Samsung WEA453E Installation guide

Ver.

2600-00FK1RGA4

6.0

WEC8500/WEC8050 (APC)

Operation Manual

This manual is proprietary to SAMSUNG Electronics Co., Ltd. and is protected by copyright. No information contained herein may be copied, translated, transcribed or duplicated for any commercial purposes or disclosed to the third party in any form without the prior written consent of SAMSUNG Electronics Co., Ltd.

TRADEMARKS

Product names mentioned in this manual may be trademarks and/or registered trademarks of their respective companies.

This manual should be read and used as a guideline for properly installing and operating the product.

All reasonable care has been made to ensure that this document is accurate. If you have any comments on this manual, please contact our documentation centre at the following homepage:

Homepage: http://www.samsungdocs.com

INTRODUCTION

Purpose

This manual describes the overview, management, and setup of WEC8500/WEC8050 that is a Samsung Wireless Enterprise (W-EP) Access Point Controller (APC). This manual is written for WEC8500 version 1.4.4, WEC8050 version 1.0.0.

INTRODUCTION

Document Content and Organization

This manual consists of ten Chapters, three Annexes, and a list of Abbreviations.

CHAPTER 1. Access Point Controller System Overview

This chapter describes the main functions, network configuration, external configuration and service scenario of APC.

CHAPTER 2. Basic System Configuration

This chapter describes how to configure to use Command Line Interface (CLI) and Web UI.

CHAPTER 3. Data Network Function

This chapter describes how to set up the data network such as interface, Virtual Local Area Network (VLAN), L3, or Quality of Service (QoS), etc. of APC.

CHAPTER 4. AP Connection Management

This chapter describes the connection management function of APC and Samsung W-EP wireless LAN Access Point (AP).

CHAPTER 5. WLAN Management

This chapter describes how to set up the Wireless Local Area Network (WLAN) of APC.

CHAPTER 6. Wi-Fi Configuration

This chapter describes how to configure the Wireless Fidelity (Wi-Fi) of APC, QoS, and country code.

page 3 of 628

INTRODUCTION

CHAPTER 7. WLAN Additional Service

This chapter describes how to set up WLAN additional services available in the APC.

CHAPTER 8. Security

This chapter describes how to set up security related setting such as Remote Authentication Dial-In User Service (RADIUS) server available in the APC, unauthorized AP detection and blocking function, guest access, WEB pass-through, Network Address Translation (NAT), firewall function, etc.

CHAPTER 9. IP Application

This chapter describes the Internet Protocol (IP) application functions available in the APC such as Domain Naming Service (DNS), Network Time Protocol (NTP), File Transfer Protocol (FTP)/sFTP, or Telnet/SSH.

CHAPTER 10. System Management

This chapter describes the various system management functions available in the APC.

ANNEX A. CLI Command Structure

Command structure available in the CLI of APC.

ANNEX B. Open Source Announcement (WEC8500/WEC8050)

Open source list used in the APC and its license notice.

ANNEX C. Open Source Announcement (WEA302/WEA303/WEA312/ WEA313/WEA403/WEA412)

Open source list used in the Samsung W-EP wireless LAN AP and its license notice.

ABBREVIATION

Describes the acronyms used in this manual.

Conventions

The following types of paragraphs contain special information that must be carefully read and thoroughly understood. Such information may or may not be enclosed in a rectangular box, separating it from the main text, but is always preceded by an icon and/or a bold title.

NOTE

Indicates additional information as a reference.

page 4 of 628

Console Screen Output

VERSION

DATE OF ISSUE

REMARKS

6.0

12. 2014.

Updated the content overall in accordance with the package version 2.4.0

5.0

05. 2014.

Updated the content overall in accordance with the package version 2.0.0

4.0

01. 2014.

- Changed contents

 1.3.1 WEC8500 Configuration and Functions  4.2.6.3 Tech Support Information

3.0

10. 2013.

- Updated the content overall in accordance with the package version (WEC8500 version 1.4.4, WEC8050 version 1.0.0)

- Added contents for WEC8050

2.0

06. 2013.

- Updated the content overall in accordance with the package version 1.3.0

- Added contents

 3.4.6 OS-AWARE  7.4.2 DPC Configuration  7.4.3 DCS Configuration  7.4.4 CHDC Configuration

- Changed contents

 7.10 Clustering  10.8.2 System Upgrade

1.0

03. 2013.

First Version

 The lined box with ‘Courier New’ font will be used to distinguish between the

main content and console output screen text.

 ‘Bold Courier New’ font will indicate the value entered by the operator on the

console screen.

Revision History

INTRODUCTION

page 5 of 628

TABLE OF CONTENTS

INTRODUCTION 3

Purpose ....................................................................................................................................... 3

Document Content and Organization .......................................................................................... 3

Conventions ................................................................................................................................ 4

Console Screen Output ............................................................................................................... 5

Revision History .......................................................................................................................... 5

CHAPTER 1. Access Point Controller System Overview 21

1.1 APC Overview .......................................................................................................................... 21

1.2 Network Configuration ............................................................................................................ 23

1.3 APC Configuration and Functions ......................................................................................... 26

1.3.1 WEC8500 Configuration and Functions ...................................................................... 26

1.3.2 WEC8050 Configuration and Functions ...................................................................... 30

1.4 APC Application Configuration and Service Scenario ......................................................... 32

1.4.1 Basic Configuration ..................................................................................................... 32

1.4.2 Configuration of Multiple APC for Redundancy ........................................................... 33

1.4.3 Clustering Configuration using Multiple APC (WEC8500) ........................................... 34

1.4.4 Configuration of Multiple Sites Consisting of Headquarter and Branches ................... 37

1.5 NAT Configuration between AP and APC .............................................................................. 39

CHAPTER 2. Basic System Configuration 40

2.1 Basic System Configuration ................................................................................................... 40

2.1.1 CLI Connection ........................................................................................................... 40

2.1.2 Managing Operator Account ........................................................................................ 41

2.1.3 APC Management Port Configuration ......................................................................... 42

2.1.4 SNMP Community Configuration................................................................................. 42

2.1.5 CLI Basic Usage ......................................................................................................... 42

2.2 Using Web UI ........................................................................................................................... 45

2.2.1 Web UI Connection ..................................................................................................... 45

2.2.2 WEC Main Window ..................................................................................................... 46

2.2.3 Managing Operator Account ........................................................................................ 47

page 6 of 628

TABLE OF CONTENTS

2.3 Initial Setup Wizard ..................................................................................................................48

2.3.1 Overview......................................................................................................................48

2.3.2 Connecting ..................................................................................................................48

2.3.3 How to Use ..................................................................................................................49

CHAPTER 3. Data Network Function 52

3.1 Port Configuration ...................................................................................................................52

3.1.1 Port management ........................................................................................................52

3.2 Interface Configuration ...........................................................................................................56

3.2.1 Interface management .................................................................................................56

3.2.2 Managing Interface Group ...........................................................................................59

3.3 VLAN Configuration.................................................................................................................61

3.3.1 VLAN ...........................................................................................................................61

3.3.2 Bridge ..........................................................................................................................63

3.3.3 Spanning Tree .............................................................................................................66

3.4 Layer 3 Protocol Configuration ..............................................................................................70

3.4.1 IP Address Configuration .............................................................................................70

3.4.2 Static Routing Configuration ........................................................................................70

3.4.3 IP Multicast Routing Configuration ..............................................................................71

3.4.4 PIM Configuration ........................................................................................................72

3.4.5 OSPF Configuration ....................................................................................................72

3.4.6 VRRP Configuration .................................................................................................. 110

3.4.7 Configuring IPWATCHD............................................................................................. 113

3.5 QoS ..................................................................................................................................... 114

3.5.1 ACL Configuration ..................................................................................................... 114

3.5.2 Class-map Configuration ................................ ........................................................... 118

3.5.3 Policy-map Configuration........................................................................................... 119

3.5.4 Service Policy Configuration ......................................................................................120

3.5.5 Time Profile................................................................................................................121

3.5.6 OS-AWARE ...............................................................................................................124

3.6 Multicast to Unicast ...............................................................................................................127

3.7 IP Multicast Configuration ....................................................................................................127

3.7.1 IP Multicast Routing Configuration ............................................................................127

3.7.2 PIM Configuration ......................................................................................................127

3.8 IGMP Snooping ......................................................................................................................130

3.9 Deep Packet Inspection .........................................................................................................133

3.9.1 Configuring Profile and Application Rule ...................................................................133

page 7 of 628

TABLE OF CONTENTS

3.9.2 Configuring Application Group ................................................................................... 134

3.9.3 Checking Statistics by Category ................................................................................ 134

CHAPTER 4. AP Connection Management 139

4.1 APC Management .................................................................................................................. 139

4.1.1 Managing APC List .................................................................................................... 139

4.1.2 Management Interface Configuration ........................................................................ 141

4.1.3 CAPWAP Configuration............................................................................................. 142

4.1.4 AP Registration (Auto Discovery) Configuration ........................................................ 144

4.1.5 Managing AP File Transmission ................................................................................ 145

4.1.6 APC Redundancy Configuration ............................................................................... 145

4.2 AP Management ..................................................................................................................... 151

4.2.1 AP Group Configuration ................................ ............................................................ 151

4.2.2 Configuring Remote AP Group .................................................................................. 167

4.2.3 AP Time Synchronization per Group ......................................................................... 173

4.2.4 AP Configuration ....................................................................................................... 175

4.2.5 Information Management .......................................................................................... 186

4.2.6 Outdoor AP Configuration ......................................................................................... 189

4.2.7 AP Package Upgrade ................................................................................................ 190

4.2.8 Remote AP Package Upgrade .................................................................................. 195

CHAPTER 5. WLAN Management 204

5.1 WLAN Configuration ............................................................................................................. 204

5.1.1 Basic WLAN Configuration ........................................................................................ 204

5.1.2 WLAN Additional Configuration ................................................................................. 207

5.1.3 WLAN-based ACL Configuration ............................................................................... 209

5.1.4 Managing Root Service ............................................................................................. 211

5.1.5 MCS Configuration Management by WLAN .............................................................. 214

5.2 Local Switching ..................................................................................................................... 217

5.3 Security and Authentication ................................................................................................. 220

5.3.1 Initialization of WLAN Security Function.................................................................... 220

5.3.2 WPA/WPA2 PSK Configuration ................................................................................. 222

5.3.3 WPA/WPA2 802.1x Configuration ............................................................................. 225

5.3.4 Static WEP Configuration .......................................................................................... 229

5.3.5 Dynamic WEP Configuration ..................................................................................... 231

5.4 DHCP Configuration ................................................................ .............................................. 234

5.4.1 DHCP Server ............................................................................................................ 234

5.4.2 DHCP Relay .............................................................................................................. 242

page 8 of 628

TABLE OF CONTENTS

5.4.3 DHCP Proxy ..............................................................................................................243

5.4.4 Option 82 Configuration .............................................................................................244

5.4.5 Primary/Secondary Server Configuration ..................................................................246

5.5 Radio Service Configuration .................................................................................................249

CHAPTER 6. Wi-Fi Configuration 251

6.1 802.11a/b/g/n/ac Radio Property ...........................................................................................251

6.1.1 802.11a/b/g Configuration ..........................................................................................251

6.1.2 802.11n Configuration ................................................................................................256

6.1.3 802.11ac Configuration ..............................................................................................257

6.2 Wi-Fi QoS Configuration .......................................................................................................259

6.2.1 QoS Configuration of Wireless Terminal ....................................................................259

6.2.2 QoS Configuration of AP............................................................................................261

6.2.3 Configuring QoS Profile of a Specific Terminal ..........................................................265

6.2.4 Voice Optimization Configuration ...............................................................................267

6.3 802.11h Configuration ...........................................................................................................268

6.4 Country Code .........................................................................................................................270

CHAPTER 7. WLAN Additional Services 274

7.1 Managing Wireless Terminal .................................................................................................274

7.1.1 Information Retrieval Functions .................................................................................274

7.1.2 Connection History related Configuration ................................................................ ..275

7.2 Handover Management .........................................................................................................276

7.2.1 Connection History Information .................................................................................276

7.2.2 AirMove Configuration ...............................................................................................276

7.2.3 Inter APC Handover Configuration ............................................................................278

7.3 Call Admission Control (CAC) Configuration ......................................................................279

7.3.1 SIP ALG Configuration ...............................................................................................279

7.3.2 Voice CAC Configuration ...........................................................................................281

7.3.3 Video CAC Configuration ...........................................................................................283

7.4 Radio Resource Management (RRM) ...................................................................................285

7.4.1 RRM Configuration ....................................................................................................285

7.4.2 DPC Configuration .....................................................................................................286

7.4.3 DCS Configuration .....................................................................................................288

7.4.4 CHDC Configuration ..................................................................................................290

7.4.5 Sleeping Cell Detection .............................................................................................294

7.4.6 Energy Saving Groups ...............................................................................................296

page 9 of 628

TABLE OF CONTENTS

7.4.7 Energy Saving Auto Classification ............................................................................. 297

7.5 Location Tracking .................................................................................................................. 300

7.6 Spectrum Analysis ................................................................................................................ 301

7.6.1 Retrieving Spectrum Analysis Data ........................................................................... 301

7.6.2 Spectrum Analysis Configuration ............................................................................... 304

7.6.3 Interference Type Configuration ................................................................................ 306

7.7 Controlling Usage per User .................................................................................................. 307

7.8 Remote Packet Capture ........................................................................................................ 309

7.9 Clustering ............................................................................................................................... 311

7.10 Limiting the Number of Connected Users ........................................................................... 315

7.10.1 Limiting Connections per Radio ................................................................................ 315

7.10.2 Connection Limitation per WLAN .............................................................................. 316

7.11 Voice Statistics and Communication Failure Detection ..................................................... 318

7.11.1 Voice Statistics Function ............................................................................................ 318

7.11.2 Detecting WLAN-based Communication Failure ....................................................... 320

7.12 Voice Signal and Media Monitoring ..................................................................................... 321

7.12.1 Checking Voice Related Wireless Information ........................................................... 321

7.12.2 Checking Voice Related Quality Information ............................................................. 326

7.13 Multicast Stream Admission Control ................................................................................... 329

7.13.1 Configuring Admission Control .................................................................................. 329

7.14 Wi-Fi Band Steering .............................................................................................................. 331

7.14.1 Activating Band Steering Function ............................................................................ 331

7.15 Wi-Fi Load Balancing ............................................................................................................ 334

7.15.1 Activating Load Balancing Function .......................................................................... 334

7.16 Station-based Adaptive Load Balancing ............................................................................. 336

7.16.1 Basic Setting of Station-based Adaptive Load Balancing .......................................... 336

7.16.2 Setting AP Group Parameter ..................................................................................... 337

7.16.3 Setting AP Parameters .............................................................................................. 339

CHAPTER 8. Security 341

8.1 RADIUS Server Configuration .............................................................................................. 341

8.1.1 External RADIUS Server ........................................................................................... 341

8.1.2 Internal RADIUS Server ............................................................................................ 347

8.2 Unauthorized AP/Terminal Detection and Blocking ........................................................... 351

8.2.1 Enabling Detection Function ..................................................................................... 351

8.2.2 Detection ................................................................................................................... 352

page 10 of 628

TABLE OF CONTENTS

8.2.3 Enabling Blocking Function .......................................................................................370

8.2.4 Blocking .....................................................................................................................370

8.3 Captive Portal .........................................................................................................................374

8.3.1 Configuring Guest Authentication ..............................................................................374

8.3.2 Configuring Guest ACL ..............................................................................................376

8.3.3 Configuring Web Authentication ................................................................................378

8.3.4 Configuring Web Authentication on MAC Authentication Failure ...............................381

8.3.5 Configuring Web Pass-through ..................................................................................385

8.3.6 Configuring One Time Redirection .............................................................................387

8.3.7 Redirection Address Format ......................................................................................389

8.4 NAT and Firewall Configuration............................................................................................390

8.4.1 Firewall Configuration ................................................................................................390

8.4.2 Access List Configuration ................................ ..........................................................391

8.4.3 NAT Configuration .....................................................................................................392

8.5 MAC Filter ...............................................................................................................................396

8.6 Operator Authentication through Interoperation with TACACS+ Server ..........................399

8.6.1 Configuring External TACACS+ Server .....................................................................399

8.6.2 Configuring Authentication Type of Operator Account ...............................................402

8.7 Role Based Access Control ................................................................................................ ..403

8.7.1 Configuring Role Profile .............................................................................................403

8.7.2 Configuring Derivation Profile ....................................................................................404

8.7.3 Configuring ACL Profile .............................................................................................407

8.7.4 Configuration Synchronization (Remote AP Group)................................................... 411

8.8 External BYOD Server ...........................................................................................................414

8.8.1 Configuring External BYOD Server ...........................................................................414

8.8.2 Captive Portal Configuration ......................................................................................416

CHAPTER 9. IP Application 419

9.1 DNS .....................................................................................................................................419

9.1.1 DNS Client Configuration...........................................................................................419

9.1.2 DNS Proxy Configuration...........................................................................................420

9.2 NTP .....................................................................................................................................422

9.3 FTP/sFTP ................................................................................................................................425

9.4 Telnet/SSH ..............................................................................................................................428

9.5 Utilities ................................ ................................ ................................................................ ....430

page 11 of 628

TABLE OF CONTENTS

CHAPTER 10. System Management 431

10.1 SNMP Configuration .............................................................................................................. 431

10.1.1 SNMP Community ..................................................................................................... 431

10.1.2 SNMP Trap ................................................................................................................ 432

10.2 System Management ................................................................ ................................ ............. 434

10.2.1 Retrieving System Information .................................................................................. 434

10.2.2 System Reboot ................................................................................................ .......... 439

10.3 System Resource Management ........................................................................................... 441

10.3.1 Retrieving System Status .......................................................................................... 441

10.3.2 Retrieving and Configuring Threshold ....................................................................... 444

10.4 Managing Alarm and Event ................................................................................................... 445

10.4.1 Retrieving Current Alarm ........................................................................................... 446

10.4.2 Retrieving History ...................................................................................................... 447

10.4.3 External Transmission Configuration ......................................................................... 449

10.4.4 Alarm Filter and Level Configuration ......................................................................... 449

10.5 Managing Traffic Performance ............................................................................................. 451

10.5.1 Managing History Information ................................................................................... 451

10.5.2 Managing Real-time Information Collection............................................................... 452

10.6 Managing License Key .......................................................................................................... 453

10.6.1 Managing SLM License (Activation) Key ................................................................... 453

10.6.2 Managing Old License Key ....................................................................................... 456

10.7 Syslog Configuration ............................................................................................................ 459

10.8 Upgrade .................................................................................................................................. 461

10.8.1 Checking Package Version ....................................................................................... 461

10.8.2 System Upgrade ....................................................................................................... 461

10.9 Configuration Management .................................................................................................. 464

10.10 Debug and Diagnosis ............................................................................................................ 466

10.10.1 Process ..................................................................................................................... 466

10.10.2 Retrieving Crash Information ..................................................................................... 468

10.11 File Management ................................................................................................................... 471

10.11.1 Retrieving Configuration of Current Directory ............................................................ 471

10.11.2 Retrieving Directory List ............................................................................................ 472

10.11.3 Revising File .............................................................................................................. 473

10.11.4 Retrieve File Content................................................................................................. 473

10.11.5 File Download and Upload ........................................................................................ 474

10.11.6 Package File ............................................................................................................. 474

10.11.7 Retrieving Storage Media .......................................................................................... 476

page 12 of 628

TABLE OF CONTENTS

10.11.8 Managing File in Web UI ...........................................................................................477

10.11.9 Statistics Function ......................................................................................................480

ANNEX A. CLI Command Structure 522

A.1 configure ................................................................................................................................522

A.2 show........................................................................................................................................552

A.3 clear ........................................................................................................................................564

A.4 debug ................................ ......................................................................................................566

A.5 file............................................................................................................................................569

A.6 Etc ...........................................................................................................................................569

ANNEX B. Open Source Announcement (WEC8500/WEC8050) 570

ANNEX C. Open Source Announcement (WEA302/WEA303/

WEA312/WEA313/WEA403/WEA412) 599

ABBREVIATION 624

page 13 of 628

LIST OF FIGURES

Figure 1. System Structure for Wireless Enterprise Solution ...................................................... 22

Figure 2. W-EP Network Configuration ....................................................................................... 23

Figure 3. WEC8500 Interface-Front/Back ................................................................................... 26

Figure 4. System LED Configuration .......................................................................................... 26

Figure 5. Management Port Configuration .................................................................................. 27

Figure 6. Optic port configuration ............................................................................................... 28

Figure 7. Power module configuration ................................................................ ........................ 29

Figure 8. WEC8050 interface-Front/Back ................................................................................... 30

Figure 9. Status LED configuration ............................................................................................. 30

Figure 10. Ethernet Port Configurations ..................................................................................... 31

Figure 11. Basic Configuration of W-EP Wireless LAN System .................................................. 32

Figure 12. Example of W-EP Wireless LAN System Configuration for Redundancy .................. 33

TABLE OF CONTENTS

Figure 13. Example of W-EP Wireless LAN System Configuration for Distributed Clustering

Service ...................................................................................................................... 35

Figure 14. Example of W-EP Wireless LAN System Configuration for Centralized Clustering

Service ...................................................................................................................... 36

Figure 15. Example of W-EP Wireless LAN System Configuration for Multiple Sites consisting of

Headquarter and Branches ....................................................................................... 37

Figure 16. AP-APC NAT Environment Configuration Diagram .................................................... 39

Figure 17. Web UI Connection Window ...................................................................................... 45

Figure 18. WEC Main Window .................................................................................................... 46

Figure 19. Operator Account Management Window ................................................................... 47

Figure 20. Operator Account Addition Window ........................................................................... 47

Figure 21. Initial Setup Wizard Welcome Screen ....................................................................... 49

Figure 22. Move to the setup step of the initial setup wizard ...................................................... 49

Figure 23. Port Management Window ........................................................................................ 54

Figure 24. Port Configuration Change Window .......................................................................... 55

Figure 25. Interfaces Window (1) ................................................................................................ 57

Figure 26. Interfaces Window (2) ................................................................................................ 57

Figure 27. Interfaces Window (3) ................................................................................................ 58

Figure 28. Interface Group Window (1) ...................................................................................... 59

Figure 29. Interface Group Window (2) ...................................................................................... 60

Figure 30. Spanning Tree Configuration Window (1) .................................................................. 68

Figure 31. Spanning Tree Configuration Window (2) .................................................................. 69

Figure 32. Spanning Tree Configuration Window (3) .................................................................. 69

Figure 33. Static Routing Configuration Window ........................................................................ 71

Figure 34. OSPF Configuration Window ..................................................................................... 73

page 14 of 628

TABLE OF CONTENTS

Figure 35. VRRP-Operation Window ........................................................................................ 112

Figure 36. VRRP-Circuit Failover Window (1) ........................................................................... 112

Figure 37. VRRP-Circuit Failover Window (2) ........................................................................... 112

Figure 38. IPWATCHD Configuration Window .......................................................................... 113

Figure 39. ACL Configuration Window ...................................................................................... 115

Figure 40. Window where a Time Profile is Applied to ACL ...................................................... 115

Figure 41. ACL Interface Configuration Window (1) .................................................................. 116

Figure 42. ACL Interface Configuration Window (2) .................................................................. 116

Figure 43. Admin ACL Configuration Window ........................................................................... 118

Figure 44. Time Profile Configuration Window (1) .....................................................................121

Figure 45. Time Profile Configuration Window (2) .....................................................................122

Figure 46. Applying to ACL .......................................................................................................123

Figure 47. IP Multicast Configuration Window ..........................................................................127

Figure 48. PIM-SM Configuration Window (1)...........................................................................128

Figure 49. PIM-SM Configuration Window (2)...........................................................................128

Figure 50. PIM-SM Configuration Window (3)...........................................................................129

Figure 51. PIM-SM Configuration Window (4)...........................................................................129

Figure 52. IGMP Snooping Config Window ...............................................................................131

Figure 53. IGMP Snooping Mroute Creation Window (1) ..........................................................131

Figure 54. IGMP Snooping Mroute Creation Window (2) ..........................................................132

Figure 55. IGMP Snooping Mroute Creation Window (3) ..........................................................132

Figure 56. IGMP Snooping Mroute Creation Window (4) ..........................................................132

Figure 57. APC List Management Window ...............................................................................140

Figure 58. Management interface configuration ........................................................................141

Figure 59. AP Registration Method Setup Window ...................................................................144

Figure 60. Redundancy Configuration Window .........................................................................148

Figure 61. AP retrieving window ................................................................................................149

Figure 62. AP redundancy Configuration Window .....................................................................150

Figure 63. AP groups configuration Window .............................................................................152

Figure 64. AP Group Addition Window ......................................................................................152

Figure 65. General Configuration Window for AP Group ..........................................................155

Figure 66. AP Add/Remove Window for AP Group ...................................................................157

Figure 67. WLAN Add/Remove Window for AP Group ..............................................................158

Figure 68. 802.11a/n Window for AP Group ..............................................................................159

Figure 69. 802.11b/g/n Window for AP Group ...........................................................................160

Figure 70. Advanced Configuration Window for AP Group........................................................166

Figure 71. Remote AP Group Add/Remove Window .................................................................168

Figure 72. Local Authentication Configuration Window for Remote AP Group ..........................169

Figure 73. Window for Configuring Tunneling Forwarding of Remote AP Group ......................171

page 15 of 628

TABLE OF CONTENTS

Figure 74. Window for Configuring Local Bridging Forwarding of Remote AP Group ............... 172

Figure 75. AP Time Synchronization Configuration Options ..................................................... 174

Figure 76. Adding Access Points .............................................................................................. 175

Figure 77. AP Profile Setting (1) ............................................................................................... 179

Figure 78. AP Profile Setting (2) ............................................................................................... 181

Figure 79. AP mode configuration ............................................................................................ 182

Figure 80. AP CLI Account Add/Remove Window .................................................................... 183

Figure 81. AP SNMP v1/v2c Community Configuration Window .............................................. 185

Figure 82. AP v3 User Configuration Window ........................................................................... 185

Figure 83. AP Ports window ...................................................................................................... 187

Figure 84. AP Ports detail information window ......................................................................... 187

Figure 85. AP Tech Support Information Receiving Window ..................................................... 188

Figure 86. Outdoor AP Create Window..................................................................................... 190

Figure 87. AP upgrade .............................................................................................................. 193

Figure 88. AP upgrade-global ................................................................................................... 193

Figure 89. AP upgrade-individual .............................................................................................. 194

Figure 90. AP upgrade-advanced ............................................................................................. 195

Figure 91. Remote AP Group Upgrade Activation_1 ................................................................ 196

Figure 92. Remote AP Group Upgrade Activation_2 ................................................................ 197

Figure 93. Checking Master AP Configuration .......................................................................... 198

Figure 94. Checking Master AP Configuration .......................................................................... 198

Figure 95. AP Package Configuration ....................................................................................... 200

Figure 96. Starting AP Upgrade ................................................................................................ 201

Figure 97. Restarting and Upgrading AP .................................................................................. 203

Figure 98. WLAN basic configuration (1) .................................................................................. 206

Figure 99. WLAN basic configuration (2) .................................................................................. 206

Figure 100. WLAN-based ACL configuration ............................................................................ 210

Figure 101. Root service management (1) ............................................................................... 213

Figure 102. Root service management (2) ............................................................................... 213

Figure 103. MCS by WLAN: 802.11a/n/ac Configuration Management window ....................... 216

Figure 104. MCS by WLAN: 802.11b/g/n Configuration Management window ......................... 216

Figure 105. Local Switching Configuration Window of WLAN .................................................. 218

Figure 106. Split ACL Configuration Window of WLAN Allocated to AP .................................... 219

Figure 107. VLAN/ACL/Pre-Auth.ACL Configuration Window of WLAN Allocated to AP .......... 219

Figure 108. Initialization of WLAN security function .................................................................. 221

Figure 109. WPA/WPA2 PSK configuration .............................................................................. 224

Figure 110. WPA/WPA2 802.1x Configuration (1) ..................................................................... 227

Figure 111. WPA/WPA2 802.1x Configuration (2) ..................................................................... 228

Figure 112. Static WEP configuration ....................................................................................... 230

page 16 of 628

TABLE OF CONTENTS

Figure 113. Dynamic WEP Configuration Window ....................................................................233

Figure 114. DHCP server configuration .....................................................................................234

Figure 115. DHCP Pool (1) .......................................................................................................240

Figure 116. DHCP Pool (2) .......................................................................................................240

Figure 117. DHCP Relay ...........................................................................................................242

Figure 118. DHCP Proxy ...........................................................................................................243

Figure 119. Option 82 configuration (1) .....................................................................................245

Figure 120. Option 82 configuration (2) ....................................................................................245

Figure 121. Primary/Secondary server configuration (1) ...........................................................247

Figure 122. Primary/Secondary server configuration (2) ...........................................................247

Figure 123. Primary/Secondary server configuration (3) ...........................................................248

Figure 124. Radio service configuration ....................................................................................250

Figure 125. 802.11a/b/g/n radio (1) ...........................................................................................254

Figure 126. 802.11a/b/g/n radio (2) ...........................................................................................255

Figure 127. QoS configuration of a wireless terminal (1) ..........................................................260

Figure 128. QoS configuration of a wireless terminal (2) ..........................................................260

Figure 129. QoS configuration of AP (wireless section) ............................................................264

Figure 130. Configuring QoS profile of a specific terminal ........................................................266

Figure 131. Configuring voice optimization ...............................................................................267

Figure 132. Configuring 802.11h ...............................................................................................269

Figure 133. Country code window (1) .......................................................................................272

Figure 134. Country code window (2) .......................................................................................273

Figure 135. Information viewing window ................................ ...................................................275

Figure 136. Handover window ..................................................................................................278

Figure 137. SIP ALG configuration window ...............................................................................280

Figure 138. Admission control configuration of 802.11a/n .........................................................282

Figure 139. 802.11a/n Admission Control Configuration Window .............................................284

Figure 140. RRM configuration window ....................................................................................286

Figure 141. DPC settings ..........................................................................................................287

Figure 142. DCS settings ..........................................................................................................290

Figure 143. CHDC settings .......................................................................................................293

Figure 144. Spectrum Analysis Data .........................................................................................304

Figure 145. Controlling Usage per User ....................................................................................308

Figure 146. Clustering window ..................................................................................................314

Figure 147. Clustering addition window ....................................................................................314

Figure 148. Configuring connection limitation per radio ............................................................316

Figure 149. Configuring connection limitation per WLAN ..........................................................317

Figure 150. Voice statistics .......................................................................................................319

Figure 151. Detecting WLAN-based communication failure ......................................................320

page 17 of 628

TABLE OF CONTENTS

Figure 152. VoIP Stations Retrieval Screen .............................................................................. 324

Figure 153. Active Call Retrieval Screen .................................................................................. 325

Figure 154. Complete Calls Retrieval Screen ........................................................................... 325

Figure 155. 802.11a/n Admission Control Configuration Window ............................................. 330

Figure 156. Band Steering Function On/Off and Band Setting ................................................. 333

Figure 157. Configuring Load Balancing Function .................................................................... 335

Figure 158. RADIUS server configuration ................................................................................ 343

Figure 159. RADIUS Server MAC Authentication Configuration Window ................................. 346

Figure 160. Wireless Intrusion General Configuration Window ................................................ 351

Figure 161. Managed Rule Configuration Window ................................................................... 353

Figure 162. Managed Addition Window .................................................................................... 353

Figure 163. Unmanaged Rule Configuration Window ............................................................... 355

Figure 164. Unmanaged Rule Addition Window ....................................................................... 355

Figure 165. List Window to Manually Change Classification .................................................... 357

Figure 166. Classification Change Window in AP Detail Screen .............................................. 357

Figure 167. List Window to Manually Remove.......................................................................... 358

Figure 168. Manual Remove Change Window in AP Detail Screen ......................................... 359

Figure 169. Configuration Window for Unauthorized AP Detection Option ............................... 360

Figure 170. Configuration Window for Unauthorized Station Detection Option......................... 362

Figure 171. Configuration Window for Channel Validation........................................................ 363

Figure 172. AP blacklist Configuration Window ........................................................................ 365

Figure 173. Managed AP Window ............................................................................................ 365

Figure 174. Station blacklist Search/Configuration Window ..................................................... 366

Figure 175. Managed Station Search Window .......................................................................... 366

Figure 176. Managed SSID Window ........................................................................................ 367

Figure 177. Managed/Neighbor AP Search/Configuration Window .......................................... 368

Figure 178. Managed/Neighbor AP List Addition Window......................................................... 368

Figure 179. Station Allowed Limit Configuration Window .......................................................... 369

Figure 180. Wireless Intrusion Containment General Configuration Window ........................... 370

Figure 181. List Window for Blocking AP .................................................................................. 371

Figure 182. List Window for Blocking Station ............................................................................ 372

Figure 183. Automatic Blocking Configuration Window ............................................................ 373

Figure 184. Guest User Configuration Window ........................................................................ 375

Figure 185. Guest User List Window ........................................................................................ 376

Figure 186. Guest Auth Configuration Window ......................................................................... 376

Figure 187. Access List Addition Window ................................................................................. 377

Figure 188. Access List Entry Addition Window ........................................................................ 377

Figure 189. WLAN Guest Configuration Window ...................................................................... 380

Figure 190. WLAN Web Policy Configuration Window ............................................................. 380

page 18 of 628

TABLE OF CONTENTS

Figure 191. Web Auth Configuration Window ...........................................................................380

Figure 192. WLAN Guest Configuration Window ......................................................................383

Figure 193. WLAN Layer 2 Security Configuration Window ......................................................383

Figure 194. WLAN Web Policy Configuration Window ..............................................................384

Figure 195. Web Auth Configuration Window ...........................................................................384

Figure 196. WLAN Guest Configuration Window ......................................................................386

Figure 197. Web Pass-through Configuration Window .............................................................386

Figure 198. WLAN Guest Configuration Window ......................................................................388

Figure 199. One Time Redirection Configuration Window ........................................................388

Figure 200. Firewall configuration (1) ........................................................................................390

Figure 201. Firewall configuration (2) ........................................................................................391

Figure 202. Access-list configuration ........................................................................................392

Figure 203. NAT configuration (1) .............................................................................................394

Figure 204. NAT configuration (2) .............................................................................................395

Figure 205. MAC configuration .................................................................................................397

Figure 206. MAC entry configuration window(1) .......................................................................397

Figure 207. MAC entry configuration(2) ....................................................................................398

Figure 208. MAC entry configuration(3) ....................................................................................398

Figure 209. TTACACS+ Server Configuration Window .............................................................401

Figure 210. Operator Account Authentication Type Configuration Window ...............................402

Figure 211. Role Profile Configuration ......................................................................................404

Figure 212. Role Profile Add Configuration ...............................................................................404

Figure 213. Derivation Profile Configuration .............................................................................405

Figure 214. Derivation Profile Add Configuration ......................................................................405

Figure 215. Derivation Profile Configuration .............................................................................406

Figure 216. Derivation Profile Add Configuration ......................................................................406

Figure 217. Wlan Derivation Profile Configuration ....................................................................407

Figure 218. Acl Profile Configuration .........................................................................................408

Figure 219. Acl Profile Add Configuration .................................................................................409

Figure 220. Acl Profile Edit Configuration .................................................................................409

Figure 221. Remote Ap Group-Alc Profile Configuration ...........................................................410

Figure 222. ACL Configuration Synchronization - All.................................................................412

Figure 223. ACL Configuration Synchronization - Remote Group .............................................412

Figure 224. ACL Configuration Synchronization - Remote AP ..................................................413

Figure 225. External BYOD Server Configuration Window .......................................................415

Figure 226. DNS client ..............................................................................................................420

Figure 227. DNS proxy .............................................................................................................421

Figure 228. NTP client configuration .........................................................................................424

Figure 229. FTP/SFTP server configuration ..............................................................................427

page 19 of 628

TABLE OF CONTENTS

Figure 230. Telnet/SSH server configuration ............................................................................ 429

Figure 231. Adding SNMP community ...................................................................................... 432

Figure 232. SNMP trap configuration ....................................................................................... 433

Figure 233. System information ................................................................................................ 437

Figure 234. Reboot (APC) ........................................................................................................ 439

Figure 235. Reboot (AP) ........................................................................................................... 440

Figure 236. Configuring SNMP alarm threshold ....................................................................... 444

Figure 237. Current alarm ........................................................................................................ 446

Figure 238. History ................................................................................................................... 448

Figure 239. Configuring alarm filter and level ........................................................................... 450

Figure 240. SLM License Search and Configuration Window .................................................. 455

Figure 241. Old License Installation Check Window ................................................................. 458

Figure 242. Syslog window ....................................................................................................... 460

Figure 243. Package upgrade (APC) ........................................................................................ 463

Figure 244. DB Backup/Restore ............................................................................................... 465

Figure 245. File management window ...................................................................................... 477

page 20 of 628

CHAPTER 1. Access Point Controller System Overview

CHAPTER 1. Access Point Controller

System Overview

1.1 APC Overview

The Samsung Access Pointer Controller (APC) comprehensively manages the user information and traffics while managing an Access Point (AP), i.e. a device that provides wireless connection service for a user terminal in a Wi-Fi environment. There are two types depending on the AP capacity; WEC8500 and WEC8050. It comprehensively manages all the APs and provides services in a wireless LAN environment. Because AP and APC are connected in tunneling, all the user traffics are exchanged and processed.

The APC is typically installed at a position where it can be connected to a backbone switch, core switch or router in a network of enterprise environment and it controls a wireless LAN AP and provides the functions for Wireless LAN (WLAN) services such as handover and QoS, security/authentication, etc. The Samsung WEC8500 provides its services up to 500 APs. It can provide its services up to 10,000 connected user devices. Meanwhile, the WEC8050 can accommodate maximum 75 APs and provides the service to maximum 1500 user devices.

The APC provides a WLAN network environment through AP management and also provides various communication services required by enterprise customers in a wireless environment by interoperating with other enterprise solutions. It provides Wireless Enterprise (W-EP) solution in an enterprise environment by making the collaboration applications such as telephone, message, or communicator, etc., that has been used in a legacy wire environment, be able to be used in a wireless terminal such as smart phone, tablet PC, or notebook.

page 21 of 628

CHAPTER 1. Access Point Controller System Overview

Enterprise

Mobile Server

IP-PBX

Groupware

(Mail, PIMS)

FFA/ERP

SFA/CRM etc.

Call Manager

Legacy System

Push Mail/Payment

Mobile device

management, etc.

WLAN Network

APC

(WEC8500)

Wireless Terminal

Mail, UC Service

based on Android

W-EP AP

Figure 1. System Structure for Wireless Enterprise Solution

The Samsung W-EP solution, as shown in figure, comprehensively includes various enterprise applications which are provided by wire/wireless infrastructure products and wireless terminals. The WLAN network, a wireless infrastructure solution that provides mobility in an enterprise environment, consists of W-EP wireless LAN Access Point (AP), W-EP AP Controller (APC), and Wireless Enterprise WLAN Manager (WEM). The Samsung APC and W-EP wireless LAN AP are core devices that provide various services such as user authentication, wireless management, voice and data service, etc. in the 802.11-based Wi-Fi environment. The WEM provides convenient configuration environment, various statistics, and event information to an operator.

Term

In this manual, the WEC8500/WEC8050 and APC commonly represent Samsung

AP Controller. In addition, the AP means Samsung W-EP wireless LAN AP.

page 22 of 628

CHAPTER 1. Access Point Controller System Overview

W-EP AP

IP-PBX

WEC8050/WEC8500

WEM

Router

Internet … …

Ethernet Switch

FMC client

1.2 Network Configuration

The network configuration of Samsung W-EP solution that includes APC is shown below.

Figure 2. W-EP Network Configuration

IP-PBX

As an enterprise call manager, it is a switch required to provide the Fixed Mobile Convergence (FMC) function to a wireless terminal (optional).

APC (WEC8500/WEC8050)

The APC manages all the W-EP wireless LAN APs installed in an enterprise communication environment and it also manages user information and traffics. Because the W-EP wireless LAN network configuration uses a centralized structure where all the wireless user traffics are in tunneling through the APC, the APC is one of the most important elements related to traffic management and throughput in the W-EP environment. An APC is typically installed at a position where it can be connected to a backbone switch, core switch or router in a network. It controls the W-EP wireless LAN AP and provides handover, QoS, and security/authentication functions.

WEM

In the W-EP wireless LAN environment, various services are provided through a complex network configuration. As many users are involved, its management is complex and difficult. A normal network administrator can hardly handle any problematic issue as well as a normal management task. The WEM is a Network Management System (NMS) that efficiently manages this kind of W-EP wireless LAN network and service environment. It manages a WLAN network, retrieves and configures the status of APC or W-EP wireless LAN AP.

page 23 of 628

CHAPTER 1. Access Point Controller System Overview

W-EP AP (W-EP Wireless LAN AP)

The W-EP wireless LAN AP is a device that provides wireless connection service to a user terminal. It should be installed by considering the service area or region that will be provided in an enterprise environment. Typically, the number of W-EP wireless LAN APs is determined by considering the size of installation area and the number of users to secure service coverage.

Ethernet Switch

Typically, because an AP is installed in a user area, use a Power over Ethernet (PoE) switch that does not use a power line for the beauties of environment, etc. Install the W-EP wireless LAN APs by considering current consumption and the power capacity PoE switch. In addition, because power drop may occur if the distance between the switch and W-EP wireless LAN AP, the relationship between distance and power must be considered. Typically, the distance between these two must be 100 m or less in order to avoid power drop.

Wireless terminal/FMC Client

Terminal that provides the 802.11a/b/g/n interface such as smart phone, tablet PC, or notebook computer, etc. In an Android smart phone, an enterprise Voice over IP (VoIP) application equipped with the Samsung voice engine is called a FMC client (The FMC client is an option).

Wireless additional service

In the W-EP environment, various application services are required as well as basic wireless connection services. The Wireless Intrusion Prevention System (WIPS) provides a security service that is one of the most important elements in an enterprise environment. The WIPS can seamlessly receive wireless connection service through the security services such as unauthorized terminal, unauthorized AP, or ad hoc connection blocking, etc. Location service that manages the location of a terminal in a wireless environment is also an application service required in an enterprise environment. With this, it is possible to manage the location of an effective user or an unauthorized user.

IP application service

The IP application servers required in an existing wire network including Dynamic Host Configuration Protocol (DHCP) server, DNS server, web server, or RADIUS authentication server are also used in the W-EP environment. Especially, the DHCP server and RADIUS authentication server play a critical role in the wireless environment.

page 24 of 628

CHAPTER 1. Access Point Controller System Overview

WIPS Solution

It monitors the properness of the implementation of the wireless network infrastructure by detecting penetration via unauthorized wireless equipment installed in the internal network, the detoured gateway segment of the internal officers and employees who illegally connect to the commercial WLAN service, etc. and provides the wireless network invasion detection which implements the safe and effective wireless network environment by detecting security vulnerabilities.

page 25 of 628

CHAPTER 1. Access Point Controller System Overview

LED

Status

Description

SYS

Green

The system is operating normally

Orange

The system is now booting

Red

Preparing the system for booting

FAN (fan module)

Green

The installed FAN module is operating normally

Orange

The system is now booting

Red

Fan module fault has occurred

PS1 (power module 1)

Green

Normal operation of installed power module 1

Red

Power is turned off or a fault occurred while the power module 1 is installed.

Off

Power module 1 is not installed.

PS2 (power

Green

Normal operation of installed power module 2

Power Module

Ground hole

System LED

Console port

Management port

1G Optic port

10G Optic port

USB port

1.3 APC Configuration and Functions

1.3.1 WEC8500 Configuration and Functions

The Configuration and the purpose of each item of WEC8500 are as follows:

Figure 3. WEC8500 Interface-Front/Back

System LED

System LED indicates the various statuses of system. Each LED displays the following information.

Figure 4. System LED Configuration

page 26 of 628

CHAPTER 1. Access Point Controller System Overview

LED

Status

Description

module 2) Red

Power is turned off or a fault occurred while the power module 2 is installed.

Off

Power module 2 is not installed.

Configuration item

Status

Description

LED Green

Turned on for link connection

Orange

Blinking for data exchange

Connector

Connector for UTP cable connection

LED

Connector

Console port (RS232C)

A console port is used to check the operational status of WEC8500 or for input through the CLI. Its basic requirements are as follows:

 Baud rate: 115200 bps  Character size: 8 characters  Parity: None  Stop bit: 1, Data bit: 8  Flow control: None

Management port (1 GE UTP)

The WEC8500 provides a 10/100/1000BASE-T port (RJ-45) for management purpose. It is working in 10/100 Mbps half duplex/full duplex mode or in 1000 Mbps full duplex mode. Because it supports the automatic MDI/MDI-X function, you can use a straightthrough cable for all the network connections to a PC, server, switch, or network hub.

Figure 5. Management Port Configuration

When connecting a cable to the management port, make sure to check if the cable complies with the 10 BASE-T, 100 BASE-TX, or 1000 BASE-T.

 Cable type: UTP or STP cable using RJ-45 connector

 10 BASE-T: Category 3 or higher  100 BASE-TX: Category 5 or higher  1000 BASE-T: Category 5 or higher (Category 5e or higher is recommended)

 Isolate from wireless frequency disturbing waves  Shut down electrical surge

page 27 of 628

CHAPTER 1. Access Point Controller System Overview

Configuration item

Port/LED

Description

10 GE ports LINK/ACT 1, LINK/ACT 2

LINK/ACT status of each port

- Turned on for link connection

- Blinking for data exchange

10G 1, 10G 2

10 GbE Optic module connector

1 GE port LINK/ACT 1~LINK/ACT 8

LINK/ACT status of each port

- Turned on for link connection

- Blinking for data exchange

1G 1~1G 8

1 GbE Optic module connector

1G port

LINK/ACT LED

1G port

Connector

10G port

Connector

10G port

LINK/ACT LED

 Separate the electrical wiring of a switch or related devices and the electromagnetic

area of network data line

 Cable or connector and safe connection without damaged cable sheath

The 1000 BASE-T standard does not support the forced mode.

The auto-negotiation function must be always used for 1000 BASE-T port or trunk connection.

Optic port

It provides two 10 GbE Optic ports and eight 1 GbE Optic ports and the operational status of each port is displayed in LED.

Figure 6. Optic port configuration

USB port (Host 2.0)

The WEC8500 provides a USB host port that supports the upgrade of WEC8500 operation software. A typical USB memory stick is supported.

page 28 of 628

Power module

Configuration item

Description

Power input connector

Connector to connect the power cable to

Power switch

Switch to turn on/off power

AC LED

Turned on when there is a normal AC power input.

DC LED

Turned on when there is a normal DC power output.

Power input

connector

AC LED

Power switch

DC LED

CHAPTER 1. Access Point Controller System Overview

Figure 7. Power module configuration

page 29 of 628

CHAPTER 1. Access Point Controller System Overview

LED

Status

Description

SYS

Green

The system is operating normally

Orange

The system is now booting

Red

Preparing the system for booting

FAN

Green

The installed FAN module is operating normally

Orange

The system is now booting

Red

Fan fault

PWR Green

The power is supplied normally

Off

The power is turned off or not supplied

Status LED

Console Port

Ethernet Port

Ground hole

Power

1.3.2 WEC8050 Configuration and Functions

The configuration and the purpose of each item of WEC8050 are as follows:

Figure 8. WEC8050 interface-Front/Back

Status LED

This LED indicates the various statuses of system. Each LED displays the following information.

Figure 9. Status LED configuration

page 30 of 628

+ 270 hidden pages