How it Works
Extreme Networks
Loading...
OAP36B
User Manual
428 pgs4.57 Mb0
User Manual
50 pgs1.61 Mb0
User Manual
146 pgs1.68 Mb0

Extreme Networks OAP36B User Manual

Documentation
HiPath Wireless Controller, Access Points and Convergence Software V7.31
User Guide
9034530-04
Communication for the open minded
Siemens Enterprise Communications www.siemens.com/open
Communication for the open minded
Siemens Enterprise Communications www.siemens.com/open
Siemens Enterprise Communications GmbH & Co. KG a Trademark Licensee of Siemens AG
Reference No.: 9034530-04 The information provided in this document contains
merely general descriptions or characteristics of performance which in case of actual use do not always apply as described or which may change as a result of fur ­ther development of the products. An obligation to pro­vide the respective characteristics shall only exist if ex­pressly agreed in the terms of contract. Availability and technical specifications are subject to change without no­tice. OpenScape, OpenStage and HiPath are registered trade­marks of Siemens Enterprise Communications GmbH & Co. KG. All other company, brand, product and service names are trademarks or registered trademarks of their respective holders.
Siemens Enterprise
is
hwc_user_guideTOC.fm
Nur für den internen Gebrauch Contents
Contents 0
1 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.1 Who should use this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.2 What is in this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.3 Formatting conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.4 Additional documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.5 Getting Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.6 Safety Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.7 Sicherheitshinweise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.8 Consignes de sécurité . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2 Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution . . . 19
2.1 Conventional wireless LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.2 Elements of the HiPath Wireless Controller, Access Points and Convergence Software solution . . . . . . . 22
2.2.1 Enterasys NetSight Suite integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.3 HiPath Wireless Controller, Access Points and Convergence Software and your network. . . . . . . . . . . . . 27
2.3.1 Network traffic flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.3.2 Network security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
2.3.2.1 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.3.2.2 Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.3.3 Virtual Network Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
2.3.4 VNS components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
2.3.4.1 Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
2.3.4.2 Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2.3.4.3 WLAN Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
2.3.5 Static routing and routing protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
2.3.6 Mobility and roaming. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
2.3.7 Network availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
2.3.8 Quality of Service (QoS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
2.4 HiPath Wireless Controller product family . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3 Configuring the HiPath Wireless Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.1 System configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.2 Logging on to the HiPath Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
3.3 Working with the basic installation wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.4 Configuring the HiPath Wireless Controller for the first time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.4.1 Changing the administrator passw or d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.4.2 Applying product license keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.4.2.1 Installing the license keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.4.3 Setting up the data ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
3.4.3.1 Viewing and changing the L2 ports information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.4.3.2 Viewing and changing the L2 port related topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
3.4.4 Setting up Internal VLAN ID and multi-cast support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
3.4.5 Setting up static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
3.4.5.1 Viewing the forwarding table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
3.4.6 Setting up OSPF Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
3.4.7 Configuring filtering at the interface level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
3.4.7.1 Built-in interface-based exception filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
3.4.7.2 Working with administrator-defined interface-based exception filters. . . . . . . . . . . . . . . . . . . . . . 70
9034530-04, September 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide 3
hwc_user_guideTOC.fm
Contents Nur für den internen Gebrauch
3.4.8 Installing certificates on the HiPath Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
3.4.8.1 Installing a certificate for a HiPath Wireless Controller interface . . . . . . . . . . . . . . . . . . . . . . . . . 74
3.4.9 Configuring the login authentication mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
3.4.9.1 Configuring the local login authentication mode and adding new users . . . . . . . . . . . . . . . . . . . 79
3.4.9.2 Configuring the RADIUS login authentication mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
3.4.9.3 Configuring the local, RADIUS login authentication mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
3.4.9.4 Configuring the RADIUS, local login authentication mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
3.4.10 Configuring SNMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
3.4.10.1 Configuring SNMPv1/v2c-specific parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
3.4.10.2 Configuring SNMPv3-specific parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
3.4.10.3 Editing an SNMPv3 User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
3.4.10.4 Deleting an SNMPv3 User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
3.4.11 Configuring network time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
3.4.11.1 Configuring the network time using the syst em ’s tim e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
3.4.11.2 Configuring the network time using an NTP serve r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
3.4.12 Configuring DNS servers for resolving host names of NTP and RADIUS servers . . . . . . . . . . . . . . 95
3.5 Using an AeroScout location based solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
3.6 Additional ongoing operations of the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
4 Configuring the Wireless AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
4.1 Wireless AP overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
4.1.1 HiPath Standard Wireless AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
4.1.1.1 HiPath Standard Wireless AP radios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
4.1.1.2 AP4102/4102C Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
4.1.2 HiPath Wireless Outdoor AP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
4.1.3 HiPath Wireless 802.11n AP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
4.1.3.1 HiPath Wireless 802.11n AP’s radios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
4.1.4 Wireless AP international licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
4.1.5 Wireless AP default IP address and first-time configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
4.1.6 Assigning a static IP address to the Wireless AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
4.2 Discovery and registration overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
4.2.1 Wireless AP discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
4.2.2 Registration after discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
4.2.2.1 Default Wireless AP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
4.2.3 Understanding the Wireless AP LED status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
4.2.3.1 HiPath Wireless AP LED status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
4.2.3.2 HiPath Wireless Outdoor AP LED status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
4.2.3.3 HiPath Wireless 802.11n AP LED status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
4.2.3.4 AP4102 and AP2605 LED status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
4.2.3.5 Configuring Wireless AP LED behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
4.2.4 Configuring the Wireless APs for the first time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
4.2.5 Defining properties for the discovery process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
4.2.6 Connecting the Wireless AP to a power source and initiating the discovery and registration process 134
4.3 Adding and registering a Wireless AP manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
4.4 Configuring Wireless AP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
4.4.1 Modifying a Wireless AP’s status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
4.4.2 Configuring a Wireless AP’s properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
4.4.3 AP properties tab configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
4.4.4 Assigning Wireless AP radios to a VNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
4.4.5 Configuring Wireless AP radio properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
4.4.5.1 Modifying Wireless 802.11n AP 3610/3620 radio properties. . . . . . . . . . . . . . . . . . . . . . . . . . . 148
4.4.5.2 Achieving high throughput with the Wireless 802.11n AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
9034530-04, September 2010
4 HiPath Wireless Controller, Access Points and Convergen ce Sof twa re V 7.31 , User Guide
hwc_user_guideTOC.fm
Nur für den internen Gebrauch Contents
4.4.5.3 Modifying Wireless AP 2610/2620 radio properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
4.4.6 Setting up the Wireless AP using static configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
4.4.7 Configuring Telnet/SSH Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
4.5 Configuring VLAN tags for Wireless APs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
4.5.1 Setting up 802.1x authentication for a Wireless AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
4.5.1.1 Configuring 802.1x PEAP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
4.5.1.2 Configuring 802.1x EAP-TLS authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
4.5.1.3 Viewing 802.1x credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
4.5.1.4 Deleting 802.1x credentials. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
4.5.2 Setting up 802.1x authentication for Wireless APs using Multi-edit . . . . . . . . . . . . . . . . . . . . . . . . . . 192
4.5.3 Configuring the default Wireless AP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
4.5.3.1 Configure common configuration default AP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
4.5.3.2 Configure AP2610/20, AP2605, W788, BP200, and WB500 default AP settings. . . . . . . . . . . . 198
4.5.3.3 Configure AP3605/10/20 default AP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
4.5.3.4 Configure AP2650/60 and W786 default AP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
4.5.3.5 Configure AP4102 and AP4102C default AP settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
4.6 Modifying a Wireless AP’s properties based on a default AP configuration. . . . . . . . . . . . . . . . . . . . . . . . 228
4.7 Modifying the Wireless AP’s default setting using the Copy to Defaults feature . . . . . . . . . . . . . . . . . . . . 228
4.8 Configuring multiple Wireless APs simultaneously . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
4.9 Configuring co-located APs in load balance groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
4.9.1 How availability affects load balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
4.9.2 Load balance group statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
4.10 Configuring AP clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
4.11 Converting the Wireless Standalone 802.11n AP to standalone mode . . . . . . . . . . . . . . . . . . . . . . . . . . 237
4.12 Configuring an AP as a sensor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
4.13 Performing Wireless AP software maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
5 Virtual Network Services concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
5.1 VNS overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
5.1.1 Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
5.1.2 Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
5.1.3 WLAN Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
5.1.4 New VNS definition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
5.2 Setting up a VNS checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
5.3 NAC integration with HiPath WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
5.4 Assigning Wireless APs to WLAN Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
5.5 Authentication for a VNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
5.5.1 Authentication with Captive Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
5.5.2 Authentication with 802.1x and WPA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
5.6 Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
5.6.1 Final filter rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
5.6.2 Filtering sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
5.6.3 Legacy compatibility with Policy-based filtering and VNS assignment. . . . . . . . . . . . . . . . . . . . . . . . 261
5.7 Multicast traffic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
5.8 Data protection — WEP and WPA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
5.9 QoS Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
5.10 Flexible Client Access (FCA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
6 Configuring a VNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
6.1 High level VNS configuration flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
6.1.1 Controller defaults. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
6.2 VNS global settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
6.2.1 Defining RADIUS servers and MAC address format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
9034530-04, September 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide 5
hwc_user_guideTOC.fm
Contents Nur für den internen Gebrauch
6.2.2 Configuring Dynamic Authorization Server support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
6.2.3 Defining Wireless QoS Admission Control Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
6.2.4 Defining Wireless QoS Flexible Client Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
6.2.5 Working with bandwidth control profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
6.2.6 Configuring the Global Default Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
6.2.7 Using the Sync Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
6.3 Methods for configuring a VNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
6.4 Working with the VNS wizard to create a new VNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
6.4.1 Creating a NAC VNS using the VNS wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
6.4.2 Creating a voice VNS using the VNS wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
6.4.3 Creating a data VNS using the VNS wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
6.4.4 Creating a Captive Portal VNS using the VNS wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
6.5 Working with a GuestPortal VNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
6.5.1 Creating a GuestPortal VNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
6.6 Creating a VNS using the advanced method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
6.7 Working with existing VNSs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
6.7.1 Enabling and disabling a VNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
6.7.2 Renaming a VNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
6.7.3 Deleting a VNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
6.8 Configuring a Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
6.8.1 Configuring a basic topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
6.8.1.1 Physical Port Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
6.8.1.2 Enabling management traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
6.8.2 Layer 3 configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
6.8.2.1 IP address configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
6.8.2.2 DHCP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
6.8.2.3 Defining a next hop route and OSPF advertisement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
6.8.3 Exception filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
6.8.4 Multicast filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
6.9 Configuring WLAN Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
6.9.1 Configuring a WLAN Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
6.9.1.1 Third-party AP WLAN Service Type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
6.9.1.2 Configuring a basic WLAN service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
6.9.1.3 Assigning an optional default topology to a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
6.9.1.4 Assigning Wireless APs to a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
6.9.2 Configuring privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
6.9.2.1 About Wi-Fi Protected Access (WPA v1 and WPA v2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
6.9.2.2 Wireless 802.11n APs and WPA authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
6.9.2.3 WPA Key Management Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
6.9.2.4 Configuring WLAN Service privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
6.9.3 Configuring accounting and authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
6.9.3.1 Vendor Specific Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
6.9.3.2 Defining accounting methods for a WLAN Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
6.9.3.3 Configuring authentication for a WLAN Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
6.9.3.4 Defining the RADIUS server priority for RADIUS redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . 353
6.9.3.5 Configuring assigned RADIUS servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
6.9.3.6 Defining a WLAN Service with no authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
6.9.3.7 Configuring Captive Portal for internal or external authentication . . . . . . . . . . . . . . . . . . . . . . . 358
6.9.4 Configuring the QoS policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
6.9.4.1 Defining priority level and service class. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
6.9.4.2 Defining the service class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
6.9.4.3 Configuring the priority override. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
9034530-04, September 2010
6 HiPath Wireless Controller, Access Points and Convergen ce Sof twa re V 7.31 , User Guide
hwc_user_guideTOC.fm
Nur für den internen Gebrauch Contents
6.9.4.4 QoS modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
6.10 Configuring Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
6.10.1 Configuring VLAN and Class of Service for a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
6.10.2 About filtering rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
6.10.3 Configuring Filter Rules for a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
6.10.3.1 Non-authenticated filter examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
6.10.3.2 Authenticated filter examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
6.10.4 ICMP Type enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
6.10.5 Filtering rules for a default filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
6.10.5.1 Default filter examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
6.10.5.2 Filtering rules between two wireless devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
6.10.6 Defining filter rules for Wireless APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
6.11 Working with a Wireless Distribution System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
6.11.1 Simple WDS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
6.11.2 Wireless Repeater configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
6.11.3 Wireless Bridge configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
6.11.4 Examples of deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
6.11.5 WDS WLAN Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
6.11.6 Key features of WDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
6.11.6.1 Tree-like topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
6.11.6.2 Radio Channels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
6.11.6.3 Multi-root WDS topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
6.11.6.4 Automatic discovery of parent and backup parent Wireless APs . . . . . . . . . . . . . . . . . . . . . . . 397
6.11.6.5 Link security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
6.11.7 Deploying the WDS system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
6.11.7.1 Connecting the WDS Wireless APs to the enterprise network for discovery and registration. . 399
6.11.7.2 Configuring the WDS Wireless APs through the HiPath Wireless Controller . . . . . . . . . . . . . . 400
6.11.7.3 Assigning the Satellite Wireless APs’ radios to the network WLAN Services . . . . . . . . . . . . . . 404
6.11.7.4 Connecting the WDS Wireless APs to the enterprise network for provisioning. . . . . . . . . . . . . 405
6.11.7.5 Moving the WDS Wireless APs to the target location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
6.11.8 Changing the pre-shared key in a WDS WLAN Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
7 Availability and session availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
7.1 Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
7.1.1 Events and actions in availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
7.1.2 Availability prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
7.2 Configuring availability using the availability wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
7.3 Configuring availability manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
7.4 Session availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
7.4.1 Events and actions in session availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
7.4.2 Enabling session availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
7.4.2.1 Configuring fast failover and enabling session availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
7.4.2.2 Verifying session availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
7.4.2.3 Verify synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
7.5 Viewing the Wireless AP availability display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
7.6 Viewing SLP activity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
8 Configuring Mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
8.1 Mobility overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
8.2 Mobility domain topologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
8.3 Configuring mobility domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
9 Working with third-party APs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
9034530-04, September 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide 7
hwc_user_guideTOC.fm
Contents Nur für den internen Gebrauch
9.1 Define authentication by Captive Portal for the third-party AP WLAN Service: . . . . . . . . . . . . . . . . . . . . 439
9.2 Define the third-party APs list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
9.3 Define filtering rules for the third-party APs:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
10 Working with the Mitigator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
10.1 Mitigator overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
10.2 Enabling the Analysis and data collector engines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
10.3 Running Mitigator scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
10.4 Analysis engine overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
10.5 Working with Mitigator scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
10.6 Working with friendly APs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
10.7 Maintaining the Mitigator list of APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
10.8 Viewing the Scanner Status report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
11 Working with reports and displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
11.1 Available reports and displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
11.2 Viewing reports and displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
11.3 Viewing the Wireless AP availability display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
11.4 Viewing statistics for Wireless APs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
11.5 Viewing load balance group statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
11.6 Viewing the System Information and Manufacturing Information displays . . . . . . . . . . . . . . . . . . . . . . . 464
11.7 Viewing displays for the mobility manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
11.8 Viewing reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
11.9 Call Detail Records (CDRs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
11.9.1 CDR files naming convention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
11.9.2 CDR file types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
11.9.3 CDR file format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
11.9.4 Viewing CDRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
12 Performing system administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
12.1 Performing Wireless AP client management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
12.1.1 Disassociating a client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
12.1.2 Blacklisting a client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
12.2 Defining HiPath Wireless Assistant administrators and login groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
12.2.1 Working with GuestPortal Guest administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485
12.2.1.1 Adding new guest accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
12.2.1.2 Enabling or disabling guest accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
12.2.1.3 Editing guest accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
12.2.1.4 Removing guest accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
12.2.1.5 Importing and exporting a guest file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492
12.2.1.6 Viewing and printing a GuestPortal account ticket. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
12.2.1.7 Working with the GuestPortal ticket page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
12.3 Configuring Web session timeouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
13 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 499
13.1 Networking terms and abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
13.2 Controller, Access Points and Convergence Software terms and abbreviations . . . . . . . . . . . . . . . . . . 512
A HiPath Wireless Controller’s physical description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
A.1 HiPath Wireless Controller C5110 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
A.2 HiPath Wireless Controller C4110 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
A.3 HiPath Wireless Controller C2400 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
A.4 HiPath Wireless Controller C20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
A.5 HiPath Wireless Controller C20N. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
A.6 HiPath Wireless Controller CRBT8210/8110 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
9034530-04, September 2010
8 HiPath Wireless Controller, Access Points and Convergen ce Sof twa re V 7.31 , User Guide
hwc_user_guideTOC.fm
Nur für den internen Gebrauch Contents
B Regulatory information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
B.1 HiPath Wireless Controller C20N/C20/C2400/C4110/C5110 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
B.2 Wireless APs 26XX and 36XX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
C optiPoint WL2 Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551
C.1 optiPoint WL2 wireless telephone configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551
C.2 HiPath Wireless Controller configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
D SpectraLink Wireless Telephones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
D.1 Network Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
D.2 Configuring HiPath Wireless Controller for SpectraLink telephones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560
E Default GuestPortal source code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
E.1 Ticket page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
E.1.1 Placeholders used in the default GuestPortal ticket page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
E.1.2 Default GuestPortal ticket page source code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568
E.2 GuestPortal sample header page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
E.3 GuestPortal sample footer page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572
9034530-04, September 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide 9
hwc_user_guideTOC.fm
Contents Nur für den internen Gebrauch
9034530-04, September 2010
10 HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide
1 About this Guide
This guide describes how to install, configure, and manage the HiPath Wireless Controller, Access Point s and Conver gence Software system. This guide is also available as an online help system.
To access the online help system:
1. In the HiPath Wireless Assistant Main Menu bar, click Help. The About HiPath Wireless Assistant screen is displayed.
2. In the left pane, click Controller Documentation. The online help system is launched.
1.1 Who should use this guide
hwc_pref.fm
About this Guide
Who should use this guide
This guide is a reference for system administrators who install and manage the HiPath Wireless Controller, Access Points and Convergence Software system.
Any administrator performing tasks described in this guide must have an account with administrative privileges.
1.2 What is in this guide
This guide contains the following:
Chapter 1, “About this Guide”, describes the target audience and content of
Chapter 2, “Overview of the HiPath Wireless Controller, Access Points and
Chapter 3, “Configuring the HiPath Wireless Controller”, describes how to
Chapter 4, “Configuring the Wireless AP”, describes how to install the
the guide, the formatting conventions used in it, and how to provide feedback on the guide.
Convergence Software solution”, provides an overview of the product, its
features and functionality.
perform the installation, first time setup and configuration of the HiPath Wireless Controller, as well as configuring the data ports and de fining routing.
Wireless AP, how it discovers and registers with the HiPath Wireless Controller, and how to view and modify radio configuration.
Chapter 5, “Virtual Network Services concepts”, provides an overview of
Virtual Network Services (VNS), the mechanism by which the HiPath Wireless Controller, Access Points and Convergence Software controls and manages network access.
9034530-04, September 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide
11
hwc_pref.fm
About this Guide
What is in this guide
Chapter 6, “Configuring a VNS”, provides detailed instructions in how to
configure a VNS, either using the Wizards or by manually creating the component parts of a VNS.
Chapter 7, “Availability and session availability”, describes how to set up the
features that maintain service availability in the event of a HiPath Wireless Controller failover.
Chapter 8, “Configuring Mobility”, describes how to set up the mobility domain
that provides mobility for a wireless device user when the user roams from one Wireless AP to another in the mobility domain.
Chapter 9, “Working with third-party APs”, describes how to use the
Controller , Access Points and Convergence Software features with third-pa rty wireless access points.
Chapter 10, “Working with the Mitigator”, describes the security tool that
scans for, detects, and reports on rogue APs.
Chapter 11, “Working with reports and displays”, describes the various
reports and displays available in the HiPath Wireless Controller, Access Points and Convergence Software system.
Chapter 12, “Performing system administration”, describes system
administration activities, such as performing Wireless AP client management, defining management users, configu rin g the ne two r k time , an d co nfig u ring Web session timeouts.
Chapter 13, “Glossary”, contains a list of terms and definitions for the HiPath
Wireless Controller and the Wireless AP as well as standard industry terms used in this guide.
Appendix A, describes the physical description and LED states of the HiPath
Wireless Controller.
Appendix B, provides the regulatory information for the HiPath Wireless
Controller and the HiPath Wireless Access Points (APs).
Appendix C, describes how to configure the WL2 phone.
Appendix D, describes how to configure NetLink Wireless Telephones and
WLAN infrastructure products.
Appendix E, provides the default GuestPortal ticket page source code.
9034530-04, September 2010
12 HiPath Wireless Controller, Access Points and Conver ge n ce Software V7.31, User Guide
1.3 Formatting conventions
The HiPath Wireless Controller, Access Points and Convergence Software documentation uses the following formatting conventions to make it easier to find information and follow procedures:
•Bold text is used to identify components of the management inte rface, such as menu items and section of pages, as well as the names of buttons and text boxes.
For example: Click Logout.
Monospace font is used in code examples and to indicate text that you type. For example: T ype https://<hwc-address>[:mgmt-port>]
The following notes are used to draw your attention to additional information:
hwc_pref.fm
About this Guide
Formatting conventions
Note: Notes identify useful information, such as reminders, tips, or other ways to perform a task.
Caution: Cautionary notes identify essential information, which if ignored can adversely affect the operation of your equipment or software.
Warning: Warning notes identify essential information, which if ignored can lead to personal injury or harm.
1.4 Additional documentation
For additional HiPath Wireless documentation, see the HiPath Wireless documentation at
http://www.enterasys.com/support/manuals
9034530-04, HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide 13
September 2010
hwc_pref.fm
About this Guide
Getting Help
1.5 Getting Help
For additional support related to the product or this docu ment, contact Enterasys Networks using one of the following methods:
World Wide Web www.enterasys.com/support Phone 1-800-872-8440 (toll-free in U.S. and Canada)
or 1-978-684-1000 To find the Enterasys Networks Support toll-free number in your country: www.enterasys.com/support
Internet mail support@enterasys.com
To expedite your message, type HiPath Wireless in the subject line
To send comments concerning this document to the Technical Publications Department:
techpubs@enterasys.com
Please include the document part number in your email message.
Before contacting Enterasys Networks for technical support, have the following information ready:
Your Enterasys Networks service contract number
A description of the failure
A description of any action(s) already taken to resolve the problem (for
The serial and revision numbers of all involved Enterasys Networks products
A description of your network environment (such as layout, cable type, other
Network load and frame size at the time of trouble (if known)
The device history (for example, if you have returned the device before, or if
Any previous Return Material Authorization (RMA) numbers
1.6 Safety Information
Dangers
example, changing mode switches or rebooting the unit)
in the network
relevant environmental information)
this a recurring problem)
Replace the power cable immediately if it shows any sign of damage.
Replace any damaged safety equipment (covers, labels and protective
cables) immediately.
Use only original accessories or components approved for the system. Failure to observe these instructions may damage the equipment or even violate safety and EMC regulations.
9034530-04, September 2010
14 HiPath Wireless Controller, Access Points and Conver ge n ce Software V7.31, User Guide
hwc_pref.fm
About this Guide
Safety Information
Only authorized Siemens service personnel are permitted to service the system.
Warnings
This device must not be connected to a LAN segment with outdoor wiring.
Ensure that all cables are run correctly to avoid strain.
Replace the power supply adapter immediately if it shows any sign of
damage.
Disconnect all power before working near power supplies unless otherwise instructed by a maintenance procedure.
Exercise caution when servicing hot swappable HiPath Wireless Controller components: power supplies or fans. Rotating fans can cause serious personal injury.
This unit may have more than one power supply cord. To avoid electrical shock, disconnect all power supply cords before servicing. In the case of unit failure of one of the power supply modules, the mo du le ca n be rep lac ed without interruption of power to the HiPath Wireless Controller. However , this procedure must be carried out with caution. We ar gloves to avoid contact with the module, which will be extremely hot.
There is a risk of explosion if a lithium battery is not correctly replaced. The lithium battery must be replaced only by an identical battery or one recommended by the manufacturer.
Always dispose of lithium batteries properly.
Do not attempt to lift objects that you think are too heavy for you.
Cautions
Check the nominal voltage set for the equipment (o per ating in stru ctions a nd
type plate). High voltages capable of causing shock are used in this equipment. Exercise caution when measuring high voltages and when servicing cards, panels, and boards while the system is powered on.
Only use tools and equipment that are in perfect condition. Do not use equipment with visible damage.
To protect electrostatic sensitive devices (ESD), wear a wristband before carrying out any work on hardware.
Lay cables so as to prevent any risk of them being damaged or causing accidents, such as tripping.
9034530-04,
September 2010
HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide 15
hwc_pref.fm
About this Guide
Sicherheitshinweise
1.7 Sicherheitshinweise
Gefahrenhinweise
Sollte das Netzkabel Anzeichen von Beschädigungen aufweisen, tausch en
Tauschen Sie beschädigte Sicherheitsausrüstungen (Abdeckungen,
Verwenden Sie ausschließlich Originalzubehör oder systemspezifisch
Das System darf nur von autorisiertem Siemens-Servicepersonal gewartet
Warnhinweise
Sie es sofort aus.
Typenschilder und Schutzkabel) sofort aus.
zugelassene Komponenten. Die Nichtbeachtung dieser Hinweise kann zur Beschädigung der Ausrüstung oder zur Verletzung von Sicherheits- und EMV-Vorschriften führen.
werden.
Dieses Gerät darf nicht über Außenverdrahtung an ein LAN-Segment angeschlossen werden.
Stellen Sie sicher, dass alle Kabel korrekt geführt werden, um Zugbelastung zu vermeiden.
Sollte das Netzteil Anzeichen von Beschädigung aufweisen, tauschen Sie es sofort aus.
Trennen Sie alle Stromverbindungen, bevor Sie Arbeiten im Bereich der Stromver sorgung vornehmen, sofern dies nicht für eine Wartungsprozedur anders verlangt wird.
Gehen Sie vorsichtig vor, wenn Sie an Hotswap-fähigen HiPath Wireless Controller-Komponenten (Stromversorgungen oder Lüftern) Servicearbeiten durchführen. Rotierende Lüfter können ernsthafte Verletzungen verursachen.
Dieses Gerät ist möglicherweise über mehr als ein Netzkab el angeschlossen. Um die Gefahr eines elektrischen Schlages zu vermeiden, sollten Sie vor Durchführung von Servicearbeiten alle Netzkabel trennen. Falls eines der Stromversorgungsmodule ausfällt, kann es ausgetauscht werden, ohne die Stromversorgung zum HiPath Wireless Controller zu unterbrechen. Bei dieser Prozedur ist jedoch mit Vorsicht vorzugehen. Das Modul kann extrem heiß sein. Tragen Sie Handschuhe, um Verbrennungen zu vermeiden.
Bei unsachgemäßem Austausch der Lithium-Batte rie be ste ht Explosionsgefahr. Die Lithium-Batterie darf nur durch identische oder vom Händler empfohlene Typen ersetzt werden.
Achten Sie bei Lithium-Batterien auf die ordnungsgemäße Entsorgung.
Versuchen Sie niemals, ohne Hilfe schwere Gegenstände zu heben.
9034530-04, September 2010
16 HiPath Wireless Controller, Access Points and Conver ge n ce Software V7.31, User Guide
hwc_pref.fm
About this Guide
Consignes de sécurité
Vorsichtshinweise
Überprüfen Sie die für die Ausrüstung festgelegte Nennspannung
(Bedienungsanleitung und Typenschild). Diese Ausrüstung arbeitet mit Hochspannung, die mit der Gefahr eines elektrischen Schlages verbunden ist. Gehen Sie mit großer V orsicht vor , wenn Sie bei eingeschaltetem System Hochspannungen messen oder Karten, Schaltt afeln und Baugruppen warten.
Verwenden Sie nur Werkzeuge und Ausrüstung in einwandfreiem Zustand. Verwenden Sie keine Ausrüstung mit sichtbaren Beschädigungen.
Tragen Sie bei Arbeiten an Hardwarekomponenten ein Armband, um elektrostatisch gefährdete Bauelemente (EGB) vor Beschädigungen zu schützen.
Verlegen Sie Leitungen so, dass sie keine Unfallquelle ( S tolpergefahr) bilden und nicht beschädigt werden.
1.8 Consignes de sécurité
Dangers
Si le cordon de raccordement au secteur est endommagé, remplacez-le
immédiatement.
Remplacez sans délai les équipements de sécurité endommagés (caches, étiquettes et conducteurs de protection).
Utilisez uniquement les accessoires d'origine ou les modules agréés spécifiques au système. Dans le cas contraire, vous risquez d'endommager l'installation ou d'enfreindre les consignes en matière de sécurité et de compatibilité électromagnétique.
Seul le personnel de service Siemens est autorisé à maintenir/réparer le système.
Avertissements
Cet appareil ne doit pas être connecté à un segment de LAN à l'aide d'un
câblage extérieur.
Vérifiez que tous les câbles fonctionnent correctement pour éviter une contrainte excessive.
Si l'adaptateur d'alimentation présente des dommages , rem place z- le immédiatement.
Coupez toujours l'alimentation avant de travailler sur les alimentations électriques, sauf si la procédure de maintenance mentionne le contraire.
9034530-04, HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide 17
September 2010
hwc_pref.fm
About this Guide
Consignes de sécurité
Prenez toutes les précautions nécessaires lors de l'entretien/rép arations des modules du HiPath Wireless Controller pouvant être branchés à chaud : alimentations électriques ou ventilateurs.Les ventilateurs rotatifs peuvent provoquer des blessures graves.
Cette unité peut avoir plusieurs cordons d'alimenta tion.Pour éviter tout cho c électrique, débranchez tous les cordons d'alimentation avant de procéder à la maintenance.En cas de panne d'un des modules d'aliment ation, le module défectueux peut être changé sans éteindre le HiPath Wireless Controller. Toutefois, ce remplacement doit être effectué avec précautions. Portez des gants pour éviter de toucher le module qui peut être très chaud.
Le remplacement non conforme de la batterie au lithium peut provoquer une explosion. Remplacez la batterie au lithium par un modèle identique ou par un modèle recommandé par le revendeur.
Sa mise au rebut doit être conforme aux prescriptions en vigueur.
N'essayez jamais de soulever des objets qui risquent d' être tr op lou rds p our
vous.
Précautions
Contrôlez la tension nominale paramétrée sur l'installation (voir le mode
d'emploi et la plaque signalétique). Des tensions élevées pouvant entraîner des chocs électriques sont utilisées dans cet équipement. Lorsque le système est sous tension, prenez toutes les précautions nécessaires lors de la mesure des hautes tensions et de l'entretien/réparation des cartes, des panneaux, des plaques.
N'utilisez que des appareils et des outils en parfait état. Ne mettez jamais en service des appareils présentant des dommages visibles.
Pour protéger les dispositifs sensibles à l'électricité statique, portez un bracelet antistatique lors du travail sur le matériel.
Acheminez les câbles de manière à ce qu'ils ne puissent pas être endommagés et qu'ils ne constituent pas une source de danger (par exemple, en provoquant la chute de personnes).
9034530-04, September 2010
18 HiPath Wireless Controller, Access Points and Conver ge n ce Software V7.31, User Guide
hwc_intro.fm
Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution
2 Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution
This chapter describes HiPath Wireless Controller, Access Points and Convergence Software concepts, including:
Conventional wireless LANs
Elements of the HiPath Wireless Controller , Access Point s and Convergence
Software solution
HiPath Wireless Controller, Access Points and Convergence Sof tware and
your network
The next generation of Siemens wireless networking devices provides a truly scalable WLAN solution. Siemens Wireless APs are fit access points controlled through a sophisticated network device, the HiPath Wireless Controller. This solution provides the security and manageability required by enterprises and service providers.
The HiPath Wireless Controller, Access Points and Convergence Software system is a highly scalable Wireless Local Area Network (WLAN) solution developed by Siemens. Based on a third generation WLAN topology, the Controller, Access Points and Convergence Software system makes wireless practical for service providers as well as medium and large-scale enterprises.
The HiPath Wireless Controller, Access Points and Convergence Software system provides a secure, highly scalable, cost-effective solution based on the IEEE 802.1 1 standard. The system is intended for enterprise networks operating on multiple floors in more than one building, and is ideal for public environments, such as airports and convention centers that require multiple access points.
This chapter provides an overview of the fundamental principles of the HiPath Wireless Controller, Access Points and Convergence Software system.
The HiPath Wireless system
The HiPath Wireless Controller is a network device designed to integrate with an existing wired Local Area Network (LAN). The rack-mountable HiPath Wireless Controller provides centralized management, network access, and routing to wireless devices that use Wireless APs to access the network. It can also be configured to handle data traffic from third-party access points.
The HiPath Wireless Controller provides the following functionality:
Controls and configures Wireless APs, providing centralized management
Authenticates wireless devices that contact a Wireless AP
Assigns each wireless device to a VNS when it connects
Routes traffic from wireless devices, using VNS, to the wired network
9034530-04, September 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide
19
hwc_intro.fm
Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution
Conventional wireless LANs
Applies filtering policies to the wireless device session
Provides session logging and accounting capability
2.1 Conventional wireless LANs
Wireless communication between multiple computers requires that each computer is equipped with a receiver/transmitter—a WLAN Network Interface Card (NIC)—capable of exchanging digital information over a common radio frequency. This is called an ad hoc network configuration. An ad hoc network configuration allows wireless devices to communicate together. This setup is defined as an independent basic service set (IBSS).
An alternative to the ad hoc configuration is the use of an access point. This may be a dedicated hardware bridge or a computer running special software. Computers and other wireless devices communicate with e ach other through this access point. The 802.11 standard defines access point communications as devices that allow wireless devices to communicate with a distribution system. This setup is defined as a basic service set (BSS) or infrastructure network.
T o allow the wireless devices to communicate with computers on a wired network, the access points must be connected to the wired network providing access to the networked computers. This topology is called bridging. With bridging, security and management scalability is often a concern.
9034530-04, September 2010
20 HiPath Wireless Controller, Access Points and Conver ge n ce Software V7.31, User Guide
hwc_intro.fm
Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution
Conventional wireless LANs
RADIUS Authentication Server
Wireless AP
Wireless Devices
Ethernet
DCHP Server
Router/Switch
Wireless AP
Ethernet
Wireless Devices
Figure 1 Standard wireless network solution example
The wireless devices and the wired networks communicate with each other using standard networking protocols and addressing schemes. Most commonly, Internet Protocol (IP) addressing is used.
9034530-04,
September 2010
HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide 21
hwc_intro.fm
Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution
Elements of the HiPath Wireless Controller, Access Points and Convergence Software solution
2.2 Elements of the HiPath Wireless Controller, Access Points and Convergence Software solution
The HiPath Wireless Controller, Access Points and Convergence Software solution consists of two devices:
HiPath Wireless Controller
Wireless APs
This architecture allows a single HiPath Wireless Controller to control many Wireless APs, making the administration and management of large networks much easier.
There can be several HiPath Wireless Controllers in the network, each with a set of registered Wireless APs. The HiPath Wireless Controllers can also act as backups to each other, providing stable network availability.
In addition to the HiPath Wireless Controllers and Wireless APs, the solution requires three other components, all of which are standard for enterprise and service provider networks:
RADIUS Server (Remote Access Dial-In User Service) or other authentication server
DHCP Server (Dynamic Host Configuration Protocol). If you do not have a DHCP Server on your network, you can enable the local DHCP Server on the HiPath Wireless Controller. The local DHCP Server is useful as a general purpose DHCP Server for small subnets. For more information, see Step 10 of Section 3.4.3, “Setting up the data ports”, on page 55.
SLP (Service Location Protocol)
9034530-04, September 2010
22 HiPath Wireless Controller, Access Points and Conver ge n ce Software V7.31, User Guide
hwc_intro.fm
Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution
Elements of the HiPath Wireless Controller, Access Points an d Convergence Software solution
RADIUS Authentication Server
HiPath Wireless Controller
Wireless AP
Wireless Devices
Ethernet
DCHP Server
Router/Switch
Wireless AP
Ethernet
Wireless Devices
Figure 2 Siemens HiPath Wireless Controller solution
As illustrated in Figure 2, the HiPath Wireless Controller appears to the existing network as if it were an access point, but in fact one HiPath Wireless Controller controls many Wireless APs. The HiPath Wireless Controller has built-in capabilities to recognize and manage the Wireless APs. The HiPath Wireless Controller:
Activates the Wireless APs
Enables Wireless APs to receive wireless traffic from wireless devices
Processes the data traffic from the Wireless APs
Forwards or routes the processed data traffic out to the network
Authenticates requests and applies access policies
9034530-04,
September 2010
HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide 23
hwc_intro.fm
Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution
Elements of the HiPath Wireless Controller, Access Points and Convergence Software solution
Simplifying the Wireless APs makes them cost-effective, easy to manage, and easy to deploy. Putting control on an intelligent centralized HiPath Wireless Controller enables:
Centralized configuration, management, reporting, and maintenance
High security
Flexibility to suit enterprise
Scalable and resilient deployments with a few HiPath Wireless Controllers
controlling hundreds of Wireless APs
The HiPath Wireless Controller, Access Points and Convergence Software system:
Scales up to Enterprise capacityHiPath Wireless Controllers are scalable:
C5110 – Up to 525 APs
C4110 – Up to 250 APs
C2400 – Up to 200 APs
C20 – Up to 32 APs
C20N – Up to 32 APs
CRBT8210 – Up to 72 APs
CRBT8110 – Up to 24 APs
In turn, each Wireless AP can handle up to 254 wireless devices, with each radio supporting a maximum of 127. With additional HiPath Wireless Controllers, the number of wireless devices the solution can support can reach into the thousands.
Integrates with existing network A HiPath Wireless Controller can be added to an existing enterprise network as a new network device, greatly enhancing its capability without interfering with existing functionality. Integration of the HiPath Wireless Controllers and Wireless APs does not require any re-configuration of the existing infrastructure (for example, VLANs).
Integrates with the Enterasys NetSight Suite of products. For more information, see Section 2.2.1, “Enterasys NetSight Suite integration”, on
page 26.
Plug-in applications include:
Automated Security Manager
Inventory Manager
NAC Manager
9034530-04, September 2010
24 HiPath Wireless Controller, Access Points and Conver ge n ce Software V7.31, User Guide
hwc_intro.fm
Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution
Elements of the HiPath Wireless Controller, Access Points an d Convergence Software solution
Policy Control Console
Policy Manager
Offers centralized management and control – An administrator accesses
the HiPath Wireless Controller in its centralized location to monitor and administer the entire wireless network. From the HiPath Wireless Controller the administrator can recognize, configure, and manage the Wireless APs and distribute new software releases.
Provides easy deployment of Wireless APs The initial configuration of the Wireless APs on the centralized HiPath Wireless Controlle r can be do ne with an automatic “discovery” technique. For more information, see Section
4.2, “Discovery and registration overview”, on page 107.
Provides security via user authentication Uses existing authentication (AAA) servers to authenticate and authorize users.
Provides security via filters and privileges Uses virtual networking techniques to create separate virtual networks with defined authentication and billing services, access policies, and privileges.
Supports seamless mo bility and roaming – Supports sea mless roaming of a wireless device from one Wireless AP to another on the same HiPath Wireless Controller or on a different HiPath Wireless Controller.
Integrates third-party access points Uses a combination of network routing and authentication techniques.
Prevents rogue devices – Unauthorized access points are detected and identified as harmless or dangerous rogue APs.
Provides accounting services Logs wireless user sessions, user group activity, and other activity reporting, enabling the generation of consolidated billing records.
Offers troubleshooting capabilityLogs system and session activity and provides reports to aid in troubleshooting analysis.
Offers dynamic RF management Automatically selects channels and adjusts Radio Frequency (RF) signal propagation and power levels without user intervention.
9034530-04,
September 2010
HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide 25
hwc_intro.fm
Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution
Elements of the HiPath Wireless Controller, Access Points and Convergence Software solution
2.2.1 Enterasys NetSight Suite integration
The HiPath Wireless Controller, Access Points and Convergence Software solution now integrates with the Enterasys NetSight Suite of products. The Enterasys NetSight Suite of products provides a collection of tools to help you manage networks. Its client/server architecture lets you manage your network from a single workstation or , for networks of greater complexity, from one or more client workstations. It is designed to facilitate specific network management tasks while sharing data and providing common controls and a consistent user interface. For more information, see http://www.enterasys.com/products/visibility-
control/index.aspx
The NetSight Suite is a family of products comprised of NetSight Console and a suite of plug-in applications, including:
Automated Security Manager – Automated Security Manager is a unique threat response solution that translates security intelligence into security enforcement. It provides sophisticated identification and management of threats and vulnerabilities. For information on how the HiPath Wireless Controller , Access Points and Convergence Sof tware solution integrates with the Automated Security Manager application, see the HiPath Wireless Controller, Access Points and Convergence Software Maintenance Guide.
Inventory Manager – Inventory Manager is a tool for ef ficiently documenting and updating the details of the ever-changing network. For information on how the HiPath Wireless Controller, Access Points and Convergence Software solution integrates with the Automated Security Manager application, see the HiPath Wireless Controller, Access Points and Convergence Software Maintenance Guide.
NAC Manager – NAC Manager is a leading-edge NAC solution to ensure only the right users have access to the right information from the right place at the right time. The Enterasys NAC solution performs multi-user, multi­method authentication, vulnerability assessment and assisted remediation. For information on how the HiPath Wireless Controller, Access Points and Convergence Software solution integrates with the Enterasys NAC solution, see Section 5.3, “NAC integration with HiPath WLAN”, on page 253.
Policy Manager Policy Manager recognizes the HiPath Wireless Controller suite as policy
capable devices that accept partial configuration from Policy Manager. Currently this integration is partial in the sense that NetSight is unable to create WLAN services directly; The WLAN services need to be directly provisioned on the controller and are represented to Policy Manager as logical ports. The HiPath Wireless Controller allows Policy Manager to:
Attach T opo logies (assign VLAN to port) to the HiPath Wireless Controller
physical ports (Console).
Attach policy to the logical ports (WLAN Service/SSID),
9034530-04, September 2010
26 HiPath Wireless Controller, Access Points and Conver ge n ce Software V7.31, User Guide
hwc_intro.fm
Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution
HiPath Wireless Controller, Access Points and Convergence Software and your network
Assign a Default Role/Policy to a WLAN Service, thus creating the VNS.
Perform authentication operations which can then reference defined
policies for station-specific policy enforcement.
This can be seen as a three step process:
1. Deploy the controller and perform local configuration – The HiPath Wireless Controller ships with a default SSID, attached by
default to all AP radios, when enabled.
Use the basic installation wizard to complete the HiPath Wirele ss
Controller configuration.
2. Use Policy Manager to: – Push the VLAN list to the HiPath Wireless Controller (Topologies) – Attach VLANs to HiPath Wireless Controller physical ports (Console
- Complete Topology definition) – Push RADIUS server configuration to the HiPath Wireless Controller – Push policy definitions to the HiPath Wireless Controller – Attach the default policy to create a VNS
3. Fine tune controller settings. For example, configuring filtering at APs and HiPath Wireless Controller for a bridged at controller or routed topologies and associated VNSs.
Note: Complete information about in tegration with Policy Manager is outside the scope of this document.
2.3 HiPath Wireless Controller, Access Points and Convergence Software and your network
This section is a summary of the components of the HiPath Wireless Controller, Access Points and Convergence Software solution on your enterprise network. The following are described in detail in this guide, unless otherwise stated:
HiPath Wireless Controller – A rack-mountable network device that provides centralized control over all access points and manages the network assignment of wireless device clients associating through access points.
Wireless AP – A wireless LAN fit access point that communicates with a HiPath Wireless Controller. A Wireless AP can also be configured as a sensor, which monitors and interdicts intrusions by rogue APs and rogue clients.
9034530-04, HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide 27
September 2010
hwc_intro.fm
Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution
HiPath Wireless Controller, Access Points and Convergence Software and your network
HiPath Wireless Manager – An optional component of the solution, the HiPath Wireless Manager monitors the performance and health of the wireless network. The HiPath Wireless Manager is particularly valuable for installations that incorporate more than one HiPath Wireless Controller. For more information, see the HiPath Wireless Manager User Guide.
RADIUS Server (Remote Access Dial-In User Service) (RFC2865), or other authentication server – An authentication server that assigns and manages ID and Password protection throughout the network. Used for authentication of the wireless users in either 802.1x or Captive Portal security modes. The RADIUS Server system can be set up for certain st andard attributes, such as filter ID, and for the Vendor Specific Attributes (VSAs). In addition, Radius Disconnect (RFC3576) which permits dynamic adjustment of user policy (user disconnect) is supported.
DHCP Server (Dynamic Host Configuration Protocol) (RFC2131) – A server that assigns dynamically IP addresses, gateways, and subnet masks. IP address assignment for clients can be done by the DHCP server internal to the HiPath Wireless Controller, or by existing servers using DHCP relay . It is also used by the Wireless APs to discover the location of the HiPath Wireless Controller during the initial registration process using Options 43, 60, and Option 78. Options 43 and 60 specify the vendor class identifier (VCI) and vendor specific information. Option 78 specifies the location of one or more SLP Directory Agents. For SLP, DHCP should have Opti on 78 ena ble d.
Service Location Protocol (SLP) (SLP RFC2608) – Client applications are User Agents and services that are advertised by a Service Agent. In larger installations, a Directory Agent collects information fro m Service Agent s and creates a central repository. The Siemens solution relies on registering “siemens” as an SLP Service Agent.
Domain Name Server (DNS) – A server used as an alternate mechanism (if present on the enterprise network) for the automatic discovery process. HiPath Wireless Controller, Access Points and Conver gence Sof tware relies on the DNS for Layer 3 deployments and for static configuration of Wireless APs. The controller can be registered in DNS, to provide DNS assisted AP discovery. In addition, DNS can also be used for resolving RADIUS server hostnames.
Web Authentication Server – A server that can be used for external Captive Portal and external authentication. The HiPath Wireless Controller has an internal Captive portal presentation page, which allows Web authentication (Web redirection) to take place without the need for an external Captive Portal server.
RADIUS Accounting Server (Remote Access Dial-In User Service) (RFC2866) – A server that is required if RADIUS Accounting is enabled.
Simple Network Management Protocol (SNMP) – A Manager Server that is required if forwarding SNMP messages is enabled.
9034530-04, September 2010
28 HiPath Wireless Controller, Access Points and Conver ge n ce Software V7.31, User Guide
hwc_intro.fm
Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution
HiPath Wireless Controller, Access Points and Convergence Software and your network
Network infrastructure The Ethernet switches and routers must be configured to allow routing between the various services noted above. Routing must also be enabled between multiple HiPath Wireless Controllers for the following features to operate successfully:
Availability
Mobility
Mitigator for detection of rogue access points
Some features also require the definition of static routes.
Web Browser A browser provides access to the HiPath Wireless Controller Management user interface to configure the Controller, Access Points and Convergence Software.
SSH Enabled Device – A device that supports Secure Shell (SSH) is used for remote (IP) shell access to the system.
Zone Integrity – The Zone integrity server enhances network security by ensuring clients accessing your network are compliant with your security policies before gaining access. Zone Integrity Release 5 is supported.
HiPath HiGuard – Provides continuous active intrusion detection and prevention capabilities. For more information, see the HiPath HiGuard documentation.
2.3.1 Network traffic flow
Figure 3 illustrates a simple configuration with a single HiPath Wireless Controller
and two Wireless APs, each supporting a wireless device. A RADIUS server on the network provides authentication, and a DHCP server is used by the Wireless APs to discover the location of the HiPath Wireless Controller during the initial registration process. Network inter-connectivity is provided by the infrastructure routing and switching devices.
9034530-04, HiPath Wireless Controller, Access Points and Convergence Software V7.31, User Guide 29
September 2010
hwc_intro.fm
Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution
HiPath Wireless Controller, Access Points and Convergence Software and your network
Packet transmission
Control and Routing
>HWC authenticates wireless user >HWC forwards IP packet to wired
network
Tunnelling
>AP sends data traffic to HWC through UDP tunnel called WASSP >HWC controls Wireless AP through WASSP tunnel >Using WASSP tunnels, HWC allows wireless clients to roam to Wireless APs on different HWCs
802.11 packet transmission
RADIUS Authentication Server
HiPath Wireless Controller
DHCP Server
External CP Server
Wireless APs
External Web Authentication Server
Router/Switch
802.11 beacon and probe, wireless device associates with a Wireless AP by its SSID
Figure 3 Traffic Flow diagram
Each wireless device sends IP packets in the 802.1 1 standard to the Wireless AP. The Wireless AP uses a UDP (User Datagram Protocol) based tunnelling protocol. In tunneled mode of operation, it encapsulates th e packets and forwards them to the HiPath Wireless Controller. The HiPath Wireless Controller decapsulates the packets an d routes these to destinations on the network. In a typical configuration, access points can be configured to locally bridge traffic (to a configured VLAN) directly at their network point of attachment.
The HiPath Wireless Controller functions like a standard L3 router or L2 switch. It is configured to route the network traffic associated with wireless connected users. The HiPath Wireless Controller can also be configured to simply forward traffic to a default or static route if dynamic routing is not preferred or available.
Wireless Devices
9034530-04, September 2010
30 HiPath Wireless Controller, Access Points and Conver ge n ce Software V7.31, User Guide
Loading...
+ 398 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use