Page 1
OmniVista 3600
Air Manager 8.2.4
Best Practices Guide
Page 2
Copyright
Alcatel-Lucent and the Alcatel-Lucent Enterprise logo are trademarks of Alcatel-Lucent. To view other trademarks
used by affiliated companies of ALE Holding, visit: enterprise.alcatel-lucent.com/trademarks. All other
trademarks are the property of their respective owners. The information presented is subject to change without
notice. Neither ALE Holding nor any of its affiliates assumes any responsibility for inaccuracies contained herein.
(May 2017)
Open Source Code
This product includes code licensed under the GNU General Public License, the GNU Lesser General Public
License, and/or certain other open source licenses.
May 2017 | Rev. 01 OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 3
Contents
Overview 5
Understanding Alcatel-Lucent Topology 5
Prerequisites for Integrating Alcatel-Lucent Infrastructure 5
Configuring OV3600 for Global Alcatel-Lucent Infrastructure 7
Disabling Rate Limiting in OV3600 Setup > General 7
Entering Credentials in Device Setup > Communication 7
Setting Up Recommended Timeout and Retries 9
Setting Up Time Synchronization 9
Manually Setting the Clock on a switch 9
Enabling Support for Channel Utilization And Statistics 9
OV3600 Setup 9
switch Setup (Master And Local) 10
Configuring anAlcatel-Lucent Group 11
Basic Monitoring Configuration 11
Advanced Configuration 12
Discovering Alcatel-Lucent Infrastructure 13
Discovering or Adding Master switches 13
Local switch Discovery 15
Thin AP Discovery 15
OV3600 and Alcatel-Lucent Integration Strategies 17
Integration Goals 17
Example Use Cases 18
When to Use Enable Stats 18
When to Use WMS Offload 18
When to Use RTLS 18
When to Define OV3600 as a Trap Host 19
When to Use Channel Utilization 19
Prerequisites for Integration 19
Enable switch Statistics Using OV3600 19
WMS Offload with OV3600 20
Define OV3600 as a Trap Host Using the AOS-W CLI 21
Ensuring That IDS and Auth Traps Display in OV3600 21
Understanding WMS Offload Impact on Alcatel-Lucent Infrastructure 22
Alcatel-Lucent Specific Capabilities 25
Alcatel-Lucent Traps for RADIUS Auth and IDS Tracking 25
Remote AP Monitoring 26
ARM and Channel Utilization Information 27
VisualRF and Channel Utilization 28
Configuring Channel Utilization Triggers 30
Viewing Channel Utilization Alerts 30
View Channel Utilization in RF Health Reports 31
Viewing switch License Information 32
Rogue Device Classification 32
Rules-Based Controller Classification 35
Using RAPIDS Defaults for Controller Classification 35
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Contents | iii
Page 4
Changing RAPIDS Based on switch Classification 35
Appendix A CLICommands 37
Enable Channel Utilization Events 37
Enable Stats With the AOS-W CLI 37
Offload WMS Using the AOS-W CLI 37
AOS-W CLI 37
Pushing Configs from Master to Local switches 38
Disable Debugging Utilizing the AOS-W CLI 38
Restart WMS on Local switches 38
Configure AOS-W CLI when not Offloading WMS 38
Copy and Paste to Enable Proper Traps with the AOS-W CLI 39
Appendix B OV3600 Data Acquisition Methods AP
Appendix C WMS Offload Details AS
State Correlation Process AS
Using OV3600 as a Master Device State Manager AT
Appendix D Increasing Location Accuracy AU
Understand Band Steering's Impact on Location AU
Leveraging RTLS to Increase Accuracy AU
Deployment Topology AU
Prerequisites AV
Enable RTLS Service on the OV3600 Server AV
Enable RTLS on the switch AW
Troubleshooting RTLS AX
Using the WebUI to See Status AX
Wi-Fi Tag Setup Guidelines AX
iv | Contents OmniVista 3600 A ir Manager 8.2.4 | Best Practices Guide
Page 5
Chapter 1
Overview
This document provides best practices for leveraging OmniVista 3600 Air Manager to monitor and manage your
Alcatel-Lucent infrastructure, which provides a wealth of functionality such as firewall, VPN, remote AP, IDS, IPS,
and ARM, as well as an abundanceof statistical information.
Follow the simple guidelines in this document to garner the full benefit of your Alcatel-Lucent infrastructure.
This overview chapter contains the following topics:
l "Understanding Alcatel-Lucent Topology" on page 5
l "Prerequisites for Integrating Alcatel-Lucent Infrastructure " on page 5
Understanding Alcatel-Lucent Topology
Figure 1 depicts a typical master-local deployment for OmniVista 3600 Air Manager:
Figure 1: Typical Alcatel-Lucent Deployment
Thereshould never be a local switch managed by an OV3600 server whose master switch is also not under
management.
Prerequisites for Integrating Alcatel-Lucent Infrastructure
In order to integrate your Alcatel-Lucent infrastructure, you need the following information:
l SNMP community string for monitoring and discovery
l Telnet/SSH credentials for configuration
l Enable password for configuration
l SNMPv3 credentials for WMS offload
Withoutproper Telnet/SSH credentials, OV3600 will not be able to acquire license, serial information, and
monitoringschema from switches.
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Overview | 5
Page 6
6 | Overview OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 7
Chapter 2
Configuring OV3600 for Global Alcatel-Lucent
Infrastructure
This section explains how to configure OV3600 to globally manage your Alcatel-Lucent infrastructure.
l "Disabling Rate Limiting in OV3600 Setup > General" on page 7
l "Entering Credentials in Device Setup > Communication" on page 7
l "Setting Up Recommended Timeout and Retries" on page 9
l "Setting Up Time Synchronization" on page 9
l "Enabling Support for Channel Utilization And Statistics" on page 9
Disabling Rate Limiting in OV3600 Setup > General
The SNMP Rate Limiting for Monitored Devices option adds a small delay between each SNMP GET request,
which results in the actual polling intervals that are longer than what is configured. For example, setting a tenminute polling interval will result in an actual 12-minute polling interval. Disabling rate limiting is recommended
in most cases.
To disable rate limiting in OV3600, follow these steps:
1. Navigate to OV3600 Setup > General.
2. Locate the Performance section.
3. In the SNMP Rate Limiting for Monitored Devices field, select No, as shown in Figure 2.
4. Click Save.
Figure 2: SNMP Rate Limiting in OV3600 Setup > General > Performance
Entering Credentials in Device Setup > Communication
OV3600 requires several credentials to properly interface with Alcatel-Lucent devices. To enter these credentials,
follow these steps:
1. Navigate to Device Setup > Communication.
2. In the Default Credentials section, select the Edit link next to Alcatel-Lucent. The page illustrated in Figure
3 appears.
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Configuring OV3600 for Global Alcatel-Lucent
Infrastructure | 7
Page 8
3. Enter the SNMP Community String.
Be sure to note the community string because it must match the SNMP trap community string, which is
configuredlater in this document.
Figure 3: Credentials in Device Setup > Communication
4. Enter the required information for configuration and basic monitoring:
l Telnet/SSH user name
l Telnet/SSH password
l Enable mode password
5. Enter the required data for WMS Offload:
l SNMPv3 user name
l Authentication password
l SNMPv3 authentication protocol (must be SHA-1)
l Privacy password
l SNMPv3 privacy protocol (must be DES)
Theauthentication and privacy protocols must be SHA-1 and DES for WMS Offload to work correctly.
6. Click Save.
8 | Configuring OV3600 for Global Alcatel-Lucent
Infrastructure
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 9
Setting Up Recommended Timeout and Retries
1. In the Device Setup > Communication page, locate the SNMP Setting section.
2. Change the SNMP Timeout setting to a value or either 3, 4, or 5. This is the number of seconds that OV3600
will wait for a response from a device after sending an SNMP request, so a smaller number is more ideal.
3. Change the SNMP Retries value to 10. This value represents the number of times OV3600 tries to poll a
device when it does not receive a response within the SNMP Timeout Period or the Group’s Missed SNMP Poll
Threshold setting (1-100).
Although the upper limit for this value is 40, some SNMP libraries still have a hard limit of 20 retries. In these
cases, any retry value that is set above 20 will still stop at 20.
Figure 4: Timeout settings in Device Setup > Communication
4. Click Save when you are done.
Setting Up Time Synchronization
You can set the clock on a switch manually or by configuring the switch to use a Network Time Protocol (NTP)
server to synchronize its system clock with a central time source.
Manually Setting the Clock on a switch
You can use either the WebUI or CLI to manually set the time on the switch’s clock.
1. Navigate to the Configuration > Management > Clock page.
2. Under switch Date/Time, set the date and time for the clock.
3. Under Time Zone, enter the name of the time zone and the offset from Greenwich Mean Time (GMT).
4. To adjust the clock for daylight savings time, click Enabled under Summer Time. Additional fields appear that
allow you to set the offset from UTC and the start and end recurrences.
5. Click Apply.
Enabling Support for Channel Utilization And Statistics
To enable support for channel utilization statistics, your OV3600 server and Alcatel-Lucent AOS-W and AlcatelLucent Instant devices must be running the following versions of software:
l OmniVista 3600 Air Manager 7.6 or later
l Alcatel-Lucent AOS-W 6.0.1 or later
l Alcatel-Lucent Instant 3.3 or later
Devicesrunning AOS-W 6.0.1 can report RF utilization metrics, but AOS-W 6.1 or later is necessary to also
obtainclassified interferer information.
OV3600 Setup
1. Navigate to OV3600 Setup > General.
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Configuring OV3600 for Global Alcatel-Lucent
Infrastructure | 9
Page 10
2. In the Additional OV3600 Services section, set Enable AMON Data Collection to Yes, and set Prefer
AMONvs SNMP Polling to Yes.
3. Click Save.
Figure 5: AMON Data Collection Setting in OV3600 Setup > General
switch Setup (Master And Local)
Enabling these commands on AOS-W versions prior to 6.0.1.0 can result in performance issues on the switch. If you are
running previous firmware versions such as AOS-W 6.0.0.0, you should upgrade to AOS-W 6.0.1 (to obtain RF utilization
metrics) or 6.1 (to obtain RF utilization and classified interferer information) before you enter this command.
The following commands are for AOS-W versions 6.3.1 and later. To get the commands for other versions of
AOS-W, refer to the Command-Line Interface Reference Guide for that version.
Use SSH to access the switch’s command-line interface, enter enable mode, and issue the following commands:
(switch-Name) # configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(switch-Name) (config) # mgmt-server type ov3600 primary-server <OV3600-IP>
(switch-Name) (config) # mgmt-server profile <profile-name>
(switch-Name) (config) # write mem
Youcan add up to four <OV3600-IP> addresses.
10 | Configuring OV3600 for Global Alcatel-Lucent
Infrastructure
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 11
Chapter 3
Configuring anAlcatel-Lucent Group
It is prudent to establish one or more Alcatel-Lucent Groups within OV3600. During the discovery process you
will move new discovered switches into this group.
This section contains the following topics:
l "Basic Monitoring Configuration" on page 11
l "Advanced Configuration " on page 12
Basic Monitoring Configuration
1. Navigate to Groups > List.
2. Select Add.
3. Enter a Name that represents the Alcatel-Lucent device infrastructure from a security, geographical, or
departmental perspective and select Add.
4. You will be redirected to the Groups > Basic page for the Group you just created. On this page you will need
to verify and/or change the following Alcatel-Lucent-specific settings.
a. Find the SNMP Polling Periods section of the page, as illustrated in Figure 6.
b. Verify that the Override Polling Period for Other Services option is set to Yes.
c. Verify that Client Data Polling Period is set to 10 minutes. Do not configure this interval lower than 5
minutes.
Enabling the SNMP Rate Limiting for Monitored Devices option in the previous chapter adds a small delay
betweeneach SNMP Get request, thus the actual polling interval is 12 minutes for 10 minute polling interval.
d. Verify that the Device-to-Device Link Polling Period option is set to 30 minutes.
e. Verify that the Rogue AP and Device Location Data Polling Period option is set to 30 minutes.
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Configuring anAlcatel-Lucent Group | 11
Page 12
Figure 6: SNMP Polling Periods section of Groups > Basic
5. Locate the Aruba/Alcatel-Lucent section of this page. See Figure 7.
6. Configure the proper SNMP Version for monitoring the Alcatel-Lucent infrastructure.
Figure 7: Group SNMP Version for Monitoring
7. Click Save and Apply when you are done.
Advanced Configuration
Refer to the OmniVista 3600 Air Manager 8.2.4 Controller Configuration Guide for detailed instructions.
12 | Configuring anAlcatel-Lucent Group OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 13
Chapter 4
Discovering Alcatel-Lucent Infrastructure
OV3600 utilizes the Alcatel-Lucent topology to efficiently discover downstream infrastructure. This section
guides you through the process of discovering and managing your Alcatel-Lucent device infrastructure.
Refer to the following earlier sections in this document before attempting discovery:
l "Configuring OV3600 for Global Alcatel-Lucent Infrastructure" on page 7
l "Configuring anAlcatel-Lucent Group " on page 11
The following topics in this chapter walk through the basic procedure for discovering and managing AlcatelLucent infrastructure:
l "Discovering or Adding Master switches" on page 13
l "Local switch Discovery" on page 15
l "Thin AP Discovery" on page 15
Always add one switch and its affiliated Thin APs into management or monitoring mode in a serial fashion, one at a
time. Adding new devices is a very CPU intensive process for OV3600 and can quickly overwhelm all of the processing
power of the server if hundreds of Thin APs are added (migrated from New to Managed or Monitoring) simultaneously.
Discovering or Adding Master switches
Scan networks containing Alcatel-Lucent master switches from the Device Setup > Discover page, or manually
enter the master switch by following these steps in the Device Setup > Add page:
1. Select the Alcatel-Lucent OmniSwitch type and select Add. The page illustrated on Figure 8 appears.
2. Enter the Name and the IP Address for the switch.
3. Enter SNMP Community String, which is required field for devicediscovery.
Be sure to note the community string because it must match the SNMP trap community string, which is
configuredlater in this document.
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Discovering Alcatel-Lucent Infrastructure | 13
Page 14
Figure 8: Alcatel-Lucent Credentials in Device Setup > Add
4. Enter the required fields for configuration and basic monitoring:
n Telnet/SSH user name
n Telnet/SSH password
n Enable password
5. Enter the required fields for WMS Offload
n SNMPv3 authentication protocol (must be SHA-1)
n SNMPv3 privacy protocol (must be DES)
n SNMPv3 user name
n Authentication password
n Privacy password
Theprotocols for SNMPv3 authentication and SNMPv3 privacy must be SHA-1 and DES in order for WMS
Offloadto work.
14 | Discovering Alcatel-Lucent Infrastructure OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 15
If you are using SNMPv3, and the switch's date/time is incorrect, the SNMP agent will not respond to SNMP requests
from the OV3600 SNMP manager. This will result in the switch and all of its downstream access points showing as
Downin OV3600.
6. Assign the switch to a Group and Folder.
7. Ensure that the Monitor Only option is selected.
If you select Manage read/write, OV3600 will push the group setting configuration, and existing device configurations
will be deleted/overwritten.
8. Select Add.
9. Navigate to the APs/Devices > New page.
10.Select the Alcatel-Lucent master switch you just added from the list of new devices.
11.Ensure Monitor Only option is selected.
12.Select Add.
Local switch Discovery
Local switches are added to OV3600 via the master switch by a discovery scan, or manually added in Device
Setup > Add. After waiting for the Thin AP Polling Period interval or executing a Poll Now command from the
APs/Devices > Monitor page, the local switches will appear on the APs/Devices > New page.
Add the local switch to the Group defined previously. Within OV3600, local switches can be split away from the
master switch's Group.
Localswitch Discovery/monitoring may not work as expected if OV3600 is unable to communicate directly with
thetarget device. Be sure and update any ACL/Firewall rules to allow OV3600 to communicate with your
network equipment.
Thin AP Discovery
Thin APs are discovered via the local switch. After waiting for the Thin AP Polling Period or executing a Poll Now
command from the APs/Devices > Monitor page, thin APs will appear on the APs/Devices > New page.
Add the thin APs to the Group defined previously. Within OV3600, thin APs can be split away from the switch's
Group. You can split thin APs into multiple Groups if required.
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Discovering Alcatel-Lucent Infrastructure | 15
Page 16
16 | Discovering Alcatel-Lucent Infrastructure OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 17
Chapter 5
OV3600 and Alcatel-Lucent Integration Strategies
This section describes strategies for integrating OV3600 and Alcatel-Lucent devices and contains the following
topics:
l "Integration Goals" on page 17
l "Example Use Cases" on page 18
l "Prerequisites for Integration" on page 19
l "Enable switch Statistics Using OV3600" on page 19
l "WMS Offload with OV3600" on page 20
l "Define OV3600 as a Trap Host Using the AOS-W CLI" on page 21
l "Understanding WMS Offload Impact on Alcatel-Lucent Infrastructure" on page 22
Integration Goals
Table 1 summarizes the types of integration goals and strategies for meeting them in certain architectural
contexts:
Table 1: Integration Goals in All Masters or Master/Local Architectures
Integration Goals All Masters
Architecture
Rogue And Client Info enable stats
Rogue containment only ssh access to switches ssh access to switches
Rogue And Client
containment
Reduce Master switch Load WMS Offload debugging off
IDS And Auth Tracking Define OV3600 as a trap host Define OV3600 as a trap host
Track Tag Location enable Real Time Location
Channel Utilization enable Application Monitoring
Spectrum enable AMON enable AMON
AppRFVisibility enable AMON enable AMON
WMS Offload WMS Offload
System (RTLS) WMS Offload
(AMON)
Master/Local
Architecture
enable RTLS WMS Offload
enable AMON
UCC Visability enable AMON enable AMON
Health Information enable Adaptive Radio
Management (ARM)
Key integration points to consider include the following:
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
enable ARM
OV3600 and Alcatel-Lucent Integration Strategies |
17
Page 18
l IDS Tracking does not require WMS Offload in an all-master or master/local environment.
l IDS Tracking does require enable stats in a master/local environment.
l WMS Offload will hide the Security Summary tab on master switch’s web interface.
l WMS Offload encompasses enable stats or enable stats is a subset of WMS Offload.
l Unless you enable stats on the local switches in a master/local environment, the local switches do not
populate their MIBs with any information about clients or rogue devices discovered/associated with their
APs. Instead the information is sent upstream to master switch.
Example Use Cases
The following are example use cases of integration strategies:
l "When to Use Enable Stats" on page 18
l "When to Use WMS Offload" on page 18
l "When to Use RTLS" on page 18
l "When to Define OV3600 as a Trap Host" on page 19
l "When to Use Channel Utilization" on page 19
When to Use Enable Stats
You want to pilot OV3600, and you do not want to make major configuration changes to their infrastructure or
manage configuration from OV3600.
EnableStats still pushes a small subset of commands to the switches via SSH.
See "Enable switch Statistics Using OV3600" on page 19.
When to Use WMS Offload
l You have older Alcatel-Lucent infrastructure in a master/local environment and the master switch is fully
taxed. Offloading WMS will increase the capacity of the master switch by offloading statistics gathering
requirements and device classification coordination to OV3600.
l You want to use OV3600 to distribute client and rogue device classification amongst multiple master switches
in a master/local environment or in an All-Masters environment.
l See the following topics:
n "WMS Offload with OV3600" on page 20
n "Understanding WMS Offload Impact on Alcatel-Lucent Infrastructure" on page 22
n "WMS Offload Details" on pageAS
When to Use RTLS
l A hospital wants to achieve very precise location accuracy (5 -15 feet) for their medical devices which are
associating to the WLAN.
l You want to locate items utilizing Wi-Fi Tags.
RTLScan negatively impact your OV3600 server's performance.
l See "Leveraging RTLS to Increase Accuracy" on page AU.
18 | OV3600 and Alcatel-Lucent Integration Strategies OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 19
When to Define OV3600 as a Trap Host
l You want to track IDS events within the OV3600 UI.
l You are in the process of converting their older third-party WLAN devices to Alcatel-Lucent devices and want a
unified IDS dashboard for all WLAN infrastructure.
l You want to relate Auth failures to a client device, AP, Group of APs, and switch. OV3600 provides this unique
correlation capability.
See "Define OV3600 as a Trap Host Using the AOS-W CLI" on page 21.
When to Use Channel Utilization
l You have a minimum version of AOS-W 6.1.0.0.
Prerequisites for Integration
If you have not discovered the Alcatel-Lucent infrastructure or configured credentials, refer to the previous
chapters of this book:
l "Configuring OV3600 for Global Alcatel-Lucent Infrastructure" on page 7
l "Configuring anAlcatel-Lucent Group " on page 11
l "Discovering Alcatel-Lucent Infrastructure" on page 13
Enable switch Statistics Using OV3600
To enable stats on the Alcatel-Lucentswitches, follow these steps:
1. Navigate to OV3600 Setup> General and locate the Device Configuration section.
2. Set the Allow WMS Offload Configuration in Monitor-Only Mode field to Yes, as shown in Figure9:
Figure 9: WMS Offload Configuration in OV3600 Setup> General
3. Navigate to Groups > Basic for the group that contains your Alcatel-Lucentswitches.
4. Locate the Alcatel-Lucent section on the page.
5. Set the Offload WMS Database field to No, as shown in Figure 10:
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
OV3600 and Alcatel-Lucent Integration Strategies |
19
Page 20
Figure 10: Offload WMS Database field in Groups > Basic
6. Select Save and Apply.
7. Select Save.
This will push a set of commands via SSH to all Alcatel-Lucent local switches. OV3600 must have read/write
access to the switches in order to push these commands.
This process will not reboot your switches.
If you do not follow the above steps, local switches will not be configured to populate statistics. This decreases
OV3600's capability to trend client signal information and to properly locate devices. See "AOS-W CLI" on page 37 for
information about how to utilize the AOS-W CLI to enable stats on Alcatel-Lucent infrastructure.
If your credentials are invalid or the changes are not applied to the switch, error messages will display on the
switch's APs/Devices > Monitor page under the Recent Events section. If the change fails, OV3600 does not
audit these setting (display mismatches) and you will need to apply to the switch by hand. See "AOS-W CLI" on
page37 for detailed instructions.
These are the commands pushed by OV3600 while enabling WMS Offload. Do not enter these commands:
configure terminal
no mobility-manager <Active WMS IP Address>
wms
general collect-stats enable
stats-update-interval 120
show wms general
write mem
WMS Offload with OV3600
To offload WMS on the Alcatel-Lucentswitches using OV3600:
1. In OV3600 Setup> General, locate the Device Configuration section and enable or disable Allow WMS
Offload Configuration in Monitor-Only Mode.
20 | OV3600 and Alcatel-Lucent Integration Strategies OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 21
2. Select Save and Apply. This will push a set of commands via SSH to all Alcatel-Lucent master switches. If the
switch does not have an SNMPv3 user that matches the OV3600 database it will automatically create a new
SNMPv3 user. OV3600 must have read/write access to the switches to push thesecommands
3. Navigate to Groups > Basic and locate the Alcatel-Lucent section.
4. Set the Offload WMS Database field to Yes.
This process will not reboot your switches. See "CLICommands" on page 37 for information on how to utilize
theAOS-W CLI to enable stats for WMS Offload.
The SNMPv3 user's Auth Password and Privacy Password must be the same.
Do not enter these commands; these are pushed by OV3600 while enabling WMS Offload.
configure terminal
mobility-manager <OV3600 IP> user <OV3600 SNMPv3 User Name> <OV3600 Auth/Priv PW>
stats-update-interval 120
write mem
OV3600 will configure SNMPv2 traps with the mobile manager command.
Define OV3600 as a Trap Host Using the AOS-W CLI
To ensure the OV3600 server is defined as a trap host, access the command line interface of each switch (master
and local), enter enable mode, and issue the following commands:
(switch-Name) # configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(switch-Name) (config) # snmp-server host <OV3600 IP ADDR> version 2c <SNMP Community String of
switch>
Ensurethe SNMP community matches those that were configured in "Configuring OV3600 for Global Alcatel-
Lucent Infrastructure" on page 7.
(switch-Name) (config) # snmp-server trap source <switch-IP>
(switch-Name) (config) # write mem
OV3600 supports SNMP v2 traps and SNMP v3 informs in AOS-W 3.4 and higher. SNMP v3 traps are not
supported.
Ensuring That IDS and Auth Traps Display in OV3600
Validate your AOS-W configuration by exiting the configure terminal mode and issue the following command:
(switch-Name) # show snmp trap-list
If any of the traps in the output of this command do not appear to be enabled, enter configure terminal
mode and issuethe following command:
(switch-Name) (config) # snmp-server trap enable <TRAPS FROM LIST ABOVE>
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
OV3600 and Alcatel-Lucent Integration Strategies |
21
Page 22
See"AOS-W CLI" on page 37 for the full command that can be copied and pasted directly into the AOS-WCLI.
(switch-Name) (config) # write mem
Ensure the source IP of the traps match the IP that OV3600 uses to manage the switch, see Figure 11. Navigate
to APs/Devices > Monitor to validate the IP address in the Device Info section.
Figure 11: Verify IP Address on APs/Devices > Monitor Page
Verify that there is a SNMPv2 community string that matches the SNMP Trap community string on the switch.
(switch-Name) # show snmp community
SNMP COMMUNITIES
----------------
COMMUNITY ACCESS VERSION
--------- ------ -------
public READ_ONLY V1, V2c
(switch-Name) # #show snmp trap-host
SNMP TRAP HOSTS
---------------
HOST VERSION SECURITY NAME PORT TYPE TIMEOUT RETRY
---- ------- ------------- ---- ---- ------- -----
10.2.32.4 SNMPv2c public 162 Trap N/A N/A
Understanding WMS Offload Impact on Alcatel-Lucent Infrastructure
When offloading WMS, it is important to understand what functionality is migrated to OV3600 and what
functionality is deprecated.
The following AOS-W tabs and sections are deprecated after offloading WMS:
l Plan - The tab where floor plans are stored and heatmaps are generated. Before offloading WMS, ensure that
you have exported floor plans from AOS-W and imported them into OV3600. All functionality within the Plan
Tab is incorporated with the VisualRF module in OV3600.
l Dashboard > Security Summary - The Security Summary section (Figure 12) disappears after offloading
WMS. The data is still being processed by the master switch, but the summary information is not available.
You must use OV3600 to view data for APs, clients and events in detail and summary from.
n OV3600 displays information on Rogue APs in the RAPIDS > Overview pages.
n Information on Suspected Rogue, Interfering and known interfering APs is available in OV3600 on each
APs/Devices > Manage page.
22 | OV3600 and Alcatel-Lucent Integration Strategies OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 23
n IDS events data and reports appear on OV3600’s Reports > Generated > IDS Events page.
Figure 12: Security Summary on the Master switch
See "Rogue Device Classification" on page 32 for more information about security, IDS, WIPS, WIDS,
classification, and RAPIDS.
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
OV3600 and Alcatel-Lucent Integration Strategies |
23
Page 24
24 | OV3600 and Alcatel-Lucent Integration Strategies OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 25
Chapter 6
Alcatel-Lucent Specific Capabilities
This section discusses Alcatel-Lucent specific capabilities in OV3600 and contains the following topics:
l "Alcatel-Lucent Traps for RADIUS Auth and IDS Tracking" on page 25
l "Remote AP Monitoring" on page 26
l "ARM and Channel Utilization Information" on page 27
l "Viewing switch License Information" on page 32
l "Rogue Device Classification" on page 32
l "Rules-Based Controller Classification" on page 35
Alcatel-Lucent Traps for RADIUS Auth and IDS Tracking
The authentication failure traps are received by the OV3600 server and correlated to the proper switch, AP, and
user.
View a list of recent RADIUS authentication issues by navigating to the Home >Overview page, and selecting
the RADIUSIssues link in the Alert Summary table at the bottom of the page.Figure 13 shows all
authentication failures related to RADIUS data.
Figure 13: RADIUS Issues Summary
There are two ways to navigate to the list of recent IDS events. You can go to the Home >Overview page and
select the IDSEvents link in the Alert Summary table at the bottom of the page, or go directly to RAPIDS >
IDS Events. The IDSEvents Summary page includes a table that shows the numbers of events in each IDS
category, as well as a sortable table of each event. (See Figure14.)
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Alcatel-Lucent Specific Capabilities | 25
Page 26
Figure 14: IDS Events in OV3600
Remote AP Monitoring
To monitor remote APs, follow these steps:
1. From the APs/Devices > List page, filter on the Remote Device column to find remote devices.
2. To view detailed information about the remote device, select the device name. The page illustrated in Figure
15 appears.
26 | Alcatel-Lucent Specific Capabilities OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 27
Figure 15: Remote AP Detail Page
You can also see if there are users plugged into the wired interfaces in the Connected Clients list below the
Clients and Usage graphs at the bottom of this page.
This feature is only available when the remote APs are in split tunnel and tunnel modes.
ARM and Channel Utilization Information
ARM statistics and Channel utilization are very powerful tools for diagnosing capacity and other issues in your
WLAN.
1. Navigate to an APs/Devices > Monitor page for any AP that supports ARM and channel utilization.
2. In the Radios table, select a radio link under the Name column for a radio.
3. The graphs default to Client and Usage. Select an icon for each to changethe graphs to display Radio Channel
and Channel Utilization.
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Alcatel-Lucent Specific Capabilities | 27
Page 28
Figure 16: ARM and Channel Utilization Graphs
See the OmniVista 3600 Air Manager 8.2 User Guide more information about the data that displays in the Radio
Statistics page for these devices.
VisualRF and Channel Utilization
1. Navigate to a floor plan by navigating to VisualRF > Floor Plans page.
2. Click the list link at the top of the Floor Plans page, and select a floor plan from the list.
3. Click the View tab
4. Select the Overlays menu.
5. Select the Ch. Utilization overlay.
6. Select Current or Maximum (over last 24 hours).
7. Use the Data Set drop-down list to display Total, Receive (Rx), Transmit (Tx), or Interference utilization
data.
8. Select the option to view information for the current floor only, or to include information about the floor
above, and/or the floor below.
9. Select a frequency (5 GHz and/or 2.4 GHz).
28 | Alcatel-Lucent Specific Capabilities OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 29
Figure 17: Overlays
Figure 18: Channel Utilization in VisualRF (Interference/2.4 GHz)
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Alcatel-Lucent Specific Capabilities | 29
Page 30
Configuring Channel Utilization Triggers
1. Navigate to System > Triggers and select Add.
2. Select Channel Utilization from the Type drop-down menu as seen on Figure 19:
Figure 19: Channel Utilization Trigger
3. Enter the duration evaluation period.
4. Click the Add New Trigger Condition button.
5. Create a trigger condition for Radio Type and select the frequency to evaluate.
6. Select total, receive, transmit, or interference trigger condition.
7. Set up any restrictions or notifications. (Refer to the OmniVista 3600 Air Manager 8.2.4 User Guidefor more
details.)
8. When you are finished, click Add.
Viewing Channel Utilization Alerts
You can view Channel Utilization alerts from the APs/Devices > Monitor page and on the System > Alerts
page.
To view channel utilization alerts on the APs/Devices > Monitor page:
1. Navigate to the APs/Devices > list page and select a device.
2. Navigate to the APs/Devices> Monitor page for that device.
3. Scroll down to the Alert Summary table and select OV3600 Alerts.
30 | Alcatel-Lucent Specific Capabilities OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 31
Figure 20: Channel Utilization alerts
To view channel utilization alerts on the System >Alerts page:
1. Navigate to the System > Alerts page.
2. Sort the tableusing the Trigger Type column to display Channel Utilization alerts.
Figure 21: Channel Utilization alerts on the System > Alerts page
View Channel Utilization in RF Health Reports
1. Navigate to Reports > Generated.
2. Find and select an RF Health report.
3. Scroll down to view the Most Utilized by Channel Usage (5 GHz) and Most Utilized by Channel Usage
(2.4 GHz) graphs.
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Alcatel-Lucent Specific Capabilities | 31
Page 32
Figure 22: Channel Utilization in an RF Health Report (partial view)
Viewing switch License Information
Follow these steps to view your switch’s license information in OV3600:
1. Navigate to the APs/Devices > List page and select a switch.
2. Navigate to the APs/Devices > Monitor pagefor that switch.
3. In the Device Info table at the top of the page, select the Licenses link. A pop-up window appears listing all
licenses.
Figure 23: switch License Popup from the APs/Devices > Monitor page
Rogue Device Classification
Complete the steps in this section if you have completed the WMS Offload procedure. After offloading WMS,
OV3600 maintains the primary ARM, WIPS, and WIDS state classification for all devices discovered over-the-air.
See Table 2 below for details.
Table 2: WIPS/WIDS to OV3600switch Classification Matrix
OV3600switch Classification AOS-W (WIPS/WIDS)
Unclassified (default state) Unknown
32 | Alcatel-Lucent Specific Capabilities OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 33
Table 2: WIPS/WIDS to OV3600switch Classification Matrix (Continued)
OV3600switch Classification AOS-W (WIPS/WIDS)
Valid Valid
Suspected Valid Suspected Valid
Suspected Neighbor Interfering
Neighbor Known Interfering
Suspected Rogue Suspected Rogue
Rogue Rogue
Contained Rogue DOS
To check and reclassify rogue devices, follow these steps:
1. Navigate to the RAPIDS > Detail page for a rogue device (see Figure 24 below).
2. Select the proper classification for the device from the RAPIDS Classification Override drop-down list.
Figure 24: Rogue Detail Page Illustration
Changing the switch's classification within the OV3600 WebUI will push a reclassification message to all switches
managed by the OV3600 server that are in Groups with Offloading the WMS database set to Yes. To reset the switch
classification of a rogue device on OV3600, change the switch classification on the OV3600 WebUI to unclassified.
switch classification can also be updated from RAPIDS > List via the Modify Devices link.
All rogue devices will be set to a default switch classification of unclassified when WMS is first offloaded except
for devices classified as valid. Rogue devices classified in AOS-W as valid will also be classified within OV3600 as
valid for their switch classification as well. As APs report subsequent classification information about rogues, this
classification will be reflected within OV3600 WebUI and propagated to switches that OV3600 manages. The
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Alcatel-Lucent Specific Capabilities | 33
Page 34
device classification reflected in the switch's WebUI and in the OV3600 WebUI will probably not match, because
the switch/APs do not reclassify rogue devices frequently.
To update a group of devices' switch classification to match the AOS-W device classification, navigate to RAPIDS
> List and utilize the Modify Devices checkbox combined with the multiple sorting a filtering features.
Table 3: ARM to OV3600 Classification Matrix
OV3600 AOS-W (ARM)
Unclassified (default state) Unknown
Valid Valid
Contained DOS
1. Navigate to the Clients > Client Detail page for the user.
2. In the Device Info section, select the proper classification from the Classification drop-down list (see Figure
25):
Figure 25: User Classification
Changing User Classification within the OV3600 WebUI will push a user reclassification message to all switches
managed by the OV3600 server that are in Groups with Offloading the WMS database set to Yes.
All users will be set to a default classification of unclassified when WMS is first offloaded. As APs report
subsequent classification information about users, this classification will be reflected within the OV3600 WebUI
and propagated to switches that OV3600 manages. It is probable that the user’s classification reflected in the
switch’s WebUI and in the OV3600 WebUI will not match, because the switches/APs do not reclassify users
frequently.
There is no method in the OV3600 WebUI to update user classification before bulk to match the switch’s
classification. Each client must be updated individually within the OV3600 WebUI .
34 | Alcatel-Lucent Specific Capabilities OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 35
Rules-Based Controller Classification
This section contains the following topics:
l "Using RAPIDS Defaults for Controller Classification" on page 35
l "Changing RAPIDS Based on switch Classification" on page35
Using RAPIDS Defaults for Controller Classification
1. Navigate to the RAPIDS > Rules page and select the pencil icon beside the rule that you want to change.
2. In the Classification drop-down list, select Use Controller Classification (see Figure 26 below).
3. Click Save.
Figure 26: Using Controller Classification
Changing RAPIDS Based on switch Classification
1. Navigate to RAPIDS > Rules and select the desired rule.
2. In the Classification menu, select the RAPIDS classification.
3. Select Controller Classification (see Figure 27 below).
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Alcatel-Lucent Specific Capabilities | 35
Page 36
Figure 27: Configure Rules for Classification
4. Click Add. A new Controller Classification field displays.
5. Select the desired switch classification to use as an evaluation in RAPIDS.
6. Click Save.
36 | Alcatel-Lucent Specific Capabilities OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 37
Appendix A
CLICommands
Enable Channel Utilization Events
Enabling these commands on AOS-W versions prior to 6.1 can result in performance issues on the switch.
To enable channel utilization events utilizing the Alcatel-Lucent AOS-W CLI, use SSH to access a local or master
switch’s command-line interface, enter enable mode, and issue the following commands:
(switch-Name) # configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(switch-Name) (config) # mgmt-server type ov3600 primary-server <OV3600 IP> profile <profilename>
(switch-Name) (config) # write mem
Enable Stats With the AOS-W CLI
The following commands enable collection of statistics (up to 25,000 entries) on the master switch for
monitored APs and clients.
Do not use these commands if you use the OV3600 WebUI to monitor APs and Clients. Enabling these
commands on AOS-W versions prior to 6.1 can result in performance issues on the switch.
Use SSH to access the master switch’s command-line interface, enter enable mode, and issue the following
commands:
(switch-Name) # configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(switch-Name) (config) # ids wms-general-profile collect-stats enable
(switch-Name) (config-ids-wms-general-profile) # collect-stats
(switch-Name) (config-ids-wms-general-profile) # exit
(switch-Name) (config) # write mem
Offload WMS Using the AOS-W CLI
Do not use these commands if you use the OV3600 WebUI to monitor APs and clients.
Additional commands can be used to offload WMS using the AOS-W command-line interface or the OV3600
SNMP Walk. For information, see "AOS-W CLI" on page 37.
AOS-W CLI
SSH into all switches (local and master), and enter enable mode, and issue the following commands:
(switch-Name) # configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(switch-Name) (config) # mobility-manager <OV3600 IP> user <MMS-USER> <MMS-SNMP-PASSWORD>
(switch-Name) (config) # write mem
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Appendix A CLICommands | 37
Page 38
This command creates an SNMPv3 user on the switch with the authentication protocol configured to SHA and
privacy protocol DES. The user and password must be at least eight characters because the Net-SNMP package in
OV3600 adheres to this IETF recommendation. AOS-W automatically creates Auth and Privacy passwords from
this single password. If mobility-manager is already using a preconfigured SNMPv3 user, ensure the privacy and
authentication passwords are the same.
Example:
mobility-manager 10.2.32.1 user ov3600123 ov3600123
Pushing Configs from Master to Local switches
Use the following AOS-W CLI commands to ensure that the master switch is properly pushing configuration
settings from the master switch to local switches. This command ensures configuration changes made on the
master switch will propagate to all local switches.
Do not use these commands if you use the OV3600 WebUI to monitor APs and clients.
(switch-Name) (config) # cfgm mms config disable
(switch-Name) (config) # write mem
Disable Debugging Utilizing the AOS-W CLI
If you are experiencing performance issues on the master switch, ensure that debugging is disabled. It should be
disabled by default. Debugging coupled with gathering the enhanced statistics can put a strain on the switch's
CPU, so it is highly recommended to disable debugging.
To disable debugging, SSH into the switch, enter enable mode, and issue the following commands:
(switch-Name) # show running-config | include logging level debugging
If there is output, then use the following commands to remove the debugging:
(switch-Name) # configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(switch-Name) (config) # no logging level debugging <module from above>
(switch-Name) (config) # write mem
Restart WMS on Local switches
To ensure local switches are populating rogue information properly, use SSH to access the command-line
interface of each local switch, enter enable mode, and issuethe following commands:
(switch-Name) # configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(switch-Name) (config) # process restart wms
After executing the restart wms command in Alcatel-Lucent AOS-W, you will need to wait until the next Rogue
Poll Period on OV3600 and execute a Poll Now operation for each local switch on the APs/Devices > List
page before rogue devices begin to appear in OV3600.
Configure AOS-W CLI when not Offloading WMS
To ensure proper event correlation for IDS events when WMS is not offloaded to OV3600, access the command
line interface of each switch (master and local), enter enable mode, and issue the following commands:
38 | Appendix A CLICommands OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 39
(switch-Name) # configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(switch-Name) (config) # ids management-profile
(switch-Name) (config) # ids general-profile <name>
(switch-Name) (config) # ids-events logs-and-traps
(switch-Name) (config) # write mem
Copy and Paste to Enable Proper Traps with the AOS-W CLI
To ensure the proper traps are configured on Alcatel-Lucent switches, copy and paste the following command in
config mode:
snmp-server trap enable wlsxNUserAuthenticationFailed
wlsxAdhocNetworkBridgeDetected
wlsxAdhocNetworkBridgeDetectedAP
wlsxAdhocNetworkBridgeDetectedSta
wlsxAdhocNetworkDetected
wlsxAdhocUsingValidSSID
wlsxAPChannelChange
wlsxApFloodAttack
wlsxAPImpersonation
wlsxAPModeChange
wlsxAPPowerChange
wlsxAPSpoofingDetected
wlsxBlockAckAttackDetected
wlsxChannelFrameErrorRateExceeded
wlsxChannelFrameFragmentationRateExceeded
wlsxChannelFrameRetryRateExceeded
wlsxChannelRateAnomaly
wlsxChopChopAttack
wlsxClientAssociatedToHostedNetwork
wlsxClientAssociatingOnWrongChannel
wlsxClientFloodAttack
wlsxCTSRateAnomaly
wlsxDisconnectStationAttackAP
wlsxDisconnectStationAttackSta
wlsxEAPRateAnomaly
wlsxFataJackAttack
wlsxFrameBandWidthRateExceeded
wlsxFrameFragmentationRateExceeded
wlsxFrameLowSpeedRateExceeded
wlsxFrameNonUnicastRateExceeded
wlsxFrameReceiveErrorRateExceeded
wlsxFrameRetryRateExceeded
wlsxHostOfWirelessNetworkContainment
wlsxHotspotterAttackDetected
wlsxHT40MHzIntoleranceAP
wlsxHT40MHzIntoleranceSta
wlsxHtGreenfieldSupported
wlsxInvalidAddressCombination
wlsxInvalidMacOUIAP
wlsxInvalidMacOUISta
wlsxMalformedAssocReqDetected
wlsxMalformedAuthFrame
wlsxMalformedFrameLargeDurationDetected
wlsxMalformedFrameWrongChannelDetected
wlsxMalformedHTIEDetected
wlsxNAccessPointIsDown
wlsxNAccessPointIsUp
wlsxNAdhocNetwork
wlsxNAdhocNetworkBridgeDetectedAP
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Appendix A CLICommands | 39
Page 40
wlsxNAdhocNetworkBridgeDetectedSta
wlsxNAdhocUsingValidSSID
wlsxNAPMasterStatusChange
wlsxNAuthServerReqTimedOut
wlsxNDisconnectStationAttack
wlsxNIpSpoofingDetected
wlsxNodeRateAnomalyAP
wlsxNodeRateAnomalySta
wlsxNSignatureMatch
wlsxNSignatureMatchAirjack
wlsxNSignatureMatchAsleap
wlsxNSignatureMatchDeauthBcast
wlsxNSignatureMatchDisassocBcast
wlsxNSignatureMatchNetstumbler
wlsxNSignatureMatchNullProbeResp
wlsxNSignatureMatchWellenreiter
wlsxNStaUnAssociatedFromUnsecureAP
wlsxNUserAuthenticationFailed
wlsxNUserEntryAuthenticated
wlsxOmertaAttack
wlsxOverflowEAPOLKeyDetected
wlsxOverflowIEDetected
wlsxPowerSaveDosAttack
wlsxRepeatWEPIVViolation
wlsxReservedChannelViolation
wlsxRTSRateAnomaly
wlsxSequenceNumberAnomalyAP
wlsxSequenceNumberAnomalySta
wlsxSignalAnomaly
wlsxSignAPAirjack
wlsxSignAPAsleap
wlsxSignAPDeauthBcast
wlsxSignAPNetstumbler
wlsxSignAPNullProbeResp
wlsxSignatureMatchAP
wlsxSignatureMatchSta
wlsxSignStaAirjack
wlsxSignStaAsleap
wlsxSignStaDeauthBcast
wlsxSignStaNetstumbler
wlsxSignStaNullProbeResp
wlsxStaAssociatedToUnsecureAP
wlsxStaImpersonation
wlsxStaPolicyViolation
wlsxStaRepeatWEPIVViolation
wlsxStaUnAssociatedFromUnsecureAP
wlsxStaWeakWEPIVViolation
wlsxTKIPReplayAttack
wlsxUserEntryAttributesChanged
wlsxValidClientMisassociation
wlsxValidClientNotUsingEncryption
wlsxValidSSIDViolation
wlsxWeakWEPIVViolation
wlsxWEPMisconfiguration
wlsxWindowsBridgeDetected
wlsxWindowsBridgeDetectedAP
wlsxWindowsBridgeDetectedSta
wlsxWirelessBridge
wlsxWirelessHostedNetworkContainment
wlsxWirelessHostedNetworkDetected
40 | Appendix A CLICommands OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 41
Youwill need to issue the write mem command.
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Appendix A CLICommands | 41
Page 42
OV3600 Data Acquisition Methods
The tables below describe the different methods through which OV3600 acquires data from Alcatel-Lucent devices on the network.
The tables use the following symbols:
l ç Initiated by OV3600
l è Initiated by Controller, or Instant Virtual Controller
l é Initiated by OV3600 to a separate device
Table 4: Data Flow between Controllers and OV3600
Data Type SNMP Traps SSH AMON PAPI Syslog HTTPS ICMP NMAP FTP/TFTP DNS Notes
Appendix B
802.11 Counters
AP Up/Down Status
ARM Events
Channel Utilization
Client Hostname
Client Match Events
Client Monitoring
Configuration Audit
Configuration Push
Controller Up/Down
Status
ç
ç è
è
è
è
ç è
ç
ç
ç ç
é
If Prefer AMON enabled it's
done by AMON. Requires
Alcatel-Lucent AOS-W 6.3 or
later and OV3600 7.7.7 or
later.
Device
CPU/Memory
ç
Page 43
Table 4: Data Flow between Controllers and OV3600 (Continued)
Data Type SNMP Traps SSH AMON PAPI Syslog HTTPS ICMP NMAP FTP/TFTP DNS Notes
Enabling of WMS
Offload
Exec UI
Firewall Stats
Firmware Images
IDS Events
Interface
Monitoring
Lync/UCC/Voice
Neighbor Clients
ç
è
è
ç
è
ç è
è
é ç
When AMON is used for
client monitoring, OV3600
uses this at startup time to
get current user status.
Images are sent to controller
over FTP/TFTP. They can be
transferred to OV3600 via
HTTPS.
Available in OV3600 8.0 and
later.
Network
Derivations
RADIUS Auth Issues
RAPIDS
RF Capacity
RF Health
Rogue AP OS
ç
è
ç
è
è
é
Page 44
Table 4: Data Flow between Controllers and OV3600 (Continued)
Data Type SNMP Traps SSH AMON PAPI Syslog HTTPS ICMP NMAP FTP/TFTP DNS Notes
Rogue Classification
Rogue Clients
Syslog
VisualRF
ç ç
ç
ç è
If WMS Offload enabled,
OmniVista 3600 Air Manager
updates rogue classifications
on a controller using PAPI;
otherwise it's done with
SNMP.
è
VisualRF's client data comes
from OV3600, which gets its
data from SNMP + AMON.
Table 5: Data Flow between Instant Devices and OV3600
Data Type SNMP Traps SSH AMON PAPI Syslog HTTPS ICMP NMAP FTP/TFTP DNS Notes
All Monitoring Data
è
VC sends data to OV3600
every minute in an HTTP
POST.
Configuration
Commands
Diagnostic
Commands
Firmware Images
è
è
è
When OV3600 needs to send
data to a VC, it sends it in the
HTTPS response.
Page 45
Appendix C
WMS Offload Details
WMS Offload instructs the master switch to stop correlating ARM, WIPS, and WIDS state information among its
local switches because OV3600 will assume this responsibility. Figure 28 depicts how OV3600 communicates
state information with local switches.
Figure 28: ARM/WIPS/WIDS Classification Message Workflow
State Correlation Process
1. AP-1-3-1 hears rogue device A.
2. Local switch 1-3 evaluates devices and does initial classification and sends a classification request to OV3600.
3. OV3600 receives message and reclassifies the device if necessary and reflects this within the OV3600 WebUI
and via SNMP traps, if configured.
4. OV3600 sends a classification message back to all local switches managed by master switch 1, (1-1, 1-2, and 1-
3).
5. OV3600 sends a classification message back to all additional local switches managed by the OV3600 server.
In this example all local switches under master switch 2, (2-1, 2-2, and 2-3) would receive the classification
messages.
6. If an administrative OV3600 user manually overrides the classification, then OV3600 will send a reclassification message to all applicable local switches.
7. OV3600 periodically polls each local switch's MIB to ensure state parity with the OV3600 database. If the
local switch's devicestate does not comply with the OV3600 database, OV3600 will send a re-classification
message to bring it back into compliance.
TheRogue Detail page includes a BSSID table for each rogue that displays the desired classification and the
classificationon the device.
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Appendix C WMS Offload Details | AS
Page 46
Using OV3600 as a Master Device State Manager
OV3600 offers the following benefits as a master device state manager:
l Ability to correlate state among multiplemaster switches. This will reducedelays in containing a rogue device
or authorizing a valid device when devices roam across a large campus.
l Ability to correlate state of third party access points with ARM. This will ensure that Alcatel-Lucent
infrastructure inter-operates more efficiently in a mixed infrastructure environment.
l Ability to better classify devices based on OV3600 wire-line information not currently available in AOS-W.
l OV3600 provides a near real-time event notification and classification of new devices entering air space.
l RAPIDS gains additional wire-line discovery data from Alcatel-Lucentswitches.
AT | Appendix C WMS Offload Details OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 47
Appendix D
Increasing Location Accuracy
This appendix describes the impact that band steering can have on location accuracy. It also explains how RTLS
can be used to increase location accuracy.
Understand Band Steering's Impact on Location
Band steering can negatively impact location accuracy when testing in a highly mobile environment. The biggest
hurdles to overcome are scanning times in 5 GHz frequency.
Table 6: Location accuracy impact
Operating
Frequency
2.4 GHz 11 (US) 10 seconds 110
5 GHz 24 (US) 10 seconds 110
Total
Channels
Scanning
Frequency
Scanning
Time
milliseconds
milliseconds
Total Time One
Pass
121.21 seconds
242.64 seconds
Leveraging RTLS to Increase Accuracy
This section provides instructions for integrating the OV3600 and Alcatel-Lucent WLAN infrastructure with
Alcatel-Lucent's RTLS feed to more accurately locate wireless clients and Wi-Fi Tags.
Deployment Topology
Figure 29: Typical Client Location
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Appendix D Increasing Location Accuracy | AU
Page 48
Figure 30: Typical Tag Deployment
Prerequisites
You will need the following information to monitor and manage your Alcatel-Lucent infrastructure.
l Ensure that the OV3600 server is already monitoring Alcatel-Lucent infrastructure.
l Ensure that the WMS Offload process is complete.
l Ensure that the firewall configuration for port 5050 (default port) supports bidirectional UDP communication
between the OV3600 server's IP address and each access point's IP address.
Enable RTLS Service on the OV3600 Server
1. Navigate to OV3600 Setup > General and locate the Additional OV3600 Services section.
2. Select Yes for the Enable RTLS Collector option (see Figure 31 below).
3. A new section will automatically appear with the following settings:
l RTLS Port—The match switch default is 5050.
l RTLS Username—This must match the SNMPv3 MMS user name configured on the switch.
l RTLS Password—This must match the SNMPv3 MMS password configured on the switch.
4. Click Save.
Figure 31: RTLS Fields in OV3600 Setup> General> Additional OV3600 Services
AV | Appendix D Increasing Location Accuracy OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Page 49
Enable RTLS on the switch
RTLScan only be enabled on the master switch and it will automatically be propagated to all local switches.
SSH into master switch, enter enable mode, and issue the following commands:
(switch-Name) # configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(switch-Name) (config) # ap system-profile <Thin-AP-Profile-Name>
(switch-Name) (AP system profile default) # rtls-server ip-addr <IP of OV3600 Server> port 5050
key <switch-SNMPv3-MMS-Password>
(switch-Name) (AP system profile default) # write mem
To validate exit configuration mode:
(switch-Name) # show ap monitor debug status ip-addr <AP-IP-Address>
...
RTLS configuration
-------------------
Type Server IP Port Frequency Active
---- --------- ---- --------- ------
MMS 10.51.2.45 5070 120
Aeroscout N/A N/A N/A
RTLS 10.51.2.45 5050 60 *
OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide Appendix D Increasing Location Accuracy | AW
Page 50
Troubleshooting RTLS
You can use either the WebUI or CLI to ensure the RTLS service is running on your OV3600 server.
Using the WebUI to See Status
1. In the OV3600 WebUI, navigate to the System > Status page.
2. Scroll down through the Services list to locate the RTLS service, as shown below.
Figure 32: RTLS System Status
Wi-Fi Tag Setup Guidelines
l Ensure that the tags can be heard by at least three access points from any given location. The recommended
value is four APs.
l Ensure that the tags chirp on all regulatory channels.
AX | Appendix D Increasing Location Accuracy OmniVista 3600 Air Manager 8.2.4 | Best Practices Guide
Loading...