Dell Networking W-Series
Instant 6.4.0.2-4.1
User Guide
Copyright
© 2014 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management System®. Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc.
All rights reserved. Specifications in this manual are subject to change without notice.
Originated in the USA. All other trademarks are the property of their respective owners.
Open Source Code
Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. Includes software from Litech Systems Design. The IF-MAP client library copyright 2011 Infoblox, Inc. All rights reserved. This product includes software developed by Lars Fenneberg, et al. The Open Source code used can be found at this site:
http://www.arubanetworks.com/open_source
Legal Notice
The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors.
0511581-01 | June 2014 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents |
3 |
About this Guide |
28 |
Intended Audience |
28 |
Related Documents |
28 |
Conventions |
28 |
Contacting Dell |
29 |
About Instant |
30 |
Instant Overview |
30 |
Supported Devices |
30 |
Instant UI |
31 |
Instant CLI |
31 |
What is New in Instant 6.4.0.2-4.1 |
33 |
Setting up a W-IAP |
35 |
Setting up Instant Network |
35 |
Connecting a W-IAP |
35 |
Assigning an IP address to the W-IAP |
35 |
Assigning a Static IP |
36 |
Connecting to a Provisioning Wi-Fi Network |
36 |
W-IAP Cluster |
36 |
Disabling the Provisioning Wi-Fi Network |
37 |
Logging in to the Instant UI |
37 |
Regulatory Domains |
38 |
Country Code |
38 |
Specifying Country Code |
41 |
Accessing the Instant CLI |
41 |
Connecting to a CLI Session |
42 |
Applying Configuration Changes |
42 |
Using Sequence Sensitive Commands |
43 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents | 3 |
Instant User Interface |
44 |
Login Screen |
44 |
Logging into the Instant UI |
44 |
Viewing Connectivity Summary |
44 |
Language |
44 |
Main Window |
45 |
Banner |
45 |
Search |
45 |
Tabs |
45 |
Networks Tab |
46 |
Access Points Tab |
46 |
Clients Tab |
47 |
Links |
47 |
New Version Available |
47 |
System |
48 |
RF |
49 |
Security |
50 |
Maintenance |
51 |
More |
52 |
VPN |
52 |
IDS |
53 |
Wired |
54 |
Services |
54 |
DHCPServer |
55 |
Support |
56 |
Help |
57 |
Logout |
57 |
Monitoring |
57 |
Info |
57 |
RF Dashboard |
59 |
RF Trends |
60 |
Usage Trends |
61 |
MobilityTrail |
66 |
4 | Contents |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Client Match |
66 |
AppRF |
67 |
Spectrum |
67 |
Alerts |
67 |
IDS |
71 |
AirGroup |
72 |
Configuration |
72 |
W-AirWave Setup |
73 |
Pause/Resume |
73 |
Views |
73 |
Initial Configuration Tasks |
74 |
Basic Configuration Tasks |
74 |
Modifying the W-IAP Name |
74 |
In the Instant UI |
75 |
In the CLI |
75 |
Updating Location Details of a W-IAP |
75 |
In the Instant UI |
75 |
In the CLI |
75 |
Configuring a Preferred Band |
75 |
In the Instant UI |
75 |
In the CLI |
75 |
Configuring Virtual Controller IP Address |
76 |
In the Instant UI |
76 |
In the CLI |
76 |
Configuring Timezone |
76 |
In the Instant UI |
76 |
In the CLI |
76 |
Configuring an NTP Server |
76 |
In the Instant UI |
77 |
In the CLI |
77 |
Enabling AppRF Visibility |
77 |
Changing Password |
77 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents | 5 |
In the Instant UI |
77 |
In the CLI |
77 |
Additional Configuration Tasks |
78 |
Configuring Virtual Controller VLAN |
78 |
In the Instant UI |
79 |
In the CLI |
79 |
Configuring Auto Join Mode |
79 |
Enabling or Disabling Auto Join Mode |
79 |
In the Instant UI |
79 |
In the CLI |
79 |
Configuring Terminal Access |
80 |
In the Instant UI |
80 |
In the CLI |
80 |
Configuring Console Access |
80 |
In the Instant UI |
80 |
In the CLI |
80 |
Configuring LED Display |
81 |
In the Instant UI |
81 |
In the CLI |
81 |
Configuring Additional WLAN SSIDs |
81 |
Enabling the Extended SSID |
81 |
In the Instant UI |
81 |
In the CLI |
82 |
Preventing Inter-user Bridging |
82 |
In the Instant UI |
82 |
In the CLI |
82 |
Preventing Local Routing between Clients |
82 |
In the Instant UI |
82 |
In the CLI |
83 |
Enabling Dynamic CPU Management |
83 |
In the Instant UI |
83 |
In the CLI |
83 |
6 | Contents |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Customizing W-IAP Settings |
84 |
Modifying the W-IAP Hostname |
84 |
In the Instant UI |
84 |
In the CLI |
84 |
Configuring Zone Settings on a W-IAP |
84 |
In the Instant UI |
85 |
In the CLI |
85 |
Specifying a Method for Obtaining IP Address |
85 |
In the Instant UI |
85 |
In the CLI |
86 |
Configuring External Antenna |
86 |
EIRP and Antenna Gain |
86 |
Example |
86 |
Configuring Antenna Gain |
86 |
In the Instant UI |
86 |
In the CLI |
87 |
Configuring Radio Profiles for a W-IAP |
87 |
Configuring ARM Assigned Radio Profiles for a W-IAP |
87 |
Configuring Radio Profiles Manually for W-IAP |
87 |
In the CLI |
88 |
Configuring Uplink VLAN for a W-IAP |
88 |
In the Instant UI |
88 |
In the CLI |
89 |
Master Election and Virtual Controller |
89 |
Master Election Protocol |
89 |
Preference to a W-IAP with 3G/4G Card |
89 |
Preference to a W-IAP with Non-Default IP |
90 |
Viewing Master Election Details |
90 |
Manual Provisioning of Master W-IAP |
90 |
Provisioning a W-IAP as a Master W-IAP |
90 |
In the Instant UI |
90 |
In the CLI |
90 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents | 7 |
Adding a W-IAP to the Network |
91 |
Removing a W-IAP from the Network |
91 |
VLAN Configuration |
92 |
VLAN Pooling |
92 |
Uplink VLAN Monitoring and Detection on Upstream Devices |
92 |
Wireless Network Profiles |
93 |
Configuring Wireless Network Profiles |
93 |
Network Types |
93 |
Configuring WLAN Settings for an SSID Profile |
93 |
In the Instant UI |
94 |
In the CLI |
96 |
Configuring VLAN Settings for a WLAN SSID Profile |
97 |
In the Instant UI |
97 |
In the CLI |
98 |
Configuring Security Settings for a WLAN SSID Profile |
99 |
Configuring Security Settings for an Employee or Voice Network |
99 |
In the Instant UI |
99 |
In the CLI |
103 |
Configuring Access Rules for a WLAN SSID Profile |
104 |
In the Instant UI |
105 |
In the CLI |
105 |
Example |
106 |
Configuring Fast Roaming for Wireless Clients |
106 |
Opportunistic Key Caching |
106 |
Configuring a W-IAP for OKC Roaming |
107 |
In the Instant UI |
107 |
In the CLI |
107 |
Fast BSS Transition (802.11r Roaming) |
107 |
Configuring a W-IAP for 802.11r support |
108 |
In the Instant UI |
108 |
In the CLI |
108 |
Example |
108 |
Radio Resource Management (802.11k) |
108 |
8 | Contents |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Beacon Report Requests and Probe Responses |
109 |
Configuring a WLAN SSID for 802.11k Support |
109 |
In the Instant UI |
109 |
In the CLI |
109 |
Example |
109 |
BSS Transition Management (802.11v) |
109 |
Configuring a WLAN SSID for 802.11v Support |
110 |
In the Instant UI |
110 |
In the CLI |
110 |
Example |
110 |
Editing Status of a WLAN SSID Profile |
110 |
In the Instant UI |
110 |
In the CLI |
110 |
Editing a WLAN SSID Profile |
110 |
Deleting a WLAN SSID Profile |
111 |
Wired Profiles |
112 |
Configuring a Wired Profile |
112 |
Configuring Wired Settings |
112 |
In the Instant UI |
112 |
In the CLI |
113 |
Configuring VLAN for a Wired Profile |
114 |
In the Instant UI |
114 |
In the CLI |
114 |
Configuring Security Settings for a Wired Profile |
115 |
Configuring Security Settings for a Wired Employee Network |
115 |
In the Instant UI |
115 |
In the CLI |
115 |
Configuring Access Rules for a Wired Profile |
116 |
In the Instant UI |
116 |
In the CLI |
116 |
Assigning a Profile to Ethernet Ports |
117 |
In the Instant UI |
117 |
In the CLI |
117 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents | 9 |
Editing a Wired Profile |
117 |
Deleting a Wired Profile |
118 |
Link Aggregation Control Protocol for W-IAP220 Series |
118 |
Understanding Hierarchical Deployment |
119 |
Captive Portal for Guest Access |
120 |
Understanding Captive Portal |
120 |
Types of Captive Portal |
120 |
Walled Garden |
121 |
Configuring a WLAN SSID for Guest Access |
121 |
In the Instant UI |
121 |
In the CLI |
124 |
Configuring Wired Profile for Guest Access |
125 |
In the Instant UI |
125 |
In the CLI |
126 |
Configuring Internal Captive Portal for Guest Network |
126 |
In the Instant UI |
127 |
In the CLI |
128 |
Configuring External Captive Portal for a Guest Network |
129 |
External Captive Portal Profiles |
129 |
Creating a Captive Portal Profile |
129 |
In the Instant UI |
129 |
In the CLI |
130 |
Configuring an SSID or Wired Profile to Use External Captive Portal Authentication |
131 |
In the Instant UI |
131 |
In the CLI |
132 |
Configuring External Captive Portal Authentication Using ClearPass Guest |
132 |
Creating a Web Login page in ClearPass Guest |
133 |
Configuring RADIUS Server in Instant UI |
133 |
Configuring Guest Logon Role and Access Rules for Guest Users |
133 |
In the Instant UI |
133 |
In the CLI |
134 |
Example |
135 |
10 | Contents |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Configuring Captive Portal Roles for an SSID |
135 |
In the Instant UI |
135 |
In the CLI |
137 |
Configuring Walled Garden Access |
138 |
In the Instant UI |
138 |
In the CLI |
138 |
Disabling Captive Portal Authentication |
138 |
Authentication and User Management |
140 |
Managing W-IAP Users |
140 |
Configuring Authentication Parameters for Management Users |
141 |
Configuring a TACACS+ Server Profile for Management User Authentication |
141 |
In the Instant UI |
141 |
In the CLI |
142 |
Configuring Administrator Credentials for the Virtual Controller Interface |
142 |
In the Instant UI |
142 |
In the CLI |
143 |
Configuring Guest Management Interface Administrator Credentials |
144 |
In the Instant UI |
144 |
In the CLI |
144 |
Configuring Users for Internal Database of a W-IAP |
144 |
In the Instant UI |
144 |
In the CLI |
145 |
Configuring the Read-Only Administrator Credentials |
146 |
In the Instant UI |
146 |
In the CLI |
146 |
Adding Guest Users through the Guest Management Interface |
146 |
Understanding Authentication Methods |
147 |
802.1X authentication |
147 |
MAC authentication |
147 |
MAC authentication with 802.1X authentication |
147 |
Captive Portal Authentication |
148 |
MAC authentication with Captive Portal authentication |
148 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents | 11 |
802.1X authentication with Captive Portal Role |
148 |
WISPr authentication |
148 |
Supported EAP Authentication Frameworks |
148 |
Authentication Termination on W-IAP |
149 |
Supported Authentication Servers |
149 |
Internal RADIUS Server |
150 |
External RADIUS Server |
150 |
RADIUS Server Authentication with VSA |
150 |
Dynamic Load Balancing between Two Authentication Servers |
154 |
Understanding Encryption Types |
154 |
WPA and WPA2 |
154 |
Recommended Authentication and Encryption Combinations |
155 |
Support for Authentication Survivability |
155 |
Configuring Authentication Survivability |
156 |
In the Instant UI |
156 |
Important Pointsto Remember |
156 |
In the CLI |
156 |
Configuring Authentication Servers |
157 |
Configuring an External Server for Authentication |
157 |
In the Instant UI |
157 |
In the CLI |
160 |
Configuring Dynamic RADIUS Proxy Parameters |
161 |
Enabling Dynamic RADIUS Proxy |
161 |
In the Instant UI |
161 |
In the CLI |
162 |
Configuring Dynamic RADIUS Proxy Parameters for Authentication Servers |
162 |
In the Instant UI |
162 |
In the CLI |
162 |
Associate the Authentication Servers with an SSID or Wired Profile |
162 |
In the CLI |
163 |
Configuring 802.1X Authentication for a Network Profile |
163 |
Configuring 802.1X Authentication for a Wireless Network Profile |
164 |
In the Instant UI |
164 |
12 | Contents |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
In the CLI |
164 |
Configuring 802.1X Authentication for Wired Profiles |
164 |
In the Instant UI |
165 |
In the CLI |
165 |
Configuring MAC Authentication for a Network Profile |
165 |
Configuring MAC Authentication for Wireless Network Profiles |
165 |
In the Instant UI |
165 |
In the CLI |
166 |
Configuring MAC Authentication for Wired Profiles |
166 |
In the Instant UI |
166 |
In the CLI |
167 |
Configuring MAC Authentication with 802.1X Authentication |
167 |
Configuring MAC and 802.1X Authentication for a Wireless Network Profile |
167 |
In the Instant UI |
167 |
In the CLI |
168 |
Configuring MAC and 802.1X Authentication for Wired Profiles |
168 |
In the Instant UI |
168 |
In the CLI |
168 |
Configuring MAC Authentication with Captive Portal Authentication |
169 |
Configuring MAC Authentication with Captive Portal Authentication |
169 |
In the Instant UI |
169 |
In the CLI |
169 |
Configuring WISPr Authentication |
170 |
In the Instant UI |
170 |
In the CLI |
170 |
Blacklisting Clients |
171 |
Blacklisting Clients Manually |
171 |
Adding a Client to the Blacklist |
171 |
In the Instant UI |
171 |
In the CLI |
171 |
Blacklisting Users Dynamically |
172 |
Authentication Failure Blacklisting |
172 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents | 13 |
Session Firewall Based Blacklisting |
172 |
Configuring Blacklist Duration |
172 |
In the Instant UI |
172 |
In the CLI |
172 |
Uploading Certificates |
173 |
Loading Certificates through Instant UI |
173 |
Loading Certificates through Instant CLI |
174 |
Loading Certificates through W-AirWave |
174 |
Roles and Policies |
176 |
Firewall Policies |
176 |
Access Control List Rules |
176 |
Configuring Access Rules for Network Services |
177 |
In the Instant UI |
177 |
In the CLI |
178 |
Example |
178 |
Configuring Network Address Translation Rules |
179 |
Configuring a Source NAT Access Rule |
179 |
In the Instant UI |
179 |
In the CLI |
179 |
Configuring Source-Based Routing |
180 |
Configuring a Destination NAT Access Rule |
180 |
In the Instant UI |
180 |
In the CLI |
180 |
Configuring ALG Protocols |
181 |
In the Instant UI |
181 |
In the CLI |
181 |
Configuring Firewall Settings for Protection from ARP Attacks |
181 |
In the Instant UI |
182 |
In the CLI |
182 |
Managing Inbound Traffic |
183 |
Configuring Inbound Firewall Rules |
183 |
In the Instant UI |
183 |
In the CLI |
185 |
14 | Contents |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Example |
185 |
Configuring Management Subnets |
185 |
In the Instant UI |
185 |
In the CLI |
186 |
Configuring Restricted Access to Corporate Network |
186 |
In the Instant UI |
186 |
In the CLI |
186 |
Content Filtering |
186 |
Enabling Content Filtering |
187 |
Enabling Content Filtering for a Wireless Profile |
187 |
In the Instant UI |
187 |
In the CLI |
187 |
Enabling Content Filtering for a Wired Profile |
187 |
In the Instant UI |
187 |
In the CLI |
188 |
Configuring Enterprise Domains |
188 |
In the Instant UI |
188 |
In the CLI |
188 |
Configuring URL Filtering Policies |
188 |
In the Instant UI |
188 |
In the CLI |
189 |
Example |
189 |
Configuring User Roles |
190 |
Creating a User Role |
190 |
In the Instant UI |
190 |
In the CLI |
190 |
Assigning Bandwidth Contracts to User Roles |
190 |
In the Instant UI |
191 |
In the CLI: |
191 |
Configuring Machine and User Authentication Roles |
191 |
In the Instant UI |
191 |
In the CLI |
192 |
Configuring Derivation Rules |
192 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents | 15 |
Understanding Role Assignment Rule |
192 |
RADIUS VSA Attributes |
192 |
MAC-Address Attribute |
192 |
Roles Based on Client Authentication |
193 |
DHCP Option and DHCP Fingerprinting |
193 |
Creating a Role Derivation Rule |
193 |
In the Instant UI |
193 |
In the CLI |
194 |
Example |
194 |
Understanding VLAN Assignment |
194 |
Vendor Specific Attributes |
195 |
VLAN Assignment Based on Derivation Rules |
196 |
User Role |
196 |
VLANs Created for an SSID |
196 |
Configuring VLAN Derivation Rules |
196 |
In the Instant UI |
196 |
In the CLI |
197 |
Example |
198 |
Using Advanced Expressions in Role and VLAN Derivation Rules |
198 |
Configuring a User Role for VLAN Derivation |
199 |
Creating a User VLAN Role |
199 |
In the Instant UI |
199 |
In the CLI |
199 |
Assigning User VLAN Roles to a Network Profile |
200 |
In the Instant UI |
200 |
In the CLI |
200 |
DHCP Configuration |
201 |
Configuring DHCP Scopes |
201 |
Configuring Distributed DHCP Scopes |
201 |
In the Instant UI |
201 |
In the CLI |
203 |
Configuring a Centralized DHCP Scope |
204 |
In the Instant UI |
204 |
16 | Contents |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
In the CLI |
205 |
Configuring Local and Local,L3 DHCP Scopes |
206 |
In the Instant UI |
206 |
In the CLI |
207 |
Configuring the Default DHCP Scope for Client IP Assignment |
208 |
In the Instant UI |
208 |
In the CLI |
209 |
VPN Configuration |
210 |
Understanding VPN Features |
210 |
Configuring a Tunnel from a W-IAP to Dell Networking W-Series Mobility Controller |
210 |
Configuring an IPSec Tunnel |
210 |
In the Instant UI |
210 |
In the CLI |
211 |
Example |
212 |
Enabling Automatic Configuration of GRE Tunnel |
212 |
In the Instant UI |
212 |
In the CLI |
214 |
Manually Configuring a GRE Tunnel |
214 |
In the Instant UI |
214 |
In the CLI |
215 |
Configuring an L2TPv3 Tunnel |
215 |
In the Instant UI |
216 |
In the CLI |
218 |
Example |
218 |
Configuring Routing Profiles |
221 |
In the Instant UI |
221 |
In the CLI |
222 |
IAP-VPN Deployment |
223 |
Understanding IAP-VPN Architecture |
223 |
IAP-VPN Scalability Limits |
223 |
IAP-VPN Forwarding Modes |
224 |
Local or NAT Mode |
224 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents | 17 |
L2 Switching Mode |
224 |
Distributed L2 Mode |
224 |
Centralized L2 Mode |
224 |
L3 Routing Mode |
225 |
Distributed L3 mode |
225 |
Centralized L3 Mode |
225 |
Configuring W-IAP and Controller for IAP-VPN Operations |
225 |
Configuring a W-IAP network for IAP-VPN operations |
225 |
Defining the VPN host settings |
225 |
Configuring Routing Profiles |
226 |
Configuring DHCP Profiles |
226 |
Configuring an SSID or Wired Port |
226 |
Enabling Dynamic RADIUS Proxy |
227 |
Configuring Enterprise Domains |
227 |
Configuring a Controller for IAP-VPN Operations |
227 |
OSPF Configuration |
227 |
VPN Configuration |
229 |
Whitelist Database Configuration |
229 |
VPN LocalPoolConfiguration |
230 |
Role Assignment for the Authenticated W-IAPs |
230 |
VPN Profile Configuration |
230 |
Branch-ID Allocation |
230 |
Branch Status Verification |
230 |
Example |
230 |
Adaptive Radio Management |
232 |
ARM Overview |
232 |
Channel or Power Assignment |
232 |
Voice Aware Scanning |
232 |
Load Aware Scanning |
232 |
Monitoring the Network with ARM |
232 |
ARM Metrics |
232 |
Configuring ARM Features on a W-IAP |
233 |
Band Steering |
233 |
18 | Contents |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
In the Instant UI |
233 |
In the CLI |
233 |
Airtime Fairness Mode |
233 |
In the Instant UI |
234 |
In the CLI |
234 |
Client Match |
234 |
In the Instant UI |
235 |
In the CLI |
236 |
Access Point Control |
236 |
In the Instant UI |
236 |
In the CLI |
237 |
Verifying ARM Configuration |
237 |
Configuring Radio Settings for a W-IAP |
238 |
In the Instant UI |
238 |
In the CLI |
239 |
Deep Packet Inspection and Application Visibility |
241 |
Deep Packet Inspection |
241 |
Enabling Application Visibility |
241 |
In the Instant UI |
241 |
In the CLI |
241 |
Application Visibility |
242 |
Application Category Charts |
242 |
Application Charts |
243 |
Web Categories Charts |
245 |
Web Reputation Charts |
245 |
Configuring Access Rules for Application and Application Categories |
246 |
In the Instant UI |
246 |
In the CLI |
248 |
Example |
249 |
Configuring Web Policy Enforcement |
249 |
In the Instant UI |
249 |
In the CLI |
250 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents | 19 |
Example |
250 |
Voice and Video |
251 |
Wi-Fi Multimedia Traffic Management |
251 |
Configuring WMM for Wireless Clients |
251 |
In the Instant UI |
252 |
In the CLI |
252 |
Configuring WMM-DSCP Mapping |
252 |
In the Instant UI |
253 |
In the CLI |
253 |
QoS for Microsoft Office OCS and Apple Facetime |
253 |
Microsoft OCS |
253 |
Apple Facetime |
253 |
Services |
255 |
AirGroup Configuration |
255 |
Multicast DNS and Bonjour® Services |
256 |
DLNA UPnP Support |
257 |
AirGroup Features |
258 |
AirGroup Services |
259 |
AirGroup Components |
260 |
CPPM and ClearPass Guest Features |
260 |
Configuring AirGroup and AirGroup Services on a W-IAP |
261 |
In the Instant UI |
261 |
In the CLI |
262 |
Configuring AirGroup and CPPM interface in Instant |
263 |
Creating a RADIUS Server |
263 |
Assign a Server to AirGroup |
263 |
Configure CPPM to Enforce Registration |
263 |
Change of Authorization (CoA) |
263 |
Configuring a W-IAP for RTLS Support |
263 |
In the Instant UI |
263 |
In the CLI |
264 |
Configuring a W-IAP for Analytics and Location Engine Support |
265 |
20 | Contents |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
ALE with Instant |
265 |
Enabling ALE Support on a W-IAP |
265 |
In the Instant UI |
265 |
In the CLI |
266 |
Verifying ALE Configuration on a W-IAP |
266 |
Configuring OpenDNS Credentials |
266 |
In the Instant UI |
266 |
In the CLI |
267 |
Integrating a W-IAP with Palo Alto Networks Firewall |
267 |
Integration with Instant |
267 |
Configuring a W-IAP for PAN integration |
267 |
In the Instant UI |
267 |
In the CLI |
268 |
Integrating a W-IAP with an XML API interface |
268 |
Integration with Instant |
269 |
Configuring a W-IAP for XML API integration |
269 |
In the Instant UI |
269 |
In the CLI |
269 |
CALEA Integration and Lawful Intercept Compliance |
270 |
CALEA Server Integration |
270 |
Traffic Flow from IAP to CALEA Server |
270 |
Traffic Flow from IAP to CALEA Server through VPN |
271 |
Client Traffic Replication |
271 |
Configuring a W-IAP for CALEA Integration |
271 |
Creating a CALEA Profile |
272 |
In the Instant UI |
272 |
In the CLI |
272 |
Creating an Access Rule for CALEA |
272 |
In the Instant UI |
272 |
In the CLI |
273 |
Verifying the configuration |
273 |
Example |
273 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents | 21 |
W-IAP Management and Monitoring |
275 |
Managing a W-IAP from W-AirWave |
275 |
Image Management |
275 |
W-IAP and Client Monitoring |
275 |
Template-based Configuration |
275 |
Trending Reports |
276 |
Intrusion Detection System |
276 |
Wireless Intrusion Detection System (WIDS) Event Reporting to W-AirWave |
276 |
RF Visualization Support for Instant |
276 |
PSK-based and Certificate-based Authentication |
277 |
Configurable Port for W-IAP and W-AirWave Management Server Communication |
277 |
Configuring Organization String |
277 |
Shared Key |
278 |
Configuring W-AirWave Information |
278 |
In the Instant UI |
278 |
In the CLI |
278 |
Configuring for W-AirWave Discovery through DHCP |
279 |
Standard DHCP option 60 and 43 on Windows Server 2008 |
279 |
Alternate Method for Defining Vendor-Specific DHCP Options |
283 |
Uplink Configuration |
285 |
Uplink Interfaces |
285 |
Ethernet Uplink |
285 |
Configuring PPPoE Uplink Profile |
286 |
In the Instant UI |
286 |
In the CLI |
287 |
Cellular Uplink |
287 |
Configuring Cellular Uplink Profiles |
290 |
In the Instant UI |
290 |
In the CLI |
290 |
Wi-Fi Uplink |
291 |
Configuring a Wi-Fi Uplink Profile |
291 |
Uplink Preferences and Switching |
292 |
22 | Contents |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Enforcing Uplinks |
292 |
In the Instant UI |
292 |
In the CLI |
293 |
Setting an Uplink Priority |
293 |
In the Instant UI |
293 |
In the CLI |
293 |
Enabling Uplink Preemption |
293 |
In the Instant UI |
293 |
In the CLI |
293 |
Switching Uplinks Based on VPN and Internet Availability |
294 |
Switching Uplinks Based on VPN Status |
294 |
Switching Uplinks Based on Internet Availability |
294 |
In the Instant UI |
294 |
In the CLI |
295 |
Viewing Uplink Status and Configuration |
295 |
Intrusion Detection |
296 |
Detecting and Classifying Rogue APs |
296 |
OS Fingerprinting |
296 |
Configuring Wireless Intrusion Protection and Detection Levels |
297 |
Containment Methods |
301 |
Configuring IDS Using CLI |
301 |
Mesh W-IAP Configuration |
303 |
Mesh Network Overview |
303 |
Mesh W-IAPs |
303 |
Mesh Portals |
303 |
Mesh Points |
304 |
Setting up Instant Mesh Network |
304 |
Configuring Wired Bridging on Ethernet 0 for Mesh Point |
304 |
In the Instant UI |
305 |
In the CLI |
305 |
Mobility and Client Management |
306 |
Layer-3 Mobility Overview |
306 |
Configuring L3-Mobility |
307 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents | 23 |
Home Agent Load Balancing |
307 |
Configuring a Mobility Domain for Instant |
307 |
In the Instant UI |
307 |
In the CLI |
308 |
Spectrum Monitor |
309 |
Understanding Spectrum Data |
309 |
Device List |
309 |
Non Wi-Fi Interferers |
310 |
Channel Details |
312 |
Channel Metrics |
313 |
Spectrum Alerts |
314 |
Configuring Spectrum Monitors and Hybrid W-IAPs |
314 |
Converting a W-IAP to a Hybrid W-IAP |
314 |
In the Instant UI |
315 |
In the CLI |
315 |
Converting a W-IAP to a Spectrum Monitor |
315 |
In the Instant UI |
315 |
In the CLI |
315 |
W-IAP Maintenance |
317 |
Upgrading a W-IAP |
317 |
Upgrading a W-IAP and Image Server |
317 |
Image Management Using W-AirWave |
317 |
Image Management Using Cloud Server |
317 |
Configuring HTTP Proxy on a W-IAP |
317 |
In the Instant UI |
317 |
In the CLI |
318 |
Upgrading a W-IAP Using Automatic Image Check |
318 |
Upgrading to a New Version Manually |
319 |
Upgrading an Image Using CLI |
319 |
Backing up and Restoring W-IAP Configuration Data |
319 |
Viewing Current Configuration |
319 |
Backing up Configuration Data |
320 |
24 | Contents |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Restoring Configuration |
320 |
Converting a W-IAP to a Remote AP and Campus AP |
320 |
Regulatory Domain Restrictions for W-IAP to RAP or CAP Conversion |
320 |
Converting a W-IAP to a Remote AP |
322 |
Converting a W-IAP to a Campus AP |
323 |
Converting a W-IAP to Standalone Mode |
324 |
Converting a W-IAP using CLI |
325 |
Resetting a Remote AP or Campus AP to a W-IAP |
325 |
Rebooting the W-IAP |
325 |
Monitoring Devices and Logs |
327 |
Configuring SNMP |
327 |
SNMP Parameters for W-IAP |
327 |
Configuring SNMP |
328 |
Creating community strings for SNMPv1 and SNMPv2 Using Instant UI |
328 |
Creating community strings for SNMPv3 Using Instant UI |
328 |
Configuring SNMP Community Strings in the CLI |
329 |
Configuring SNMP Traps |
330 |
In the Instant UI |
330 |
In the CLI |
330 |
Configuring a Syslog Server |
330 |
In the Instant UI |
330 |
In the CLI |
332 |
Configuring TFTP Dump Server |
332 |
In the Instant UI |
332 |
In the CLI |
332 |
Running Debug Commands from the UI |
333 |
Support Commands |
333 |
Hotspot Profiles |
338 |
Understanding Hotspot Profiles |
338 |
Generic Advertisement Service (GAS) |
338 |
Access Network Query Protocol (ANQP) |
339 |
Hotspot 2.0 Query Protocol (H2QP) |
339 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents | 25 |
Information Elements (IEs) and Management Frames |
339 |
NAI Realm List |
339 |
Configuring Hotspot Profiles |
339 |
Creating Advertisement Profiles for Hotspot Configuration |
340 |
Configuring an NAI Realm Profile |
340 |
Configuring a Venue Name Profile |
342 |
Configuring a Network Authentication Profile |
343 |
Configuring a Roaming Consortium Profile |
344 |
Configuring a 3GPP Profile |
344 |
Configuring an IP Address Availability Profile |
344 |
Configuring a Domain Profile |
344 |
Configuring an Operator-friendly Profile |
345 |
Configuring a Connection Capability Profile |
345 |
Configuring an Operating Class Profile |
345 |
Configuring a WAN Metrics Profile |
345 |
Creating a Hotspot Profile |
346 |
Associating an Advertisement Profile to a Hotspot Profile |
348 |
Creating a WLAN SSID and Associating Hotspot Profile |
349 |
Sample Configuration |
349 |
ClearPass Guest Setup |
352 |
Testing |
355 |
Troubleshooting |
355 |
IAP-VPN Deployment Scenarios |
356 |
Scenario 1 - IPSec: Single Datacenter Deployment with No Redundancy |
357 |
Topology |
357 |
AP Configuration |
357 |
AP Connected Switch Configuration |
359 |
Datacenter Configuration |
359 |
Scenario 2 - IPSec: Single Datacenter with Multiple Controllers for Redundancy |
360 |
Topology |
360 |
AP Configuration |
361 |
AP Connected Switch Configuration |
363 |
26 | Contents |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Datacenter Configuration |
363 |
Scenario 3 - IPSec: Multiple Datacenter Deployment with Primary and Backup Controllers for Redundancy 364
Topology |
364 |
AP Configuration |
365 |
AP Connected Switch Configuration |
368 |
Datacenter Configuration |
368 |
Scenario 4 - GRE: Single Datacenter Deployment with No Redundancy |
369 |
Topology |
369 |
AP Configuration |
369 |
AP Connected Switch Configuration |
371 |
Datacenter Configuration |
371 |
Terminology |
373 |
Acronyms and Abbreviations |
373 |
Glossary |
374 |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Contents | 27 |
Chapter 1
This User Guide describes the features supported by Dell Networking W-Series Instant Access Point (W-IAP) and provides detailed instructions for setting up and configuring the Instant network.
This guide is intended for customers who configure and use W-IAPs.
In addition to this document, the Dell W-IAP product documentation includes the following:
•Dell Networking W-Series Instant Access Point Installation Guides
•Dell Networking W-Series Instant 6.4.0.2-4.1 Quick Start Guide
•Dell Networking W-Series Instant 6.4.0.2-4.1 CLI Reference Guide
•Dell Networking W-Series Instant 6.4.0.2-4.1 MIB Reference Guide
•Dell Networking W-Series Instant 6.4.0.2-4.1 Syslog Messages Reference Guide
•Dell Networking W-Series Instant 6.4.0.2-4.1 Release Notes
The following conventions are used throughout this manual to emphasize important concepts:
Table 1: Typographical Conventions
Type Style |
Description |
|
Italics |
This style is used to emphasize important terms and to mark the titles of books. |
|
|
|
|
System items |
This fixed-width font depicts the following: |
|
|
• |
Sample screen output |
|
• |
System prompts |
|
• Filenames, software devices, and specific commands when mentioned in the text. |
|
|
|
|
Commands |
In the command examples, this style depicts the keywords that must be typed exactly as |
|
|
shown. |
|
|
|
|
<Arguments> |
In the command examples, italicized text within angle brackets represents items that you |
|
|
should replace with information appropriate to your specific situation. For example: |
|
|
# send <text message> |
|
|
In this example, you would type “send” at the system prompt exactly as shown, followed by |
|
|
the text of the message you wish to send. Do not type the angle brackets. |
|
|
|
|
[Optional] |
Command examples enclosed in brackets are optional. Do not type the brackets. |
|
|
|
|
{Item A | |
In the command examples, items within curled braces and separated by a vertical bar |
|
Item B} |
represent the available choices. Enter only one choice. Do not type the braces or bars. |
|
|
|
|
|
|
|
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
About thisGuide | 28 |
The following informational icons are used throughout this guide:
Indicates helpful suggestions, pertinent information, and important things to remember.
Indicates a risk of damage to your hardware or loss of data.
Indicates a risk of personal injury or death.
Table 2: Support Information
Support |
|
Main Website |
dell.com |
|
|
Contact Information |
dell.com/contactdell |
|
|
Support Website |
dell.com/support |
|
|
Documentation Website |
dell.com/support/manuals |
|
|
29 | About thisGuide |
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
Chapter 2
This chapter provides the following information:
•Instant Overview
•What is New in Instant 6.4.0.2-4.1
Instant virtualizes Dell Networking W-Series Mobility Controller capabilities on 802.11 access points (APs), creating a feature-rich enterprise-grade wireless LAN (WLAN) that combines affordability and configuration simplicity.
Instant is a simple, easy to deploy turn-key WLAN solution consisting of one or more APs. An Ethernet port with routable connectivity to the Internet or a self-enclosed network is used for deploying an Instant Wireless Network. A Dell Networking W-Series Instant Access Point (W-IAP) can be installed at a single site or deployed across multiple geographically-dispersed locations. Designed specifically for easy deployment, and proactive management of networks, Instant is ideal for small customers or remote locations without any on-site IT administrator.
Instant consists of a W-IAP and a Virtual Controller. The Virtual Controller resides within one of the APs. In a Instant deployment scenario, only the first W-IAP needs to be configured. After the first W-IAP is configured, the other W- IAPs inherit all the required configuration information from the Virtual Controller. Instant continually monitors the network to determine the W-IAP that should function as the Virtual Controller at any time, and the Virtual Controller will move from one W-IAP to another as necessary without impacting network performance.
The following devices are supported in Instant 6.4.0.2-4.1:
•W-IAP103
•W-IAP104/ 105
•W-IAP114/115
•W-IAP134/135
•IAP-175P/175AC
•W-IAP3WN/3WNP
•W-IAP108/109
•W-IAP155/155P
•W-IAP224/225
•W-IAP274/275
As of Instant 4.1 release, it is recommended that networks with more than 128 APs should be designed as multiple, smaller virtual-controller networks with Layer-3 mobility enabled between them.
DellNetworking W-SeriesInstant 6.4.0.2-4.1 | User Guide |
About Instant | 30 |