Extreme Networks AP3917E User Guide

ExtremeWireless™ V10.41.06
User Guide

9035198-03-REV01

Published April 2018

Copyright © 2018 Extreme Networks, Inc. All rights reserved.

Legal Notice

Trademarks

Software Licensing

Support

L

Extreme Networks, Inc. reserves the right to make changes in specifications and other information
contained in this document and its website without prior notice. The reader should in all cases
consult representatives of Extreme Networks to determine whether any such changes have been
made.

The hardware, firmware, software or any specifications described or referred to in this document
are subject to change without notice.

Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of
Extreme Networks, Inc. in the United States and/or other countries.

All other names (including any product names) mentioned in this document are the property of
their respective owners and may be trademarks or registered trademarks of their respective
companies/owners.

For additional information on Extreme Networks trademarks, please see:

www.extremenetworks.com/company/legal/trademarks

Some software files have been licensed under certain open source or third-party licenses. End­user license agreements and open source declarations can be found at:

www.extremenetworks.com/support/policies/software-licensing

For product support, phone the Global Technical Assistance Center (GTAC) at 1-800-998-2408
(toll-free in U.S. and Canada) or +1-408-579-2826. For the support phone number in other
countries, visit: http://www.extremenetworks.com/support/contact/

For product documentation online, visit: https://www.extremenetworks.com/documentation/

Table of Contents

3

Preface......................................................................................................................................... 7

Text Conventions...................................................................................................................................................................7

Safety Information................................................................................................................................................................7

Sicherheitshinweise..............................................................................................................................................................8

Consignes De Sécurité....................................................................................................................................................... 9

Providing Feedback to Us...............................................................................................................................................10

Getting Help............................................................................................................................................................................ 11

Extreme Networks Documentation.............................................................................................................................11

Chapter 1: About This Guide................................................................................................... 12

Who Should Use This Guide...........................................................................................................................................12

How to Use This Guide......................................................................................................................................................12

Chapter 2: Overview of the ExtremeWireless Solution......................................................14

Introduction............................................................................................................................................................................14

Conventional Wireless LANs..........................................................................................................................................15

Elements of the ExtremeWireless Solution.............................................................................................................15

ExtremeWireless and Your Network.......................................................................................................................... 19

ExtremeWireless Appliance Product Family.........................................................................................................29

Chapter 3: Configuring the ExtremeWireless Appliance....................................................31

System Configuration Overview...................................................................................................................................31

Logging on to the ExtremeWireless Appliance...................................................................................................33

Wireless Assistant Home Screen................................................................................................................................ 34

Working with the Basic Installation Wizard.......................................................................................................... 39

Configuring the ExtremeWireless Appliance for the First Time................................................................. 45

Using a Third-party Location-based Solution......................................................................................................95

Additional Ongoing Operations of the System...................................................................................................99

Chapter 4: Configuring the ExtremeWireless APs.............................................................101

Wireless AP Overview..................................................................................................................................................... 101

Discovery and Registration..........................................................................................................................................120

Viewing a List of All APs................................................................................................................................................125

Wireless AP Default Configuration...........................................................................................................................134

Configuring Wireless AP Properties........................................................................................................................ 156

Outdoor Access Point Installation............................................................................................................................ 167

Assigning Wireless AP Radios to a VNS............................................................................................................... 168

Configuring Wireless AP Radio Properties...........................................................................................................174

Configuring IoT Applications...................................................................................................................................... 189

Setting Up the Wireless AP Using Static Configuration................................................................................199

Setting Up 802.1x Authentication for a Wireless AP......................................................................................203

Configuring Co-Located APs in Load Balance Groups.................................................................................. 213

Configuring an AP Cluster...........................................................................................................................................220

Configuring an AP as a Guardian..............................................................................................................................221

Configuring a Captive Portal on an AP.................................................................................................................222

AP3916ic Integrated Camera Deployment.......................................................................................................... 226

Performing AP Software Maintenance.................................................................................................................. 235

Understanding the ExtremeWireless LED Status............................................................................................ 242

ExtremeWireless™ V10.41.06 User Guide

3

Table of Contents

4

Chapter 5: Configuring Topologies.....................................................................................262

Topology Overview.........................................................................................................................................................262

Configuring the Admin Port.......................................................................................................................................263

Configuring a Basic Data Port Topology..............................................................................................................266

Creating a Topology Group........................................................................................................................................ 270

Edit or Delete a Topology Group...............................................................................................................................271

Enabling Management Trac.................................................................................................................................... 272

Layer 3 Configuration.................................................................................................................................................... 272

Exception Filtering..........................................................................................................................................................278

Multicast Filtering..............................................................................................................................................................281

Chapter 6: Configuring Roles.............................................................................................. 284

Roles Overview.................................................................................................................................................................284

Configuring Default VLAN and Class of Service for a Role........................................................................284

Policy Rules.........................................................................................................................................................................288

Chapter 7: Configuring WLAN Services..............................................................................318

WLAN Services Overview.............................................................................................................................................318

Third-party AP WLAN Service Type....................................................................................................................... 319

Configuring a Basic WLAN Service......................................................................................................................... 319

Configuring Privacy.........................................................................................................................................................327

Configuring Accounting and Authentication.....................................................................................................334

Configuring QoS Modes...............................................................................................................................................370

Configuring Hotspots.................................................................................................................................................... 376

Chapter 8: Configuring a VNS............................................................................................. 390

Configuring a VNS.......................................................................................................................................................... 390

VNS Global Settings.......................................................................................................................................................392

Methods for Configuring a VNS............................................................................................................................... 423

Manually Creating a VNS............................................................................................................................................. 423

Creating a VNS Using the Wizard...........................................................................................................................426

Enabling and Disabling a VNS...................................................................................................................................485

Renaming a VNS..............................................................................................................................................................486

Deleting a VNS................................................................................................................................................................. 486

Chapter 9: Configuring Classes of Service........................................................................ 487

Classes of Service Overview...................................................................................................................................... 487

Configuring Classes of Service................................................................................................................................. 487

CoS Rule Classification.................................................................................................................................................490

Priority and ToS/DSCP Marking................................................................................................................................ 491

Rate Limiting......................................................................................................................................................................492

Chapter 10: Configuring Sites............................................................................................. 494

VNS Sites Overview.......................................................................................................................................................494

Configuring Sites.............................................................................................................................................................494

Recommended Deployment Guidelines...............................................................................................................495

Radius Configuration.....................................................................................................................................................499

Selecting AP Assignments......................................................................................................................................... 500

Selecting WLAN Assignments...................................................................................................................................501

Chapter 11: Working with a Mesh Network........................................................................ 502

About Mesh........................................................................................................................................................................ 502

ExtremeWireless™ V10.41.06 User Guide 4

Table of Contents

5

Simple Mesh Configuration.........................................................................................................................................502

Wireless Repeater Configuration.............................................................................................................................503

Wireless Bridge Configuration..................................................................................................................................504

Examples of Deployment............................................................................................................................................ 505

Mesh WLAN Services.................................................................................................................................................... 505

Key Features of Mesh.................................................................................................................................................... 509

Deploying the Mesh System......................................................................................................................................... 511

Changing the Pre-shared Key in a Mesh WLAN Service............................................................................... 517

Chapter 12: Working with a Wireless Distribution System...............................................518

About WDS..........................................................................................................................................................................518

Simple WDS Configuration.......................................................................................................................................... 518

Wireless Repeater Configuration.............................................................................................................................. 519

Wireless Bridge Configuration.................................................................................................................................. 520

Examples of Deployment..............................................................................................................................................521

WDS WLAN Services......................................................................................................................................................521

Key Features of WDS..................................................................................................................................................... 525

Deploying the WDS System....................................................................................................................................... 528

Changing the Pre-shared Key in a WDS WLAN Service..............................................................................536

Chapter 13: Availability and Session Availability.............................................................. 537

Availability........................................................................................................................................................................... 537

Session Availability..........................................................................................................................................................545

Viewing SLP Activity......................................................................................................................................................553

Chapter 14: Configuring Mobility........................................................................................ 555

Mobility Overview............................................................................................................................................................555

Mobility Domain Topologies....................................................................................................................................... 556

Configuring a Mobility Domain................................................................................................................................. 558

Chapter 15: Working with Third-party APs.........................................................................561

Defining Authentication by Captive Portal for the Third-party AP WLAN Service.........................561

Defining the Third-party APs List.............................................................................................................................561

Defining Policy Rules for the Third-party APs....................................................................................................561

Chapter 16: Working with ExtremeWireless Radar.......................................................... 563

Radar Overview................................................................................................................................................................563

Radar Components.........................................................................................................................................................564

Radar License Requirements.....................................................................................................................................565

Enabling the Analysis Engine.....................................................................................................................................565

Radar Scan Profiles.........................................................................................................................................................566

AirDefense Profile............................................................................................................................................................567

Viewing Existing Radar Profiles................................................................................................................................. 571

Adding a New Radar Profile....................................................................................................................................... 573

Configuring an In-Service Scan Profile..................................................................................................................574

Configuring a Guardian Scan Profile...................................................................................................................... 577

Assigning an AP to a Profile........................................................................................................................................581

Viewing the List of Assigned APs.............................................................................................................................581

Maintaining the Radar List of APs........................................................................................................................... 582

Working with Radar Reports..................................................................................................................................... 593

Chapter 17: Working with Location Engine.......................................................................605

Location Engine Overview..........................................................................................................................................605

ExtremeWireless™ V10.41.06 User Guide 5

Table of Contents

6

Location Engine on the Controller..........................................................................................................................607

Deploying APs for Location Aware Services.....................................................................................................608

Configuring the Location Engine............................................................................................................................ 609

ExtremeLocation Support............................................................................................................................................619

Chapter 18: Working with Reports and Statistics..............................................................621

Application Visibility and Device ID.........................................................................................................................621

Viewing AP Reports and Statistics..........................................................................................................................627

Available Client Reports...............................................................................................................................................642

Viewing Role Filter Statistics..................................................................................................................................... 646

Viewing Topology Reports......................................................................................................................................... 648

Viewing Mobility Reports............................................................................................................................................ 650

Viewing Controller Status Information..................................................................................................................654

Viewing Routing Protocol Reports..........................................................................................................................657

Viewing RADIUS Reports............................................................................................................................................660

Call Detail Records (CDRs).........................................................................................................................................663

Chapter 19: Performing System Administration................................................................669

Performing Wireless AP Client Management.................................................................................................... 669

Defining Wireless Assistant Administrators and Login Groups................................................................ 673

Chapter 20: Logs, Traces, Audits and DHCP Messages................................................... 676

ExtremeWireless Appliance Messages..................................................................................................................676

Working with Logs..........................................................................................................................................................676

Viewing Wireless AP Traces....................................................................................................................................... 684

Viewing Audit Messages..............................................................................................................................................684

Viewing the DHCP Messages.....................................................................................................................................685

Viewing the NTP Messages........................................................................................................................................ 686

Viewing Software Upgrade Messages................................................................................................................... 687

Viewing Configuration Restore/Import Messages..........................................................................................689

Chapter 21: Working with GuestPortal Administration................................................... 690

About GuestPortals........................................................................................................................................................690

Adding New Guest Accounts....................................................................................................................................690

Enabling or Disabling Guest Accounts................................................................................................................. 693

Editing Guest Accounts................................................................................................................................................693

Removing Guest Accounts.........................................................................................................................................694

Importing and Exporting a Guest File...................................................................................................................695

Viewing and Printing a GuestPortal Account Ticket...................................................................................... 698

Working with the Guest Portal Ticket Page.......................................................................................................700

Configuring Guest Password Patterns................................................................................................................... 701

Configuring Web Session Timeouts.......................................................................................................................704

Appendix A: Regulatory Information................................................................................. 705

ExtremeWireless APs 37XX , 38XX, and 39XX................................................................................................. 705

Appendix B: Default GuestPortal Ticket Page.................................................................. 706

Example Ticket Page..................................................................................................................................................... 706

Glossary.........................................................................................................................................709

ExtremeWireless™ V10.41.06 User Guide 6

Preface

Icon Notice Type Alerts you to...

Convention Description

enter

type

7

This section discusses the conventions used in this guide, ways to provide feedback, additional help, and
other Extreme Networks publications.

Text Conventions

The following tables list text conventions that are used throughout this guide.

Table 1: Notice Icons

I

General Notice Helpful tips and notices for using the product.

Note Important features or instructions.

Caution Risk of personal injury, system damage, or loss of data.

Warning Risk of severe personal injury.

New!

Table 2: Text Conventions

Screen displays

The words e

[Key] names Key names are written with brackets, such as [Return] or [Esc]. If you must press two

Words in italicized type Italics emphasize a point or denote new terms at the place where they are defined in

and

Safety Information

Dangers

Replace the power cable immediately if it shows any sign of damage.

•

Replace any damaged safety equipment (covers, labels and protective cables) immediately.

•

New Content Displayed next to new content. This is searchable text within the PDF.

This typeface indicates command syntax, or represents information as it appears on the
screen.

When you see the word “enter” in this guide, you must type something, and then press
the Return or Enter key. Do not press the Return or Enter key when an instruction
simply says “type.”

or more keys simultaneously, the key names are linked with a plus sign (+). Example:
Press [Ctrl]+[Alt]+[Del]

the text. Italics are also used when referring to publication titles.

ExtremeWireless™ V10.41.06 User Guide

Use only original accessories or components approved for the system. Failure to observe these

8

•

instructions may damage the equipment or even violate safety and EMC regulations.
Only authorized Extreme Networks service personnel are permitted to service the system.

•

Warnings

This device must not be connected to a LAN segment with outdoor wiring.

•

Ensure that all cables are run correctly to avoid strain.

•

Replace the power supply adapter immediately if it shows any sign of damage.

•

Disconnect all power before working near power supplies unless otherwise instructed by a

•

maintenance procedure.
Exercise caution when servicing hot swappable components: power supplies or fans. Rotating fans

•

can cause serious personal injury.
This unit may have more than one power supply cord. To avoid electrical shock, disconnect all power

•

supply cords before servicing. In the case of unit failure of one of the power supply modules, the
module can be replaced without interruption of power to the ExtremeWireless Appliance. However,
this procedure must be carried out with caution. Wear gloves to avoid contact with the module,
which will be extremely hot.

There is a risk of explosion if a lithium battery is not correctly replaced. The lithium battery must be

•

replaced only by an identical battery or one recommended by the manufacturer.
Always dispose of lithium batteries properly.

•

Do not attempt to lift objects that you think are too heavy for you.

•

Preface

Cautions

Check the nominal voltage set for the equipment (operating instructions and type plate). High

•

voltages capable of causing shock are used in this equipment. Exercise caution when measuring
high voltages and when servicing cards, panels, and boards while the system is powered on.

Only use tools and equipment that are in perfect condition. Do not use equipment with visible

•

damage.
To protect electrostatic sensitive devices (ESD), wear a wristband before carrying out any work on

•

hardware.
Lay cables so as to prevent any risk of them being damaged or causing accidents, such as tripping.

•

Sicherheitshinweise

Gefahrenhinweise

Sollte das Netzkabel Anzeichen von Beschädigungen aufweisen, tauschen Sie es sofort aus.

•

Tauschen Sie beschädigte Sicherheitsausrüstungen (Abdeckungen, Typenschilder und Schutzkabel)

•

sofort aus.
Verwenden Sie ausschließlich Originalzubehör oder systemspezifisch zugelassene Komponenten.

•

Die Nichtbeachtung dieser Hinweise kann zur Beschädigung der Ausrüstung oder zur Verletzung
von Sicherheits- und EMV-Vorschriften führen.

Das System darf nur von autorisiertem Extreme Networks-Servicepersonal gewartet werden.

•

ExtremeWireless™ V10.41.06 User Guide 8

Warnhinweise

9

Dieses Gerät darf nicht über Außenverdrahtung an ein LAN-Segment angeschlossen werden.

•

Stellen Sie sicher, dass alle Kabel korrekt geführt werden, um Zugbelastung zu vermeiden.

•

Sollte das Netzteil Anzeichen von Beschädigung aufweisen, tauschen Sie es sofort aus.

•

Trennen Sie alle Stromverbindungen, bevor Sie Arbeiten im Bereich der Stromversorgung

•

vornehmen, sofern dies nicht für eine Wartungsprozedur anders verlangt wird.
Gehen Sie vorsichtig vor, wenn Sie an Hotswap-fähigen Wireless Controller-Komponenten

•

(Stromversorgungen oder Lüftern) Servicearbeiten durchführen. Rotierende Lüfter können
ernsthafte Verletzungen verursachen.

Dieses Gerät ist möglicherweise über mehr als ein Netzkabel angeschlossen. Um die Gefahr eines

•

elektrischen Schlages zu vermeiden, sollten Sie vor Durchführung von Servicearbeiten alle Netzkabel
trennen. Falls eines der Stromversorgungsmodule ausfällt, kann es ausgetauscht werden, ohne die
Stromversorgung zum Wireless Controller zu unterbrechen. Bei dieser Prozedur ist jedoch mit
Vorsicht vorzugehen. Das Modul kann extrem heiß sein. Tragen Sie Handschuhe, um Verbrennungen
zu vermeiden.

Bei unsachgemäßem Austausch der Lithium-Batterie besteht Explosionsgefahr. Die Lithium-Batterie

•

darf nur durch identische oder vom Händler empfohlene Typen ersetzt werden.
Achten Sie bei Lithium-Batterien auf die ordnungsgemäße Entsorgung.

•

Versuchen Sie niemals, ohne Hilfe schwere Gegenstände zu heben.

•

Preface

Vorsichtshinweise

Überprüfen Sie die für die Ausrüstung festgelegte Nennspannung (Bedienungsanleitung und

•

Typenschild). Diese Ausrüstung arbeitet mit Hochspannung, die mit der Gefahr eines elektrischen
Schlages verbunden ist. Gehen Sie mit großer Vorsicht vor, wenn Sie bei eingeschaltetem System
Hochspannungen messen oder Karten, Schalttafeln und Baugruppen warten.

Verwenden Sie nur Werkzeuge und Ausrüstung in einwandfreiem Zustand. Verwenden Sie keine

•

Ausrüstung mit sichtbaren Beschädigungen.
Tragen Sie bei Arbeiten an Hardwarekomponenten ein Armband, um elektrostatisch gefährdete

•

Bauelemente (EGB) vor Beschädigungen zu schützen.
Verlegen Sie Leitungen so, dass sie keine Unfallquelle (Stolpergefahr) bilden und nicht beschädigt

•

werden.

Consignes De Sécurité

Dangers

Si le cordon de raccordement au secteur est endommagé, remplacez-le immédiatement.

•

Remplacez sans délai les équipements de sécurité endommagés (caches, étiquettes et conducteurs

•

de protection).
Utilisez uniquement les accessoires d'origine ou les modules agréés spécifiques au système. Dans le

•

cas contraire, vous risquez d'endommager l'installation ou d'enfreindre les consignes en matière de
sécurité et de compatibilité électromagnétique.

Seul le personnel de service Extreme Networks est autorisé à maintenir/réparer le système.

•

ExtremeWireless™ V10.41.06 User Guide 9

Avertissements

10

Cet appareil ne doit pas être connecté à un segment de LAN à l'aide d'un câblage extérieur.

•

Vérifiez que tous les câbles fonctionnent correctement pour éviter une contrainte excessive.

•

Si l'adaptateur d'alimentation présente des dommages, remplacez-le immédiatement.

•

Coupez toujours l'alimentation avant de travailler sur les alimentations électriques, sauf si la

•

procédure de maintenance mentionne le contraire.
Prenez toutes les précautions nécessaires lors de l'entretien/réparations des modules du Wireless

•

Controller pouvant être branchés à chaud : alimentations électriques ou ventilateurs.Les ventilateurs
rotatifs peuvent provoquer des blessures graves.

Cette unité peut avoir plusieurs cordons d'alimentation.Pour éviter tout choc électrique, débranchez

•

tous les cordons d'alimentation avant de procéder à la maintenance.En cas de panne d'un des
modules d'alimentation, le module défectueux peut être changé sans éteindre le Wireless Controller.
Toutefois, ce remplacement doit être eectué avec précautions. Portez des gants pour éviter de
toucher le module qui peut être très chaud.

Le remplacement non conforme de la batterie au lithium peut provoquer une explosion. Remplacez

•

la batterie au lithium par un modèle identique ou par un modèle recommandé par le revendeur.
Sa mise au rebut doit être conforme aux prescriptions en vigueur.

•

N'essayez jamais de soulever des objets qui risquent d'être trop lourds pour vous.

•

Preface

Précautions

Contrôlez la tension nominale paramétrée sur l'installation (voir le mode d'emploi et la plaque

•

signalétique). Des tensions élevées pouvant entraîner des chocs électriques sont utilisées dans cet
équipement. Lorsque le système est sous tension, prenez toutes les précautions nécessaires lors de
la mesure des hautes tensions et de l'entretien/réparation des cartes, des panneaux, des plaques.

N'utilisez que des appareils et des outils en parfait état. Ne mettez jamais en service des appareils

•

présentant des dommages visibles.
Pour protéger les dispositifs sensibles à l'électricité statique, portez un bracelet antistatique lors du

•

travail sur le matériel.
Acheminez les câbles de manière à ce qu'ils ne puissent pas être endommagés et qu'ils ne

•

constituent pas une source de danger (par exemple, en provoquant la chute de personnes).

Providing Feedback to Us

We are always striving to improve our documentation and help you work better, so we want to hear
from you! We welcome all feedback but especially want to know about:

Content errors or confusing or conflicting information.

•

Ideas for improvements to our documentation so you can find the information you need faster.

•

Broken links or usability issues.

•

If you would like to provide feedback to the Extreme Networks Information Development team about
this document, please contact us using our short online feedback form. You can also email us directly at

internalinfodev@extremenetworks.com.

ExtremeWireless™ V10.41.06 User Guide 1

Getting Help

GTAC (Global Technical Assistance Center) for Immediate Support

Phone:

Email:

Extreme Portal

The Hub

11

If you require assistance, contact Extreme Networks using one of the following methods:

G

•

1-800-998-2408 (toll-free in U.S. and Canada) or +1 408-579-2826. For the support

•

phone number in your country, visit: www.extremenetworks.com/support/contact

support@extremenetworks.com. To expedite your message, enter the product name or

•

model number in the subject line.

•

download software, and obtain product licensing, training, and certifications.

•

share ideas and feedback. This community is monitored by Extreme Networks employees, but is not
intended to replace specific guidance from GTAC.

Before contacting Extreme Networks for technical support, have the following information ready:

Your Extreme Networks service contract number and/or serial numbers for all involved Extreme

•

Networks products
A description of the failure

•

A description of any action(s) already taken to resolve the problem

•

A description of your network environment (such as layout, cable type, other relevant environmental

•

information)
Network load at the time of trouble (if known)

•

The device history (for example, if you have returned the device before, or if this is a recurring

•

problem)
Any related RMA (Return Material Authorization) numbers

•

— Search the GTAC knowledge base, manage support cases and service contracts,

— A forum for Extreme customers to connect with one another, answer questions, and

Preface

Extreme Networks Documentation

To find Extreme Networks product guides, visit our documentation pages at:

Current Product Documentation www.extremenetworks.com/documentation/

Archived Documentation (for earlier
versions and legacy products)

Release Notes www.extremenetworks.com/support/release-notes

Open Source Declarations

Some software files have been licensed under certain open source licenses. More information is
available at: www.extremenetworks.com/support/policies/software-licensing.

www.extremenetworks.com/support/documentation-archives/

ExtremeWireless™ V10.41.06 User Guide

1 About This Guide

Who Should Use This Guide

How to Use This Guide

For... Refer to...

12

W

This guide describes how to install, configure, and manage the Extreme Networks ExtremeWireless
software. This guide is also available as an online help system.

To access the online help, click Help in the ExtremeWireless Assistant top menu bar.

Who Should Use This Guide

This guide is a reference for system administrators who install and manage the ExtremeWireless system.

Any administrator performing tasks described in this guide must have an account with administrative
privileges.

How to Use This Guide

To locate information about various subjects in this guide, refer to the following table.

An overview of the product, its features and functionality. Overview of the ExtremeWireless Solution on

page 14

Information about how to perform the installation, first time setup
and configuration of the controller, as well as configuring the data
ports and defining routing.

Information on how to install the ExtremeWireless AP, how it
discovers and registers with the controller, and how to view and
modify radio configuration.

An overview of topologies and provides detailed information
about how to configure them.

An overview of roles and provides detailed information about
how to configure them.

An overview of WLAN (Wireless Local Area Network)
and provides detailed information about how to configure them.

An overview of Virtual Network Services (VNS), provides detailed
instructions in how to configure a VNS, either using the Wizards
or by manually creating the component parts of a VNS.

Information about configuring CoS (Class of Service)
configuration entity containing QoS Marking (802.1p and ToS/
DSCP), Inbound/Outbound Rate Limiting and Transmit Queue
Assignments.

services

which are a

Configuring the ExtremeWireless Appliance on

page 31

Configuring the ExtremeWireless APs on page

101

Configuring Topologies on page 262

Configuring Roles on page 284

Configuring WLAN Services on page 318

Configuring a VNS on page 390

Configuring Classes of Service on page 487

ExtremeWireless™ V10.41.06 User Guide

F

For... Refer to...

13

About This Guide

Information about configuring Sites which is a mechanism for
grouping APs and refers to specific Roles, Classes of Service
(CoS) and RADIUS servers that are grouped to form a single
configuration.

An overview of Mesh networks and provides detailed information
about how to create a Mesh network.

An overview of a Wireless Distribution System (WDS) network
configuration and provides detailed information about how to
create a Mesh network.

Information on how to set up the features that maintain service
availability in the event of a controller failover.

Information on how to set up the mobility domain that provides
mobility for a wireless device user when the user roams from one
ExtremeWireless AP to another in the mobility domain.

Information on how to use the ExtremeWireless AP features with
third-party wireless access points.

Information on the security tool that scans for, detects, provides
countermeasures, and reports on rogue APs.

Information on the various reports and displays available in the
system.

Information on system administration activities, such as
performing ExtremeWireless AP client management, defining
management users, configuring the network time, and
configuring Web session timeouts.

Configuring Sites on page 494

Working with a Mesh Network on page 502

Working with a Wireless Distribution System

on page 518

Availability and Session Availability on page

537

Configuring Mobility on page 555

Working with Third-party APs on page 561

Working with ExtremeWireless Radar on page

563

Working with Reports and Statistics on page

621

Performing System Administration on page

669

Information on how to view and interpret the logs, traces, audits
and DHCP (Dynamic Host Configuration Protocol)

Information on how to configure GuestPortal accounts. Working with GuestPortal Administration on

A list of terms and definitions for the ExtremeWireless Appliance
and the ExtremeWireless AP as well as standard industry terms
used in this guide.

Regulatory information for the ExtremeWireless Appliances and
the ExtremeWireless APs.

The default GuestPortal ticket page source code. Default GuestPortal Ticket Page on page 706

messages.

Logs, Traces, Audits and DHCP Messages on

page 676

page 690

Glossary terms are displayed as links in the
text. Hover over a glossary term to display the
definition, or click the link to go to the
Glossary.

Regulatory Information on page 705

ExtremeWireless™ V10.41.06 User Guide

2 Overview of the ExtremeWireless

Introduction

Conventional Wireless LANs
Elements of the ExtremeWireless Solution
ExtremeWireless and Your Network
ExtremeWireless Appliance Product Family

14

Solution

I

Introduction

The next generation of wireless networking devices provides a truly scalable WLAN (Wireless Local Area
Network) solution. ExtremeWireless Access Points (APs, wireless APs) are fit access points controlled

through a sophisticated network device, the controller. This solution provides the security and
manageability required by enterprises and service providers for huge industrial wireless networks.

The ExtremeWireless system is a highly scalable Wireless Local Area Network (WLAN) solution. Based
on a third generation WLAN topology, the ExtremeWireless system makes wireless practical for service
providers as well as medium and large-scale enterprises.

The ExtremeWireless controller provides a secure, highly scalable, cost-eective solution based on the
IEEE 802.11 standard. The system is intended for enterprise networks operating on multiple floors in
more than one building, and is ideal for public environments, such as airports and convention centers
that require multiple access points.

This chapter provides an overview of the fundamental principles of the ExtremeWireless System.

The ExtremeWireless Appliance

The ExtremeWireless Appliance is a network device designed to integrate with an existing wired Local
Area Network (LAN). The rack-mountable controller provides centralized management, network access,
and routing to wireless devices that use Wireless APs to access the network. It can also be configured to
handle data trac from third-party access points.

The controller provides the following functionality:

Controls and configures Wireless APs, providing centralized management.

•

Authenticates wireless devices that contact a Wireless AP.

•

Assigns each wireless device to a VNS when it connects.

•

Routes trac from wireless devices, using VNS, to the wired network.

•

Applies filtering roles to the wireless device session.

•

Provides session logging and accounting capability.

•

ExtremeWireless™ V10.41.06 User Guide

Overview of the ExtremeWireless Solution

15

Conventional Wireless LANs

Wireless communication between multiple computers requires that each computer be equipped with a
receiver/transmitter—a WLAN Network Interface Card (NIC)—capable of exchanging digital information
over a common radio frequency. This is called an ad hoc network configuration. An ad hoc network
configuration allows wireless devices to communicate together. This setup is defined as an independent
basic service set (IBSS).

An alternative to the ad hoc configuration is the use of an access point. This may be a dedicated
hardware bridge or a computer running special software. Computers and other wireless devices
communicate with each other through this access point. The 802.11 standard defines access point
communications as devices that allow wireless devices to communicate with a distribution system. This
setup is defined as a basic service set (BSS) or infrastructure network.

To allow the wireless devices to communicate with computers on a wired network, the access points
must be connected to the wired network providing access to the networked computers. This topology is
called bridging. With bridging, security and management scalability is often a concern.

Figure 1: Standard Wireless Network Solution Example

The wireless devices and the wired networks communicate with each other using standard networking
protocols and addressing schemes. Most commonly, Internet Protocol (IP) addressing is used.

Elements of the ExtremeWireless Solution

The ExtremeWireless solution consists of two devices:

ExtremeWireless™ V10.41.06 User Guide

Overview of the ExtremeWireless Solution

16

ExtremeWireless Appliance

•

ExtremeWireless AP

•

This architecture allows a single controller to control many APs, making the administration and
management of large networks much easier.

There can be several controllers in the network, each with a set of registered APs. The controllers can
also act as backups to each other, providing stable network availability.

In addition to the controllers and APs, the solution requires three other components, all of which are
standard for enterprise and service provider networks:

RADIUS Server (Remote Access Dial-In User Service) or other authentication server

•

DHCP (Dynamic Host Configuration Protocol) Server (Dynamic Host Configuration Protocol). If you

•

do not have a DHCP Server on your network, you can enable the local DHCP Server on the controller.
The local DHCP Server is useful as a general purpose DHCP Server for small subnets. For more
information, see Setting Up the Data Ports on page 51.

SLP (Service Location Protocol)

•

Figure 2: ExtremeWireless Appliance Solution

As illustrated in ExtremeWireless Appliance Solution, the ExtremeWireless Appliance appears to the
existing network as if it were an access point, but in fact one controller controls many APs. The
controller has built-in capabilities to recognize and manage the APs. The controller:

ExtremeWireless™ V10.41.06 User Guide

Overview of the ExtremeWireless Solution

17

Activates the APs

•

Enables APs to receive wireless trac from wireless devices

•

Processes the data trac from the APs

•

Forwards or routes the processed data trac out to the network

•

Authenticates requests and applies access roles

•

Simplifying the APs makes them cost-eective, easy to manage, and easy to deploy. Putting control on
an intelligent centralized controller enables:

Centralized configuration, management, reporting, and maintenance

•

High security

•

Flexibility to suit enterprise

•

Scalable and resilient deployments with a few controllers controlling hundreds of APs

•

The ExtremeWireless system:

Scales up to Enterprise capacity — ExtremeWireless Appliances are scalable:

•

C5215 — Up to 1000 APs, 2000 APs in Controller availability mode

•

C5210 — Up to 1000 APs, 2000 APs in Controller availability mode

•

C5110 — Up to 525 APs, 1050 APs in Controller availability mode

•

C4110 — Up to 250 APs, 500 APs in Controller availability mode

•

C25 — Up to 50 APs, 100 APs in Controller availability mode

•

C35 — Up to 125 APs, 250 APs in Controller availability mode

•

V2110 (Small Profile) — Up to 50 APs, 100 APs in Controller availability mode

•

V2110 (Medium Profile) — Up to 250 APs, 500 APs in Controller availability mode

•

V2110 (Large Profile) — Up to 525 APs, 1050 APs in Controller availability mode

•

In turn, each wireless AP can handle a mixture of secure and non-secure clients. AP per radio

•

support is up to 200 clients, of which 127 are clients with security. With additional controllers, the
number of wireless devices the solution can support can reach into the thousands.

Integrates with existing network — A controller can be added to an existing enterprise network as a

•

new network device, greatly enhancing its capability without interfering with existing functionality.
Integration of the controllers and APs does not require any re-configuration of the existing
infrastructure (for example, VLAN (Virtual LAN)

Integrates with the Extreme Networks Extreme Management Center Suite of products. For more

•

information, see Extreme Networks Extreme Management Center Integration on page 18.

s).

Plug-in applications include:

Automated Security Manager

•

Inventory Manager

•

NAC Manager

•

Role Control Console

•

Policy Manager

•

Oers centralized management and control — An administrator accesses the controller in its

•

centralized location to monitor and administer the entire wireless network. From the controller the
administrator can recognize, configure, and manage the APs and distribute new software releases.

Provides easy deployment of APs — The initial configuration of the APs on the centralized controller

•

can be done with an automatic “discovery” technique.

ExtremeWireless™ V10.41.06 User Guide

Overview of the ExtremeWireless Solution

18

Provides security via user authentication — Uses existing authentication (AAA) servers to

•

authenticate and authorize users.
Provides security via filters and privileges — Uses virtual networking techniques to create separate

•

virtual networks with defined authentication and billing services, access roles, and privileges.
Supports seamless mobility and roaming — Supports seamless roaming of a wireless device from

•

one wireless AP to another on the same controller or on a dierent controller.
Integrates third-party access points — Uses a combination of network routing and authentication

•

techniques.
Prevents rogue devices — Unauthorized access points are detected and identified as either harmless

•

or dangerous rogue APs.
Provides accounting services — Logs wireless user sessions, user group activity, and other activity

•

reporting, enabling the generation of consolidated billing records.
Oers troubleshooting capability — Logs system and session activity and provides reports to aid in

•

troubleshooting analysis.
Oers dynamic RF management — Automatically selects channels and adjusts Radio Frequency

•

(RF) signal propagation and power levels without user intervention.

Extreme Networks Extreme Management Center Integration

The ExtremeWireless solution now integrates with the Extreme Management Center suite of products, a
collection of tools to help you manage networks. Its client/server architecture lets you manage your
network from a single workstation or, for networks of greater complexity, from one or more client
workstations. It is designed to facilitate specific network management tasks while sharing data and
providing common controls and a consistent user interface.

The Extreme Management Center is a family of products comprising the Extreme Management Center
Console and a suite of plug-in applications, including:

Automated Security Manager — Automated Security Manager is a unique threat response solution

•

that translates security intelligence into security enforcement. It provides sophisticated identification
and management of threats and vulnerabilities. For information on how the ExtremeWireless
solution integrates with the Automated Security Manager application, see the Maintenance Guide.

Inventory Manager — Inventory Manager is a tool for eciently documenting and updating the

•

details of the ever-changing network. For information on how the ExtremeWireless solution
integrates with the Automated Security Manager application, see the Maintenance Guide .

NAC Manager — NAC Manager is a leading-edge NAC solution to ensure only the right users have

•

access to the right information from the right place at the right time. The Extreme Networks NAC
solution performs multi-user, multi-method authentication, vulnerability assessment and assisted
remediation. For information on how the ExtremeWireless solution integrates with the Extreme
Networks NAC solution, see NAC Integration with the Wireless WLAN on page 24.

Policy Manager — Policy Manager recognizes the ExtremeWireless suite as role capable devices that

•

accept partial configuration from Policy Manager. Currently this integration is partial in the sense
that Extreme Management Center is unable to create WLAN
need to be directly provisioned on the controller and are represented to Policy Manager as logical
ports.

services directly; The WLAN services

The ExtremeWireless Appliance allows Policy Manager to:

ExtremeWireless™ V10.41.06 User Guide

Note

Overview of the ExtremeWireless Solution

19

Attach Topologies (assign VLAN to port) to the ExtremeWireless Appliance physical ports

•

(Console).
Attach role to the logical ports (WLAN Service/SSID),

•

Assign a Default Role/Role to a WLAN Service, thus creating the VNS.

•

Perform authentication operations which can then reference defined roles for station-specific

•

role enforcement.

This can be seen as a three-step process:

1 Deploy the controller and perform local configuration

The ExtremeWireless Appliance ships with a default SSID, attached by default to all AP radios,

•

when enabled.
Use the basic installation wizard to complete the ExtremeWireless Appliance configuration.

•

2 Use Policy Manager to:

Push the VLAN list to the ExtremeWireless Appliance (Topologies)

•

Attach VLANs to ExtremeWireless Appliance physical ports (Console - Complete Topology

•

definition)
Push RADIUS server configuration to the ExtremeWireless Appliance

•

Push role definitions to the ExtremeWireless Appliance

•

Attach the default role to create a VNS

•

3 Fine tune controller settings. For example, configuring filtering at APs and ExtremeWireless

Appliance for a bridged at controller or routed topologies and associated VNSs.

Complete information about integration with Policy Manager is outside the scope of this
document.

ExtremeWireless and Your Network

This section is a summary of the components of the ExtremeWireless solution on your enterprise
network. The following are described in detail in this guide, unless otherwise stated:

ExtremeWireless Appliance — A rack-mountable network device or virtual appliance that provides

•

centralized control over all access points and manages the network assignment of wireless device
clients associating through access points.

Wireless AP — A wireless LAN fit access point that communicates with a controller.

•

RADIUS Server (Remote Access Dial-In User Service) (RFC2865), or other authentication server —

•

An authentication server that assigns and manages ID and Password protection throughout the
network. Used for authentication of the wireless users in either 802.1x or Captive Portal security
modes. The RADIUS Server system can be set up for certain standard attributes, such as filter ID, and
for the Vendor Specific Attributes (VSAs). In addition, RADIUS Disconnect (RFC3576) which permits
dynamic adjustment of user role (user disconnect) is supported.

DHCP Server (Dynamic Host Configuration Protocol) (RFC2131) — A server that assigns dynamically

•

IP addresses, gateways, and subnet masks. IP address assignment for clients can be done by the
DHCP server internal to the controller, or by existing servers using DHCP relay. It is also used by the
APs to discover the location of the controller during the initial registration process using Options 43,
60, and Option 78. Options 43 and 60 specify the vendor class identifier (VCI) and vendor specific

ExtremeWireless™ V10.41.06 User Guide

Overview of the ExtremeWireless Solution

20

information. Option 78 specifies the location of one or more SLP Directory Agents. For SLP, DHCP
should have Option 78 enabled.

Service Location Protocol (SLP) (SLP RFC2608) — Client applications are User Agents and services

•

that are advertised by a Service Agent. In larger installations, a Directory Agent collects information
from Service Agents and creates a central repository. The Extreme Networks solution relies on
registering “Extreme Networks” as an SLP Service Agent.

Domain Name Server (DNS) — A server used as an alternate mechanism (if present on the

•

enterprise network) for the automatic discovery process. Controller, Access Points and Convergence
Software relies on the DNS for Layer 3 deployments and for static configuration of the APs. The
controller can be registered in DNS, to provide DNS assisted AP discovery. In addition, DNS can also
be used for resolving RADIUS server hostnames.

Web Authentication Server — A server that can be used for external Captive Portal and external

•

authentication. The controller has an internal Captive portal presentation page, which allows web
authentication (web redirection) to take place without the need for an external Captive Portal server.

RADIUS Accounting Server (Remote Access Dial-In User Service) (RFC2866) — A server that is

•

required if RADIUS Accounting is enabled.
SNMP (Simple Network Management Protocol) — A Manager Server that is required if forwarding

•

SNMP messages is enabled.
Network Infrastructure — The Ethernet switches and routers must be configured to allow routing

•

between the various services noted above. Routing must also be enabled between multiple
controllers for the following features to operate successfully:

Availability

•

Mobility

•

ExtremeWireless Radar for detection of rogue access points

•

Some features also require the definition of static routes.

Web Browser — A browser provides access to the controller Management user interface to configure

•

the ExtremeWireless system.
SSH Enabled Device — A device that supports Secure Shell (SSH) is used for remote (IP) shell access

•

to the system.
Zone Integrity — The Zone integrity server enhances network security by ensuring clients accessing

•

your network are compliant with your security roles before gaining access. Zone Integrity Release 5
is supported.

(Optional) Online Signup Server — For use with Hotspot Networks.

•

Network Trac Flow

Figure 3 illustrates a simple configuration with a single controller and two APs, each supporting a

wireless device. A RADIUS server on the network provides authentication, and a DHCP
the APs to discover the location of the controller during the initial registration process. Network inter­connectivity is provided by the infrastructure routing and switching devices.

server is used by

ExtremeWireless™ V10.41.06 User Guide

Overview of the ExtremeWireless Solution

21

Figure 3: Trac Flow Diagram

Each wireless device sends IP packets in the 802.11 standard to the AP. The AP uses a UDP (User
Datagram Protocol) based tunnelling protocol. In tunneled mode of operation, it encapsulates the
packets and forwards them to the controller. The controller decapsulates the packets and routes these
to destinations on the network. In a typical configuration, access points can be configured to locally
bridge trac (to a configured VLAN

The controller functions like a standard L3 router or L2 switch. It is configured to route the network
trac associated with wireless connected users. The controller can also be configured to simply forward
trac to a default or static route if dynamic routing is not preferred or available.

) directly at their network point of attachment.

Network Security

The Extreme Networks ExtremeWireless system provides features and functionality to control network
access. These are based on standard wireless network security practices.

Current wireless network security methods provide protection. These methods include:

Shared Key authentication that relies on Wired Equivalent Privacy (WEP) keys

•

Open System that relies on Service Set Identifiers (SSIDs)

•

802.1x that is compliant with Wi-Fi Protected Access (WPA)

•

Captive Portal based on Secure Sockets Layer (SSL) protocol

•

The Extreme Networks ExtremeWireless system provides the centralized mechanism by which the
corresponding security parameters are configured for a group of users.

Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks defined in the

•

802.11b standard

ExtremeWireless™ V10.41.06 User Guide

Overview of the ExtremeWireless Solution

22

Wi-Fi Protected Access version 1 (WPA1™) with Temporal Key Integrity Protocol (TKIP)

•

Wi-Fi Protected Access version 2 (WPA2™) with Advanced Encryption Standard (AES) and Counter

•

Mode with Cipher Block Chaining Message Authentication Code (CCMP)

Authentication

The controller relies on a RADIUS server, or authentication server, on the enterprise network to provide
the authentication information (whether the user is to be allowed or denied access to the network). A
RADIUS client is implemented to interact with infrastructure RADIUS servers.

The controller provides authentication using:

Captive Portal — a browser-based mechanism that forces users to a Web page

•

RADIUS (using IEEE 802.1x)

•

The 802.1x mechanism is a standard for authentication developed within the 802.11 standard. This
mechanism is implemented at the wireless port, blocking all data trac between the wireless device
and the network until authentication is complete. Authentication by 802.1x standard uses Extensible
Authentication Protocol (EAP) for the message exchange between the controller and the RADIUS
server.

When 802.1x is used for authentication, the controller provides the capability to dynamically assign per­wireless-device WEP keys (called per session WEP keys in 802.11). In the case of WPA, the controller is
not involved in key assignment. Instead, the controller is involved in the information exchange between
RADIUS server and the user’s wireless device to negotiate the appropriate set of keys. With WPA2 the
material exchange produces a Pairwise Master Key which is used by the AP and the user to derive their
temporal keys. (The keys change over time.)

The Extreme Networks ExtremeWireless solution provide a RADIUS redundancy feature that enables
you to define a failover RADIUS server in the event that the active RADIUS server becomes
unresponsive.

Privacy

Privacy is a mechanism that protects data over wireless and wired networks, usually by encryption
techniques.

Extreme Networks ExtremeWireless supports the Wired Equivalent Privacy (WEP) standard common to
conventional access points.

It also provides Wi-Fi Protected Access version 1 (WPA v.1) encryption, based on Pairwise Master Key
(PMK) and Temporal Key Integrity Protocol (TKIP). The most secure encryption mechanism is WPA
version 2, using Advanced Encryption Standard (AES).

Virtual Network Services

Virtual Network Services (VNS) provide a versatile method of mapping wireless networks to the
topology of an existing wired network.

In releases prior to V7.0, a VNS was a collection of operational entities. Starting with Release V7.0, a
VNS becomes the binding of reusable components:

ExtremeWireless™ V10.41.06 User Guide 2

Overview of the ExtremeWireless Solution

23

WLAN Service components that define the radio attributes, privacy and authentication settings, and

•

QoS attributes of the VNS
Role components that define the topology (typically a VLAN), policy rules, and Class of Service

•

applied to the trac of a station.

Figure 4 illustrates the transition of the concept of a VNS to a binding of reusable components.

Figure 4: VNS as a Binding of Reusable Components

WLAN Service components and Role components can be configured separately and associated with a
VNS when the VNS is created or modified. Alternatively, they can be configured during the process of
creating a VNS.

Additionally, Roles can be created using the Extreme Networks Extreme Management Center Policy
Manager or Extreme Management Center Wireless Manager and pushed to the ExtremeWireless
Appliance. Role assignment ensures that the correct topology and trac behavior are applied to a user
regardless of WLAN service used or VNS assignment.

When VNS components are set up on the controller, among other things, a range of IP addresses is set
aside for the controller’s DHCP

If the OSPF (Open Shortest Path First) routing protocol is enabled, the controller advertises the routed
topologies as reachable segments to the wired network infrastructure. The controller routes trac
between the wireless devices and the wired network.

The controller also supports VLAN-bridged assignment for VNSs. This allows the controller to directly
bridge the set of wireless devices associated with a WLAN service directly to a specified core VLAN.

ExtremeWireless™ V10.41.06 User Guide

server to assign to wireless devices.

Controller Model Max Number of Defined

VNS

Max Number of Defined
WLAN Services

Max Number of Active
WLAN Services

Overview of the ExtremeWireless Solution

24

Each controller model can support a definable number and an active number of VNSs. See Table 3.

Table 3: VNS and WLAN
Service Capacity

C

C5110 256 256 128

C4110 128 128 64

C25 32 32 16

V2110 Small 32 32 16

V2110 Medium
V2110-HyperV

V2110 Large 256 256 128

C5215 256 256 128

C5210 256 256 128

C35 32 16 32

128 128 64

The AP radios can be assigned to each of the configured WLAN services and, therefore, VNSs in a
system. Each AP can be the subject of 16 service assignments—eight assignments per radio—which
corresponds to the number of SSIDs it can support. Once a radio has all eight slots assigned, it is no
longer eligible for further assignment.

The AP3912 has three additional client ports that can be assigned to a single WLAN Service. For more
information, see Assigning WLAN Services to Client Ports on page 170.

NAC Integration with the Wireless WLAN

The Extreme Networks Wireless WLAN

supports integration with a NAC (Network Admission Control)
Gateway. The NAC Gateway can provide your network with authentication, registration, assessment,
remediation, and access control for mobile users.

NAC Gateway integration with Wireless WLAN supports SSID VNSs when used in conjunction with
MAC-based external captive portal authentication.

Figure 5 depicts the topology and workflow relationship between Wireless WLAN that is configured for

external captive portal and a NAC Gateway. With this configuration, the NAC Gateway acts like a
RADIUS proxy server. An alternative is to configure the NAC Gateway to perform MAC-based
authentication itself, using its own database of MAC addresses and permissions. For more information,
see Creating a NAC VNS Using the VNS Wizard on page 426.

ExtremeWireless™ V10.41.06 User Guide

2

3

Note

4

5

6

Overview of the ExtremeWireless Solution

25

Figure 5: WLAN and NAC Integration with External Captive Portal Authentication

11The client laptop connects to the AP.

The AP determines that authentication is required, and sends an association request to the
appliance.

The appliance forwards to the NAC Gateway an access-request message for the client laptop, which is
identified by its MAC address.

The NAC Gateway forwards the access-request to the RADIUS server. The NAC Gateway acts like a
RADIUS proxy server.

The RADIUS server evaluates the access-request and sends an AccessAccept message back to the NAC.

RADIUS servers with captive portal and EAP authentication can be tested for connectivity using the

radtest command. For more information, see the ExtremeWireless CLI Guide.

The NAC receives the access-accept packet. Using its local database, the NAC determines the
correct role to apply to this client laptop and updates the access-accept packet with the role
assignment. The updated AccessAccept message is forwarded to the appliance and AP.

The appliance and the AP apply role against the client laptop accordingly. The appliance assigns a set of filters
to the client laptop’s session and the AP allows the client laptop access to the network.

The client laptop interacts with a DHCP server to obtain an IP address.

Eventually the client laptop uses its web browser to access a website.

The appliance determines that the target website is blocked and that the client laptop still requires

•

authentication.

ExtremeWireless™ V10.41.06 User Guide

7

Overview of the ExtremeWireless Solution

26

The appliance sends an HTTP redirect to the client laptop’s browser. The redirect sends the browser to the

•

web server on the NAC Gateway.
The NAC displays an appropriate web page in the client laptop’s browser. The contents of the page depend

•

on the current role assignment (enterprise, remediation, assessing, quarantine, or unregistered) for the MAC
address.

7

When the NAC determines that the client laptop is ready for a dierent role assignment, it sends a ‘disconnect
message’ (RFC 3576) to the appliance.

When the appliance receives the ‘disconnect message’ sent by the NAC, the appliance terminates
the session for the client laptop.

The appliance forwards the command to terminate the client laptop’s session to the AP, which
disconnects the client laptop.

VNS Components

The distinct constituent high-level configurable umbrella elements of a VNS are:

Topology

•

Role

•

Classes of Service

•

WLAN Service

•

Topology

Topologies represent the networks with which the controller and its APs interact. The main configurable
attributes of a topology are:

Name - a string of alphanumeric characters designated by the administrator.

•

VLAN ID - the VLAN identifier as specified in the IEEE 802.1Q definition.

•

VLAN tagging options.

•

Port of presence for the topology on the controller. (This attribute is not required for Routed and

•

Bridged at AP topologies.)
Interface. This attribute is the IP (L3) address assigned to the controller on the network described by

•

the topology. (Optional.)
Type. This attribute describes how trac is forwarded on the topology. Options are:

•

“Physical” - the topology is the native topology of a data plane and it represents the actual

•

Ethernet ports
“Management” - the native topology of the controller management port

•

“Routed” - the controller is the routing gateway for the routed topology.

•

“Bridged at Controller” - the user trac is bridged (in the L2 sense) between wireless clients and

•

the core network infrastructure.
“Bridged at AP” - the user trac is bridged locally at the AP without being redirected to the

•

controller

Exception Filters. Specifies which trac has access to the controller from the wireless clients or the

•

infrastructure network.
Certificates.

•

ExtremeWireless™ V10.41.06 User Guide

Overview of the ExtremeWireless Solution

27

Multicast filters. Defines the multicast groups that are allowed on a specific topology segment.

•

For information about Topology groups, see Creating a Topology Group on page 270.

•

Role

A Role is a collection of attributes and rules that determine actions taken user trac accesses the wired
network through the WLAN
a VNS can have between one and three Authorization Roles associated with it:

1 Default non-authorized role — This is a mandatory role that covers all trac from stations that have

not authenticated. At the administrator's discretion the default non-authorized role can be applied
to the trac of authenticated stations as well.

2 Default authorized role — This is a mandatory role that applies to the trac of authenticated stations

for which no other role was explicitly specified. It can be the same as the default non-authorized
role.

3 Third-party AP role — This role applies to the list of MAC addresses corresponding to the wired

interfaces of third party APs specifically defined by the administrator to be providing the RF access
as an AP WLAN Service. This role is only relevant when applied to third party AP WLAN Services.

service (associated to the WLAN Service's SSID). Depending upon its type,

Classes of Service

In general, CoS (Class of Service)
it is forwarded through the network relative to other packets, and to the maximum throughput per time
unit that a station or port assigned to a specific role is permitted. The CoS defines actions to be taken
when rate limits are exceeded.

All incoming packets may follow these steps to determine a CoS:

Classification - identifies the first matching rule that defines a CoS.

•

Marking - modifies the L2 802.1p and/or L3 ToS based on CoS definition.

•

Rate limiting (drop) is set.

•

The system limit for the number of CoS profiles on a controller is identical to the number of roles. For
example, the maximum number of CoS profiles on a C4110 is 512.

WLAN Services

A WLAN
oered by the controller and its APs. A WLAN Service can be one of the following types:

•

•

•

Service represents all the RF, authentication and QoS attributes of a wireless access service

Standard — A conventional service. Only APs running ExtremeWireless software can be part of this
WLAN Service. This type of service can be used as a Bridged at Controller, Bridged at AP, or Routed
Topology. This type of service provides access for mobile stations. Roles can be associated with this
type of WLAN service to create a VNS. Hotspot can be enabled for standard WLAN services.

Third Party AP — A Wireless Service oered by third party APs. This type of service provides access
for mobile stations. Roles can be assigned to this type of WLAN service to create a VNS.

Dynamic Mesh and WDS (Static Mesh)— This is to configure a group of APs organized into a
hierarchy for purposes of providing a Wireless Distribution Service. This type of service is in essence

refers to a set of attributes that define the importance of a frame while

ExtremeWireless™ V10.41.06 User Guide

Overview of the ExtremeWireless Solution

28

a wireless trunking service rather than a service that provides access for stations. As such, this
service cannot have roles attached to it.

Remote — A service that resides on the edge (foreign) controller. Pairing a remote service with a

•

remoteable service on the designated home controller allows you to provision centralized WLAN
Services in the mobility domain. This is known as centralized mobility.

The components of a WLAN Service map to the corresponding components of a VNS in previous
releases. The administrator makes an explicit choice of the type of authentication to use on the WLAN
Service. If the choice of authentication option conflicts with any other authentication or privacy choices,
the WLAN Service cannot be enabled.

Routing

Routing can be used on the controller to support the VNS definitions. Through the user interface you
can configure routing on the controller to use one of the following routing techniques:

Static routes — Use static routes to set the default route of a controller so that legitimate wireless

•

device trac can be forwarded to the default gateway.
OSPF (version 2) (RFC2328) — Use OSPF to allow the controller to participate in dynamic route

•

selection. OSPF is a protocol designed for medium and large IP networks with the ability to segment
routes into dierent areas by routing information summarization and propagation. Static Route
definition and OSPF dynamic learning can be combined, and the precedence of a static route
definition over dynamic rules can be configured by selecting or clearing the Override dynamic
routes option check box.

Next-hop routing — Use next-hop routing to specify a unique gateway to which trac on a VNS is

•

forwarded. Defining a next-hop for a VNS forces all the trac in the VNS to be forwarded to the
indicated network device, bypassing any routing definitions of the controller's route table.

Mobility and Roaming

In typical simple configurations, APs are set up as bridges that bridge wireless trac to the local subnet.
In bridging configurations, the user obtains an IP address from the same subnet as the AP, assuming no
VLAN trunking functionality. If the user roams between APs on the same subnet, it is able to keep using
the same IP address. However, if the user roams to another AP outside of that subnet, its IP address is
no longer valid. The user's client device must recognize that the IP address it has is no longer valid and
re-negotiate a new one on the new subnet. This mechanism does not mandate any action on the user.
The recovery procedure is entirely client device dependent. Some clients automatically attempt to
obtain a new address on roam (which aects roaming latency), while others will hold on to their IP
address. This loss of IP address continuity seriously aects the client's experience in the network,
because in some cases it can take minutes for a new address to be negotiated.

The Extreme Networks ExtremeWireless solution centralizes the user's network point of presence,
therefore abstracting and decoupling the user's IP address assignment from that of the APs location
subnet. That means that the user is able to roam across any AP without losing its own IP address,
regardless of the subnet on which the serving APs are deployed.

In addition, a controller can learn about other controllers on the network and then exchange client
session information. This enables a wireless device user to roam seamlessly between dierent APs on
dierent controllers.

ExtremeWireless™ V10.41.06 User Guide

Overview of the ExtremeWireless Solution

29

Network Availability

The Extreme Networks ExtremeWireless solution provides availability against AP outages, controller
outages, and even network outages. The controller in a VLAN bridged topology can potentially allow
the user to retain the IP address in a failover scenario, if the VNS/VLAN is common to both controllers.
For example, availability is provided by defining a paired controller configuration by which each peer
can act as the backup controller for the other's APs. APs in one controller are allowed to fail over and
register with the alternate controller.

If the primary controller fails, all of its associated APs can automatically switch over to another
controller that has been defined as the secondary or backup controller. If an AP reboots, the primary
controller is restored if it is active. However, active APs will continue to be connected to the backup
controller until the administrator releases them back to the primary home controller.

Quality of Service (QoS)

Extreme Networks ExtremeWireless solution provides advanced Quality of Service (QoS) management
to provide better network trac flow. Such techniques include:

WMM (Wi-Fi Multimedia) — WMM is enabled per WLAN service. The controller provides centralized

•

management of the AP features. For devices with WMM enabled, the standard provides multimedia
enhancements for audio, video, and voice applications. WMM shortens the time between
transmitting packets for higher priority trac. WMM is part of the 802.11e standard for QoS. In the
context of the ExtremeWireless Solution, the ToS/DSCP field is used for classification and proper
class of service mapping, output queue selection, and priority tagging.

IP ToS (Type of Service) or DSCP (Diserv Codepoint) — The ToS/DSCP field in the IP header of a

•

frame indicates the priority and class of service for each frame. Adaptive QoS ensures correct
priority handling of client payload packets tunneled between the controller and AP by copying the
IP ToS/DSCP setting from client packet to the header of the encapsulating tunnel packet.

Rate Control — Rate Control for user trac can also be considered as an aspect of QoS. As part of

•

Role definition, the user can specify (default) role that includes Ingress and Egress rate control.
Ingress rate control applies to trac generated by wireless clients and Egress rate control applies to
trac targeting specific wireless clients. The bit-rates can be configured as part of globally available
profiles which can be used by any particular configuration. A global default is also defined.

Quality of Service (QoS) management is also provided by:

Assigning high priority to a WLAN service

•

Adaptive QoS (automatic and all time feature)

•

Support for legacy devices that use SpectraLink Voice Protocol (SVP) for prioritizing voice trac

•

(configurable)

ExtremeWireless Appliance Product Family

The ExtremeWireless Appliance is available in the following product families:

ExtremeWireless™ V10.41.06 User Guide

Table 4: ExtremeWireless Product Families

ExtremeWireless Appliance Model

Number

Specifications

30

E

Overview of the ExtremeWireless Solution

C5110

C5210/C5215

C4110

Three data ports supporting up to 525 APs

•

2 fiber optic SR (10Gbps)

•

1 Ethernet port GigE

•

One management port (Ethernet) GigE

•

One console port (DB9 serial)

•

Four USB ports — two on each front and back panel (only one

•

port active at a time)
Redundant dual power supply unit

•

Four data ports supporting up to 1000 APs

•

2 SFP+ (10Gbps)

•

2 Ethernet port GigE

•

One management port (Ethernet) GigE

•

One console port (RJ-45 serial)

•

Five USB ports — two on front and three on back panel (only one

•

port active at a time)
Redundant dual power supply unit

•

Four GigE ports supporting up to 250 APs

•

One management port (Ethernet) GigE

•

One console port (DB9 serial)

•

Four USB ports (only one active at a time)

•

Redundant dual power supply unit

•

C25

V2110

C35

Two GigE ports supporting up to 50 APs

•

One management port GigE

•

One console port (DB9 serial)

•

Two USB ports

•

Two GigE ports or 10G fiber ports supporting up to 525 APs

•

One management port GigE

•

USB ports (only one active at a time)

•

Four GigE ports supporting up to 125 APs

•

One management port GigE

•

One console port

•

Two USB ports

•

ExtremeWireless™ V10.41.06 User Guide