629

Table 133 Channel Summary Table Parameters ......................................................................................... 630

Table 134 Device Duty Cycle Options............................................................................................................632

Table 135 Channel Utilization Trend Options ............................................................................................... 634

Table 136 Devices vs Channel Options ......................................................................................................... 635

Table 137 FFT Duty Cycle Options ..................................................................................................................636

Table 138 Interference Power Options ......................................................................................................... 638

Table 139 Quality Spectrogram Options ....................................................................................................... 639

Table 140 Real-Time FFT Options ...................................................................................................................640

Table 141 Swept Spectrogram Options ........................................................................................................ 643

Table 142 Non-Wi-Fi Interferer Types...........................................................................................................647

Table 143 Spectrum Analysis CLI Commands..............................................................................................648

Table 144 Usage per License..........................................................................................................................653

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide | 43

Page 44

Table 145 MIPS Controller AP Capacity ....................................................................................................... 654

Table 146 IPv6 APs Support Matrix ............................................................................................................... 661

Table 147 IPv6 Client Authentication.............................................................................................................669

Table 148 IPv6 Firewall Parameters .............................................................................................................. 669

Table 149 IPv6 Firewall Policy Rule Parameters ......................................................................................... 671

Table 150 Default Voice Net Services and Ports ........................................................................................ 676

Table 151 Services for ALGs ...........................................................................................................................677

Table 152 Other Mandatory Services for the ALGs .................................................................................... 678

Table 153 VoIP Call Admission Control Configuration Parameters .......................................................... 688

Table 154 WMM Access Category to 802.1p Priority Mapping ................................................................ 690

Table 155 WMM Access Category to DSCP Mappings ............................................................................. 691

Table 156 WMM Access Categories and 802.1p Tags ...............................................................................692

Table 157 EDCA Parameters Station and EDCA Parameters AP Profile Settings .................................693

Table 158 Ports used by the Apple Facetime Application ......................................................................... 695

Table 159 Examples of Dial Plans .................................................................................................................. 704

Table 160 Character-matching operators in regular expressions ........................................................... 742

Table 161 Regular expression repetition operators....................................................................................742

Table 162 Regular expression anchors.........................................................................................................743

Table 163 XML API Authentication Command .............................................................................................749

Table 164 Authentication command options................................................................................................749

Table 165 XML Response Codes ....................................................................................................................752

Table 166 Query Response Code ................................................................................................................... 754

Table 167 XML API Request Parameters and Descriptions ...................................................................... 757

Table 168 Configure option 60 on the Windows DHCP server .................................................................. 765

Table 169 Features not Supported in Each Forwarding Mode..................................................................773

Table 170 Predefined Network Services ...................................................................................................... 774

Table 171 Predefined Policies ........................................................................................................................ 776

Table 172 Predefined Roles ............................................................................................................................ 779

Table 173 Predefined Management Roles ................................................................................................... 780

Table 174 Default (Trusted) Open Ports ........................................................................................................783

Table 175 Web Page Authentication Variables ...........................................................................................799

Table 176 Provision using Static IP ............................................................................................................... 820

Table 177 Provision using PPPoE Connection ............................................................................................. 821

Table 178 List of acronyms.............................................................................................................................. 825

Table 179 List of terms ..................................................................................................................................... 830

44 | Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 45

About this Guide

This User Guide describes the features supported by ArubaOS and provides instructions and examples for configuring controllers and Access Points (APs). This chapter covers:

 “Audience” on page45

 “Fundamentals” on page45

 “Related Documents” on page46

 “Conventions” on page46

 “Contacting Support” on page47

Audience

This guide is intended for system administrators responsible for configuring and maintaining wireless networks and assumes you are knowledgeable in Layer 2 and Layer 3 networking technologies.

Fundamentals

Throughout this document reference are made to controllers; controllers categories are based on architecture:

 MIPS Controllers—W-6000, W-3000 Series, W-600 Series

Configuring your controller and AP is accomplished using either the Web User Interface (WebUI) or the command line interface (CLI).

WebUI

Each controller supports up to 22 simultaneous WebUI connections. The WebUI is accessible through a standard Web browser from a remote management console or workstation. The WebUI includes configuration wizards that step you through easy-to-follow configuration tasks. The wizards are:

 AP Wizard—basic AP configuration

 Controller Wizard—basic controller configuration

 LAN Wizard—creating and configuring new WLAN(s) associated with the “default” ap-group

 License Wizard—installation and activation of software licenses

In addition to the wizards, the WebUI includes a Dashboard monitoring feature that provides enhanced visibility into your wireless network’s performance and usage. This allows you to easily locate and diagnose WLAN issues. For details on the WebUI Dashboard, see Chapter 13, “Dashboard Monitoring” on page339.

CLI

The CLI is a text-based interface accessible from a local console connected to the serial port on the controller or through a Telnet or Secure Shell (SSH) session.

NOTE: By default, you access the CLI from the serial port or from an SSH session. You must explicitly enable Telnet on your controller in order to access the CLI via a Telnet session.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide About this Guide | 45

Page 46

When entering commands remember that:

 commands are not case sensitive

 the space bar will complete your partial keyword

 the backspace key will erase your entry one letter at a time

 the question mark ( ? ) will list available commands and options

Conventions

The following conventions are used throughout this manual to emphasize important concepts:

Table 1 Typographical Conventions

Type Style Description

Italics This style is used to emphasize important terms and to mark the titles of books.

System items This fixed-width font depicts the following:

 Sample screen output  System prompts  Filenames, software devices, and specific commands when mentioned in the text

Commands In the command examples, this bold font depicts text that you must type exactly as shown.

<Arguments> In the command examples, italicized text within angle brackets represents items that you

[Optional] In the command examples, items enclosed in brackets are optional. Do not type the brackets.

{Item A | Item B} In the command examples, items within curled braces and separated by a vertical bar

The following informational icons are used throughout this guide:

should replace with information appropriate to your specific situation. For example:

# send <text message>

In this example, you would type “send” at the system prompt exactly as shown, followed by the text of the message you wish to send. Do not type the angle brackets.

represent the available choices. Enter only one choice. Do not type the braces or bars.

NOTE: Indicates helpful suggestions, pertinent information, and important things to remember.

CAUTION: Indicates a risk of damage to your hardware or loss of data.

46 | About this Guide Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 47

WARNING: Indicates a risk of personal injury or death.

Contacting Support

Table 2 Contacting Dell Support

Web Site

Main Website dell.com

Support Website support.dell.com

Documentation Website support.dell.com/manuals

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide About this Guide | 47

Page 48

48 | About this Guide Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 49

Chapter 1

The Basic User-Centric Networks

This chapter describes how to connect an Dell controller and Dell APs to your wired network. After completing the tasks described in this chapter, see “Access Points” on page107 for information on configuring APs.

This chapter describes the following topics:

 “Configuring the User-Centric Network” on page49

 “Deployment and Configuration Tasks” on page49

 “Configuring the Controller” on page52

 “Configuring a VLAN for Network Connection” on page53

 “Additional Configuration” on page57

Configuring the User-Centric Network

Configuring your controller and AP is done through either the Web User Interface (WebUI) or the command line interface (CLI).

 WebUI is accessible through a standard Web browser from a remote management console or workstation.

The WebUI includes configuration wizards that step you through easy-to-follow configuration tasks. Each wizard has embedded online help. The wizards are:

 AP Wizard—basic AP configuration s including LAN, Remote, LAN Mesh and Remote Mesh deployment

scenarios

 Controller Wizard—basic controller configuration including system settings, Control Plane security,

cluster settings and licenses

 WLAN/LAN Wizard—creating and configuring new WLANs and LANs associated with the “default” ap-

group. Includes campus only and remote networking.

 License Wizard—installation and activation of software licenses (see Chapter 34 on page651)

NOTE: Clicking Cancel from the Wizards return you to where you launched the wizard. Any configuration changes you entered are not saved.

 The command line interface (CLI) allows you to configure and manage controllers. The CLI is accessible

from a local console connected to the serial port on the controller or through a Telnet or Secure Shell (SSH) session from a remote management console or workstation.

NOTE: By default, you can only access the CLI from the serial port or from an SSH session. To use the CLI in a Telnet session, you must explicitly enable Telnet on the controller.

Deployment and Configuration Tasks

This section describes typical deployment scenarios and the tasks you must perform in connecting an Dell controller and Dell APs to your wired network. For details on performing the tasks mentioned in these scenarios, see the remaining sections within this chapter.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide The Basic User-Centric Networks | 49

Page 50

Deployment Scenario #1

Router is Default Gateway for controller and clients

In this deployment scenario, the APs and controller are on the same subnetwork and will use IP addresses assigned to the subnetwork. There are no routers between the APs and the controller. APs can be physically connected directly to the controller. The uplink port on the controller is connected to a layer-2 switch or router.

For this scenario, you must perform the following tasks:

1. Run the initial setup wizard.

 Set the IP address of VLAN 1.

 Set the default gateway to the IP address of the interface of the upstream router to which you will connect

the controller.

2. Connect the uplink port on the controller to the switch or router interface. By default, all ports on the controller are access ports and will carry traffic for a single VLAN.

3. Deploy APs. The APs will use the Aruba Discovery Protocol (ADP) to locate the controller.

Configure the SSID(s) with VLAN 1 as the assigned VLAN for all users.

Deployment Scenario #2

Floor 3 subnet

Floor 2 subnet

Floor 1 subnet

Controller is default gateway for clients

Data Center

In this deployment scenario, the APs and the controller are on different subnetworks and the APs are on multiple subnetworks. The controller acts as a router for the wireless subnetworks (the controller is the default gateway for the wireless clients). The uplink port on the controller is connected to a layer-2 switch or router; this port is an access port in VLAN 1.

50 | The Basic User-Centric Networks Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 51

For this scenario, you must perform the following tasks:

1. Run the initial setup wizard.

 Set the IP address for VLAN 1.

 Set the default gateway to the IP address of the interface of the upstream router to which you will connect

the controller.

2. Connect the uplink port on the controller to the switch or router interface.

3. Deploy APs. The APs will use DNS or DHCP to locate the controller.

4. Configure VLANs for the wireless subnetworks on the controller.

5. Configure SSIDs with the VLANs assigned for each wireless subnetwork.

NOTE: Each wireless client VLAN must be configured on the controller with an IP address. On the uplink switch or router, you must configure static routes for each client VLAN, with the controller’s VLAN 1 IP address as the next hop.

Deployment Scenario #3

Floor 3 subnet

Floor 2 subnet

Floor 1 subnet

Trunk port carries client traffic

Data Center

Router is default gateway for controller and clients

In this deployment scenario, the APs and the controller are on different subnetworks and the APs are on multiple subnetworks. There are routers between the APs and the controller. The controller is connected to a layer-2 switch or router through a trunk port that carries traffic for all wireless client VLANs. An upstream router functions as the default gateway for the wireless users.

NOTE: This deployment scenario does not use VLAN 1 to connect to the layer-2 switch or router through the trunk port. The initial setup prompts you for the IP address and default gateway for VLAN 1; use the default values. In later steps, you configure the appropriate VLAN to connect to the switch or router as well as the default gateway.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide The Basic User-Centric Networks | 51

Page 52

For this scenario, you must perform the following tasks:

1. Run the initial setup.

 Use the default IP address for VLAN 1. Since VLAN 1 is not used to connect to the layer-2 switch or router

through the trunk port, you must configure the appropriate VLAN in a later step.

 Do not specify a default gateway (use the default “none”). In a later step, you configure the default

gateway.

2. Create a VLAN that has the same VLAN ID as the VLAN on the switch or router to which you will connect the controller. Add the uplink port on the controller to this VLAN and configure the port as a trunk port.

3. Add client VLANs to the trunk port.

4. Configure the default gateway on the controller. This gateway is the IP address of the router to which you will connect the controller.

5. Configure the loopback interface for the controller.

6. Connect the uplink port on the controller to the switch or router interface.

7. Deploy APs. The APs will use DNS or DHCP to locate the controller.

8. Now configure VLANs on the controller for the wireless client subnetworks and configure SSIDs with the VLANs assigned for each wireless subnetwork.

Configuring the Controller

The tasks in deploying a basic user-centric network fall into two main areas:

 Configuring and connecting the controller to the wired network (described in this section)

 Deploying APs (described later in this section)

To connect the controller to the wired network:

1. Run the initial setup to configure administrative information for the controller.

Initial setup can be done using the browser-based Setup Wizard or by accessing the initial setup dialog via a serial port connection. Both methods are described in the Dell PowerConnect W-Series Quick Start Guide and are referred to throughout this chapter as “initial setup.”

2. (Deployment #3) Configure a VLAN to connect the controller to your network. You do not need to perform this step if you are using VLAN 1 to connect the controller to the wired network.

3. (Optional) Configure a loopback address for the controller. You do not need to perform this step if you are using the VLAN 1 IP address as the controller’s IP address. Disable spanning tree on the controller if necessary.

4. Configure the system clock.

5. (Optional) Install licenses; see Chapter 34, “Software Licenses” on page651.

6. Connect the ports on the controller to your network.

This section describes the steps in detail.

Running the Initial Setup

When you connect to the controller for the first time using either a serial console or a Web browser, the initial setup requires you to set the role (master or local) for the controller and passwords for administrator and configuration access.

NOTE: Do not connect the controller to your network when running the initial setup. The factory-default controller boots up with a default IP address and both DHCP server and spanning tree functions are not enabled. Once you have completed the initial setup, you can use either the CLI or WebUI for further configuration before connecting the controller to your network.

52 | The Basic User-Centric Networks Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 53

The initial setup might require that you specify the country code for the country in which the controller will operate; this sets the regulatory domain for the radio frequencies that the APs use.

NOTE: You cannot change the country code for controllers designated for certain countries, such as the U.S. Improper country code assignment can disrupt wireless transmissions. Many countries impose penalties and sanctions for operators of wireless networks with devices set to improper country codes.

If none of the channels supported by the AP you are provisioning have received regulatory approval by the country whose country code you selected, the AP will revert to Air Monitor mode.

The initial setup requires that you configure an IP address for the VLAN 1 interface, which you can use to access and configure the controller remotely via an SSH or WebUI session. Configuring an IP address for the VLAN 1 interface ensures that there is an IP address and default gateway assigned to the controller upon completion of the initial setup.

Connecting to the Controller after Initial Setup

After you complete the initial setup, the controller reboots using the new configuration. (See the Dell PowerConnect W-Series Quick Start Guide for information about using the initial setup.) You can then connect to

and configure the controller in several ways using the administrator password you entered during the initial setup:

 You can continue to use the connection to the serial port on the controller to enter the command line

interface (CLI). (See Chapter 32, “Management Access” for information on how to access the CLI and enter configuration commands.)

 You can connect an Ethernet cable from a PC to an Ethernet port on the controller. You can then use one of

the following access methods:

 Use the VLAN 1 IP address to start an SSH session where you can enter CLI commands.

 Enter the VLAN 1 IP address in a browser window to start the WebUI.

 WebUi Wizards.

NOTE: This chapter and the user guide in general focus on CLI and standard WebUI configuration examples. However, basic controller configuration and WLAN/LAN creation can be completed using the alternative wizards from within the WebUI. If you wish to use a configuration wizard, navigate to Configuration > Wizards, click on the desired wizard, and follow the imbedded help instructions within the wizard.

Configuring a VLAN for Network Connection

You must follow the instructions in this section only if you need to configure a trunk port between the controller and another layer-2 switch (shown in “Deployment Scenario #3” on page51).

This section shows how to use both the WebUI and CLI for the following configurations (subsequent steps show how to use the WebUI only):

 Create a VLAN on the controller and assign it an IP address.

 Optionally, create a VLAN pool. A VLAN pool consists of two more VLAN IDs which are grouped together to

efficiently manage multi-controller networks from a single location. For example, policies and virtual application configurations map users to different VLANs which may exist at different controllers. This creates

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide The Basic User-Centric Networks | 53

Page 54

redundancy where one controller has to back up many other controllers. With the VLAN pool feature you can control your configuration globally.

CAUTION: VLAN pooling should not be used with static IP addresses.

 Assign to the VLAN the ports) that you will use to connect the controller to the network. (For example, the

uplink ports connected to a router are usually Gigabit ports.) In the example configurations shown in this section, a controller is connected to the network through its Gigabit Ethernet port 1/25.

 Configure the port as a trunk port.

 Configure a default gateway for the controller.

Creating and Updating a VLAN

You can create and update a single VLAN or bulk VLANS using the WebUI or the CLI. See “Creating and

Updating VLANs” on page59.

NOTE: In the WebUI configuration windows, clicking the Save Configuration button saves configuration changes so they are retained after the controller is rebooted. Clicking the Apply button saves changes to the running configuration but the changes are not retained when the controller is rebooted. A good practice is to use the Apply button to save changes to the running configuration and, after ensuring that the system operates as desired, click Save Configuration.

Viewing Existing VLAN IDs

Use the CLI to view VLAN IDs.

(host) #configure terminal Enter Configuration commands, one per line. End with CNTL/Z (host) (config) #show vlan

VLAN CONFIGURATION

-----------------VLAN Description Ports

---- ----------- ----1 Default FE1/0-3 FE1/6 GE1/8 2 VLAN0002 4 VLAN0004 12 VLAN0012 210 VLAN0210 212 VLAN0212 FE1/5 213 VLAN0213 FE1/4 1170 VLAN1170 FE1/7

Creating, Updating, and Deleting VLAN Pools

CAUTION: VLAN pooling should not be used with static IP addresses.

You can create, update, delete a VLAN pool using the WebUI or the CLI. See “Creating, Updating and Deleting

VLAN Pools” on page60.

Adding existing VLAN IDs to a VLAN Pool in the CLI

Use the CLI to add existing VLAN IDS to a pool.

54 | The Basic User-Centric Networks Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 55

(host) #configure terminal Enter Configuration commands, one per line. End with CNTL/Z (host) (config) #vlan-name mygroup pool (host) (config) #vlan mygroup 2,4,12 (host) (config) #

To confirm the VLAN pool status and mappings assignments, use the show vlan mapping command:

(host) (config) #show vlan mapping VLAN Name Pool Status VLAN IDs

--------- ----------- -------mygroup Enabled 2,4,12 group123 Disabled

Assigning and Configuring the Trunk Port

The following procedures configures a Gigabit Ethernet port as trunk port.

In the WebUI

1. Navigate to the Configuration > Network > Ports window on the WebUI.

2. In the Port Selection section, click the port that will connect the controller to the network. In this example, click port 25.

3. For Port Mode, select Trunk.

4. For Native VLAN, select VLAN 5 from the scrolling list, then click the left (<--) arrow.

5. Click Apply.

In the CLI

interface gigabitethernet 1/25 switchport mode trunk switchport trunk native vlan 5

To confirm the port assignments, use the show vlan command:

(host) (config) #show vlan

VLAN CONFIGURATION

-----------------VLAN Name Ports

---- ---- ----1 Default Fa1/0-23 Gig1/24 5 VLAN0005 Gig1/25

Configuring the Default Gateway

The following configurations assign a default gateway for the controller.

In the WebUI

1. Navigate to the Configuration > Network > IP > IP Routes window.

2. To add a new static gateway, click the Add button below the static IP address list.

a. In the IP Address field, enter an IP address in dotted-decimal format.

b. In the Cost field, enter a value for the path cost.

c. Click Add.

3. You can define a dynamic gateway using DHCP, PPPOE or a cell uplink interface. In the Dynamic section, click the DHCP, PPPoE or Cellular checkboxes to select one or more dynamic gateway options. If you select more than one dynamic gateway type, you must also define a cost for the route to each gateway. The controller will first attempt to obtain a gateway IP address using the option with the lowest cost. If the

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide The Basic User-Centric Networks | 55

Page 56

controller is unable to obtain a gateway IP address, it will then attempt to obtain a gateway IP address using the option with the next-lowest path cost.

4. Click Apply.

In the CLI

ip default-gateway <ipaddr>|{import cell|dhcp|pppoe}|{ipsec <name>} <cost>

Configuring the Loopback for the Controller

You must configure a loopback address if you are not using a VLAN ID address to connect the controller to the network (see “Deployment Scenario #3” on page51).

NOTE: After you configure or modify a loopback address, you must reboot the controller.

If configured, the loopback address is used as the controller’s IP address. If you do not configure a loopback address for the controller, the IP address assigned to the first configured VLAN interface IP address. Generally, VLAN 1 is configured first and is used as the controller’s IP address.

ArubaOS allows the loopback address to be part of the IP address space assigned to a VLAN interface. In the example topology, the VLAN 5 interface on the controller was previously configured with the IP address

10.3.22.20/24. The loopback IP address in this example is 10.3.22.220.

NOTE: Youconfigure the loopback address as a host address with a 32-bit netmask. The loopback address should be routable from all external networks.

Spanning tree protocol (STP) is enabled by default on the controller. STP ensures a single active path between any two network nodes, thus avoiding bridge loops. Disable STP on the controller if you are not employing STP in your network.

In the WebUI

1. Navigate to the Configuration > Network > Controller > System Settings window.

2. Enter the IP address under Loopback Interface.

3. On this window, you can also turn off spanning tree. Click No for Spanning Tree Enabled.

4. Click Apply at the bottom of the window (you might need to scroll down the window).

5. At the top of the window, click Save Configuration. Note that you must reboot the controller for the new IP address to take effect.

6. Navigate to the Maintenance > Controller > Reboot Controller window.

7. Click Continue.

In the CLI

interface loopback ip address 10.3.22.220 no spanning-tree write memory reload

The controller returns the following messages:

Do you really want to reset the system(y/n):

Enter y to reboot the controller or n to cancel.

56 | The Basic User-Centric Networks Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 57

System will now restart! ... Restarting system.

To verify that the controller is accessible on the network, ping the loopback address from a workstation on the network.

Configuring the System Clock

You can manually set the clock on the controller, or configure the controller to use a Network Time Protocol (NTP) server to synchronize its system clock with a central time source. For more information about setting the controller’s clock, see “Setting the System Clock” on page604.

Installing Licenses

ArubaOS consists of a base operating system with optional software modules that you can activate by installing license keys. If you use the Setup Wizard during the initial setup phase, you will have the opportunity to install software licenses at that time. See Chapter 34, “Software Licenses” on page651 for detailed information on Licenses.

Connecting the Controller to the Network

Connect the ports on the controller to the appropriately-configured ports on an L2 switch or router. Make sure that you have the correct cables and that the port LEDs indicate proper connections. See the Installation Guide for the controller for port LED and cable descriptions.

NOTE: In many deployment scenarios, an external firewall is situated between various Dell devices. Appendix B, “External

Firewall Configuration” describes the network ports that must be configured on the external firewall to allow proper operation

of the network.

To verify that the controller is accessible on the network:

 If you are using VLAN 1 to connect the controller to the network (“Deployment Scenario #2” on page50 and

“Deployment Scenario #3” on page51), ping the VLAN 1 IP address from a workstation on the network.

 If you created and configured a new VLAN (“Deployment Scenario #3” on page51), ping the IP address of

the new VLAN from a workstation on the network.

Additional Configuration

Wireless users can connect to the SSID but because you have not yet configured authentication, policies, or user roles, they will not have access to the network. Other chapters in the ArubaOS User Guide describe how to build upon this basic deployment to configure user roles, firewall policies, authentication, authentication servers, and other wireless features.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide The Basic User-Centric Networks | 57

Page 58

58 | The Basic User-Centric Networks Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 59

Chapter 2

Network Parameters

This chapter describes some basic network configuration on the controller. This chapter describes the following topics:

 “Configuring VLANs” on page59

 “Configuring Ports” on page63

 “About VLAN Assignments” on page65

 “Configuring Static Routes” on page72

 “Configuring the Loopback IP Address” on page72

 “Configuring the Controller IP Address” on page73

 “Configuring GRE Tunnels” on page74

Configuring VLANs

The controller operates as a layer-2 switch that uses a VLAN as a broadcast domain. As a layer-2 switch, the controller requires an external router to route traffic between VLANs. The controller can also operate as a layer-3 switch that can route traffic between VLANs defined on the controller.

You can configure one or more physical ports on the controller to be members of a VLAN. Additionally, each wireless client association constitutes a connection to a virtual port on the controller, with membership in a specified VLAN. You can place all authenticated wireless users into a single VLAN or into different VLANs, depending upon your network. VLANs can exist only inside the controller or they can extend outside the controller through 802.1q VLAN tagging.

You can optionally configure an IP address and netmask for a VLAN on the controller. The IP address is up when at least one physical port in the VLAN is up. The VLAN IP address can be used as a gateway by external devices; packets directed to a VLAN IP address that are not destined for the controller are forwarded according to the controller’s IP routing table.

Creating and Updating VLANs

You can create and update a single VLAN or bulk VLANs.

Using the WebUI

1. Navigate to the Configuration > Network > VLANs page.

2. Click Add a VLAN to create a new VLAN. (To edit an existing VLAN click Edit for the VLAN entry.) See

“Create a Bulk VLANs Using the WebUI” on page60 to create a range of VLANs.

3. In the VLAN ID field, enter a valid VLAN ID. (Valid values are from 1 to 4094, inclusive).

4. To add physical ports to the VLAN, select Port. To associate the VLAN with specific port-channels, select Port-Channel.

5. (Optional) Click the Wired AAA Profile drop-down list to assign an AAA profile to a VLAN. This wired AAA profile enables role-based access for wired clients connected to an untrusted VLAN or port on the controller.

Note that this profile will only take effect if the VLAN or port on the controller is untrusted. If you do not assign an wired AAA profile to the VLAN, the global wired AAA profile applies to traffic from untrusted wired ports.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide Network Parameters | 59

Page 60

6. If you selected Port in step 4, select the ports you want to associate with the VLAN from the Port Selection window.

-or-

If you selected Port-Channel in step 4, click the Port-Channel ID drop-down list, select the specific channel number you want to associate with the VLAN, then select the ports from the Port Selection window.

7. Click Apply.

Using CLI

(host) (config) #vlan <id> (host) (config) #interface fastethernet|gigabitethernet <slot>/<port> (host) (config-if) #switchport access vlan <id>

Create a Bulk VLANs Using the WebUI

1. To add multiple VLANs at one time, click Add Bulk VLANs.

2. In the VLAN Range pop-up window, enter a range of VLANs you want to create at once. For example, to add VLAN IDs numbered 200-300 and 302-350, enter 200-300, 302-350.

3. Click OK.

4. To add physical ports to a VLAN, click Edit next to the VLAN you want to configure and click the port in the Port Selection section.

5. Click Apply.

Using CLI

(host) (config) #vlan (host) (config) #vlan range 200-300,302-350

Creating, Updating and Deleting VLAN Pools

You can create, update and delete a VLAN pool.

Creating a VLAN pool Using the WebUI

The following configurations create a VLAN Pool named mygroup. VLAN IDs 2, 4 and 12 are then assigned to the VLAN pool mygroup.

1. Navigate to Configuration > Network > VLAN.

2. Select the VLAN Pool tab to open the VLAN Pool window.

3. Click Add.

4. In the VLAN Name field, enter a name that identifies this VLAN pool. Names must be between 1 and 32 characters; spaces are not allowed. The VLAN name can not be modified; choose the name carefully.

5. In the List of VLAN IDs field, enter the VLAN IDs you want to add to this pool. If you know the ID, enter each ID separated by a comma. Or, click the drop-down list to view the IDs then click the <-- arrow to add the ID to the pool..

CAUTION: VLAN pooling should not be used with static IP addresses.

6. You must add two or more VLAN IDs to create a pool.

7. When you finish adding all the IDs, click Add.

60 | Network Parameters Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 61

The VLAN pool along with its assigned IDs appears on the VLAN Pool window. If the pool is valid (it has two or more IDs assigned to it), its status is enabled. If you create a VLAN pool and add only one or no VLAN IDs, its status appears as disabled.

8. Click Apply.

9. At the top of the window, click Save Configuration.

Updating a VLAN Pool

1. On the VLAN Pool window, click Modify next to the VLAN name you want to edit.

2. Modify the list of VLAN IDs. Note that you can not modify the VLAN name.

3. Click Update.

4. Click Apply.

5. At the top of the window, click Save Configuration.

Deleting a VLAN Pool

1. On the VLAN Pool window, click Delete next to the VLAN name you want to delete. A prompt appears.

2. Click OK.

3. Click Apply.

4. At the top of the window, click Save Configuration.

Create a VLAN Pool Using CLI

The pool option allows you to create a VLAN pool consisting of two more VLAN IDs.

(host) #configure terminal Enter Configuration commands, one per line. End with CNTL/Z (host) (config) #vlan-name mygroup pool (host) (config) #

Viewing Existing VLAN IDs Using CLI

(host) #configure terminal Enter Configuration commands, one per line. End with CNTL/Z (host) (config) #show vlan

VLAN CONFIGURATION

-----------------VLAN Description Ports

---- ----------- ----1 Default FE1/0-3 FE1/6 GE1/8 2 VLAN0002 4 VLAN0004 12 VLAN0012 212 VLAN0212 FE1/5 213 VLAN0213 FE1/4 1170 VLAN1170 FE1/7 1170 VLAN1170 FE1/7

Adding Existing VLAN IDs Using CLI

The following example illustrates adding existing VLAN IDs to a VLAN pool:

(host) #configure terminal Enter Configuration commands, one per line. End with CNTL/Z (host) (config) #vlan-name mygroup pool (host) (config) #vlan mygroup 2,4,12 (host) (config) #

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide Network Parameters | 61

Page 62

To confirm the VLAN pool status and mappings assignments, use the show vlan mapping command:

(host) (config) #show vlan mapping VLAN Name Pool Status VLAN IDs

--------- ----------- -------mygroup Enabled 2,4,12 group123 Disabled

Add a Bandwidth Contract to the VLAN

Bandwidth contracts on a VLAN can limit broadcast and multicast traffic. ArubaOS includes an internal exception list to allow broadcast and multicast traffic using the VRRP, LACP, OSPF, PVST and STP protocols. To remove per-VLAN bandwidth contract limits on an additional broadcast or multicast protocol, add the MAC address for that broadcast/multicast protocol to the VLAN Bandwidth Contracts MAC Exception List.

The command in the example below adds the MAC address for CDP (Cisco Discovery Protocol) and VTP (Virtual Trunking Protocol to the list of protocols that are not limited by VLAN bandwidth contracts.

(host) (config) #vlan-bwcontract-explist mac 01:00:0C:CC:CC:CC

To show entries in the VLAN bandwidth contracts MAC exception list, use the show vlan-bwcontract-explist [internal] command:

(host) (config) #show vlan-bwcontract-explist internal

VLAN BW Contracts Internal MAC Exception List

--------------------------------------------MAC address

----------01:80:C2:00:00:00 01:00:0C:CC:CC:CD 01:80:C2:00:00:02 01:00:5E:00:82:11

Optimize VLAN Broadcast and Multicast Traffic

Broadcast and Multicast (BCMC) traffic from APs, remote APs, or distributions terminating on the same VLAN floods all VLAN member ports. This causes critical bandwidth wastage especially when the APs are connected to L3 cloud where the available bandwidth is limited or expensive. Suppressing the VLAN BCMC traffic to prevent flooding can result in loss of client connectivity.

To effectively prevent flooding of BCMC traffic on all VLAN member ports, use the bcmc-optimization parameter under the interface vlan command. This parameter ensures controlled flooding of BCMC traffic without compromising the client connectivity. By default this option is disabled. You must enable this parameter for the controlled flooding of BCMC traffic.

The bcmc-optimization parameter has the following exemptions:

 All DHCP traffic will continue to flood VLAN member ports even if the bcmc-optimization parameter is

enabled.

 The controller will do proxy ARP if the target IP entry exists on the controller. If the target IP does not exist

on the controller, ARP requests will be flooded on all VLAN member ports.

You can configure BCMC optimization in CLI and in the WebUI.

In the CLI

(host) (config) #interface vlan 1 (host) (config-subif)#bcmc-optimization (host) (config-subif)#show interface vlan 1

VLAN1 is up line protocol is up

62 | Network Parameters Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 63

Hardware is CPU Interface, Interface address is 00:0B:86:61:5B:98 (bia 00:0B:86:61:5B:98)

Description: 802.1Q VLAN Internet address is 10.17.22.1 255.255.255.0 Routing interface is enable, Forwarding mode is enable

Directed broadcast is disabled, BCMC Optimization enable

Encapsulation 802, loopback not set MTU 1500 bytes Last clearing of "show interface" counters 12 day 1 hr 4 min 12 sec link status last changed 12 day 1 hr 2 min 21 sec

Proxy Arp is disabled for the Interface

In the WebUI

1. Navigate to Configuration > Network > IP.

2. In the IP Interfaces tab, click the Edit button of the VLAN for configuring BCMC optimization.

3. Select Enable BCMC check box to enable BCMC Optimization for the selected VLAN.

Figure 1 Enable BCMC Optimization

Configuring Ports

Both Fast Ethernet and Gigabit Ethernet ports can be set to access or trunk mode. By default, a port is in access mode and carries traffic only for the VLAN to which it is assigned. In trunk mode, a port can carry traffic for multiple VLANs.

For a trunk port, specify whether the port will carry traffic for all VLANs configured on the controller or for specific VLANs. You can also specify the native VLAN for the port. A trunk port uses 802.1q tags to mark frames for specific VLANs, However, frames on a native VLAN are not tagged.

Classifying Traffic as Trusted or Untrusted

You can classify wired traffic based not only on the incoming physical port and channel configuration but also on the VLAN associated with the port and channel.

About Trusted and Untrusted Physical Ports

By default, physical ports on the controller are trusted and are typically connected to internal networks while untrusted ports connect to third-party APs, public areas, or other networks to which access controls can be applied. When you define a physical port as untrusted, traffic passing through that port needs to go through a predefined access control list policy.

About Trusted and Untrusted VLANs

You can also classify traffic as trusted or untrusted based on the VLAN interface and port/channel. This means that wired traffic on the incoming port is trusted only when the port’s associated VLAN is also trusted, otherwise the traffic is untrusted. When a port and its associated VLANs are untrusted, any incoming and outgoing traffic

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide Network Parameters | 63

Page 64

must pass through a predefined ACL. For example, this setup is useful if your company provides wired user guest access and you want guest user traffic to pass through an ACL to connect to a captive portal.

You can set a range of VLANs as trusted or untrusted in trunk mode. The following table lists the port, VLAN and the trust/untrusted combination to determine if traffic is trusted or untrusted. both the port and the VLAN have to be configured as trusted for traffic to be considered as trusted. If the traffic is classified as untrusted then traffic must pass through the selected session access control list and firewall policies.

Table 3 Classifying Trusted and Untrusted Traffic

Port VLAN Traffic Status

Trusted Trusted Trusted

Untrusted Untrusted Untrusted

Untrusted Trusted Untrusted

Trusted Untrusted Untrusted

Configuring Trusted/Untrusted Ports and VLANs

You can configure an Ethernet port as an untrusted access port, assign VLANs and make them untrusted, and designate a policy through which VLAN traffic on this port must pass.

Using WebUI

1. Navigate to the Configuration > Network > Ports window.

2. In the Port Selection section, click the port you want to configure.

3. In the Make Port Trusted section, clear the Trusted check box to make the port untrusted. The default is trusted (checked).

4. In the Port Mode section, select Access.

5. From the VLAN ID drop-down list select the VLAN ID whose traffic will be carried by this port.

6. In the Enter VLAN(s) section, clear the Trusted check box to make the VLAN untrusted. The default is trusted (checked).

7. In the VLAN Firewall Policy drop-down list, select the policy through which VLAN traffic must pass. You can select a policy for both trusted and untrusted VLANs.

8. From the Firewall Policy section, select the policy from the in drop-down list through which inbound traffic on this port must pass.

9. Select the policy from the out drop-down list through which outbound traffic on this port must pass.

10. To apply a policy to this session’s traffic on this port and VLAN, select the policy from the session drop-down list.

11. Click Apply.

Using CLI

(host) (config) #interface range fastethernet 1/2 (host) (config-if)#switchport mode access (host) (config-if)#no trusted (host) (config-if)#switchport access vlan 2 (host) (config-if)#no trusted vlan 2 (host) (config-if)#ip access-group ap-acl session vlan 2 (host) (config-if)#ip access-group validuserethacl in (host) (config-if)#ip access-group validuserethacl out (host) (config-if)#ip access-group validuser session

64 | Network Parameters Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 65

Configure Trusted/Untrusted Ports and VLANs in Trunk Mode

The following procedures configure a range of Ethernet ports as untrusted native trunks ports, assign VLANs and make them untrusted and designate a policy through which VLAN traffic on the ports must pass.

Using the WebUI

1. Navigate to the Configuration > Network > Ports window.

2. In the Port Selection section, click the port you want to configure.

3. For Port Mode select Trunk.

4. To specify the native VLAN, select a VLAN from the Native VLAN drop-down list and click the <-- arrow.

5. Choose one of the following options to control the type of traffic the port carries:

 Allow All VLANS Except– The port carries traffic for all VLANs except the ones from this drop-down list.

 Allow VLANs – The port carries traffic for all VLANs selected from this drop-down list.

 Remove VLANs – The port does not carry traffic for any VLANs selected from this drop-down list.

6. To designate untrusted VLANs on this port, click Trusted except. In the corresponding VLAN field enter a range of VLANs that you want to make untrusted. (In this format, for example: 200-300, 401-500 and so on). Only VLANs listed in this range are untrusted. Or, to make only one VLAN untrusted, select a VLAN from the drop-down menu.

7. To designate trusted VLANs on this port, click Untrusted except. In the corresponding VLAN field enter a range of VLANs that you want to make trusted. (In this format, for example: 200-300, 401-500 and so on). Only VLANs listed in this range are trusted. Or, to make only one VLAN trusted, select a VLAN from the drop-down menu.

8. To remove a VLAN, click the Remove VLANs option and select the VLAN you want to remove from the dropdown list and click the left arrow to add it to the list.

9. To designate the policy through which VLAN traffic must pass, click New under the Session Firewall Policy field.

10. Enter the VLAN ID or select it from the associated drop-down list. Then select the policy, through which the VLAN traffic must pass, from the Policy drop-down list and click Add. Both the selected VLAN and the policy appear in the Session Firewall Policy field.

11. When you are finished listing VLAN and policies, click Cancel.

12. Click Apply.

Using CLI

(host) (config) #interface fastethernet 2/0 (host) (config-if)#description FE2/ (host) (config-if)#trusted vlan 1-99,101, 104, 106-199, 201-299 (host) (config-range)# switchport mode trunk (host) (config-if)#switchport trunk native vlan 100 (host) (config-range)# ip access-group (host) (config-range)# ip access-group test session vlan 2

About VLAN Assignments

A client is assigned to a VLAN by one of several methods. There is an order of precedence by which VLANs are assigned. The assignment of VLANs are (from lowest to highest precedence):

1. The default VLAN is the VLAN configured for the WLAN (see “Virtual AP Profiles” on page139).

2. Before client authentication, the VLAN can be derived from rules based on client attributes (SSID, BSSID, client MAC, location, and encryption type). A rule that derives a specific VLAN takes precedence over a rule that derives a user role that may have a VLAN configured for it.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide Network Parameters | 65

Page 66

3. After client authentication, the VLAN can be the VLAN configured for a default role for an authentication method, such as 802.1x or VPN.

4. After client authentication, the VLAN can be derived from attributes returned by the authentication server (server-derived rule). A rule that derives a specific VLAN takes precedence over a rule that derives a user role that may have a VLAN configured for it.

5. After client authentication, the VLAN can be derived from Microsoft Tunnel attributes (Tunnel-Type, Tunnel Medium Type, and Tunnel Private Group ID). All three attributes must be present. This does not require any server-derived rule.

6. After client authentication, the VLAN can be derived from Vendor Specific Attributes (VSA) for RADIUS server authentication. This does not require any server-derived rule. If a VSA is present, it overrides any previous VLAN assignment.

How a VLAN Obtains its IP Address

A VLAN on the controller obtains its IP address in one of the following ways:

 Manually configured by the network administrator. This is the default method and is described in “Assigning

a Static Address to a VLAN” on page66. At least one VLAN on the controller must be assigned a static IP

address.

 Dynamically assigned from a Dynamic Host Configuration Protocol (DHCP) or Point-to-Point Protocol over

Ethernet (PPPoE) server.

Assigning a Static Address to a VLAN

You can manually assign a static IP address to a VLAN on the controller. At least one VLAN on the controller must be assigned a static IP address.

Using the WebUI

1. Navigate to the Configuration > Network > IP > IP Interfaces page on the WebUI. Click Edit for the VLAN you just added.

2. Select the Use the following IP address option. Enter the IP address and network mask of the VLAN interface. If required, you can also configure the address of the DHCP server for the VLAN by clicking Add.

3. Click Apply.

Using CLI

interface vlan <id> ip address <address> <netmask>

Configuring a VLAN to Receive a Dynamic Address

In a branch office, you can connect a controller to an uplink switch or server that dynamically assigns IP addresses to connected devices. For example, the controller can be connected to a DSL or cable modem, or a broadband remote access server (BRAS). shows a branch office where a controller connects to a cable modem. VLAN 1 has a static IP address, while VLAN 2 has a dynamic IP address assigned via DHCP or PPPoE from the uplink device.

Figure 2 IP Address Assignment to VLAN via DHCP or PPPoE

VLAN 1

To Local Network

66 | Network Parameters Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Controller

VLAN 2

To Internet

Cable Modem or BRAS

Page 67

Configuring Multiple Wired Uplink Interfaces (Active-Standby)

You can assign up to four VLAN interfaces to operate in active-standby topology. An active-standby topology provides redundancy so that when an active interface fails, the user traffic can failover to the standby interface.

To allow the controller to obtain a dynamic IP address for a VLAN, enable the DHCP or PPPoE client on the controller for the VLAN.

The following restrictions apply when enabling the DHCP or PPPoE client on the controller:

 You can enable the DHCP/PPPoE client multiple uplink VLAN interfaces (up to four) on the controller; these

VLANs cannot be VLAN 1.

 Only one port in the VLAN can be connected to the modem or uplink switch.

 At least one interface in the VLAN must be in the up state before the DHCP/PPPoE client requests an IP

address from the server.

Enabling the DHCP Client

The DHCP server assigns an IP address for a specified amount of time called a lease. The controller automatically renews the lease before it expires. When you shut down the VLAN, the DHCP lease is released.

Using the WebUI

1. Navigate to the Configuration > Network > IP > IP Interfaces page.

2. Click Edit for a previously-created VLAN.

3. Select Obtain an IP address from DHCP.

4. Enter a priority value for the VLAN ID in the Uplink Priority field. By default, all wired uplink interfaces have the same priority. If you want to use an active-standby topology then prioritize each uplink interfaces by entering a different priority value (1– 4) for each uplink interface.

Figure 3 Assigning VLAN uplink priority—Active-Standby configuration

5. Click Apply.

Using the CLI

In this example, the DHCP client has the client ID name myclient and the interface VLAN 62 has an uplink priority of 2.

interface vlan 62 uplink wired vlan 62 priority 3

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide Network Parameters | 67

Page 68

interface vlan 62 ip address dhcp-client client-id myclient

Enabling the PPPoE Client

To authenticate to the BRAS and request a dynamic IP address, the controller must have the following configured:

 PPPoE user name and password to connect to the DSL network

 PPPoE service name — either an ISP name or a class of service configured on the PPPoE server

When you shut down the VLAN, the PPPoE session terminates.

Using the WebUI

1. Navigate to the Configuration > Network > IP > IP Interfaces page.

2. Click Edit for a previously-created VLAN.

3. Select Obtain an IP address with PPPoE.

4. Enter the service name, username, and password for the PPPoE session.

5. Enter a priority value for the VLAN ID in the Uplink Priority field. By default, all wired uplink interfaces have the same priority. If you want to use an active-standby topology then prioritize each uplink interfaces by entering a different priority value (1– 4) for each uplink interface.

6. Click Apply.

Using CLI

In this example, a PPoE service name, username and password are assigned. The interface VLAN 14 has an uplink priority of 3.

interface vlan 14 ip address pppoe interface vlan 14 ip pppoe-service-name <service_name> interface vlan 14 ip pppoe-username <username> interface vlan 14 ip pppoe-password ***** uplink wired vlan 14 priority 3

Default Gateway from DHCP/PPPoE

You can specify that the router IP address obtained from the DHCP or PPPoE server be used as the default gateway for the controller.

Using the WebUI

1. Navigate to the Configuration > Network > IP > IP Routes page.

2. For Default Gateway, select (Obtain an IP address automatically).

3. Select Apply.

Using CLI

ip default-gateway import

Configuring DNS/WINS Server from DHPC/PPPoE

The DHCP or PPPoE server can also provide the IP address of a DNS server or NetBIOS name server, which can be passed to wireless clients through the controller’s internal DHCP server.

68 | Network Parameters Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 69

For example, the following configures the DHCP server on the controller to assign addresses to authenticated employees; the IP address of the DNS server obtained by the controller via DHCP/PPPoE is provided to clients along with their IP address.

Using the WebUI

1. Navigate to the Configuration > Network > IP > DHCP Server page.

2. Select Enable DCHP Server.

3. Under Pool Configuration, select Add.

4. For Pool Name, enter employee-pool.

5. For Default Router, enter 10.1.1.254.

6. For DNS Servers, select Import from DHCP/PPPoE.

7. For WINS Servers, select Import from DHCP/PPPoE.

8. For Network, enter 10.1.1.0 for IP Address and 255.255.255.0 for Netmask.

9. Click Done.

Using CLI

ip dhcp pool employee-pool default-router 10.1.1.254 dns-server import netbios-name-server import network 10.1.1.0 255.255.255.0

Configuring Source NAT to Dynamic VLAN Address

When a VLAN interface obtains an IP address through DHCP or PPPoE, a NAT pool (dynamic-srcnat) and a session ACL (dynamic-session-acl) are automatically created which reference the dynamically-assigned IP addresses. This allows you to configure policies that map private local addresses to the public address(es) provided to the DHCP or PPPoE client. Whenever the IP address on the VLAN changes, the dynamic NAT pool address also changes to match the new address.

For example, the following rules for a guest policy deny traffic to internal network addresses. Traffic to other (external) destinations are source NATed to the IP address of the DHCP/PPPoE client on the controller.

Using the WebUI

1. Navigate to the Configuration > Security > Access Control > Policies page. Click Add to add the policy guest.

2. To add a rule, click Add.

a. For Source, select any.

b. For Destination, select network and enter 10.1.0.0 for Host IP and 255.255.0.0 for Mask.

c. For Service, select any.

d. For Action, select reject.

e. Click Add.

3. To add another rule, click Add.

a. Leave Source, Destination, and Service as any.

b. For Action, select src-nat.

c. For NAT Pool, select dynamic-srcnat.

d. Click Add.

4. Click Apply.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide Network Parameters | 69

Page 70

Using CLI

ip access-list session guest any network 10.1.0.0 255.255.0.0 any deny any any any src-nat pool dynamic-srcnat

Configuring Source NAT for VLAN Interfaces

The example configuration in the previous section illustrates how to configure source NAT using a policy that is applied to a user role. You can also enable source NAT for a VLAN interface to cause NAT to be performed on the source address for all traffic that exits the VLAN.

Packets that exit the VLAN are given a source IP address of the “outside” interface, which is determined by the following:

 If you configure “private” IP addresses for the VLAN, the controller is assumed to be the default gateway for

the subnetwork. Packets that exit the VLAN are given the IP address of the controller for their source IP address.

 If the controller is forwarding the packets at Layer-3, packets that exit the VLAN are given the IP address of

the next-hop VLAN for their source IP address.

Example Configuration

In the following example, the controller operates within an enterprise network. VLAN 1 is the outside VLAN. Traffic from VLAN 6 is source NATed using the IP address of the controller. In this example, the IP address assigned to VLAN 1 is used as the controller’s IP address; thus traffic from VLAN 6 would be source NATed to

66.1.131.5.

Figure 4 Example: Source NAT using Controller IP Address

Private IP addresses:

192.168.2.1/24

VLAN 6

Inside

Public IP addresses: 66.1.131.5/ 24

VLAN 1

Outside

Using the WebUI

1. Navigate to the Configuration > Network > VLANs page. Click Add to configure VLAN 6 (VLAN 1 is configured through the Initial Setup).

a. Enter 6 for the VLAN ID.

b. Click Apply.

2. Navigate to the Configuration > Network > IP > IP Interfaces page.

3. Click Edit for VLAN 6:

a. Select Use the following IP address.

b. Enter 192.168.2.1 for the IP Address and 255.255.255.0 for the Net Mask.

c. Select the Enable source NAT for this VLAN checkbox.

4. Click Apply.

70 | Network Parameters Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 71

Using CLI

interface vlan 1 ip address 66.1.131.5 255.255.255.0 interface vlan 6 ip address 192.168.2.1 255.255.255.0 ip nat inside ip default-gateway 66.1.131.1

Inter-VLAN Routing

On the controller, you can map a VLAN to a layer-3 subnetwork by assigning a static IP address and netmask or by configuring a DHCP or PPPoE server to provide a dynamic IP address and netmask to the VLAN interface. The controller, acting as a layer-3 switch, routes traffic between VLANs that are mapped to IP subnetworks; this forwarding is enabled by default.

In Figure 5, VLAN 200 and VLAN 300 are assigned the IP addresses 2.1.1.1/24 and 3.1.1.1/24, respectively. Client A in VLAN 200 is able to access server B in VLAN 300 and vice versa, provided that there is no firewall rule configured on the controller to prevent the flow of traffic between the VLANs.

Figure 5 Default Inter-VLAN Routing

Client A Server B

VLAN 200

VLAN 300

You can optionally disable layer-3 traffic forwarding to or from a specified VLAN. When you disable layer-3 forwarding on a VLAN, the following restrictions apply:

 Clients on the restricted VLAN can ping each other, but cannot ping the VLAN interface on the controller.

Forwarding of inter-VLAN traffic is blocked.

 IP mobility does not work when a mobile client roams to the restricted VLAN. You must ensure that a mobile

client on a restricted VLAN is not allowed to roam to a non-restricted VLAN. For example, a mobile client on a guest VLAN should not be able to roam to a corporate VLAN.

To disable layer-3 forwarding for a VLAN configured on the controller:

Using the WebUI to restrict VLAN routing

1. Navigate to the Configuration > Network > IP > IP Interface page.

2. Click Edit for the VLAN for which routing is to be restricted.

3. Configure the VLAN to either obtain an IP address dynamically (via DHCP or PPPoE) or to use a static IP address and netmask.

4. Deselect (uncheck) the Enable Inter-VLAN Routing checkbox.

5. Click Apply.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide Network Parameters | 71

Page 72

Using CLI

interface vlan <id> ip address {<ipaddr> <netmask>|dhcp-client|pppoe} no ip routing

Configuring Static Routes

To configure a static route (such as a default route) on the controller, do the following:

Using the WebUI

1. Navigate to the Configuration > Network > IP > IP Routes page.

2. Click Add to add a static route to a destination network or host. Enter the destination IP address and network mask (255.255.255.255 for a host route) and the next hop IP address.

3. Click Done to add the entry. Note that the route has not yet been added to the routing table.

4. Click Apply to add this route to the routing table. The message Configuration Updated Successfully confirms that the route has been added.

Using CLI

ip route <address> <netmask> <next_hop>

Configuring the Loopback IP Address

The loopback IP address is a logical IP interface that is used by the controller to communicate with APs. The loopback address is used as the controller’s IP address for terminating VPN and GRE tunnels, originating requests to RADIUS servers and accepting administrative communications. You configure the loopback address as a host address with a 32-bit netmask. The loopback address is not bound to any specific interface and is operational at all times. To use this interface, ensure that the IP address is reachable through one of the VLAN interfaces. It should be routable from all external networks.

You must configure a loopback address if you are not using VLAN1 to connect the controller to the network. If the loopback interface address is not configured then the first configured VLAN interface address is selected. Generally, VLAN 1 is the factory default setting and thus becomes the controller IP address

Using the WebUI

1. Navigate to the Configuration > Network > Controller > System Settings page and locate the Loopback Interface section.

2. Modify the IP Address as required.

3. Click Apply.

CAUTION: If you are using the loopback IP address to access the WebUI, changing the loopback IP address will result in loss of connectivity. Dell recommends that you use one of the VLAN interface IP addresses to access the WebUI.

4. Navigate to the Maintenance > Controller > Reboot Controller page to reboot the controller to apply the change of loopback IP address.

5. Click Continue to save the configuration.

72 | Network Parameters Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 73

6. When prompted that the changes were written successfully to flash, click OK.

7. The controller boots up with the changed loopback IP address.

Using CLI

interface loopback ip address <address> write memory

Using the CLI to reboot the controller

Enter the following command in Enable mode:

reload

Configuring the Controller IP Address

The Controller IP address is used by the controller to communicate with external devices such as APs.

You can set the Controller IP address to the loopback interface address or to an existing VLAN ID address. This allows you to force the controller IP address to be a specific VLAN interface or loopback address across multiple machine reboots. Once you configure an interface to be the controller IP address, that interface address cannot be deleted until you remove it from the controller IP configuration.

If the controller IP address is not configured then the controller IP defaults to the current loopback interface address. If the loopback interface address is not configured then the first configured VLAN interface address is selected. Generally, VLAN 1 is the factory default setting and thus becomes the controller IP address.

Using the WebUI

1. Navigate to the Configuration > Network > Controller > System Settings page.

2. Locate the Controller IP Details section.

3. Select the address you want to set the Controller IP to from the VLAN ID drop-down menu. This list only contains VLAN IDs that have statically assigned IP addresses. If a loopback interface IP address has been previously configured then it will also appear in this list. Dynamically assigned IP addresses, for example DHCP/PPPOE do not display.

4. Click Apply.

NOTE: Any change in the controller’s IP address requires a reboot.

5. Navigate to the Maintenance > Controller > Reboot Controller page to reboot the controller to apply the change of controller IP address.

6. Click Continue to save the configuration.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide Network Parameters | 73

Page 74

7. When prompted that the changes were written successfully to flash, click OK.

8. The controller boots up with the changed controller IP address. of the selected VLAN ID.

Using CLI

(host) (config) #controller-ip [loopback|vlan <VLAN ID>]

Configuring GRE Tunnels

A controller supports generic routing encapsulation (GRE) tunnels between the controller and APs. An AP opens a GRE tunnel to the controller for each radio interface. On the AP, the other end of the GRE tunnel is specified by the IP address configured variable values (in descending order of priority) <master>, <servername>, and <serverip>. If these variable are left to default values, the AP uses DNS to look up aruba-master to discover the IP address of the controller.

The controller also supports GRE tunnels between the controller and other GRE-capable devices. This section describes how to configure a GRE tunnel to such a device and how to direct traffic into the tunnel.

NOTE: The controller uses GRE tunnels for communications between master and local controllers; these GRE tunnels are automatically created and are not subject to the configuration described in this section.

Creating a Tunnel Interface

To create a GRE tunnel on the controller, you need to specify the following:

 Tunnel ID: this can be a number between 1 and 2147483647.

 IP address and netmask for the tunnel.

 Tunnel source: the local endpoint for the tunnel on the controller. This can be one of the following:

 Loopback address of the controller

 A specified IP address

 A specified VLAN

 Tunnel destination: the IP address of the remote endpoint of the tunnel on the other GRE device.

Using the WebUI

1. Navigate to the Configuration > Network > IP > GRE Tunnels page.

2. Click Add.

3. Enter the tunnel ID.

4. Enter the IP address and netmask for the tunnel.

5. Select (check) Enabled to enable the tunnel interface.

6. Select the tunnel source, if it is not the loopback address of the controller. If you select IP Address, enter the IP address for the tunnel source. If you select VLAN, select the ID of the VLAN.

7. Enter the IP address of the tunnel destination.

8. Click Apply.

74 | Network Parameters Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 75

Using CLI

interface tunnel <id> tunnel mode gre <num> <ip> ip address <ipaddr> <netmask> no shutdown tunnel source {<ipaddr>| loopback | vlan <vlan>} tunnel destination <ipaddr>

Directing Traffic into the Tunnel

You can direct traffic into the tunnel by configuring one of the following:

 Static route, which redirects traffic to the IP address of the tunnel

 Firewall policy (session-based ACL), which redirects traffic to the specified tunnel ID

Static Routes

You can configure a static route that specifies the IP address of a tunnel as the next-hop for traffic for a specific destination. See “Configuring Static Routes” on page72 for descriptions of how to configure a static route.

Firewall Policy

You can configure a firewall policy rule to redirect selected traffic into a tunnel.

Traffic redirected by a firewall policy rule is not forwarded to a tunnel that is “down” (see “Tunnel Keepalives” on

page75 for more information on how GRE tunnel status is determined). If you have more than one GRE tunnel

configured, you can create multiple firewall policy rules with each rule redirecting the same traffic to different tunnels. If the tunnel in the first traffic redirect rule is down, then the tunnel in the subsequent traffic redirect rule is used instead.

WebUI

1. Navigate to the Configuration > Security > Access Control > Policies page.

2. Click Add to create a new firewall policy, or click Edit to edit a specific policy.

3. Click Add to create a new policy rule.

4. Configure the Source, Destination, and Service for the rule.

5. For Action, select redirect to tunnel. Enter the tunnel ID.

6. Configure any additional options, and click Add.

7. Click Apply.

CLI

ip access-list session <name> <source> <destination> <service> redirect tunnel <id>

Tunnel Keepalives

The controller can determine the status of a GRE tunnel by sending periodic keepalive frames on the tunnel. If you enable tunnel keepalives, the tunnel is considered to be “down” if there is repeated failure of the keepalives. If you configured a firewall policy rule to redirect traffic to the tunnel, traffic is not forwarded to the tunnel until it is “up”. When the tunnel comes up or goes down, an SNMP trap and logging message is generated. The remote endpoint of the tunnel does not need to support the keepalive mechanism.

By default, the controller sends keepalive frames at 60-second intervals and retries keepalives up to three times before the tunnel is considered to be down. You can reconfigure the intervals from the default. For the interval, specify a value between 1-86400 seconds. For the retries, specify a value between 0-1024.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide Network Parameters | 75

Page 76

Using the WebUI

1. Navigate to the Configuration > Network > IP > GRE Tunnels page.

2. Click Edit for the tunnel for which you are enabling tunnel keepalives.

3. Select (check) Enable Heartbeats to enable tunnel keepalives and display the Heartbeat Interval and Heartbeat Retries fields.

4. Enter values for Heartbeat Interval and Heartbeat Retries.

5. Click Apply.

Using CLI

interface tunnel id

tunnel keepalive [<interval> <retries>]

76 | Network Parameters Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 77

Chapter 3

RF Plan

RF Plan is a wireless deployment modeling tool that helps you design an efficient Wireless Local Area Network (WLAN) that optimizes coverage and performance, without complicated WLAN network setup. RF Plan provides the following critical functionality:

 Defines WLAN coverage.

 Defines WLAN environment security coverage.

 Assesses equipment requirements.

 Optimizes radio resources.

RF Plan provides a view of each floor, allowing you to specify how you want to provide wireless coverage for each area. RF Plan also generates coverage maps with AP and AM placement.

Unlike other static site survey tools that require administrators to have intricate knowledge of building materials and other potential radio frequency (RF) hazards, RF Plan calibrates coverage in real-time through a sophisticated RF calibration algorithm. This real-time calibration lets you characterize the indoor propagation of RF signals to determine the best channel and transmission power settings for each AP. You can program the calibration to occur automatically or you can manually launch the calibration at any time to quickly adapt to changes in your wireless environment.

This chapter discusses the following topics:

 “Supported Planning” on page77

 “Before You Begin” on page78

 “Launching the RF Plan” on page79

 “Using the FQLN Mapper in the AP Provision Page” on page100

 “RF Plan Example” on page101

Supported Planning

All the features included in the WebUI RF Plan tool will aide you in the planning 802.11n standard compliant deployments.

This WebUI RF Plan supports planning of the following types of deployments:

 802.11n Deployments—The RF Plan now supports planning of network environments that use the Dell’s AP-

12x series of indoor access points, which are 802.11n compliant. RF Plan supports the planning of these APs in the following capacity: 802.11a/n, 802.11b/g/n, or 802.11a/b/g/n.

 802.11n Hotspot Deployment within an Existing Environment—This type of environment requires that AP/

AM locations be fixed at the building level, see “Fix All Suggested AP/AMs” on page96. If you set and fix the location of APs prior to planning for the 802.11n APs, the APs will not move when you initialize/optimize the

802.11n AP locations.

 802.11n Hotspot Deployment and New Environment—The RF Plan allows you to plan for a new

deployment that uses an 802.11n hotspot and 802.11a and/or 802.11 b/g support outside of the hotspot.

To plan for this type of deployment, start by planning your 802.11n hotspot. When you initialize and optimize the APs planned for the hotspot, the 802.11n APs are placed within the hotspot area. However, the same AP type will also be placed outside of the hotspot area with 802.11n support disabled.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide RF Plan | 77

Page 78

RF Plan will deploy APs outside of the hotspot area based on the 802.11a and/or 802.11b/g rates defined by the system. For the system to define 802.11a and/or 802.11b/g rates, the system looks at the defined 802.11n rate and the distance covered by the defined rate; it then selects corresponding 802.11a and/or 802.11b/g rates based on the distance covered.

Before You Begin

Review the following steps to create a building model and plan the WLAN for your model.

Task Overview

1. Gather information about your building’s dimensions and floor plan.

2. Determine the level of coverage you want for your APs and AMs.

3. Create a new building and add its dimensions.

4. Enter the parameters of your AP coverage.

5. Enter the parameters of your AM coverage.

6. Add floors to your building and import the floor plans.

7. Define special areas.

8. Generate suggested AP and AM tables by executing the AP/AM Plan features.

Planning Requirements

You should collect the following information before using RF Plan. Having this information readily available will expedite your planning efforts.

 Building dimensions

 Number of floors

 Distance between floors

 Number of users and number of users per AP

 Radio type(s)

 Overlap Factor

 Desired data rates for APs

 Desired monitoring rates for AMs

 Areas of your building(s) that you do not necessarily want coverage

 Areas of your building(s) where you do not want or cannot deploy an AP or AM

 Areas of your building(s) where you want to deploy an 802.11n Hotspot (Zone)

 Any area where you want to deploy a fixed AP or AM

Use the worksheets (Table 4, Table 5, and Table 6) to collect your information:

Table 4 Planning Worksheet - Building Dimensions

Building Dimensions

Height:

Width:

Number of Floors:

Number of Users:

Users per AP:

78 | RF Plan Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 79

Table 4 Planning Worksheet - Building Dimensions (Continued)

Building Dimensions

Radio Types:

AP Type:

Overlap Factor:

802.11a Desired Rate:

802.11n (HT) Support:

Use 40 MHz Channel Spacing:

802.11n Desired Rate:

Table 5 Planning Worksheet - AP Desired Rates (2.4 GHz Radio Properties)

AP Desired Rates (2.4 GHz Radio Properties)

802.11b/g Desired Rate:

802.11n (HT) Support:

Use 40 MHz Channel Spacing:

802.11n Desired Rate:

Table 6 Planning Worksheet - AM Desired Rates

AM Desired Rates

802.11b|g:

802.11a:

Don’t Care/Don’t Deploy Areas

802.11n Hotspot (Zone) Areas

NOTE: If 802.11n (HT) support is enabled, the system will automatically define the 802.11a and/or 802.11b/g rate as applicable. For

details, see “Radio Properties (Desired Rates and HT Support Options)” on page 86.

Launching the RF Plan

This section describes how to launch the RF Plan and enter information in RF Plan windows.

To launch RF Plan from the WebUI, click the Plan tab in the WebUI menu bar. When you launch the RF Plan, the browser window displays the Campus List page.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide RF Plan | 79

Page 80

Campus List Page

The Campus List is the first page you see when you start RF Plan. This list contains a default campus and any campus you have defined using the RF Plan software.

Figure 6 Plan>Campus List Window

You may add, edit, and delete campuses using this page. You may also import and export campus information.

Table 7 details the buttons on the Campus page.

Table 7 Definition of Campus List Buttons

Buttons Description

New Campus Use this button to create a new campus.

Browse Campus Use this button to edit existing campuses from the campus list. To edit a campus, select the checkbox

Rename Campus Use this button to rename an existing campus in the list. To rename a campus, select the checkbox next

Delete Campuses Use this button to delete existing campuses in the list. To delete a campus, select the checkbox next to

Export Use this button to export a database file with all the specifications and background images of one or

Import Use this button to import database files that define campuses into the RF Plan list. See “Exporting and

AP FQLN Mapper The AP name is a fully-qualified location name (FQLN) in the format APname.floor.building.campus (the

next to the campus name, then click Browse Campus. When you edit a campus, you can access other RF Plan pages.

to the campus name, then click Rename Campus. A dialog box appears into which you enter the new name of the campus. Click OK to accept the new

name, or click Cancel to exit this action.

the building ID, then click Delete Campuses. You can only delete empty campuses. If you attempt to delete a campus that contains one or more

buildings, an error message appears.

more selected campuses in the list. See “Exporting and Importing Files” on page 97.

Importing Files” on page 97.

APname portion of the FQLN must be unique). The FQLN is not case sensitive and supports a maximum of 249 characters, including spaces. You can

use any combination of characters except a new line, carriage return, and non-printable control characters.

You can manually set the FQLN for the AP by clicking the AP FQLN Mapper button. Setting the FQLN will reboot the APs. See “FQLN Mapper” on page 98

80 | RF Plan Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 81

Building List Pane

Edit a campus from the building list pane.

Figure 7 Plan>Building List Pane

You can add, edit, and delete buildings using this page. You may also import and export building information. The buttons on this page are defined in Table 8.

Table 8 Building List Buttons

Buttons Description

New Building Use this button to create a new building. When you add or edit a building, you can access other RF Plan

Edit Building Use this button to edit existing buildings in the building list. To edit a building, select the checkbox next to

Delete Buildings Use this button to delete existing buildings in the building list. To delete a building, select the checkbox next

Export Use this button to export a database file with all the specifications and background images of one or more

Import Use this button to import database files that define buildings into the RF Plan building list. See “Exporting

Locate Use this button to locate Wi-Fi devices in a building. See “Locate” on page 98.

AP FQLN Mapper The AP name is a fully-qualified location name (FQLN) in the format APname.floor.building.campus (the

pages.

the building ID, then click Edit Building. When you add or edit a building, you can access other RF Plan pages.

to the building ID, then click Delete Building.

selected buildings in the building list. See “Exporting and Importing Files” on page 97.

and Importing Files” on page 97.

APname portion of the FQLN must be unique). The FQLN is not case sensitive and supports a maximum of 249 characters, including spaces. You can use

any combination of characters except a new line, carriage return, and non-printable control characters. You can manually set the FQLN for the AP by clicking the AP FQLN Mapper button. Setting the FQLN will

reboot the APs. See “FQLN Mapper” on page 98.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide RF Plan | 81

Page 82

Building Specifications Overview

The Building Specification Overview window displays the default values for a building that you are adding or the current values for a building that you are modifying.

Figure 8 Plan>New Building>Overview Window

The Overview page includes the following:

 Building Dimensions: Your building’s name and dimensions

 Access Point Modeling Parameters

 Air Monitor Modeling Parameters

 Building Dimension button (in the upper right-hand portion of the page). Click on this button to edit the

building dimensions settings.

When you create or edit information for a building, there are several ways you can navigate through RF Plan windows:

 The navigation pane on the left side of the browser window displays RF Plan pages in the order in which they

should be accessed when you are creating a new building. If you are editing a building, simply click on the page you want to display or modify.

 A button for the next page appears in the upper right-hand portion of the page. You can click on this button

to display the next page. For example, the Building Dimension button appears in the Building Specifications Overview page.

 Clicking Apply on editable pages sequences you to the next page. For example, when you click Apply in the

Building Dimensions page, the AP Modeling Parameters page displays.

Building Dimension Page

The Building Dimension page allows you to specify the name and identification for the building and its dimensions. Table 9 defines the parameters to insert in this window.

82 | RF Plan Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 83

Figure 9 Plan>New Building>Specification Window

Table 9 contains the information for you to enter in the Specification window.

Table 9 New Building Specifications Parameters

Parameter Description

Campus Name Select a campus for this building from the drop-down menu.

Building Name The Building Name is an alphanumeric string up to 64 characters in length.

Width and Length Enter the rectangular exterior dimensions of the building.

The valid range for this field is any integer from 1 to a value corresponding to 1x10,000.

If your building has an irregular shape, the width and length should represent the maximum width and length of the overall footprint of the building as seen from above. For example:

When width and length are specified, RF Plan creates a rectangular area in the Planning feature pages that represent the overall area covered by the building. You need to import an appropriate background image (see “Floor Editor Dialog Box” on

page 90.) to aid you in defining areas that do

not require coverage or areas in which you do not wish to deploy APs and AMs (see

“Area Editor Dialog Box” on page 91).

Inter-Floor Height This is the distance between floor surfaces in the building. The valid range for this field is any integer

Floors Enter the number of floors in your building here. The valid range for this field is any integer from 1 to

Unit Specify the unit of measurement for the dimensions you specified on the page. The choices are feet

from 1 to a value corresponding to 1x10,000. RF Plan uses the inter-floor height to allow APs on one floor to service users on adjacent floors. If you do not want RF Plan to factor adjacent floors, select a high inter-floor height value (for example, 300).

NOTE: This is not the distance from floor to ceiling. Some buildings have a large space between the interior ceilings and the floor above.

255. A building can have a maximum of 255 floors. You can also configure negative floor IDs. Negative floor IDs let you allocate floors as sub floors, ground floors, basements or other underground floors, or floors where you do not need to deploy APs.

You specify a negative integer when modifying an existing floor; you do not configure negative floor settings when adding a building or adding a floor. For more information, see “Level” on page 90.

and meters.

AP Modeling Parameters Page

The AP Modeling Parameters page allows you to specify the information necessary for RF Plan to determine the appropriate placement of your APs. These settings are on a per-building basis. If you have a mix of APs, choose the most common one to define the building parameters.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide RF Plan | 83

Page 84

Figure 10 Plan>New Building>AP Modeling Parameters Window

This window allows you to select or control the parameters as defined in Table 10.

Table 10 AP Modeling Parameters

Parameter Description

Radio Type Use this drop-down menu to specify the radio type. See “Radio Type” on page 85

AP Type Dell AP device. Use the drop-down menu to select the device type. The supported APs listed in the

Design Model Use the Coverage, Capacity, and Custom radio buttons to specify a design model to use in the

Overlap Factor Use this field and drop-down to specify an overlap factor. See“Overlap Factor” on page 85.

Users Use this field to specify the number of users on your WLAN. See “Users/AP” on page 86.

Radio Properties (Desired Rates and HT Support Options)

APs Use this field to enter the fixed number of APs to be used in this building’s network (Custom model

drop-down menu are dependent on the selected radio type.

placement of APs. See“Design Model” on page 85

Use this drop-down to define 802.11a, 802.11b/g, and 802.11n settings for the 5 GHz and 2.4 GHz frequency bands, including high-throughput, data rates, and 40 Mhz channel spacing

See “Radio Properties (Desired Rates and HT Support Options)” on page 86.

only).

84 | RF Plan Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 85

Radio Type

Use the drop-down radio type menu to specify radio type of your AP. The available types are defined in Table 11.

Table 11 Radio Type Definitions

Parameter Description

801.11a/b/g Simultaneous use of 802.11b/g and 802.11a.

802.11b/g 2.4 GHz, Direct Spread Spectrum (DSSS) multiplexing with data rates up to 11 Mbps, combined with

802.11a 5 GHz Orthogonal Frequency Division Multiplexing (OFDM) with data rates up to 54 Mbps.

802.11a/b/g + n Mixed-mode radio type which allows for simultaneous use of 802.11b/g and 802.11n traffic on the 2.4 GHz

802.11b/g + n Mixed-mode radio type that allows for simultaneous use of 802.11b/g and 802.11n traffic on the 2.4 GHz

802.11a + n Mixed-mode radio type that allows for simultaneous use of 802.11a and 802.11n traffic on the 5 GHz

Orthogonal Frequency Division Multiplexing/Complementary Code Keying (OFDM/CCK) with data rates up to 54 Mbps.

frequency band, and 802.11a and 802.11n traffic on the 5 GHZ frequency band.

frequency band.

Design Model

Three radio buttons, defined in Table 12, allow you to control the kind of model used to determine the number and type of APs.

Table 12 Design Model Radio Buttons

Radio Button

Coverage Use this option to let RF Plan automatically determine the number of APs based on desired data

Description

rates and the configuration of your building. The higher the data rate, the smaller the coverage area, and the more APs that are required.

Coverage is the most common type of installation.

Capacity Use this option to let RF Plan determine the number of APs based on the total number of users,

Custom Use this option to specify a fixed number of APs.

ratio of users to APs, and desired data rates. Capacity-based coverage is useful for high capacity conference or training rooms, where the APs

could have a high volume of users.

Custom coverage is useful for deployments with a known number of APs or if you have a fixed project budget.

Overlap Factor

The Overlap Factor is the amount of signal area overlap when the APs are operating. Overlap is important if an AP fails as it allows the network to self-heal with adjacent APs powering up to assume some of the load from the failed device. Although there may be no holes in coverage in this scenario, there is likely to be a loss of throughput. Increasing the overlap allows for higher throughputs when an AP has failed and allows for future capacity as the number of users increases.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide RF Plan | 85

Page 86

You can select a pre-determined value from the drop-down overlap menu or specify a value in the text box to the left of the drop-down. The following table describes the available options.

Table 13 Overlap Factor Values

Overlap Factor

100% Low Use this option for buildings that contain open spaces such as warehouses.

150% Medium Use this option for most typical office environments with cubicles and sheetrock walls that have higher

200% High Use this option for dense deployments such as buildings with poor RF coverage characteristics including

Custom Use this option to enter a custom rate. For most office spaces, 120% works well.

Description

WLAN user density than warehouses.

buildings with thick brick or concrete walls, lots of metal, or excess RF noise (for example, data centers).

When specifying the custom rate, the valid range is 1% to 1000%.

Users/AP

NOTE: The Users text boxes are active only when the Capacity model is selected.

Enter the number of users you expect to have on your WLAN in the Users text box. Enter the number of users per AP you expect in the Users/AP text box.

The numbers entered in these two text boxes must be non-zero integers between 1-255 inclusive.

Radio Properties (Desired Rates and HT Support Options)

Define 802.11a, 802.11b/g, and 802.11n settings for the 5 GHz and 2.4 GHz frequency bands, including highthroughput, data rates, and 40 Mhz channel spacing.

Table 14 Radio Properties

Radio Property Description

802.11a Desired Rate The desired 802.11a rate defines the estimated transmit rate within the WLAN coverage area.

5 GHz 802.11 (HT) Support High-throughput is available when utilizing the IEEE 802.11n standard and can be enabled on the

5 GHz 802.11n Desired Rate The desired 802.11n rate defines the estimated transmit rate within the WLAN coverage area.

The higher the speed, the smaller the coverage area, and the more APs required. The valid values are: 54, 48, 36, 24, 18, 12, 9, 6.

This option is only available when 802.11n (HT) support is disabled (unchecked or grayed out). When an 802.11n radio type, such as 802.11a+nor802.11a/b/g + n, is selected and 802.11n (HT)

support is enabled (checked) on the 5 GHz band, the system will automatically define the 802.11a rate. The system looks at the defined 802.11n rate and the distance covered by the defined rate; the system then selects a corresponding 802.11a rate based on the distance covered.

5 GHz frequency band when either the 802.11a+nor802.11a/b/g + n mixed-mode radio type is selected.

The 802.11n (high-throughput) draft standard supports MIMO (Multiple Input, Multiple Output) and the option of 40 MHz mode of operation. However, high-throughput can be utilized on a 20 MHz channel or on a 40 MHz channel (bonded channel pair).

The higher the speed, the smaller the coverage area, and the more APs required. This option is only available when 802.11n (HT) support is enabled (checked). The valid values when using 20 MHz channel spacing: 6.5, 13.0, 19.5, 26.0, 39.0, 52.0, 58.5, 65.0,

78.0, 104.0, 117.0, 130.0. The valid values when using 40 MHz channel spacing: 13.5, 27.0, 40.5, 54.0, 81.0, 108.0, 121.15,

135.0, 162.0, 216.0, 243.0, 270.0.

86 | RF Plan Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 87

Table 14 Radio Properties (Continued)

Radio Property Description

5 GHz Use 40 MHz Channel Spacing

802.11b/g Desired Rate The desired 802.11b/g rate defines the estimated transmit rate within the WLAN coverage area.

2.4 GHz 802.11 (HT) Support High-throughput is available when utilizing the IEEE 802.11n standard and can be enabled on the

2.4 GHz 802.11n Desired Rate The desired 802.11n rate defines the estimated transmit rate within the WLAN coverage area.

Use 40 MHz Channel Spacing—40 MHz operation, which supports higher data rates by utilizing two 20 MHz channels as a bonded pair, requires that high-throughput be enabled (checked). 40 MHz mode is most often utilized on the 5 GHz frequency band due to a greater number of available channels.

This option is only available when 802.11n (HT) support is enabled (checked).

The higher the speed, the smaller the coverage area, and the more APs required. The valid values are: 54, 48, 36, 24, 18, 12, 9, 6, 11, 5.5, 2, 1.

This option is only available when 802.11n (HT) support is disabled (unchecked or grayed out). When an 802.11n radio type, such as 802.11g+nor802.11a/b/g + n, is selected and 802.11n (HT)

support is enabled (checked) on the 2.4 GHz band, the system will automatically define the

802.11b/g rate. The system looks at the defined 802.11n rate and the distance covered by the defined rate; the system then selects a corresponding 802.11b/g rate based on the distance covered.

2.4 GHz frequency band when either the

802.11g+nor802.11a/b/g + n mixed-mode radio type is selected. The 802.11n (high-throughput) draft standard supports MIMO (Multiple Input, Multiple Output)

and the option of 40 MHz mode of operation. However, high-throughput can be utilized on a 20 MHz channel or on a 40 MHz channel (bonded channel pair).

78.0, 104.0, 117.0, 130.0. The valid values when using 40 MHz channel spacing: 13.5, 27.0, 40.5, 54.0, 81.0, 108.0, 121.15,

135.0, 162.0, 216.0, 243.0, 270.0.

2.4 GHz Use 40 MHz Channel Spacing

40 MHz operation, which supports higher data rates by utilizing two 20 MHz channels as a bonded pair, requires that high-throughput be enabled (checked). Due to a limited number of channels on the 2.4 GHz frequency band, 40 MHz mode is most often utilized on the 5 GHz frequency band where a greater number of channels are available.

This option is only available when 802.11n (HT) support is enabled (checked).

AM Modeling Page

The AM Modeling page allows you to specify the information necessary for RF Plan to determine the appropriate placement of your AMs.

NOTE: The AM coverage rate refers to the rate at which an AM captures packets. RF Plan uses that information to determine the placement of AMs.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide RF Plan | 87

Page 88

Figure 11 AM Modeling Page

Controls on this page allow you to select the following functions, which are described in more detail in this section:

Table 15 AM Modeling Radio Buttons

Radio Button Description

Design Model Use these radio buttons to specify a design model to use in the placement of AMs. See “Design

Monitor Rates Use this drop-down menu to specify the desired monitor rate for the AMs. See “Monitor Rates” on

AMs Use this field to manually specify the number of AMs to deploy (Custom Model only).

Models” on page 88.

page 88.

Design Models

Two radio buttons on the page allow you to specify the model used to determine the number and type of APs.

Table 16 Design Model Radio Buttons

Radio Button Description

Coverage Use this option to let RF Plan automatically determine the number of AMs based on desired monitor

Custom Use this option to specify a fixed number of AMs. When the AM Plan portion of RF Plan is executed,

NOTE: The monitor rates you select for the AMs should be less than the data rates you selected for the APs. If you set the rate for the AMs at a value equal to that specified for the corresponding PHY type AP, RF Plan allocates one AM per AP. If you specify a monitor rate greater than the data rate, RF Plan allocates more than one AM per AP.

rates and the configuration of the building. Desired rate is selectable from 1 to 54 Mbps in the Coverage model.

RF Plan distributes the AMs evenly.

Monitor Rates

Use the drop down menus to select the desired monitor rates for the 2.4 Ghz (802.11b/g) and 5 GHz (802.11a) frequency bands. The available monitor rates that display in drop-down lists will vary: these rates are dependent on the radio type selected on AP modeling page and they will also be adjusted to accommodate for 20 MHz vs. 40 MHz channel spacing when 802.11n (HT) support is enabled.

NOTE: This option is available only when the coverage design model is selected.

Planning Floors Page

The Planning Floors page enables you to see the footprint of your floors.

88 | RF Plan Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 89

Figure 12 Planning Floors

You can select or adjust the features as described in Table 17:

Table 17 Floor Planning Features

Feature Description

Zoom Use this drop-down menu or type a zoom factor in the text field to increase or decrease

Approximate Coverage Map (select radio type)

Edit Floor Click on this link to launch the Floor Editor dialog box. See “Floor Editor Dialog Box” on

New in Areas section Click on this link to launch the Area Editor dialog box. See “Area Editor Dialog Box” on

New in Suggested Access Points and Air Monitors section

Status in Deployed Access Points and Air Monitors section

the size of the displayed floor area.

See “Zoom” on page 89.

Use this drop-down to select a particular radio type for which to show estimated coverage.

See “Approximate Coverage Map” on page 90.

page 90.

page 91.

Click on this link to launch the Suggested Access Point Editor dialog box. See “Access

Point Editor Dialog Box” on page 92.

The Status column displays the status of each AP for the floor you are viewing within a live network.

Up: AP is up (live). The corresponding AP icon on the floor map will display a live AP icon.

Down: AP is down. The corresponding AP icon on the floor map will display with a red

“X” over the AP icon symbolizing that the AP is down.

Zoom

The Zoom control sets the viewing size of the floor image. It is adjustable in finite views from 10% to 1000%. You may select a value from the drop-down zoom menu or specify a value in the text box to the left of the drop-down. When you specify a value, RF Plan adjusts the values in the drop-down to display a set of values both above and below the value you typed in the text box.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide RF Plan | 89

Page 90

Approximate Coverage Map

Select a radio type from the Coverage drop-down menu to view the approximate coverage area for each of the APs that RF Plan has deployed in AP Plan or AM Plan. Adjusting the coverage values help you to understand how the AP coverage works in your building.

NOTE: You will not see coverage areas displayed here until you have executed either an AP Plan or an AM Plan.

Figure 13 Coverage Map Example

Floor Editor Dialog Box

The Floor Editor dialog box allows you to modify the floor level, specify the background image, and name the floor. The Floor Editor is accessible from the Floors Page by clicking on the Edit Floor link.

Figure 14 Floor Editor Dialog Box

Level

When modifying an existing floor, you can configure it with a negative integer to specify a basement or some other underground floor that you do not need or want to deploy APs.

To configure a negative floor, specify a negative integer in the Level field. The valid range is -100 to 255; however, a building can have a maximum of 255 floors.

Naming

You may name the floor anything you choose as long as the name is an alphanumeric string with a maximum length of 64 characters. The name you specify appears to the right of the Floor Number displayed above the background image in the Planning view.

Background Images

You can import a background image (floor plan image) into RF Plan for each floor. A background image is extremely helpful when specifying areas where coverage is not desired or areas where an AP/AM is not to be physically deployed.

90 | RF Plan Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 91

Use the guidelines in this section when importing background images. By becoming familiar with these guidelines, you can ensure that your graphic file is edited properly for pre- and post-deployment planning.

 Edit the image—Use an appropriate graphics editor to edit the file as needed.

 Scale the image—If the image is not scaled, proportional triangulation and heat map displays can be incorrect

when the plan is deployed.

 Calculate image dimensions—Calculate the image pixels per feet (or meters) against a known dimension. Use

that value to calculate the width and length of the image.

 Leave a border around the image—When creating the image, leave a boarder around the image to help

triangulate Wi-Fi devices outside of the building.

 Multiple floors—If your building has multiple floors, make sure there is a common anchor point for all floors;

for example an elevator shaft, a staircase, and so on.

 Larger dimensions—Use larger dimensions only for scaling to more accurately calculate the full dimensions.

For best results, final floor images 2048 X 2048 and smaller perform best.

Select a background image using the Browse button on the Floor Editor dialog box.

 File Type and Size

Background images must be JPEG format and may not exceed 2048 X 2048 pixels in size. Attempting to import a file with a larger pixel footprint than that specified here results in the image not scaling to fit the image area in the floor display area.

Because background images for your floors are embedded in the XML file that defines your building, you should strongly consider minimizing the file size of the JPEGs that you use for your backgrounds. You can minimize the file size by selecting the maximum compression (lowest quality) in most graphics programs.

NOTE: The ArubaOS WebUI displays floor plans using Adobe Flash Player, which does not support progressive JPEG images. If you have a progressive JPEG image you want to use as background image, open the image in an image editing program and resave the image with standard/baseline compression.

 Image Scaling

Images are scaled (stretched) to fit the display area. The display area aspect ratio is determined by the building dimensions specified on the Dimension page.

Area Editor Dialog Box

The Area Editor dialog box allows you to specify areas on your building floors where you either do not care about coverage, or where you do not want to place an AP or AM.

Open the Area Editor dialog box by clicking New in the Areas section.

You specify these areas by placing them on top of the background image using the Area Editor.

Figure 15 Area Editor Dialog Box

Naming

Logical name of area, as an alphanumeric string consisting of 1 to 64 characters. Dell recommends that you provide a meaningful name to the area to ensure that it is readily identifiable.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide RF Plan | 91

Page 92

Location and Dimensions

Specify absolute coordinates for the lower left corner and upper right corner of the box that represents the area being defined.

 Begin the measurement with the lower left corner of the rectangular display area that represents your

building’s footprint.

 The coordinates of the upper right-hand corner of the display area are the absolute values of the dimensions

you provided for the building.

Location settings are zero-based. Values range from 0 to (height -1 and width -1). For example, coordinates of the upper right corner for a building that measures 200 ft. wide x 400 ft. in length, would be 199 and 399.

NOTE: The unit of measurement displayed as either feet or meters is based on your building settings. See “Building Dimension

Page” on page 82 for details about configuring building parameters.

You may also use the drag and drop feature of the Area Editor to drag your area to where you want it and resize it by dragging one or more of the handles displayed in the corners of the area.

Area Types

Select one of the area types from the drop-down menu: Don’t Care, Don’t Deploy, or 802.11n Zone.

 Don’t Care: Coverage is not required in the area specified in this dialog box. This specification typically

applies to areas where coverage cannot be guaranteed.

This setting results in the display of an orange rectangle at the associated area in the floor diagram.

 Don’t Deploy: No APs are to be positioned in the area specified in this dialog box.

This setting results in display of a yellow rectangle at the associated area in the floor diagram.

 802.11n Zone: 802.11n compliant APs are required to be positioned in the area specified in this dialog box

only.

This setting results in display of a green rectangle at the associated area in the floor diagram.

You cannot right-click within an existing area to add another area inside of it. For instance, if a Don’t Care or Don’t Deploy Area needs to overlap with an 802.11n Zone, you must create each of the areas outside of one another and then move them to the correct position of overlap. You can click and drag the areas to the appropriate positions of overlap, or you can right-click on the area to modify its location.

Access Point Editor Dialog Box

The Access Point Editor allows you to manually create or modify a suggested AP.

To create an AP, open the Access Point Editor dialog box by clicking New in the Suggested Access Points and Air Monitors section.

To modify an existing AP, place the cursor over the AP and click it to display the Suggested Access Point Editor dialog box.

92 | RF Plan Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 93

Figure 16 Access Point Editor

Naming

RF Plan automatically names APs using the default convention ap number, where number starts at 1 and increments by one for each new AP. When you manually create an AP, the new AP is assigned the next number and is added to the bottom of the suggested AP list.

You may name an AP anything you wish. The name must consist of alphanumeric characters and be 64 characters or less in length.

Fixed

Fixed APs do not move when RF Plan executes the positioning algorithm.

NOTE: You might typically set a fixed AP when you have a specific room, such as a conference room, in which you want saturated coverage. You might also want to consider using a fixed AP when you have an area that has an unusually high user density.

Choose Yes or No from the drop-down menu. Choosing Yes locks the position of the AP as it is shown in the coordinate boxes of the Access Editor. Choosing No allows RF Plan to move the AP as necessary to achieve best performance.

Radio Types

The Radio drop-down menu allows you to specify what frequency band the AP uses. You can choose from one of the following:

 802.11a/b/g (2.4 GHz and 5 GHz frequency bands)

 802.11a (5 GHz frequency band)

 802.1 b/g (2.4 GHz frequency band)

NOTE: 802.11n (HT) support features are available on the 2.4 or 5 GHz frequency band. The availability of these options on these frequency bands is dependent on the radio (frequency band) chosen and whether or not these feature were enabled on the AP modeling page at the building level.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide RF Plan | 93

Page 94

X and Y Coordinates

The physical location of the AP is specified by X-Y coordinates that begin at the lower left corner of the display area. The numbers you specify in the X and Y text boxes are whole units. The Y-coordinate increases as a point moves up the display and the X-coordinate increases as they move from left to right across the display.

802.11 Types

The 802.11 b/g and 802.11a Type drop-down menus allow you to choose the mode of operation for the AP. You may choose to set the mode of operation to Access Point or Air Monitor.

802.11 Channels

The 802.11a and 802.11b/g channel drop-down menus allow you to select from the available channels.

NOTE: The available channels vary depending on the regulatory domain (country) in which the device is being operated.

802.11 Power Levels

The power level drop-down menus allow you to specify the transmission power of the AP. Choices are OFF, 0, 1, 2, 3, and 4. A setting of 4 applies the maximum Effective Isotropic Radiated Power (EIRP) allowed in the regulatory domain (country) in which you are operating the AP.

802.11n Features

 802.11n (HT) Support (2.4 or 5 GHz): Specify if 802.11n high-throughput support should be enabled on this

AP.

In order to enable high-throughput on a new AP being added to the plan at the floor level, 802.11n (HT) support must first be enabled at the building level within the AP modeling parameters. If not, this option will be grayed out. See “AP Modeling Parameters Page” on page83 for details about AP modeling parameters.

 Use 40 MHz Channel (2.4 or 5 GHz): Specify if 802.11n high-throughput support should utilize a 40 MHz

channel (bonded channel pair).

In order to select a valid 40 MHz channel for a new AP being added at the floor level, use of 40 MHz channel spacing must first be enabled at the building level within the AP modeling parameters. If not, this option will be grayed out. See “AP Modeling Parameters Page” on page83 for details about AP modeling parameters.

If high-throughput is enabled and use of a 40 MHz channel pair is not enabled, a 20 Mhz channel will be utilized.

Memo

The Memo text field allows you to enter notes regarding the AP. You can enter a maximum of 256 alphanumeric characters in the Memo field.

94 | RF Plan Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 95

AP Plan Page

The AP Plan page uses the information entered in the modeling pages to locate APs in the building(s) you described. All of the options on the Floors page can also be viewed and configured on the AP Plan page. The AP Plan page also includes some additional options, such as initializing, optimizing, and fixing AP/AM locations.

Figure 17 AP Planning

Initialize

Initialize the Algorithm by clicking the Initialize button. This makes an initial placement of the APs and prepares RF Plan for the task of determining the optimum location for each of the APs. As soon as you click Initialize you see the AP symbols appear on the floor plan.

Colored circles around the AP symbols on the floor plan indicate the approximate coverage of the individual AP and the color of the circle represents the channel on which the AP is operating. The circles appear when you select an approximate coverage value on one of the Floors pages. You may also click an AP icon and drag it to manually reposition it.

Optimize

Click Optimize to launch the optimizing algorithm. The AP symbols move on the page as RF Plan finds the optimum location for each.

The process may take several minutes. You may watch the progress on the status bar of your browser. The algorithm stops when the movement is less than a threshold value calculated based on the number of APs. The threshold value may be seen in the status bar at the bottom of the browser window.

Viewing the Results

The results of optimizing algorithm may be viewed two ways: graphically and in a table of suggested APs. You may obtain information about a specific AP by placing the cursor over its symbol. An information box appears that contains information regarding location, radio type, high-throughput support, channel(s), and power.

The Suggested Access Points and Air Monitors table lists the coordinates, power, location, power setting, highthroughput support, and channel(s) for each of the APs that are shown in the floor plan.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide RF Plan | 95

Page 96

Fix All Suggested AP/AMs

Fix existing AP/AM locations at the building level. If AP/AM locations are fixed, AP/AMs will not move from their fixed locations during initialization or optimization. Clicking on this button will fix the locations of existing APs and AMs. You only need to click this button on either the AP or AM Plan page.

AM Plan Page

The AM Plan page uses the information entered in the modeling pages to locate AMs in the building(s) you described and calculate the optimum placement for the AMs. All of the options on the Floors page can also be viewed and configured on the AM Plan page. The AM Plan page also includes some additional options, such as initializing, optimizing, and fixing AP/AM locations.

Initialize

Initialize the Algorithm by clicking Initialize. This makes an initial placement of the AMs and prepares RF Plan for the task of determining the optimum location for each of the AMs. When you click Initialize, the AM symbols appear on the floor plan.

Optimize

Click Optimize to launch the optimizing algorithm. The AM symbols move on the page as RF Plan finds the optimum location for each.

The process may take several minutes. You may watch the progress on the status bar of your browser. The algorithm stops when the movement is less than a threshold value calculated based on the number of AMs. The threshold value may be seen in the status bar at the bottom of the browser window.

Viewing the Results

Viewing the results of the AM Plan feature is similar to that for the AP Plan feature.

The results of optimizing algorithm may be viewed two ways: graphically and in a table of suggested AMs. You may obtain information about a specific AM by placing the cursor over its symbol. An information box appears that contains information about the exact location, PHY type, high-throughout-support, channel, power, and so on.

The Suggested Access Points and Air Monitors table lists the coordinates, power, location, power setting, and channel for each of the AMs that are shown in the floor plan.

Fix All Suggested AP/AMs

96 | RF Plan Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 97

Exporting and Importing Files

Both the Campus List page and the Building List page have Export and Import buttons, which allow you to export and import files that define the parameters of your campus and buildings. You can export a file so that it may be imported into and used to automatically configure a controller. On a controller, you can import a file that has been exported from another controller or from the standalone version of RF Plan that runs as a Windows application.

NOTE: The WebUI version of RF Plan only supports JPEG file formats for background images.

The files that you export and import are XML files and, depending on how many buildings are in your campus, floors are in your buildings, and how many background images you have for your floors, the XML files may be quite large. (See “Background Images” on page90.)

NOTE: In order for the WebUI RF Plan tool to import and read a standalone plan that incorporates 802.11n standard APs and was originally created in the Java-based standalone RF Plan tool, the plan must be exported out from the standalone tool using the Controller WebUI Format (version 3.0).

Export Campus

To export a file that defines the parameters of one or more campuses, including all of its associated buildings, select the campus(es) to be exported in the Campus List page and then click Export.

After you click the Export button, you are prompted to include the background images.

When exporting a campus file, Dell recommends that you click OK to export the background images. If you click Cancel, the exported file does not include the background images. The File Download window appears.

From the File Download window, click Save to save the file. The Save As dialog box appears. From here, navigate to the location where you want to save the file and enter the name for the exported file. When naming your exported file, be sure to give the file the.XML file extension, for example, My_Campus.XML.

Exported campus files include detailed information about the campus and the selected building(s).

Import Campus

You can import only XML files exported from another controller or from the standalone version of RF Plan that runs as a Windows application.

NOTE: Importing any other file, including XML files from other applications, may result in unpredictable results.

To import a file that defines the building parameters of one or more campuses, click the Import button in the Campus List page. The Import Buildings page appears, as described in “Import Buildings Page” on page98.

Export Buildings Page

To export a file that defines the parameters of one or more buildings, select the building(s) to be exported in the Building List page and then click Export.

After you click the Export button, you are prompted to include the background images.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide RF Plan | 97

Page 98

When exporting a building file, Dell recommends that you click OK to export the background images. If you click Cancel, the exported file does not include the background images. The File Download window appears.

From the File Download window, click Save to save the file. The Save As dialog box appears. From here, navigate to the location where want to save the file and enter the name for the exported file. When naming your exported file, be sure to give the file the.XML file extension, for example, My_Building.XML.

Exported building files include the name of the campus to which the building belongs; however, detailed campus parameters are not included.

Import Buildings Page

You can import only XML files exported from another controller or from the standalone version of RF Plan that runs as a Windows application.

NOTE: Importing any other file, including XML files from other applications, may result in unpredictable results.

To import a file that defines the parameters of one or more buildings, click the Import button in the Building List page.

In the Import Buildings page, click Browse to select the file to be imported, then click the Import button.

Locate

The Locate button on the Building List page allows you to search for APs, AMs, monitored clients, etc. on a building by building basis. To use this feature, select the building in which you want to search, and click Locate.

The Target Devices table displays information on each of these devices. To add a device, click Add Device. To delete a device, click Remove Device. To select a device, click Choose Devices.

FQLN Mapper

Both the Campus List page and the Building List page have the AP FQLN Mapper button, which allows you to create a fully-qualified location name (FQLN) for the specified AP/AM in the format APname.Floor.Building.Campus.

The FQLN is not case sensitive and supports a maximum of 249 characters, including spaces. You can use any combination of characters except a new line, carriage return, and non-printable control characters.

You can use the FQLN mapper for multiple purposes, including:

 Searching for deployed APs/AMs

 Configuring the AP name in the form APname.Floor.Building.Campus

 Modifying the location of APs

98 | RF Plan Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Page 99

To use this feature, select one or more campuses from the Campus List page, or one or more buildings from the Building List page, and click AP FQLN Mapper.

The AP FQLN Mapper page appears. From here, you can search for deployed APs by entering one or more parameters in the Search fields, view the results in the Search Results table, configure the FQLN, and modify the location of an AP.

To search for deployed APs, enter information in the Search fields and click Search.

You can perform a search based on one or more of the following AP properties:

Table 18 AP Property Search

Property Description

AP Name Logical name of the AP or AM. You can enter a portion of the name to widen the search.

Wired MAC MAC address of the AP or AM. You can enter a portion of the MAC address to widen the

IP Address IP address of the AP or AM. You can enter a portion of the IP address to widen the search.

FQLN Fully-qualified location name of the AP, in the form APname.floor.building.campus. You can

Serial Number Serial number of the AP. You can enter a portion of the serial number to widen the search.

Status Current state of the AP, including Up/Down/Any.

search.

enter a portion of the FQLN to widen the search.

Use the drop-down list to the right of the Number of results per page to specify the number of APs to display in the search results.

After entering the search criteria, you can either click Reset to clear the entries or click Search to search for APs. If you click Search, the results are displayed in the Search Result table:

You can view the information in ascending or descending order. By default, the display is in ascending order, based on the AP name (the white arrow indicates the row that is being used to sort the information). Left-click on a column head to view the information in ascending or descending order (you may need to click multiple times to get the desired display).

In addition to displaying AP names, wired MAC addresses, serial numbers, IP addresses, FQLNs, and AP status, the Search Result table displays the AP type and when it was last updating.

From here you can modify the attributes that create the FQLN for the selected AP, using the following dropdown lists:

 Campus—Displays the campus where the AP is deployed. To deploy the AP in a different campus, select a

campus form the drop-down list. The Campus defines the buildings and floors displayed.

NOTE: This drop-down list only displays the existing campuses that you are managing. To add a new campus, see “Campus List

Page” on page 80.

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide RF Plan | 99

Page 100

 Building—Displays the building where the AP is deployed. To deploy the AP in a different building, select a

building from the drop-down list.

NOTE: This drop-down list only displays the available buildings in the selected campus. To

add a new building, see “Building List Pane” on page 81.

 Floor—Displays the floor where the AP is deployed. To deploy the AP on a different floor, select a floor from

the drop-down list.

NOTE: This drop-down lists only displays the available floors in the selected building. To add a new floor, see “Planning Floors

Page” on page 88.

To submit your changes, click Set FQLN. Setting the FQLN reboots the APs.

Using the FQLN Mapper in the AP Provision Page

The AP Provision page (available from Configuration > Wireless > AP Installation) allows you to set an FQLN during the AP provisioning process.

Scroll to the FQLN Mapper near the bottom of the AP Provision page to modify the following attributes that create the FQLN:

 Campus

 Building

 Floor

The AP name appears in the AP List at the bottom of the page and will be used when provisioning the AP. To rename an AP, enter the new name in the AP Name field.

To retain the old FQLN value when reprovisioning an AP, do not select the Overwrite FQLN checkbox. However, if you configure new values for the campus, building, and floor settings, the FQLN value is changed, even if the Overwrite FQLN checkbox is selected. To remove a previously configured value, you can select N/A for a specific attribute.

If you provision more than one AP, the selected value for the campus, building, and floor is based on the first selected AP and applies to all APs. Only the AP name will be different as each AP must have a unique name.

Using the WebUI

1. Navigate to the Configuration > Wireless > AP Installation page. The list of discovered APs appears in the page.

2. Select the AP you want to set an FQLN, and click Provision.

3. Modify the FQLN attributes:

 In the Provisioning page, scroll to the FQLN Mapper near the bottom of the page and modify the campus,

building, and floor attributes.

 Optionally, if you want rename an AP, scroll to the AP List at the bottom of the page and enter the new

name in the AP Name field. For more information about AP names, see Chapter 4, “Access Points” on

page107.

4. Click Apply and Reboot.

Using CLI

Reprovisioning the AP causes it to automatically reboot. When configuring the FQLN, you may also provision other AP settings.

100 | RF Plan Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

Dell W-3200 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

About this Guide

Audience

Fundamentals

WebUI

Related Documents

Conventions

Contacting Support

The Basic User-Centric Networks

Configuring the User-Centric Network

Deployment and Configuration Tasks

Deployment Scenario #1

Deployment Scenario #2

Deployment Scenario #3

Configuring the Controller

Running the Initial Setup

Connecting to the Controller after Initial Setup

Configuring a VLAN for Network Connection

Creating and Updating a VLAN

Viewing Existing VLAN IDs

Creating, Updating, and Deleting VLAN Pools

Adding existing VLAN IDs to a VLAN Pool in the CLI

Assigning and Configuring the Trunk Port

In the WebUI

In the CLI

Configuring the Default Gateway

In the WebUI

In the CLI

Configuring the Loopback for the Controller

In the WebUI

In the CLI

Configuring the System Clock

Installing Licenses

Connecting the Controller to the Network

Additional Configuration

Network Parameters

Configuring VLANs

Creating and Updating VLANs

Using the WebUI

Using CLI

Create a Bulk VLANs Using the WebUI

Using CLI

Creating, Updating and Deleting VLAN Pools

Creating a VLAN pool Using the WebUI

Updating a VLAN Pool

Deleting a VLAN Pool

Create a VLAN Pool Using CLI

Viewing Existing VLAN IDs Using CLI

Adding Existing VLAN IDs Using CLI

Add a Bandwidth Contract to the VLAN

Optimize VLAN Broadcast and Multicast Traffic

In the CLI

In the WebUI

Configuring Ports

Classifying Traffic as Trusted or Untrusted

About Trusted and Untrusted Physical Ports

About Trusted and Untrusted VLANs

Configuring Trusted/Untrusted Ports and VLANs

Using WebUI

Using CLI

Configure Trusted/Untrusted Ports and VLANs in Trunk Mode

Using the WebUI

Using CLI

About VLAN Assignments

How a VLAN Obtains its IP Address

Assigning a Static Address to a VLAN

Using the WebUI

Using CLI

Configuring a VLAN to Receive a Dynamic Address

Configuring Multiple Wired Uplink Interfaces (Active-Standby)

Enabling the DHCP Client

Using the WebUI

Using the CLI

Enabling the PPPoE Client

Using the WebUI

Using CLI