manualshive.com logo in svg

Dell PowerConnect W-IAP3WN, User Manual

The Dell PowerConnect W-IAP3WN User Manual is a comprehensive guide that enables users to maximize the potential of their device. This manual can be easily downloaded for free from manualshive.com, providing step-by-step instructions, troubleshooting tips, and important insights for seamless product setup and operation.

Share
Download
background image

6

  |  Contents

Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0

  | User Guide

Connect .................................................................................................................................... 126

Creating a Web Login page in the Dell PowerConnect W-ClearPass GuestConnect
126
Configuring the RADIUS Server in Instant ................................................................. 126

MAC Authentication....................................................................................................................... 127

Configuring MAC Authentication......................................................................................... 127

Walled Garden Access.................................................................................................................. 128

Creating a Walled Garden Access ...................................................................................... 128

Wired Authentication on an IAP .................................................................................................. 129

Certificates ...................................................................................................................................... 129

Loading Certificates using Instant WebUI ......................................................................... 130
Loading Certificates using Dell PowrConnect W-AirWave............................................. 131

Chapter 11

Encryption......................................................................................................................... 135

Encryption Types Supported in Dell Instant............................................................................... 135

WEP .......................................................................................................................................... 135
TKIP........................................................................................................................................... 135
AES............................................................................................................................................ 135

Encryption Recommendations ..................................................................................................... 135

Understanding WPA and WPA2 .................................................................................................. 136

Recommended Authentication and Encryption Combinations ....................................... 136

Chapter 12

Role Derivation................................................................................................................. 137

User Roles........................................................................................................................................ 137

Creating a New User Role..................................................................................................... 137
Creating Role Assignment Rules.......................................................................................... 138
DHCP Option and DHCP Fingerprinting............................................................................... 139
802.1X-Authentication-Type ................................................................................................. 140

Chapter 13

User VLAN Derivation..................................................................................................... 141

User VLAN Derivation .................................................................................................................... 141

Vendor Specific Attributes (VSA) ........................................................................................ 141
VLAN Derivation Rule ............................................................................................................ 142

Configuring VLAN Derivation Rules on an IAP .......................................................... 142

User Role.................................................................................................................................. 143

Configuring a User Role ................................................................................................ 143

SSID Profile ............................................................................................................................. 145

Configuring VLAN Derivation Rules Using SSID Profile .......................................... 145

Chapter 14

Instant Firewall ................................................................................................................ 147

Service Options............................................................................................................................... 148

Destination Options ........................................................................................................................ 149

Examples for Access Rules .......................................................................................................... 150

Allow TCP Service to a Particular Network....................................................................... 150
Allow POP3 Service to a Particular Server........................................................................ 151
Deny FTP Service except to a Particular Server............................................................... 152
Deny bootp Service except to a Particular Network........................................................ 153

Chapter 15

Content Filtering............................................................................................................... 155

Enabling Content Filtering ............................................................................................................. 155

Enterprise Domains ........................................................................................................................ 156

Chapter 16

OS Fingerprinting............................................................................................................. 157

Summary of Contents for PowerConnect W-IAP3WN

Page 1: ...Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide ...

Page 2: ... Code Certain Aruba products include Open Source software code developed by third parties including software code subject to the GNU General Public License GPL GNU Lesser General Public License LGPL or other Open Source Licenses The Open Source code used can be found at this site http www arubanetworks com open_source Legal Notice The use of Aruba Networks Inc switching platforms and software by a...

Page 3: ...Address to the IAP 14 Connecting to a Provisioning Wi Fi Network 14 Disabling the Provisioning Wi Fi Network 15 Login into Instant User Interface 16 Specifying the Country Code 16 IAP Cluster 17 Chapter 2 Instant User Interface 19 Understanding the Instant UI Layout 19 Banner 20 Search 20 Tabs 20 Networks Tab 20 Access Points Tab 21 Clients Tab 21 Links 22 New Version Available 22 Settings 23 RF 2...

Page 4: ...75 Deny Inter User Bridging and Deny Local Routing 76 Terminal Access 77 Syslog Server 78 Syslog Facility Levels 78 Adding an IAP to the Network 79 Removing an IAP from the Network 79 Editing IAP Settings 80 Changing IAP Name 80 Changing IP Address of the IAP 80 Configuring Adaptive Radio Management 81 Configuring Uplink Management VLAN 82 Configuring Wired Bridging on Ethernet 0 82 Migrating to a...

Page 5: ...ds in Dell Instant 109 802 1X Authentication 109 Internal RADIUS Server 109 External RADIUS Server 110 Authentication Terminated on IAP 110 Configuring an External RADIUS Server 110 Enabling Instant RADIUS 112 RADIUS Server Authentication with VSA 113 List of supported VSA 113 Management Authentication Settings 116 Captive Portal 116 Internal Captive Portal 117 Configuring Internal Captive Portal ...

Page 6: ...mbinations 136 Chapter 12 Role Derivation 137 User Roles 137 Creating a New User Role 137 Creating Role Assignment Rules 138 DHCP Option and DHCP Fingerprinting 139 802 1X Authentication Type 140 Chapter 13 User VLAN Derivation 141 User VLAN Derivation 141 Vendor Specific Attributes VSA 141 VLAN Derivation Rule 142 Configuring VLAN Derivation Rules on an IAP 142 User Role 143 Configuring a User Ro...

Page 7: ... Rogue AP Detection and Classification 165 Wireless Intrusion Protection WIP 165 Containment Methods 169 Chapter 19 SNMP 171 SNMP Parameters for IAP 171 SNMP Traps 173 Chapter 20 Hierarchical Deployment 175 Deployment 175 Chapter 21 Ethernet Downlink 177 Ethernet Downlink Overview 177 Ethernet Downlink Profile Parameters 177 Assigning a Profile to the Ethernet Port 180 Chapter 22 Uplink Configurat...

Page 8: ...Link 200 Info 200 RF Dashboard 200 Usage Trends 200 Client Alerts Link 202 IDS Link 202 Network View 202 Info 203 Usage Trends 203 Instant Access Point View 204 Info 205 RF Dashboard 205 Overview 205 Client View 212 Info 213 RF Dashboard 213 RF Trends 213 Mobility Trail 216 Chapter 25 Alert Types and Management 217 Alert Types 217 Chapter 26 Policy Enforcement Firewall 219 Authentication Servers 2...

Page 9: ...DHCP Configuration 231 Centralized L2 DHCP Configuration 232 Chapter 28 User Database 235 Adding a User 235 Editing User Settings 236 Deleting a User 236 Chapter 29 Regulatory Domain 237 Country Codes List 238 Appendix A Controller Configuration for VPN 241 Whitelist DB Configuration if the Controller is acting as the Whitelist Entry 241 VPN Local Pool Configuration 242 IAP VPN Profile Configurati...

Page 10: ...10 Contents Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide ...

Page 11: ... of networks Instant is ideal for small customers or remote locations without any on site IT administrator Dell Instant consists of an Instant Access Point IAP and a Virtual Controller VC The Virtual Controller resides within one of the access points In a Dell Instant deployment only the first IAP needs to be configured After the first IAP is deployed the subsequent IAPs will inherit all the requi...

Page 12: ...es to other books Screen input and output This style is used to illustrate Screen output On screen system prompt Filenames software devices and specific commands Bold This style is used to emphasize Instant UI elements For example name of a text box or the name of a drop down list NOTE Indicates helpful suggestions pertinent information and important things to remember CAUTION Indicates a risk of ...

Page 13: ...r for devices is provided in one of the following two ways Endspan The switch that the IAP is connected to can provide power Midspan A device can sit between the switch and the IAP The choice of endspan or midspan depends on the capabilities of the switch that the IAP is connected to Typically if a switch is in place and does not support PoE midspan power injectors are used NOTE A DNS server funct...

Page 14: ...is enabled on the network 2 Connect the IAP to a power source The IAP receives an IP address provided by the switch or router Connecting to a Provisioning Wi Fi Network To connect to a provisioning Wi Fi network 1 Connect a wireless enabled client to a provisioning Wi Fi network The provisioning network is called instant 2 In the Microsoft Windows operating system click the wireless network connec...

Page 15: ...ovisioning network 1 Connect a terminal or PC workstation running a terminal emulation program to the Console port on the IAP 2 Configure the terminal or terminal emulation program to use the following communication settings 3 Power on the IAP You see an autoboot countdown prompt that allows you to interrupt the normal startup process and access apboot 4 Click Enter before the timer expires The IA...

Page 16: ...com in the address field you will be directed to the Instant user interface You can change the default login credentials after your first login Specifying the Country Code Dell PowerConnect W Series Instant Access Points are shipped in three variants IAP US United States IAP JP Japan IAP ROW Rest of World After you successfully login to the Instant user interface the Country Code window appears if...

Page 17: ...17 IAP Cluster IAPs in the same VLAN automatically find each other and form a single functioning network managed by a Virtual Controller NOTE Moving an IAP from one cluster to another requires a factory reset of the IAP that is being moved See Chapter 5 Managing IAPs on page 71 for more information ...

Page 18: ...18 Initial Configuration Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide ...

Page 19: ...rowser from a remote management console or workstation JavaScript must be enabled on the web browser to view the Instant UI Supported browsers are Internet Explorer 7 or higher Safari Google Chrome Mozilla Firefox Understanding the Instant UI Layout The Instant UI consists of the following elements Banner Search Tabs Links Views These elements are explained in the following sections Figure 5 Insta...

Page 20: ...he expanded view and click again to compress the expanded view Items in each tab are associated with a triangle icon Click on the triangle icon to sort the data in increasing or decreasing order Each tab is explained in the following sections Networks Tab This tab displays a list of Wi Fi networks that are configured in the Dell Instant network The network names appear as links The expanded view d...

Page 21: ... Role Role of the mesh IAP Channel Channel the IAP is currently broadcasting on Power dB Maximum transmit EIRP of the radio Utilization Utilization percentage of the IAP radios Noise dBm Noise floor of the IAP An edit link appears on clicking the IAP name For details about editing IAP settings see Editing IAP Settings on page 80 Figure 7 Access Points Tab Compressed View and Expanded View Clients ...

Page 22: ...in the subsequent sections New Version Available Settings RF PEF Wired WIP VPN Maintenance Support Help Logout Monitoring Alerts IDS Configuration Language Dell PowerConnect W AirWave Setup Pause Resume New Version Available This link appears in the top right corner of Instant UI only if a new image version is available on the image server and Dell PowerConnect W AirWave is not configured For more...

Page 23: ...nnect W AirWave in this tab See Configuring Dell PowerConnect W AirWave on page 191 for more information Wired Specify the desired profile for each port of the IAP See Chapter 21 Ethernet Downlink for more information RTLS View or edit the RTLS server settings Dell RTLS Enable this to integrate with Dell PowerConnect W AirWave Management platform Ekahau Real Time Location Server and Nearbuy Real T...

Page 24: ...MP View or specify SNMP agent settings See Chapter 19 SNMP for more information OpenDNS Instant supports OpenDNS business solutions which requires an OpenDNS opendns com account comprising a username and a password These credentials will be used by Instant to access OpenDNS to provide enterprise level content filtering ...

Page 25: ...en directs the user s navigation within particular areas to allow access to a selection of websites and or prevent access to other websites For more information see Walled Garden Access on page 128 Syslog View or specify a Syslog Server for sending syslog messages to the external servers See Syslog Server on page 78 for more information L3 Mobility View or configure the Layer 3 mobility settings S...

Page 26: ...Management see ARM Features on page 159 Radio View or configure radio settings for 2 4GHz and the 5GHz radio profiles For information about Radio see Configuring Radio Profiles in Instant on page 163 PEF This link displays the following features Figure 13 PEF Authentication Servers Use this window to configure an external RADIUS server for a wireless network See Configuring an External RADIUS Serv...

Page 27: ...n see User Roles on page 137 Blacklisting Use this window to manually blacklist clients See Client Blacklisting on page 223 for more information PEF Settings Use this window to enable disable gateway filters supporting address and port translation for various protocols See Chapter 26 Policy Enforcement Firewall on page 219 for more information WIP WIP offers a wide selection of intrusion detection...

Page 28: ...ou to maintain the Wi Fi network It consists of the following tabs About Displays the Build Time IAP model name Dell Instant OS version Web address of Dell and Copyright information Configuration Displays the current configuration of the network Clear Configuration Click to delete or clear the current configuration of the network and reset to provisioning configuration Backup Configuration Use thi...

Page 29: ...ormation see Certificates on page 129 Firmware Displays the current firmware version and provides options to upgrade to a new firmware version For more information see Upgrading to New Version on page 90 Reboot Displays the IAPs in the network and provides an option to reboot the required access point or all access points For more information see Rebooting the IAP on page 87 Convert Provides an op...

Page 30: ...view the log information 1 At the top right corner of Instant UI click Support The Support window appears 2 Select the required option from the Command drop down list For example AP ARM Configuration 3 Select All Access Points or a specific IAP from the Target drop down list for which you want to view the AP ARM Configuration 4 Click Run You can view the following information for each access point...

Page 31: ...he selected IAP AP Monitor Client Table Displays the list of monitored clients of the selected IAP AP Monitor Potential AP Table Displays the list of potential AP of the selected IAP AP Monitor Potential Client Table Displays the list of potential AP of the selected IAP AP Monitor Status Displays the configuration and status of monitor information of the selected IAP AP Persistent Clients Displays...

Page 32: ...flash after the AP reboots AP 802 1X Statistics Displays the 802 1X statistics of the selected IAP AP RADIUS Statistics Displays the RADIUS statistics of the selected IAP AP System Status Displays the system status of the selected IAP AP Client Table Displays information of the client connected to the selected IAP AP Association Table Displays information of the selected IAP association AP Allowed...

Page 33: ...ort commands Help The Help link at the top right corner of the Instant UI allows you to view a short description or definition of selected terms and fields in the Instant UI To activate the context sensitive help 1 At the top right corner of Instant UI click the Help link Figure 20 Help Link 2 Click any text or term displayed in green italics to view its description or definition 3 To disable the ...

Page 34: ...nt Figure 22 Info Section in the Monitoring Pane RF Dashboard Allows you to view trouble spots in the network It displays the following information Figure 23 RF Dashboard in the Monitoring Pane The following table lists the icons in the RF Dashboard Clients Lists the clients with low speed or signal strength in the network Signal Displays the signal strength of the client Depending on the signal s...

Page 35: ...om Green Orange Red Green Utilization is less than 50 percent Orange Utilization is between 50 75 percent Red Utilization is more than 75 percent To view the utilization graph of an IAP click on the Utilization icon against the IAP in the Utilization column Noise Displays the noise floor of the IAPs Noise is measured in decibels meter Depending on the noise floor the color of the lines on the Nois...

Page 36: ...The spectrum data is not reported to the VC The spectrum link displays the following Overview Device list The device list display consists of a device summary table and channel information for active non Wi Fi devices currently seen by a spectrum monitor or hybrid AP radio Figure 25 Device List 2 4 GHz This graph shows channel utilization information such as channel quality availability and utiliz...

Page 37: ...Metrics for the 5 GHz Radio Channel Channel Details When you hover your mouse over a channel the channel details or the summary of the 802 11a or 802 11g channels seen by a spectrum monitor is displayed You can view the aggregate data for each channel seen by the spectrum monitor radio including the maximum AP power interference and the signal to noise and interference Ratio SNIR Spectrum monitors...

Page 38: ... These alerts occur when clients are connected to the Instant network A client alert consists of the following fields Timestamp Displays the time at which the client alert was recorded Mac address Displays the Mac address of the client which caused the alert Description Provides a short description of the alert Access Points Displays the IP address of the IAP to which the client is connected Detai...

Page 39: ...isplays the system time when an event occurs Number Indicates the number of sequence Cleared by Displays the module which cleared this fault Description Displays the event details Figure 31 Fault History Active Faults These alerts occur in the event of a system fault An Active Fault consists of the following fields Time Displays the system time when an event occurs Number Indicates the number of s...

Page 40: ...e foreign AP Last seen Displays the time when the foreign AP was last detected in the network Where Provides information about the IAP that detected the foreign AP Click the pushpin icon to view the information Foreign Clients Detected Lists the clients that are not controlled by the Virtual Controller The following information is displayed for each foreign client Mac address Displays the Mac addr...

Page 41: ...based on the language preferences in the client desktop operating system or browser If Dell Instant cannot detect the language then English En is used as the default language Dell PowerConnect W AirWave Setup Dell PowerConnect W AirWave is a solution for managing rapidly changing wireless networks When enabled AirWave allows you to manage the Instant network For more information on AirWave see Cha...

Page 42: ...IAPs or the clients in the Info section The views on the Instant UI are classified as follows Virtual Controller view The Virtual Controller view is the default view This view allows you to monitor the Dell Instant network Network view The Network view provides information that is necessary to monitor a selected wireless network All Wi Fi networks in the Dell Instant network are listed in the Netw...

Page 43: ... authenticate the client 2 Connection After successful authentication the client establishes a connection with the IAP Network Types Dell Instant wireless networks are categorized as Employee Network Voice Network Guest Network Employee Network An Employee network is a classic Wi Fi network This network type is supported with full customization on Dell Instant It is used by the employees in the or...

Page 44: ...t to All the IAP will drop all broadcast and multicast frames except for DHCP and ARP When set to ARP in addition to the above the IAP will convert ARP requests to unicast and send frames directly to the associated client When Disabled all broadcast and multicast traffic is forwarded DTIM interval Indicates the DTIM delivery traffic indication message period in beacons You can configure this optio...

Page 45: ...r Indicates the throughput for any single user on this Network The throughput value is specified in kbps Each radio Indicates the aggregate amount of throughput each radio some AP models have multiple radios is allowed to provide for all clients connected to that radio c Transmit Rates Indicates the ability to configure the basic and supported rates per SSID for Dell Instant Select to set the mini...

Page 46: ...he client gets the IP address from the Virtual Controller The Virtual Controller creates a private subnet and VLAN on the IAP for the wireless clients The Virtual Controller NATs all traffic that passes out of this interface This setup eliminates the need for complex VLAN and IP address management for a multi site wireless network See Chapter 9 Virtual Controller on page 107 for configuring the DH...

Page 47: ...entication server option from the drop down list Available options are New If you select this option an external radius server has to be configured to authenticate the users For information on configuring an external RADIUS server see Chapter 10 Authentication InternalServer If you select this option users who are required to authenticate with the internal RADIUS server must be added Click the Use...

Page 48: ...ge 127 for further details 5 Authentication server 1 Select the required Authentication server option from the drop down list Available options are New If you select this option an external radius server has to be configured to authenticate the users For information on configuring an external RADIUS server see Chapter 10 Authentication 6 Reauth interval When set to a value greater than zero the Ac...

Page 49: ... RADIUS server see Chapter 10 Authentication 3 Reauth interval When set to a value greater than zero the Access Points periodically reauthenticate all associated and authenticated clients 4 Blacklisting Select Enabled if you want clients to be blacklisted after a certain number of authentication failures 5 Max authentication failures Users who fail to authenticate the number of times specified her...

Page 50: ...ows traffic to all destinations Instant Firewall treats packets based on the first rule matched For more information see Chapter 14 Instant Firewall To edit the default rule a Select the rule and then click Edit b Select appropriate options in the Edit Rule window and click OK To define an access rule a Click New b Select appropriate options in the New Rule window c Click OK 2 Role based Select Ro...

Page 51: ... listed in the Networks tab Figure 41 Adding an Employee Network Access Rules Tab 11 Click Finish The network is added and listed in the Networks tab Voice Network Use the Voice network type when you want devices that provide only voice services like handsets or only applications that require voice like prioritization need connectivity ...

Page 52: ...l convert ARP requests to unicast and send frames directly to the associated client When Disabled all broadcast and multicast traffic is forwarded DTIM interval Indicates the DTIM delivery traffic indication message period in beacons You can configure this option for every WLAN SSID profile The default value is 1 which means the client checks for buffered data on the IAP at every beacon You may ch...

Page 53: ...is selected by default It is also the recommended option Inactivity timeout Indicates the time in seconds after which an idle client ages out The minimum value is 60 seconds and the default value is 1000 seconds Hide SSID Select this check box if you do not want the SSID network name to be visible to users 4 Click Next to continue 5 Select the required Client IP assignment option Virtual Controlle...

Page 54: ...54 Wireless Network Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide Figure 43 Voice Security Tab Enterprise ...

Page 55: ...02 1x authentication on the IAP instead of the RADIUS server For more information see External RADIUS Server on page 110 3 Authentication server 1 and 2 Select the required Authentication server option from the drop down list Available options are New If you select this option then an external radius server has to be configured to authenticate the users For information on configuring an external R...

Page 56: ...age 127 for further details 5 Authentication server 1 Select the required Authentication server option from the drop down list Available options are New If you select this option then an external radius server has to be configured to authenticate the users For information on configuring an external RADIUS server see Chapter 10 Authentication 6 Reauth interval When set to a value greater than zero ...

Page 57: ...ation server See MAC Authentication on page 127 for further details 2 Authentication server 1 Select the required Authentication server option from the drop down list Available options are New If you select this option then an external radius server has to be configured to authenticate the users For information on configuring an external RADIUS server see Chapter 10 Authentication 3 Reauth interva...

Page 58: ...less network is created for guests visitors contractors and any non employee users who will use the enterprise Wi Fi network The Virtual Controller assigns the IP address for the guest clients Captive portal or passphrase based authentication methods can be set for this wireless network Typically a guest network is an un encrypted network However you can specify encryption settings in the Security...

Page 59: ...convert ARP requests to unicast and send frames directly to the associated client When Disabled all broadcast and multicast traffic is forwarded DTIM interval Indicates the DTIM delivery traffic indication message period in beacons You can configure this option for every WLAN SSID profile The default value is 1 which means the client checks for buffered data on the IAP at every beacon You may choo...

Page 60: ...mit rates for each band 2 4GHz and 5GHz d Miscellaneous e Content filtering When enabled all DNS requests to non corporate domains on this wireless network are sent to OpenDNS f Band Set the band at which the network transmits radio signals Available options are 2 4 GHz 5 GHz and All The All option is selected by default It is also the recommended option g Inactivity timeout Indicates the time in ...

Page 61: ...35 2 Reauth interval When set to a value greater than zero the Access Points will periodically reauthenticate all associated and authenticated clients 3 Blacklisting Select Enabled if you want clients to be blacklisted after a certain number of authentication failures 4 Max authentication failures Users who fail to authenticate the number of times specified here will be dynamically blacklisted The...

Page 62: ...ts the user s navigation within particular areas to allow access to a selection of websites or prevent access to other websites For more information see Walled Garden Access on page 128 External Authentication Text An external splash page returns a specified string to indicate successful authentication IP or hostname Enter the IP or hostname of the external server in the IP or hostname text box UR...

Page 63: ... and perform the following steps these steps are optional a Select the required key management option from the Key management drop down list Available options are WPA 2 Personal WPA Personal Both WPA 2 WPA b Passphrase format Specify either an alphanumeric or a hexadecimal string Ensure that the hexadecimal string must be exactly 64 digits in length c Passphrase Enter a pre shared key PSK passphra...

Page 64: ...e and then click Edit b Select appropriate options in the Edit Rule window and click OK To define an access rule a Click New b Select appropriate options in the New Rule window c Click OK Role based Select Role based if you want to specify per user access rules See Creating a New User Role on page 137 for more information Unrestricted Select this to set no restrictions on access based on destinati...

Page 65: ...indow appears 3 Make the required changes in any of the tabs Click Next or the tab name to move to the next tab 4 Click Finish Deleting a Network To delete a network 1 In the Networks tab click the network which you want to delete A x link appears against the network to be deleted 2 Click x A delete confirmation window appears 3 Click Delete Now Number of WLAN SSIDs supported By default you can cr...

Page 66: ... the Extended SSID option To enable the extended SSID option 1 Click the Settings link at the upper right corner of the Instant WebUI 2 Click the Show advanced options link 3 In the General tab select Enabled from the Extended SSID drop down list 4 Click OK 5 Reboot the AP for the changes to take effect After you enable the option and reboot the Wi Fi link and mesh are disabled automatically Figur...

Page 67: ...oot up Mesh IAPs can act as a mesh portal MPP an IAP that uses its uplink connection to reach the controller a mesh point MP or an IAP that establishes an all wireless path to the mesh portal Mesh IAPs locate and associate with their nearest neighbor which provides the best path to the mesh portal Mesh portals and mesh points are also known as mesh nodes a generic term used to describe IAPs config...

Page 68: ...es instructions on how to create a simple mesh network on Instant To setup a mesh network perform the following steps 1 Connect all the IAPs to a DHCP server so that the IAPs get their IP addresses in the same subnet 2 For over the air provisioning Connect one IAP to the switch to form the mesh portal All the other IAPs are provisioned over the air Ensure that only one Virtual Controller one subne...

Page 69: ...Figure 52 enter the following credentials Username admin Password admin Figure 52 Login Window 7 Create a new SSID and wpa 2 personal keys with unrestricted or network based access rules Select any permit for basic connectivity 8 Connect a client to the new SSID and disconnect from the instant SSID 9 All the IAPs will show up on the Virtual Controller as shown in Figure 53 Disconnect the IAPs that...

Page 70: ...default state scans for several minutes after booting An IAP mesh point in factory default state automatically joins the portal if only a single Instant mesh network is found In addition the auto join feature must be enabled in the existing network NOTE The IAP mesh point will get an IP address from the same DHCP pool as the portal and this DHCP request goes through the portal ...

Page 71: ...Auto Join Mode The Auto Join Mode feature allows IAPs to automatically 1 Discover the Virtual Controller 2 Join the network 3 Begin functioning The Auto Join Mode feature is enabled by default When the Auto Join Mode feature is disabled a New link appears in the Access Points tab Click this link to add IAPs to the network For more information see Adding an IAP to the Network on page 79 Also when t...

Page 72: ...Connect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide Figure 54 Disabling Auto Join Mode 3 Click OK Terminal Access To enable or disable the telnet access to the IAP s CLI navigate to Settings Advanced Terminal access ...

Page 73: ...LED Display Administrators have the ability to turn off LED for all IAPs in an Instant network Go to Settings Advanced LED Display to enable or disable the LEDs When Disabled all the LEDs are turned off Use this option in environments where LEDs can be a distraction NOTE Instant does not support configuration using CLI ...

Page 74: ...ect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide Figure 56 LED Display TFTP Dump Server Enter the IP address of a TFTP server to store core dump files NOTE The LED display is always in Enabled mode while rebooting the IAP ...

Page 75: ...Guide Managing IAPs 75 Figure 57 TFTP Dump Server Extended SSID You can increase the number of SSIDs or networks that can be created by enabling the extended SSID option To enable this feature navigate to Settings General and click Show advanced options in the Instant UI ...

Page 76: ...these features navigate to Settings General in the Instant UI Deny inter user bridging This feature allows you to deny traffic between two clients which are directly connected to the same IAP or are on the same Instant network Deny local routing This feature allows you to deny local routing traffic between clients which are connected to the same IAP or are on the same Instant network ...

Page 77: ...de Managing IAPs 77 Figure 59 Deny Inter User Bridging and Deny Inter User Routing Terminal Access To enable or disable the telnet access to the IAP s CLI go to Settings Advanced Terminal access Figure 60 Terminal Access NOTE Instant does not support configuration using CLI ...

Page 78: ...a syslog message It is an application or operating system component that generates a log message The following seven facilities are supported by Syslog AP Debug Detailed log about AP device Network Log about change of network for example when a new IAP is added to a network Security Log about network security for example when a client connects using wrong password System Log about configuration an...

Page 79: ...rk 2 In the New Access Point window enter the MAC address for the new IAP Figure 63 Entering the MAC Address for the New IAP 3 Click OK Removing an IAP from the Network An IAP can be manually removed from the network only if the Auto Join Mode feature is disabled To manually remove an IAP from the network 1 In the Access Points tab click the IAP which you want to delete An x appears against the IA...

Page 80: ...ging IAP Name To change the IAP name 1 In the Access Points tab click on the IAP that you want to rename Figure 64 Editing IAP Settings 2 Click the edit link Figure 65 Changing IAP Name 3 Edit the IAP name in the Name text box 4 Click OK Changing IP Address of the IAP The Instant UI allows you to change the IP address of the IAP connected to the network To change the IP address of the IAP perform ...

Page 81: ...k of the network in the Netmask text box 3 Enter the IP address of the default gateway in the Default gateway text box 4 Enter the IP address of the DNS server in the DNS server text box 5 Enter the domain name in the Domain name text box Figure 67 Configuring IAP Connectivity Settings Specifying Static Settings 4 Click OK and reboot the IAP Configuring Adaptive Radio Management Adaptive Radio Man...

Page 82: ...P is tagged with the management VLAN Perform the following steps to configure a uplink management VLAN on an IAP 1 In the Access Points tab click the IAP 2 Click the edit link An Edit AP window appears 3 In the Edit AP window select the Uplink tab 4 Specify the VLAN in the Uplink Management VLAN field 5 Click OK Configuring Wired Bridging on Ethernet 0 Instant supports wired bridging on the Ethern...

Page 83: ...e IAP gets Dell PowerConnect W AirWave information via DHCP Option 43 and Option 60 it establishes an HTTPS connection to the Dell PowerConnect W AirWave server and downloads the configuration and operates in IAP mode If the IAP does not get Dell PowerConnect W AirWave information via DHCP provisioning it tries provisioning via a firmware image server in the cloud sends serial number MAC address I...

Page 84: ...er NOTE A mesh point cannot be converted to RAP because mesh does not support VPN connection Table 13 Supported IAP Platforms and Minimal AOS Version for IAP to CAP Conversion IAP Platform AOS Version W IAP92 6 1 x or later W IAP93 6 1 x or later W IAP104 6 1 x or later W IAP105 6 1 x or later W IAP134 6 1 x or later W IAP135 6 1 x or later W IAP175AC 6 1 x or later W IAP175P 6 1 x or later W IAP3...

Page 85: ...tions 3 Select Remote APs managed by a Mobility Controller from the drop down list 4 Enter the hostname fully qualified domain name or the IP address of the controller in the Hostname or IP Address of Mobility Controller text box This information is provided by your network administrator 5 Click Convert Now to complete the conversion Figure 72 Confirm Access Point Conversion 6 The IAP will reboot ...

Page 86: ...Mobility Controller text box This information is provided by your network administrator 5 Click Convert Now to complete the conversion Converting an IAP to Standalone Mode This feature allows you to deploy an Instant AP as an autonomous AP which is a separate entity from the existing Virtual Controller cluster in the same Layer 2 domain 1 Navigate to the Maintenance tab in the top right corner of ...

Page 87: ...AP follow the instructions below 1 Power off the IAP 2 Press and hold the reset button using a small narrow object such as a paperclip 3 Power on the IAP without releasing the reset button The power LED will flash within 5 seconds indicating that the reset is completed 4 Release the reset button The IAP will then boot with the factory default settings Rebooting the IAP If you encounter any problem...

Page 88: ... Confirm Reboot for IAP window appears Click Reboot Now to proceed Figure 76 Confirm Reboot message 5 The Reboot in Progress message appears indicating that the reboot is in progress Figure 77 Reboot In Progress 6 The Reboot Successful message appears once the process is complete If the system fails to boot then the Unable to contact Access Points after reboot was initiated message appears Figure ...

Page 89: ...e with that of the virtual controller and the new IAP is of a different class the image file for the new IAP will be provided by Dell PowerConnect W AirWave If the AMP does not have the proper image file the new AP will not be able to join the network Automatic Firmware Image Check and Upgrade Automatic image check is enabled by default If Dell PowerConnect W AirWave is configured then the automat...

Page 90: ...h and reboots Depending on the progress and success of the upgrade one of the following messages will be displayed Upgrading While image upgrading is in progress Upgrade successful When the upgrading is successful Upgrade fail When the upgrading fails Upgrading to New Version To manually check for a new firmware image version Manual 1 Navigate to Maintenance Firmware to select and manually upgrade...

Page 91: ... class IAPs Example DellInstant_Orion_6 1 3 4 3 1 0 0_33353 Example DellInstant_Cassiopeia_6 1 3 4 3 1 0 0_33353 Image URL Select obtain the image file from a TFTP FTP and HTTP URL The following examples describe the image file format for two different classes of IAPs TFTP URL for W IAP134 135 tftp 10 64 147 8 DellInstant_Cassiopeia_6 1 3 4 3 1 0 0_xxxx URL for W IAP105 92 93 tftp 10 64 147 8 Dell...

Page 92: ...ne of the following messages will appear No new version available If there is no new version available Image server timed out Connection or session between the image server and the IAP is timed out Image server failure If the image server does not respond A new image version found If a new image version is found 2 If a new version is found the Upgrade Now button becomes available and displays the ...

Page 93: ...omain as a set of Instant networks with same WLAN access parameters across which client roaming is supported The Instant network to which the client first connects is called its home network When the client roams to a foreign network an AP in the home network home AP anchors all traffic to or from this client The AP to which the client is connected in the foreign network foreign AP tunnels all cli...

Page 94: ...igure all client subnets in the mobility domain so that If the client is from the local subnet it is determined to be a local client as soon as it starts using the IP address and L3 roaming is aborted If the client is from a foreign subnet it is determined to be a foreign client as soon as it starts using the IP address and L3 roaming is immediately set up Perform the following steps to configure ...

Page 95: ...ant Access Point 6 1 3 4 3 1 0 0 User Guide Layer 3 Mobility 95 d Enter the home VC IP address for this subnet in the Virtual Controller IP text box Figure 85 Add Subnets Information 6 Click OK Figure 86 Example Layer 3 Configuration ...

Page 96: ...ients by using a round robin policy With this policy the load for the APs acting as Home Agents for roamed clients is uniformly distributed across the Instant cluster By default home agent load balancing is disabled To enable home agent load balancing by performing the following steps 1 Click the Settings link at the upper right corner of the Instant WebUI 2 Click the Show advanced options link an...

Page 97: ...f spectrum monitor devices However the recorded spectrum is not reported to the Virtual Controller A spectrum alert is sent to the VC when a non Wi Fi interference device is detected The spectrum monitor is supported on W IAP104 W IAP105 W IAP134 and W IAP135 radios Creating Spectrum Monitors and Hybrid APs An IAP can be provisioned to function as a spectrum monitor or as a hybrid IAP The radios o...

Page 98: ...figure an IAP to function as a standalone spectrum monitor In spectrum mode spectrum monitoring is performed on entire bands However for the 5 GHz radio spectrum monitoring is performed on only one of the three bands 5 GHz lower 5 GHz middle or 5 GHz higher By default spectrum monitoring is performed on the 5 GHz higher band Follow the procedure below to convert an IAP to a spectrum monitor 1 In t...

Page 99: ...To enable spectrum monitoring for any other band for the 5 GHz radio a Click the RF link at the upper right corner of the Instant WebUI b Click Show advanced options to view the Radio tab c For the 5 GHz radio specify the spectrum band you want that radio to monitor by selecting Lower Middle or Higher from the Standalone spectrum band drop down list d Click OK Figure 90 Monitor Middle Band for 5 G...

Page 100: ...To view the device list click Spectrum in the dashboard Figure 91 Device List Table 15 Device Summary and Channel Information Column Description Type Device type This parameter can be any of the following audio FF fixed frequency bluetooth cordless base FH frequency hopper cordless phone FF fixed frequency cordless network FH frequency hopper generic FF fixed frequency generic FH frequency hopper ...

Page 101: ...ixed Frequency Other Note that the RF signatures of the fixed frequency audio video and cordless phone devices are very similar and that some of these devices may be occasionally classified as Fixed Frequency Other Frequency Hopper Cordless Base Frequency hopping cordless phone base units transmit periodic beacon like frames at all times When the handsets are not transmitting i e no active phone c...

Page 102: ...ron industrial microwave ovens with higher duty cycle may also be classified as Microwave Inverter As in the Microwave category described above there may be other equipment that behave like inverter microwaves in some industrial healthcare or manufacturing environments Those devices may also be classified as Microwave Inverter Generic Interferer Any non frequency hopping device that does not fall ...

Page 103: ...P address of the spectrum monitor or hybrid AP and the timestamp Virtual Controller reports the detailed device information to AMP Table 18 Channel Details Information Column Description Channel An 802 11a or 802 11g radio channel Quality Current relative quality of the channel Utilization The percentage of the channel being used Wi Fi The percentage of the channel currently being used by Wi Fi de...

Page 104: ...104 Spectrum Monitor Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide ...

Page 105: ...k Time Protocol NTP is required to obtain the precise time from a server and to regulate the local time in each network element If NTP server is not configured in the Dell Instant network an IAP reboot may lead to variation in time and data Configuring an NTP Server The NTP server is set to pool ntp org by default To configure the NTP server on Dell Instant perform the following steps 1 Navigate t...

Page 106: ...106 NTP Server Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide ...

Page 107: ...elect an IAP to take on a VC role allow graceful failover to a new Virtual Controller when the existing VC is down and avoid race conditions This protocol ensures stability of the network during initial startup or when the VC goes down by allowing only one IAP to self elect as a VC Virtual Controller IP Address You can specify a single static IP address that can be used to manage a multi AP Dell I...

Page 108: ...ng steps 1 At the top right corner of the Instant UI click the Settings link 2 In the Settings window select the General tab 3 Enter the domain name of the client in the Domain name text box 4 Enter the IP addresses of the DNS servers seperated by comma in the DNS server text box 5 Enter the duration of the DHCP lease in the Lease time text box 6 Select Minutes Hours or Days for the lease time fro...

Page 109: ...h the client if the user identity is present in its database The RADIUS server sends an Access Accept message to the NAS If the RADIUS server cannot identify the user it stops the authentication process and sends an Access Reject message to the NAS The NAS forwards this message to the client and the client must re authenticate with correct credentials 5 After the client is authenticated the RADIUS...

Page 110: ...packet to the local IP address The external RADIUS server then listens and responds to the RADIUS packet The following authentication methods are supported in Dell Instant network Authentication Terminated on IAP Dell Instant allows EAP termination for PEAP GTC and PEAP MSCHAV2 PEAP GTC termination allows authorization against an LDAP server and external RADIUS server while PEAP MSCHAV2 allows aut...

Page 111: ...ts that are sent to server group and the default value is 3 requests RFC 3576 When enabled the Access Points will process RFC 3576 compliant Change of Authorization CoA and Disconnect messages from the RADIUS server Disconnect messages cause a user session to be terminated immediately whereas CoA messages modify session authorization attributes such as data filters NAS IP address Enter the Virtual...

Page 112: ...blacklisted The maximum value for this entry is 10 Navigate to PEF Blacklisting in the WebUI to specify the duration of the blacklisting on the Blacklisting tab of the PEF window 9 For Internal users Click Users to populate the system s internal authentication server with users For information about adding a user see Adding a User on page 235 10 Click Next to continue and then click Finish Enablin...

Page 113: ...ole for the user The authenticated user is placed into the management role specified by the VSA List of supported VSA Instant supports the following types of VSA s AP Group AP Name ARAP Features ARAP Security ARAP Security Data ARAP Zone Access Acct Authentic Acct Delay Time Acct Input Gigawords Acct Input Octets Acct Input Packets Acct Link Count Acct Multi Session Id Acct Output Gigawords Acct O...

Page 114: ...ser Role Aruba User Vlan CHAP Challenge Callback Id Callback Number Class Connect Info Connect Rate Crypt Password DB Entry State Digest Response Domain Name EAP Message Error Cause Event Timestamp Exec Program Exec Program Wait Expiration Fall Through Filter Id Framed AppleTalk Link Framed AppleTalk Network Framed AppleTalk Zone Framed Compression Framed IP Address Framed IP Netmask Framed IPX Ne...

Page 115: ...gin TCP Port Menu Message Auth NAS Port Type Password Password Retry Port Limit Prefix Prompt Rad Authenticator Rad Code Rad Id Rad Length Reply Message Revoke Text Server Group Server Name Service Type Session Timeout Simultaneous Use State Strip User Name Suffix Termination Action Termination Menu Tunnel Assignment Id Tunnel Client Auth Id Tunnel Client Endpoint Tunnel Connection Id Tunnel Mediu...

Page 116: ...nt User Interface RADIUS Server Specify one or two RADIUS servers to authenticate UI If two servers are configured users can use them in primary backup mode or load balancing mode this is identical to the radius server configuration for SSIDs For information on configuring external RADIUS server see External RADIUS Server on page 110 RADIUS server w fallback to internal Specify the RADIUS servers ...

Page 117: ...ers see Adding a User on page 235 Internal Acknowledged To gain access to the wireless network a user must accept the terms and conditions Configuring Internal Captive Portal Authentication when Adding a Guest Network To configure internal captive portal authentication when adding a guest network perform the following steps 1 In the Network tab click the New link The New WLAN window opens 2 In the...

Page 118: ...amically blacklisted The maximum value for this entry is 10 10 For Internal users Click Users to populate the system s internal authentication server with users For information about adding a user see Adding a User on page 235 Click Upload Certificate and browse to upload a certificate file for the internal server 11 Encryption Select Enabled from the drop down list and perform the following steps...

Page 119: ...zing a splash page see Customizing a Splash Page on page 120 4 Click Next and click Finish Configuring Internal Captive Portal with External Radius Server Authentication when Adding a Guest Network To configure internal captive portal with external RADIUS server authentication perform the following steps 1 In the Network tab click the New link The New WLAN window opens 2 In the WLAN Settings tab p...

Page 120: ...ty tab and perform the following steps Splash Page Visuals Use the in place editor below to specify text and colors for the initial page that users connecting to the network see This page asks for user credentials or email depending on the splash page type Internal Authenticated or Internal Acknowledged you set 1 To change the color of the splash page click the Splash page rectangle and select the...

Page 121: ...thentication The edit link for the network appears 2 Click the edit link The Edit window for the network appears 3 Navigate to Security tab and select None from the Splash page type drop down list NOTE You can customize the captive portal page using double byte characters Traditional Chinese Simplified Chinese and Korean are a few languages that use double byte characters Click on the banner term ...

Page 122: ...lick Next to continue 3 Use the VLAN tab to specify how the clients on this network will get their IP address and VLAN 4 Click Next to continue 5 In the Security tab select External Authentication Text from the Splash page type drop down list and enter the Auth text This entry is not mandatory The Authentication text indicates the text string returned by the external server after a successful auth...

Page 123: ...ticate user credentials at runtime Refer to Configuring an External RADIUS Server on page 110 for more details on server settings 7 Reauth interval When set to a value greater than zero the Access Points will periodically reauthenticate all associated and authenticated clients 8 Blacklisting Select Enabled if you want clients to be blacklisted after a certain number of authentication failures 9 Ma...

Page 124: ...d authenticated clients b Blacklisting Select Enabled if you want clients to be blacklisted after a certain number of authentication failures c Max authentication failures Users who fail to authenticate the number of times specified here are dynamically blacklisted The maximum value for this entry is 10 Navigate to PEF Blacklisting in the Instant WebUI to specify the duration of the blacklisting o...

Page 125: ...is entry is 10 Navigate to PEF Blacklisting in the Instant WebUI to specify the duration of the blacklisting on the Blacklisting tab of the PEF window e Walled Garden Click on the link to open the Walled Garden window The walled garden directs the user s navigation within particular areas to allow access to a selection of websites or prevent access to other websites For more information see Walled...

Page 126: ... the network Refer to the RADIUS Services chapter in the Dell PowerConnect W ClearPass GuestConnect Deployment Guide for information on setting up the RADIUS Web Login feature Configuring the RADIUS Server in Instant To configure Instant to point to Dell PowerConnect W ClearPass GuestConnect as an external Captive Portal server perform the following steps 1 Navigate to the Networks tab in the UI c...

Page 127: ...orm with built in driver tools and it should not be relied upon to provide security MAC authentication can be used alone but typically it is combined with other forms of authentication such as WEP authentication Because MAC addresses are easily observed during transmission and easily changed on the client this form of authentication should be considered nothing more than a minor hurdle Dell recomm...

Page 128: ... to navigate to other websites not configured in the white list walled garden profile the user is redirected back to the login page In addition the black listed walled garden profile is configured to explicitly block navigation to websites from unauthenticated users Figure 109 Walled Garden To create a Walled Garden access 1 Click the Settings at the top right corner of the Instant UI and select W...

Page 129: ...ing the profile that is applied to the port A list of all the wired users is available in the Wired window Certificates A certificate is a digital file that certifies the identity of the organization or products of the organization It is also used to establish your credentials for any web transactions It contains the organization name a serial number expiration date a copy of the certificate holde...

Page 130: ... 3 Select the Certificate type CA certificate and Server certificate from the drop down list The CA certificate is required to validate the client s certificate and the server certificate verifies the server s identity to the client 4 Select the certificate format from the Certificate format drop down list 5 If you have selected Server certificate type then enter a passphrase in Passphrase and rec...

Page 131: ...he Virtual Controller receives this message it draws the certificate content from the message converts it to the right format and saves it on the RADIUS server To load a certificate in Dell PowrConnect W AirWave perform the following steps 1 Navigate to Device Setup Certificate and then click Add to add a new certificate The Certificate window appears 2 Enter the certificate Name and click Choose ...

Page 132: ...er Certificate 4 After you upload the certificate go to Groups click on the Instant Group and then select Basic The Group name will appear only if you have entered the Organization name in the Instant Web UI Refer to Entering the Organization String and AMP Information into the IAP for further information Figure 115 Selecting the Group ...

Page 133: ...ificate section will display the certificates CA cert and Server as highlighted in the figure below Figure 116 Virtual Controller Certificate 6 Click Save to apply the changes only to Dell PowrConnect W AirWave Click Save and Apply to apply the changes to the Instant AP NOTE To unselect the certificate options click Revert ...

Page 134: ...134 Authentication Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide ...

Page 135: ...on algorithm as WEP but TKIP is much more secure and has an additional message integrity check MIC Recently some cracks have begun to appear in the TKIP encryption methods It is recommended that all users migrate from TKIP to AES as soon as possible AES The Advanced Encryption Standard AES encryption algorithm is now widely supported and is the recommended encryption type for all wireless networks...

Page 136: ...rsonnel Key change intervals can also be configured Enterprise Enterprise is more secure when compared to WPA Personal In this type every client automatically receives a unique encryption key after securely logging on to the network This key is long and automatically updated regularly While WPA uses TKIP WPA2 uses AES algorithm Recommended Authentication and Encryption Combinations Table 20 summar...

Page 137: ...a New User Role To create a new user role 1 Click the New link in the Networks tab To define the access rule to an existing network click the network The edit link appears Click the edit link and navigate to the Access tab 2 In the WLAN Settings tab enter the appropriate information and click Next to continue 3 Use the VLAN tab to specify how the clients on this network will get their IP address a...

Page 138: ...role This is the case of a known user or a non Windows device The device does not support machine auth or does not have a RADIUS account but the user is logged in and authenticates When a device does both Machine and User authentication the user will get the default role or the derived role based on the RADIUS attribute To configure Machine Authentication do the following 1 In the Roles window cre...

Page 139: ...h To check if the attribute ends with the operand value 4 Enter the string to match in the String text box 5 Select the appropriate role from the Role drop down list 6 Click OK Figure 119 Creating Role Assignment Rules DHCP Option and DHCP Fingerprinting The DHCP fingerprinting feature allows you to identify the operating system of a device by looking at the options in the DHCP frame Based on the ...

Page 140: ...2c2e2f1f2179f92b Windows XP SP3 Home Professional Option 55 37010f03062c2e2f1f21f92b Windows Mobile Option 60 3c4d6963726f736f66742057696e646f77732 0434500 Windows 7 Phone Option 55 370103060f2c2e2f Apple Mac OSX Option 55 370103060f775ffc2c2e2f Table 21 Validated DHCP Fingerprint Device DHCP Option DHCP Fingerprint NOTE When creating more than one role assignment rule based on RADIUS attributes a...

Page 141: ... 802 1x authentication or MAC authentication from the following rules Vendor Specific Attributes VSA VLAN derivation rule User role SSID Profile The user VLAN cannot be derived in the following scenarios Captive Portal authentication Guest SSID network Vendor Specific Attributes VSA When an external radius server is used the user VLAN can be derived from the Dell User Vlan VSA The VSA is then carr...

Page 142: ...efined vlan derivation rule If matched we can use rule defined vlan value as vlan to assign user Figure 122 Configuring Radius Attributes on the Radius Server Configuring VLAN Derivation Rules on an IAP The rule assigns the user to a VLAN based on the attributes returned by the RADIUS server when the user is authenticated To configure VLAN derivation rules on an IAP perform the following steps 1 S...

Page 143: ...o be assigned 4 Click OK Figure 123 Configuring VLAN Derivation Rules on an IAP User Role If the VSA and VLAN derivation rules are not matched the user VLAN can be derived by an user role Configuring a User Role 1 Click the PEF link at the top right corner of Instant UI 2 Select Roles tab 3 Click the New button under roles 4 Enter the new role in the textbox and click OK 5 Click the New button und...

Page 144: ... 2 Select the Access tab 3 Under role based select the defined role 4 Select the access rule for the defined role from the list of Access rules 5 Click the New button under the New Role Assignment window 6 Select the attribute from the Attribute drop down list 7 Select the operator to match from the Operator drop down list 8 Enter the string to match in the String textbox 9 Select the role to be a...

Page 145: ... SSID profile Configuring VLAN Derivation Rules Using SSID Profile To configure VLAN derivation rules on an IAP perform the following steps 1 Select a network on the Instant UI and click on the edit link 2 Select the VLAN tab and check the static radio button under the client VLAN assignment 3 Enter the ID of the VLAN in the VLAN ID textbox 4 Click OK Figure 126 Configuring VLAN Derivation Rules U...

Page 146: ...146 User VLAN Derivation Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide ...

Page 147: ...from the drop down list Action Select Allow or Deny from the drop down list to allow or deny traffic with the specified service type and destination Log Select this checkbox if you want a log entry to be created when this rule is triggered Instant firewall supports firewall based logging function Firewall logs on IAP are generated as syslog messages Blacklist Select this checkbox if you want the c...

Page 148: ...TCP UDP and Other If you select the TCP or UDP options enter appropriate port numbers If you select the Other option enter the appropriate ID adp Application Distribution Protocol bootp Bootstrap Protocol dhcp Dynamic Host Configuration Protocol dns Domain Name Server esp Encapsulating Security Payload ftp File Transfer Protocol gre Generic Routing Encapsulation h323 tcp H 323 Transmission Control...

Page 149: ... Output System Name Service netbios ssn Network Basic Input Output System Session Service ntp Network Time Protocol papi Point of Access for Providers of Information pop3 Post Office Protocol 3 pptp Point to Point Tunneling Protocol rtsp Real Time Streaming Protocol sccp Skinny Call Control Protocol sip Session Initiation Protocol sip tcp Session Initiation Protocol Transmission Control Protocol s...

Page 150: ...enabled by default This rule allows traffic to all destinations To define allow TCP service access rule to a particular network perform the following steps a Click New the New Rule window appears b Select Allow from the Action drop down list c Select custom from the Service drop down list Select TCP from the Protocol drop down list Enter appropriate port number in the Port s text box d Select to a...

Page 151: ...e 3 Use the VLAN tab to specify how the clients on this network will get their IP address and VLAN 4 Click Next and slide to set the appropriate security levels in the Security tab 5 Click Next The Access tab appears The Allow any to all destinations access rule is enabled by default This rule allows traffic to all destinations To define allow POP3 service access rule to a particular server perfor...

Page 152: ... how the clients on this network will get their IP address and VLAN Click Next to continue 4 Click Next and set appropriate security levels using the slider bar in the Security tab 5 Click Next The Access tab appears The Allow any to all destinations access rule is enabled by default This rule allows traffic to all destinations To define deny FTP service access rule except to a particular server p...

Page 153: ...s on this network will get their IP address and VLAN Click Next to continue 4 Click Next and set appropriate security levels using the slider bar in the Security tab 5 Click Next The Access tab appears The Allow any to all destinations access rule is enabled by default This rule allows traffic to all destinations To define deny bootp service access rule except to a network perform the following st...

Page 154: ...154 Instant Firewall Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide Figure 131 Defining Rule Deny bootp Service Except to a Network ...

Page 155: ...t to the OpenDNS server Enabling Content Filtering To enable content filtering per SSID 1 Click New in the Networks tab and then click Show advanced options 2 Select Enabled from the Content Filtering drop down list and click Next to continue When Content Filtering is enabled the internal domains check the DNS request of the clients There are two ways to configure the internal domain 1 Navigate to...

Page 156: ...s that are valid on the enterprise network This list is used to determine how client DNS requests should be routed When Content Filtering is enabled for the wireless network everything that does not match this list is sent to OpenDNS Figure 133 Enterprise Domains To manually add or delete a domain perform the following steps 1 Navigate to Settings at the top right corner of the Instant UI and then...

Page 157: ...ting systems Identifying outdated operating systems Helps to locate outdated and unexpected OS in the company network Locating and patching vulnerable operating systems Assists in locating and patching specific operating system versions on the network that have known vulnerabilities thereby securing the company network OS Fingerprinting is enabled in the Dell Instant network by default The followi...

Page 158: ...158 OS Fingerprinting Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide ...

Page 159: ... IAP supporting an active voice call from scanning for other channels in the RF spectrum The IAP resumes scanning when no more active voice calls are present on that IAP This significantly improves the voice quality when a call is in progress while simultaneously delivering automated RF management functions Load Aware Scanning This feature dynamically adjusts scanning behavior to maintain uninterr...

Page 160: ...llowing modes Default Access Provides access based on the client request When Air Time Fairness is set to default access per user and per SSID bandwidth limits are not enforced Fair Access Allocates Airtime evenly across all the clients Preferred Access 11n clients get more airtime than 11a 11g which get more airtime than 11b The ratio is 16 4 1 Figure 135 Airtime fairness mode Access Point Contro...

Page 161: ...nts for a stable WLAN If the Client Aware mode is Disabled the IAP may change to a more optimal channel but this change may also disrupt current client traffic The Client Aware option is Enabled by default Scanning When ARM is enabled the IAP dynamically scans all 802 11 channels within its 802 11 regulatory domain at regular intervals and will report everything it sees to the IAP on each channel ...

Page 162: ...canning all channels for rogue APs and clients Spectrum Monitor In the Spectrum Monitor mode the AP functions as a dedicated full spectrum RF monitor scanning all channels to detect interference whether from neighboring APs or from non WiFi devices such as microwaves and cordless phones By default the access point s channel and power are optimized dynamically using Adaptive Radio Management ARM Yo...

Page 163: ...arameters described in table on each radio Use the following procedure to configure Instant s radio attributes for the 2 4GHz and 5GHz frequency bands Figure 137 Radio Profile 1 Navigate to RF which is at the top right corner of the WebUI 2 Click Show advanced options to view the Radio tab 3 Refer to the table below to configure the radio settings for bands 2 4GHz and 5GHz Monitor Enabled AP does ...

Page 164: ...onments with high and constant levels of noise interference Level 5 The AP completely disables PHY error reporting improving performance by eliminating the time the IAP would spend on PHY processing Channel switch announcement count Indicates the number of channel switching announcements that must be sent prior to switching to a new channel This allows associated clients to recover gracefully from...

Page 165: ...ate to IDS in the Instant UI and click the IDS link The built in IDS scans for access points that are not controller by this Virtual Controller These are listed below and classified as either Interfering or Rogue depending on whether they are on a foreign network or your network Figure 138 Intrusion Detection Wireless Intrusion Protection WIP WIP offers a wide selection of intrusion detection and ...

Page 166: ... table describes the detection policies that are enabled in Infrastructure Detection Custom settings box Table 26 Infrastructure Detection Policies Detection Level Detection Policy Off Rogue Classification Low Detect AP Spoofing Detect Windows Bridge IDS Signature Deauthentication Broadcast IDS Signature Disassociation Broadcast Medium Detect Adhoc networks using VALID SSID Valid SSID list will be...

Page 167: ... Frame HT IE Detect Malformed Frame Association Request Detect Malformed Frame Auth Detect Overflow IE Detect Overflow EAPOL Key Detect Beacon Wrong Channel Detect devices with invalid MAC OUI Table 27 Client Detection Policies Detection Level Detection Policy Off All detection policies are disabled Low Detect Valid Station Mis association Medium Detect Disconnect Station Attack Detect Omerta Atta...

Page 168: ...stom settings field The following table describes the detection policies that are enabled in Client Protection Custom settings field Table 28 Infrastructure Protection Policies Detection Level Detection Policy Off All detection policies are disabled Low Protect SSID Valid SSID list should be auto derived from Instant configuration Rogue Containment High Protect from Adhoc Networks Protect AP Imper...

Page 169: ...wireless attacks Wireless containment When enabled the system will attempt to disconnect all clients that are connected or attempting to connect to the identified Access Point None Disables all the containment mechanisms Deauthenticate only With deauthentication containment the Access Point or client is contained by disrupting the client association on the wireless interface Tarpit containment Wit...

Page 170: ...170 Intrusion Detection System Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide ...

Page 171: ...e Virtual Controller and the SNMP agent If you are using SNMPv3 to obtain values from the Dell Instant you can configure the following parameters Name A string representing the name of the user Authentication Protocol An indication of whether messages sent on behalf of this user can be authenticated and if so the type of authentication protocol used This can take one of the two values MD5 HMAC MD5...

Page 172: ...e text box 4 Select the type of authentication protocol from the Auth protocol drop down list 5 Enter the authentication password in the Password text box and retype the password in the Retype text box 6 Select the type of privacy protocol from the Privacy protocol drop down list 7 Enter the privacy protocol password in the Password text box and retype the password in the Retype text box 8 Click O...

Page 173: ...173 Figure 143 Creating Users for SNMPV3 SNMP Traps Dell Instant supports the configuration of external trap receivers in the Instant UI Only the IAP acting as the Virtual Controller will generate traps The OID of the traps is 1 3 6 1 4 1 14823 2 3 3 1 200 2 X Figure 144 SNMP Traps ...

Page 174: ...specifies the format of traps generated by the access point c Community Username Specify the community string for SNMPV1 and SNMPV2c traps and a username for SNMPV3 traps d Port Enter the port to which the traps are sent The default value is 162 e Inform When enabled traps are sent as SNMP INFORM messages It is applicable to SNMPV3 only The default value is Yes 3 Click OK to view the trap receiver...

Page 175: ...elease of Dell Instant you can form an IAP network by connecting the downlink port of an AP to other APs Only one AP in the network uses its downlink port to connect to the other APs This AP called the root AP acts as the wired device for the network provides DHCP service and an L3 connection to the ISP uplink with NAT The root AP is always the master of the Instant network On a single Ethernet po...

Page 176: ...176 Hierarchical Deployment Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide ...

Page 177: ... Networks window and enter the following information in the Wired tab The following figure displays the wired parameters of the Ethernet profile configuration Figure 146 Ethernet Profile Configuration Wired Tab NOTE This release of Instant supports only the OpenAuth mechanism Table 31 Ethernet Downlink Profile Parameters Wired Tab Field Description Name Name of the Ethernet downlink profile Primar...

Page 178: ...meters of the Ethernet profile configuration Table 32 Ethernet Downlink Profile Parameters VLAN Tab Field Description Mode In Access mode the port carries a single VLAN specified as the Native VLAN In Trunk mode the port carries packets for multiple VLANs specified as the Allowed VALN Native VLAN Specifies the VLAN carried by the port in Access mode Allowed VLANs Specifies the VLAN carried by the ...

Page 179: ...ab 6 Click New in the Access Rules window to create a new rule and enter the following Table 34 Ethernet Downlink Profile Parameters Access Tab Field Description Access Rules Unrestricted User gets unrestricted access on the port Network based User is authenticated using the access rules defined here Table 35 Access Rules Parameters Field Description Rule type Access Control Action Allow Allow use...

Page 180: ...red Networks window Assigning a Profile to the Ethernet Port You can assign the configured profiles to the ethernet ports under the Network Assignments window To assign an ethernet downlink profile to Ethernet 0 port 1 Enable wired bridging on the port See Configuring Wired Bridging on Ethernet 0 on page 82 2 Select and assign a profile from the 0 0 drop down list To assign an Ethernet downlink pr...

Page 181: ... network It also provides a reliable backup link for the Ethernet based Instant network The following figure describes the IAP when the Ethernet connection is not configurable on an IAP network The other IAPs also join the Virtual Controller as slave IAPs via a wired uplink Figure 152 Uplink Types The following types of uplinks are supported on Instant Ethernet PPPoE DHCP Static IP 3G 4G LTE modem...

Page 182: ...of 3G modems True Auto Detect Modems of this type can be used only in one country and for a specific ISP The parameters are configured automatically and hence no configuration is necessary Plug and Play Auto detect ISP country Modems of this type are used where user needs to specify the Country and ISP The same modem is used for different ISPs with different parameters configured for each of them ...

Page 183: ...U301 Franklin wireless USB U760 for Virgin Novatel USB U720 Novatel Qualcomm UM175 Pantech UM150 Pantech UMW190 Pantech SXC 1080 Qualcomm Globetrotter ICON 225 UMG181 NTT DoCoMo L 05A LG FOMA L05A NTT DoCoMo L 02A ZTE WCDMA Technologies MSM MF668 Fivespot ZTE c motech CNU 600 ZTE AC2736 SEC 8089 EpiValley Nokia CS 10 NTT DoCoMo L 08C LG NTT DoCoMo L 02C LG Novatel MC545 Huawei E220 for Movistar in...

Page 184: ...60 Novatel Verizon Novatel MiFi 2200 Verizon Mifi 2200 Huawei E272 E170 E220 ATT Huawei E169 E180 E220 E272 Vodafone SmarTone HK Huawei E160 O2 UK Huawei E160 SFR France Huawei E220 NZ and JP Huawei E176G Telstra Aus Huawei E1553 E176 3 HUTCH Aus Huawei K4505 Vodafone SmarTone HK Huawei K4505 Vodafone UK ZTE MF656 Netcom norway ZTE MF636 HK CSL 1010 ZTE MF633 MF636 Telstra Aus ZTE MF637 Orange in ...

Page 185: ... modem from storage mode to modem mode in the USB switch mode text box Figure 155 Provisioning 3G 4G Uplink Manually Provisioning 3G Uplink Automatically In automatically provisioning 3G uplink the user has to provide inputs for country and ISP in the Country and ISP textboxes The IAP finds the parameters internally Figure 156 Provisioning 3G Uplink Automatically NOTE This release of Instant suppo...

Page 186: ...e VPN connection is down at which point a different uplink 3G is selected If the current uplink is 3G and Eth0 has a physical link the IAP periodically suspends user traffic to try and connect to the VPN on the Eth0 If the IAP succeeds then the IAP switches to Eth0 If the IAP does not succeed then the IAP restores the VPN connection to the current uplink Uplink Preemption With this feature the IAP...

Page 187: ...fect The PPPoE connection is dialed after the AP comes up The PPPoE configuration is checked during bootup and if found incorrect Ethernet is used for the uplink connection Configuring PPPoE To configure the PPPOE settings 1 Click the Settings link at the upper right corner of the Instant WebUI 2 Click the Show advanced options link 3 In the Uplink tab perform the following steps in the PPPoE sect...

Page 188: ...188 Uplink Configuration Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide Figure 159 PPPoE Settings ...

Page 189: ...Features This section describes the Dell PowerConnect W AirWave features that are available in the Dell Instant network Image Management Dell PowerConnect W AirWave allows you to manage firmware updates on WLAN devices by defining a minimum acceptable firmware version for each make and model of a device It remotely distributes the firmware image to the WLAN devices that require updates and it sche...

Page 190: ... the capacity and appropriate strategies for your organization Intrusion Detection System Dell PowerConnect W AirWave provides advanced rules based rogue classification It automatically detects rogue APs irrespective of their location in the network It prevents authorized IAPs from being detected as rogue IAPs It tracks and correlates the IDS events to provide a complete picture of network securit...

Page 191: ...re 161 Adding an IAP in VisualRF Configuring Dell PowerConnect W AirWave This section describes how to configure Dell PowerConnect W AirWave Before configuring the AirWave you need the following IP address of the AirWave server Shared key for service authorization This is assigned by the AirWave administrator Creating your Organization String The Organization String is a set of colon separated str...

Page 192: ...rimary server the Virtual Controller switches to the backup server automatically 5 Enter the shared key in the Shared key text box and reconfirm This shared key is used for configuring the first AP in the Dell Instant network 6 Click OK Dell PowerConnect W AirWave Discovery through DHCP Option The Dell PowerConnect W AirWave configuration can also be performed on the DHCP option that is configured...

Page 193: ... class drop down list and then click Add Enter the following information Name Dell Instant Data Type String Code 60 Description Dell Instant AP Figure 164 Instant and DHCP options for Dell PowerConnect W AirWave Predefined Options and Values 4 Go to Server Manager and select Server Options in the IPv4 window This sets the value globally Use options on a per scope basis to override the global optio...

Page 194: ... AirWave Server Options 6 Select 060 Dell Instant AP in the Server Options window and enter Dell InstantAP in the String Value Figure 166 Instant and DHCP options for Dell PowerConnect W AirWave 060 Dell Instant AP in Server Options 7 Select 043 Vendor Specific Info and enter a value for airwave orgn airwave ip airwave key in the ASCII field for example tme instant store1 10 169 240 8 Dell123 ...

Page 195: ...option Figure 168 Instant and DHCP options for Dell PowerConnect W AirWave Scope Options Alternate method for defining Vendor Specific DHCP options This section describes how to add vendor specific DHCP options for Dell Instant AP in a network that uses DHCP option 60 and 43 for other services such as PXE There are few customers that use DHCP standard options such as option 60 and 43 for giving th...

Page 196: ...ass DHCP Standard Options User class Default User Class Available options Select 043 Vendor Specific Info String Value Dell InstantAP tme store4 10 169 240 8 Dell123 which is the AP description organization string Dell PowerConnect W AirWave IP address Pre shared key for Dell PowerConnect W AirWave Figure 169 Vendor Specific DHCP options Upon completion the IAP shows up as a new device in Dell Pow...

Page 197: ...ect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide Dell PowerConnect W AirWave Integration and Management 197 Figure 170 Dell PowerConnect W AirWave New Group Figure 171 Dell PowerConnect W AirWave Monitor ...

Page 198: ...198 Dell PowerConnect W AirWave Integration and Management Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide ...

Page 199: ...tual Controller view is the default view This view allows you to monitor the Dell Instant network The following Instant UI elements are available in this view Tabs Contains three tabs Networks Access Points and Clients For detailed information about the tabs see Chapter 2 Instant User Interface Links Contains three links Monitoring Client Alerts and IDS These links allow you to monitor the Dell In...

Page 200: ...If the OpenDNS is Not connected make sure you have provided the correct credentials on the OpenDNS tab of the Settings window In addition please check if the Internet connection is up MAS integration Displays the status of the MAS integration feature Uplink type Displays the type of uplink Ethernet and 3G Uplink status Displays whether the uplink is up or down RF Dashboard The RF Dashboard section...

Page 201: ... last 15 minutes To see an enlarged view click the graph The enlarged view provides Last Minimum Maximum and Average statistics for the number of clients associated with the Virtual Controller for the last 15 minutes To see the exact number of clients in the Dell Instant network at a particular time hover the cursor over the graph line To check the number of clients associated with the Virtual Con...

Page 202: ...for outgoing traffic is displayed in green Outgoing traffic is shown above the median line Incoming traffic Throughput for incoming traffic is displayed in blue Incoming traffic is shown below the median line To see an enlarged view click the graph The enlarged view provides Last Minimum Maximum and Average statistics for the incoming and outgoing traffic throughput of the Virtual Controller for t...

Page 203: ... in which the network is broadcast 2 4 GHz band 5 4 GHz band or both Type Network type Employee Guest or Voice IP Assignment Source of IP address for the client Access The level of access control for this network Security level The type of user authentication and data encryption for this network Usage Trends The Usage Trends section displays the following graphs for the selected network Clients Fi...

Page 204: ...stant UI The Virtual Controller view appears This is the default view 2 In the Networks tab click the network for which you want to check the client association The Network view appears 3 Study the Clients graph in the Usage Trends pane For example the graph on the left shows that one client is associated with the selected network at 12 00 hours Throughput The Throughput graph shows the throughput...

Page 205: ...mber of clients associated with the IAP Type Displays the model number of the IAP CPU Utilization Displays the CPU utilization in percentage Memory Free Displays the memory availability of the IAP in Mega Bytes MB Serial number Displays the serial number of the IAP From Port Displays the port from where the slave IAP is learned in hierarchy mode RF Dashboard In the Instant Access Point view the RF...

Page 206: ...es Instant Access Point 6 1 3 4 3 1 0 0 User Guide Figure 179 Neighboring APs Graph CPU Utilization Figure 180 CPU Utilization Graph Neighboring Clients Figure 181 Neighboring Clients Graph Memory Free MB Figure 182 Memory free Graph Clients ...

Page 207: ...he respective graph lines To check the neighboring APs detected by the IAP for the last 15 minutes 1 Log in to the Instant UI The Virtual Controller view appears This is the default view 2 In the Access Points tab click the IAP for which you want to monitor the client association The IAP view appears 3 Study the Neighboring APs graph in the Overview section For example the graph shows that 148 int...

Page 208: ...ents associated with the selected IAP for the last 15 minutes To see an enlarged view click the graph The enlarged view provides Last Minimum Maximum and Average statistics for the number of clients associated with the IAP for the last 15 minutes To see the exact number of clients associated with the selected IAP at a particular time hover the cursor over the graph line To check the number of clie...

Page 209: ...ss Point 6 1 3 4 3 1 0 0 User Guide Monitoring 209 Figure 185 Utilization Graph 2 4 GHz Frames fps Figure 186 2 4 GHz Frames fps Graph Drops fps Figure 187 Drops fps Graph Noise Floor dBm Figure 188 Noise Floor dBm Graph 2 4 GHz Mgmt Frames ...

Page 210: ...h The enlarged view provides Last Minimum Maximum and Average radio utilization statistics for the IAP for the last 15 minutes To see the exact utilization percent at a particular time hover the cursor over the graph line To monitor the utilization of the selected IAP for the last 15 minutes 1 Log in to the Instant UI The Virtual Controller view appears This is the default view 2 In the Access Poi...

Page 211: ...e sources and unwanted signals in the network Noise floor is measured in decibels metre Too many unwanted signals hamper the performance of the IAP Monitor the noise floor regularly for optimal performance of the IAP To see an enlarged view click the graph The enlarged view provides Last Minimum Maximum and Average statistics for the In and Out frames To see the exact utilization percent at a part...

Page 212: ...lick the graph The enlarged view provides Last Minimum Maximum and Average statistics for the In and Out frames To see the exact utilization percent at a particular time hover the cursor over the graph line To monitor the errors for the IAP for the last 15 minutes 1 Log in to the WebUI The Virtual Controller view appears This is the default view 2 In the Access Points tab click the name link of th...

Page 213: ...ected to Access Point IAP to which the client is connected to Channel Channel that the client is using Type Channel type that the client is broadcasting on RF Dashboard In the Client view the RF Dashboard section is moved below the Info section The RF Dashboard section in the client view shows the speed and the signal information for the client and the RF information for the IAP to which the clien...

Page 214: ...ee an enlarged view click the graph The enlarged view provides Last Minimum Maximum and Average signal statistics for the client fr the last 15 minutes To see the exact signal strength at a particular time hover the cursor over the graph line To monitor the signal strength of the selected client for the last 15 minutes 1 Log in to the Instant UI The Virtual Controller view appears This is the defa...

Page 215: ...inimum Maximum and Average statistics for the client for the last 15 minutes To see the exact speed at a particular time hover the cursor over the graph line To monitor the speed for the client for the last 15 minutes 1 Log in to the Instant UI The Virtual Controller view appears This is the default view 2 In the Clients tab click the IP address of the client for which you want to monitor the spee...

Page 216: ...mobility trail information for the selected client Association Time The time at which the selected client was associated with a particular IAP It shows the client IAP association for the last 15 minutes Access Point IAP name with which the client was associated NOTE Mobility information about the client is reset each time it roams from one IAP to another ...

Page 217: ... Mismatched authentication encryption setting The IAP cannot allow this client to associate because its authentication or encryption settings do not match IAP s configuration Ascertain the correct authentication or encryption settings and try to associate again 100104 Unsupported 802 11 rate The IAP cannot allow this client to associate because it does not support the 802 11 rate requested by this...

Page 218: ...ecting again 100309 RADIUS server authentication failure The IAP cannot authenticate this client using 802 1X because the RADIUS server rejected the authentication credentials password etc provided by the client Ascertain the correct authentication credentials and log in again 100410 Integrity check failure in encrypted message The IAP cannot receive data from this client because the integrity che...

Page 219: ... currently defined roles for all the networks blacklisted clients and to enable or disable the protocols for ALG Navigate to the PEF link at the top right corner of the WebUI to view the following features Authentication Servers This section displays the currently defined external authentication servers Name Indicates the name of the external authentication server Type Indicates the type of the au...

Page 220: ...sword in the Password text box and reconfirm 3 Select appropriate network type from the Type drop down list 4 Click Add and click OK The users are listed in the Users list See User Database on page 235 for more information Roles This window consists of the following options Roles This table displays all the roles defined for all the networks See User Role on page 143 for more information NOTE A sp...

Page 221: ...prioritize voice and video traffic from applications like Microsoft Office Communications Server OCS and Apple Facetime Figure 199 Classify Media QoS for Microsoft Office OCS and Apple Facetime Voice and video devices use a signaling protocol to establish control and terminate voice and video calls These control or signaling sessions are usually permitted using pre defined ACLs If however the cont...

Page 222: ...fault port When media traffic starts flowing audio and video data are sent through that same port using RTP The audio and video packets are interleaved in the air though individual the sessions can be uniquely identified using their payload type and sequence numbers The RTP header and payload also get encapsulated under the TURN ChannelData Messages The Facetime call is terminated with a SIP BYE m...

Page 223: ...sify Media Apple Facetime Client Blacklisting The client blacklisting denies connectivity to the blacklisted clients When a client is blacklisted in a Dell IAP the client is not allowed to associate with the IAP in the network If a client is connected to the network when it is blacklisted a deauthentication message will be send to force the client to disconnect ...

Page 224: ... a client to the blacklist In manual blacklisting the MAC address of the client has to be known to the user These clients would be added into a permanent blacklist These clients are not allowed to connect to the network unless they are removed from the blacklist Adding a Client to the Manual Blacklist To add a client to the blacklist manually using the MAC address of the client 1 Click on the PEF ...

Page 225: ...t duration 1 Select the PEF link and then select Blacklisting tab Auth failure blacklist time Enter the duration since the blacklisting has been triggered when the authentication failure threshold is exceeded PEF rule blacklisted time Enter the duration since the blacklisting has been triggered when a blacklisting rule has been triggered Figure 204 Dynamic Blacklisting PEF Settings Firewall ALG Co...

Page 226: ...rewall based Logging Instant firewall now supports firewall based logging function The firewall logs on the Instant APs are generated as syslog messages NOTE When the protocols for ALG are Disabled the changes do not take effect until the existing user sessions expire Reboot the IAP and the client or wait for few minutes to ensure the changes take effect ...

Page 227: ...a single VPN tunnel from the Virtual Controller to a Dell Mobility Controller in your corporate office Here the VPN tunnels from the Instant APs terminate on the Dell Mobility Controller The controller solely acts as a VPN end point and does not supply the Instant AP with any configuration To create a VPN tunnel from the Virtual Controller to a Dell Mobility Controller perform the following steps ...

Page 228: ...through the IPSec tunnel Figure 207 Tunneling Routing Use the Routing Table to specify policy based on routing into the VPN tunnel Each routing table entry has a destination network mask and default gateway 8 Click New and update the following parameters Destination Specify the destination network to be routed into the VPN tunnel Netmask Specify the network mask of the network to be routed into th...

Page 229: ...ec tunnel and non corporate traffic is sent on the uplink Centralized L2 In this mode the VC does not assign an IP address to the client but the DHCP traffic is directly forwarded to the controller over the IPSec tunnel and gets an IP address from either the controller or a DHCP server behind the controller serving the VLAN of the client However Instant AP does forward client traffic in the same w...

Page 230: ... DHCP pool Name Name of the subnet must be unique Type Indicates the type of DHCP server Available options are Local Distributed L3 Distributed L2 Centralized L2 Distributed L2 implies that this is a Distributed mode L2 DHCP subnet VLAN VLAN ID of the subnet This needs to be referenced in the SSID configuration to make use of this subnet Network Network to be used for this subnet Netmask Net mask ...

Page 231: ...e Type Indicates the type of DHCP server Available options are Local Distributed L3 Distributed L2 Centralized L2 Distributed L3 implies that this is a Distributed mode L3 DHCP subnet VLAN VLAN ID of the subnet This needs to be referenced in the SSID configuration to make use of this subnet Network Network to be used for this subnet Netmask Net mask of the subnet This along with Network determines...

Page 232: ...s subnet DHCP RelayDHCP Relay Agent and Option 82 Select to enable or disable these features When a DHCP server is configured with a DHCP Relay agent the client s Broadcast DHCP Discover packet is not sent to the corporate network instead the Virtual Controller acts as the DHCP Relay and unicasts DHCP packets to the corporate DHCP server Enable DHCP Option 82 to allow clients to send DHCP packets ...

Page 233: ...iguration Enabled Disabled DHCP packet relayed without the ALU specific Option 82 string Disabled Enabled DHCP packet not relayed but broadcasted with the ALU specific Option 82 string Disabled Disabled DHCP packet not relayed but broadcasted without the ALU specific Option 82 string Table 44 Ports used by the Apple Facetime Application DHCP Relay Option82 Behavior ...

Page 234: ...234 VPN Configuration Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide ...

Page 235: ...cify the required authentication encryption and access rules and allow the guest user to use the enterprise network An employee user is the employee who will be using the enterprise network for various official tasks You can create Employee WLANs specify the required authentication encryption and access rules and allow the employees to use the enterprise network Adding a User To add a user 1 At th...

Page 236: ...The user s details appear on the right side 3 Edit as required and click OK Deleting a User To delete a user 1 At the top right corner of the Instant UI click the Users link The Users window appears 2 In the Users section select the username that you want to delete and click Delete To delete all users or multiple users at a time select the usernames that you want to delete and click Delete All NOT...

Page 237: ...itial Wi Fi setup requires you to specify the country code for the country in which the Dell Instant will operate This configuration sets the regulatory domain for the radio frequencies that the IAPs use Within the regulated transmission spectrum a high throughput 802 11a 802 11b g or 802 11n radio setting can be configured The available 20 MHz and 40 MHz channels are dependent on the specified co...

Page 238: ...an DE Germany NL Netherlands IT Italy PT Portugal LU Luxembourg NO Norway FI Finland DK Denmark CH Switzerland CZ Czech Republic ES Spain GB United Kingdom KR Republic of Korea South Korea CN China FR France HK Hong Kong SG Singapore TW Taiwan BR Brazil IL Israel SA Saudi Arabia LB Lebanon AE United Arab Emirates ZA South Africa AR Argentina AU Australia AT Austria BO Bolivia CL Chile GR Greece ...

Page 239: ...w Zealand PL Poland PR Puerto Rico SK Slovak Republic SI Slovenia TH Thailand UY Uruguay PA Panama RU Russia KW Kuwait LI Liechtenstein LT Lithuania MX Mexico MA Morocco NZ New Zealand PL Poland PR Puerto Rico SK Slovak Republic SI Slovenia TH Thailand UY Uruguay PA Panama RU Russia EG Egypt TT Trinidad and Tobago TR Turkey CR Costa Rica Table 45 Country Codes List Continued Code Country Name ...

Page 240: ... CY Cyprus EE Estonia MU Mauritius RO Romania CS Serbia and Montenegro ID Indonesia PE Peru VE Venezuela JM Jamaica BH Bahrain OM Oman JO Jordan BM Bermuda CO Colombia DO Dominican Republic GT Guatemala PH Philippines LK Sri Lanka SV El Salvador TN Tunisia PK Islamic Republic of Pakistan QA Qatar DZ Algeria Table 45 Country Codes List Continued Code Country Name ...

Page 241: ...Whitelist Entry If you decide to use the Controller as the whitelist entry to configure the whitelist database use the following CLI command ArubaW 3400 local userdb ap add mac address 00 11 22 33 44 55 ap group test ArubaW 3400 The ap group parameter is not used for any configuration but needs to be configured The parameter can be any valid string If an external whitelist is being used the AP MAC...

Page 242: ...gpool startip endip ArubaW 3400 IAP VPN Profile Configuration This defines the server used to authenticate the IAP internal or an external server and the role for IAP user This role is used to define src nat rule to RADIUS server to allow Dynamic Radius proxy ArubaW 3400 config ip access list session iaprole ArubaW 3400 config sess iaprole any host radius server ip any src nat ArubaW 3400 config s...

Page 243: ...iaprole ArubaW 3400 config role session acl iaprole ArubaW 3400 config role ArubaW 3400 config aaa authentication vpn default iap ArubaW 3400 VPN Authentication Profile default iap server group default ArubaW 3400 VPN Authentication Profile default iap default role iaprole ArubaW 3400 VPN Authentication Profile default iap ArubaW 3400 config ...

Page 244: ...244 Controller Configuration for VPN Dell PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide ...

Page 245: ...e DNS Domain Name System EAP TLS Extensible Authentication Protocol Transport Layer Security EAP TTLS Extensible Authentication Protocol Tunneled Transport Layer Security IAP Instant Access Point IDS Intrusion Detection System IEEE Institute of Electrical and Electronics Engineers ISP Internet Service Provider Instant UI Instant User Interface LEAP Lightweight Extensible Authentication Protocol MX...

Page 246: ...ll PowerConnect W Series Instant Access Point 6 1 3 4 3 1 0 0 User Guide VC Virtual Controller VSA Vendor Specific Attributes WLAN Wireless Local Area Network Table 46 List of abbreviations Continued Abbreviation Expansion ...

Reviews:

No comments

Related manuals for PowerConnect W-IAP3WN

Barksdale 9000 Series Operating Instructions preview
9000 Series
Brand: Barksdale Pages: 5
D-Link DUB-H4 - Hub - USB Installation Manual preview
DUB-H4 - Hub - USB
Brand: D-Link Pages: 4
D-Link DSS-16+ Quick Install Manual preview
DSS-16+
Brand: D-Link Pages: 2
i3 International S244 Quick Start Manual preview
S244
Brand: i3 International Pages: 2
eao 04 Series Assembly Instructions preview
04 Series
Brand: eao Pages: 2
eao 04 Series Assembly Instruction preview
04 Series
Brand: eao Pages: 2
3Com 3C17539 Datasheet preview
3C17539
Brand: 3Com Pages: 12
3Com S7906E - Switch Datasheet preview
S7906E - Switch
Brand: 3Com Pages: 8
Vector MZ3-FA-V01 Manual preview
MZ3-FA-V01
Brand: Vector Pages: 6
X10 Anaconda Switcher VK68A User Manual preview
Anaconda Switcher VK68A
Brand: X10 Pages: 2
Labgear 28574LAB User Manual preview
28574LAB
Brand: Labgear Pages: 4
ATEN ALTUSCN KH1508I User Manual preview
ALTUSCN KH1508I
Brand: ATEN Pages: 173
Barco MatrixPRO 8x8 DVI Quick Start Manual preview
MatrixPRO 8x8 DVI
Brand: Barco Pages: 2
Ametek SIL IntelliPoint RF S*R*L Series Installation And Operating Instructions Manual preview
SIL IntelliPoint RF S*R*L Series
Brand: Ametek Pages: 93
Clas Ohlson EMT1700P Manual preview
EMT1700P
Brand: Clas Ohlson Pages: 5
Ross OpenGear DSS-8224 User Manual preview
OpenGear DSS-8224
Brand: Ross Pages: 47
Optical Systems OSD2700F SERIES Operator'S Manual preview
OSD2700F SERIES
Brand: Optical Systems Pages: 29
Dahua VTNS1006A-2 User Manual preview
VTNS1006A-2
Brand: Dahua Pages: 12

Brands by name

Popular brands

Load more brands