Siemens HiPath C10 User Manual Download Page 36 | Manualshive

Page: 36 / 300

background image

Overview of the Controller, Access Points and Convergence Software solution

A31003-W1040-U101-1-7619, July 2006 DRAFT

36

HiPath Wireless Controller, Access Points and Convergence Software V4.0, C10/C100/C1000 User Guide

hwc_intro.fm

Controller, Access Points and Convergence Software and your network

●

Shared Key authentication that relies on Wired Equivalent Privacy (WEP) keys

●

Open System that relies on Service Set Identifiers (SSIDs)

●

802.1x that is compliant with Wi-Fi Protected Access (WPA)

●

Captive Portal based on Secure Sockets Layer (SSL) protocol

The Controller, Access Points and Convergence Software system provides the centralized
mechanism by which the corresponding security parameters are configured for a group of APs.

●

Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks
defined in the 802.11b standard

●

Wi-Fi Protected Access version 1 (WPA1™) with Temporal Key Integrity Protocol (TKIP)

●

Wi-Fi Protected Access version 2 (WPA2™) with Advanced Encryption Standard (AES)
and Counter Mode with Cipher Block Chaining Message Authentication Code (CCMP)

3.3.2.1

Authentication

The HiPath Wireless Controller relies on a RADIUS server, or authentication server, on the
enterprise network to provide the authentication information (whether the user is to be allowed
or denied access to the network). A RADIUS client is implemented to interact with infrastructure
RADIUS servers.

The HiPath Wireless Controller provides authentication using:

●

Captive Portal – a browser-based mechanism that forces users to a Web page

●

RADIUS (using IEEE 802.1x)

The 802.1x mechanism is a standard for authentication developed within the 802.11 standard.
This mechanism is implemented at the wireless Port, blocking all data traffic between the
wireless device and the network until authentication is complete. Authentication by 802.1x
standard uses Extensible Authentication Protocol (EAP) for the message exchange between
the HiPath Wireless Controller and the RADIUS server.

When 802.1x is used for authentication, the HiPath Wireless Controller provides the capability
to dynamically assign per-wireless-device WEP keys (called per-station WEP keys in 802.11).
Or in the case of WPA, the HiPath Wireless Controller is not involved in key assignment.
Instead, the controller is involvement in the path between RADIUS server and the user to
negotiate the appropriate set of keys. With WPA2 the material exchange produces a Pairwise
Master Key which is used by the AP and the user to derive their temporal keys. (The keys
change over time.)

In the Controller, Access Points and Convergence Software, a RADIUS redundancy feature is
provided, where you can define a failover RADIUS server (up to 2 servers) in the event that the
active RADIUS server fails.

«
...
34
35
36
37
38
...
»

Summary of Contents for HiPath C10

Page 1: ...HiPath Wireless Controller Access Points and Convergence Software V4 0 C10 C100 C1000 User Guide ...

Page 2: ... is your sole responsibility to use the security features and to establish security practices within your company including training security awareness and call auditing Siemens sales and service personnel as well as Siemens business partners are available to work with you to help you guard against this unauthorized use of your telecommunications system July 2006 No part of this publication may be...

Page 3: ...anguages of the European Community 22 2 2 4 Conditions of Use in the European Community 25 2 2 5 Certifications of Other Countries 27 3 Overview of the Controller Access Points and Convergence Software solution 29 3 1 Conventional wireless LANS 29 3 2 Elements of the solution 30 3 3 Controller Access Points and Convergence Software and your network 33 3 3 1 Network traffic flow 34 3 3 2 Network se...

Page 4: ...or the discovery process 77 5 3 2 Connecting the Wireless AP to a power source and initiating the discovery and regis tration process 80 5 4 Adding and registering a Wireless AP manually 80 5 5 Modifying wireless AP settings 81 5 5 1 Modifying a Wireless AP s status 82 5 5 2 Configuring the default AP settings 83 5 5 3 Modifying a wireless AP s properties 86 5 5 4 Modifying the wireless AP s radio...

Page 5: ...2 Defining authentication for a VNS for Captive Portal 137 7 3 2 1 Defining the RADIUS server priority for RADIUS redundancy 140 7 3 2 2 Configuring Captive Portal for internal or external authentication 141 7 3 3 Defining authentication for a VNS for AAA 145 7 3 4 Defining MAC based authentication for a VNS 148 7 4 Defining accounting methods for a VNS 150 7 5 Defining RADIUS filter policy for VN...

Page 6: ...n events 207 8 6 Enabling SNMP 208 8 6 1 MIB support 208 8 6 2 Enabling SNMP on the HiPath Wireless Controller 209 8 7 Using controller utilities 210 8 8 Configuring Web session timeouts 211 9 Working with third party APs 213 10 Working with the Mitigator 217 10 1 Mitigator overview 217 10 2 Enabling the Analysis and data collector engines 218 10 3 Running Mitigator scans 219 10 4 Analysis engine ...

Page 7: ...250 12 4 2 Updating operating system software 252 12 4 3 Backing up HiPath Wireless Controller software 254 12 4 4 Restoring HiPath Wireless Controller software 257 12 4 5 Upgrading a HiPath Wireless Controller using SFTP 259 12 4 6 Configuring the controller for interaction with the HiPath Wireless Manager 260 12 4 7 Configuring Controller Access Points and Convergence Software logs and traces 26...

Page 8: ...Content Nur für den internen Gebrauch A31003 W1040 U101 1 7619 July 2006 DRAFT 8 HiPath Wireless Controller Access Points and Convergence Software V4 0 C10 C100 C1000 User Guide hwc1000_user_guidetoc fm ...

Page 9: ...Chapter 1 About this Guide describes the target audience and content of the guide the formatting conventions used in it and how to provide feedback on the guide Chapter 2 Regulatory information provides the regulatory information for the HiPath C10 C100 C1000 C2400 Wireless LAN Controllers and the AP2610 and AP2620 wireless access points Chapter 3 Overview of the Controller Access Points and Conve...

Page 10: ...Path Wireless Controller and the Wireless AP This chapter also includes information on the logs traces reports and displays available Chapter 13 Glossary contains a list of terms and definitions for the HiPath Wireless Controller and the Wireless AP as well as standard industry terms used in this guide Appendix A System states and LEDs provides a reference on the LED displays and their significanc...

Page 11: ...le immediately if it shows any sign of damage Replace any damaged safety equipment covers labels and protective cables immediately Use only original accessories or components approved for the system Failure to observe these instructions may damage the equipment or even violate safety and EMC regulations Only authorized Siemens service personnel are permitted to service the system Warnings This dev...

Page 12: ...heck the nominal voltage set for the equipment operating instructions and type plate High voltages capable of causing shock are used in this equipment Exercise caution when measuring high voltages and when servicing cards panels and boards while the system is powered on Only use tools and equipment that are in perfect condition Do not use equipment with visible damage To protect electrostatic sens...

Page 13: ...earbeiten alle Netzkabel trennen Falls eines der Stromversorgungsmodule ausfällt kann es ausgetauscht werden ohne die Stromversorgung zum HiPath Wireless Controller zu unterbrechen Bei dieser Prozedur ist jedoch mit Vorsicht vorzugehen Das Modul kann extrem heiß sein Tragen Sie Handschuhe um Verbrennungen zu vermeiden Bei unsachgemäßem Austausch der Lithium Batterie besteht Explosionsgefahr Die Li...

Page 14: ... alimentations électriques sauf si la procédure de maintenance mentionne le contraire Prenez toutes les précautions nécessaires lors de l entretien des réparations du module d alimentation du HiPath Wireless Controller pouvant être branché à chaud C100 C1000 Prenez toutes les précautions nécessaires lors de l entretien réparations des modules du HiPath Wireless Controller pouvant être branchés à c...

Page 15: ...que le système est sous tension prenez toutes les précautions nécessaires lors de la mesure des hautes tensions et de l entretien réparation des cartes des panneaux des plaques N utilisez que des appareils et des outils en parfait état Ne mettez jamais en service des appareils présentant des dommages visibles Pour protéger les dispositifs sensibles à l électricité statique portez un bracelet antis...

Page 16: ...About this Guide A31003 W1040 U101 1 7619 July 2006 DRAFT 16 HiPath Wireless Controller Access Points and Convergence Software V4 0 C10 C100 C1000 User Guide hwc_pref fm Consignes de sécurité ...

Page 17: ...oper regional software is downloaded and properly configured 2 1 WLAN HiPath Wireless Controller C10 C100 C1000 C2400 Conformance Standards Safety cULus Listed Device UL 60950 2000 3rd Edition North America CSA C22 2 No 60950 2000 3rd Edition Canadian Safety 73 23 EEC Low Voltage Directive LVD EN 60950 1 2001 European Safety CB Certification IEC 60950 1999 3rd Edition with applicable National Diff...

Page 18: ...n Immunity EN 61000 3 2 2000 Class A Harmonics EN 61000 3 3 1995 A1 2001 Flicker IEC CISPR 22 1997 Class A International Emissions IEC CISPR 24 1998 includes IEC EN 61000 4 2 3 4 5 6 11 International Immunity Australia New Zealand AS NZS 3548 via EU standards ACMA RoHS European Directive 2002 95 EC 2 2 AP2610 Internal Antenna AP AP2620 External Antenna AP The AP26XX is Wi Fi certified under Certif...

Page 19: ...ith instructions may cause harmful interference However there is no guarantee that interference will not occur If this equipment does cause harmful interference which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the e...

Page 20: ...s de Classe B prescrites dans la norme sur le materiel brouilleur Appareils Numeriques NMB 003 edictee par le ministere des Communications The AP26XX must be installed and used in strict accordance with the manufacturer s instructions as described in this guide and the quick start guide for the device to which AP26XX is connected Any other installation or use of the product violates FCC Part 15 re...

Page 21: ...his device must accept any interference received including interference that may cause undesired operation This Class B digital apparatus complies with Canadian ICES 003 This equipment meets the following conformance standards Canada Conformance Standards Safety cULus Listed C22 2 No 60950 1 03 1st Edition UL 2043 Plenum Rated as part of UL 60950 Suitable for use in environmental air space in acco...

Page 22: ... all European spectrum usage rules Contact local Authority for procedure to follow and regulatory information For more details on legal combinations of frequencies power levels and antennas contact Siemens Declaration of Conformity with R TTE Directive of the European Union 1999 5 EC The following symbol indicates compliance with the Essential Requirements of the R TTE Directive of the European Un...

Page 23: ...Richtlinie 1999 5 EG befindet BMWi Hiermit erklärt Siemens die Übereinstimmung des Gerätes Radio LAN device mit den grundlegenden Anforderungen und den anderen relevanten Festlegungen der Richtlinie 1999 5 EG Wien Greek ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ Siemens ΔΗΛΩΝΕΙ ΟΤΙ Radio LAN device ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999 5 ΕΚ Icelandic Siemens lysir her ...

Page 24: ...atkozom hogy a Radio LAN device megfelel a vonatkozó alapvetõ követelményeknek és az 1999 5 EC irányelv egyéb elõírásainak Slovak Siemens týmto vyhlasuje _e Radio LAN device spåòa základné po_iadavky a všetky príslušné ustanovenia Smernice 1999 5 ES Czech Siemens tímto prohlašuje _e tento Radio LAN device je ve shodì se základními po_adavky a dalšími pøíslušnými ustanoveními smìrnice 1999 5 ES Slo...

Page 25: ...e AP26XX must not be operated until proper regional software is downloaded 7 The user or installer is responsible to ensure that he AP26XX is operated according to channel limitations indoor outdoor restrictions license requirements and within power level limits for the current country of operation A configuration utility has been provided with the HiPath Wireless Controller to allow the end user ...

Page 26: ...This device employs a radar detection feature required for European Community operation in the 5 GHz band This feature is automatically enabled when the country of operation is correctly configured for any European Community country The presence of nearby radar operation may result in temporary interruption of operation of this device The radar detection feature will automatically restart operatio...

Page 27: ...untry code Other Country Specific Compliance Standards Approvals and Declarations Australia and New Zealand AS NZS 4288 Radio via EU standards AS NZX 3260 Safety via EU standards ACMA AS NZS 3548 Emissions via EU standards ACMA IEEE 802 11a b g IEEE 802 3af PoE EN 300 328 2 2003 04 2 4 GHz EN 301 893 1 2003 08 5 GHz EN 301 489 17 2002 08 RLAN IEC 60950 1 2001 1st Edition with Australian Deviations...

Page 28: ... 149 153 157 161 165 Argentina China Macau 5 725 5 850 GHz 149 153 157 161 165 Japan Mexico Turkey 5 15 5 35 GHz 36 40 44 48 52 56 60 64 Malaysia 5 25 5 35 GHz 5 725 5 850 GHz 52 56 60 64 149 153 157 161 165 S Africa 5 15 5 35 GHz 5 470 5 725 GHz 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 S Korea 5 15 5 35 GHz 5 47 5 60 GHz 5 725 5 825 GHz 36 40 44 48 52 56 60 64 100 104 1...

Page 29: ...d large scale enterprises The Controller Access Points and Convergence Software system provides a secure highly scalable cost effective solution based on the IEEE 802 11 standard The system is intended for enterprise networks operating on multiple floors in more than one building and is ideal for public environments such as airports and convention centers that require multiple access points This c...

Page 30: ...ssing schemes Most commonly Internet Protocol IP addressing is used 3 2 Elements of the solution The Controller Access Points and Convergence Software solution consists of two devices HiPath Wireless Controller wireless APs This architecture allows a single HiPath Wireless Controller to control many Wireless APs making the administration and management of large networks much easier There can be se...

Page 31: ...t in capabilities to recognize and manage the Wireless APs The HiPath Wireless Controller Activates the Wireless APs Enables Wireless APs to receive wireless traffic from wireless devices Processes the data traffic from the Wireless APs Forwards or routes the processed data traffic out to the network Authenticates requests and applies access policies Simplifying the Wireless APs makes them cost ef...

Page 32: ...the entire wireless network From the HiPath Wireless Controller the administrator can recognize configure and manage the Wireless APs and distribute new software releases Provides easy deployment of Wireless APs The initial configuration of the Wireless APs on the centralized HiPath Wireless Controller can be done with an automatic discovery technique For more information see Section 5 2 Discovery...

Page 33: ...reless users in either 802 1x or Captive Portal security modes The RADIUS Server system can be set up for certain standard attributes such as filter ID and for the Vendor Specific Attributes VSAs In addition Radius Disconnect RFC3576 which permits dynamic adjustment of user policy user disconnect is supported DHCP Server Dynamic Host Configuration Protocol RFC2131 A server that assigns IP addresse...

Page 34: ... routers must be configured to allow routing between the various services noted above Routing must also be enabled between multiple HiPath Wireless Controllers for the following features to operate successfully Availability Mobility Mitigator for detection of rogue access points Some features also require the definition of static routes Web Browser A browser provides access to the HiPath Wireless ...

Page 35: ...gured to locally bridge traffic to a configured VLAN directly at their network point of attachment The HiPath Wireless Controller decapsulates the packets and routes these to destinations on the network The HiPath Wireless Controller functions like a standard router except that it is configured to route only network traffic associated with wireless connected users The HiPath Wireless Controller ca...

Page 36: ...ser is to be allowed or denied access to the network A RADIUS client is implemented to interact with infrastructure RADIUS servers The HiPath Wireless Controller provides authentication using Captive Portal a browser based mechanism that forces users to a Web page RADIUS using IEEE 802 1x The 802 1x mechanism is a standard for authentication developed within the 802 11 standard This mechanism is i...

Page 37: ... parameters that advertise and control network access SSID Privacy policy WEP and WPA This technique enables policies and authentication to be applied to the groups of wireless users on a VNS as well as the collecting of accounting information on user sessions that can be used for billing When a VNS is set up on the HiPath Wireless Controller One or more Wireless APs by radio are associated with i...

Page 38: ... device bypassing any routing definitions of the controller s route table 3 3 5 Packet filtering policy Policy refers to the rules that allow different groups of users access to the network The Controller Access Points and Convergence Software system can link authorized users to user groups These user groups then can be confined to predefined portions of the network In the Controller Access Points...

Page 39: ...oosing its own IP address regardless of the subnet on which the serving APs are deployed In addition a HiPath Wireless Controller can learn about other HiPath Wireless Controllers on the network and then exchange client session information This enables a wireless device user to roam seamlessly between different Wireless APs on different HiPath Wireless Controllers 3 3 7 Network availability Contro...

Page 40: ...ion Overview To set up and configure the HiPath Wireless Controller and Wireless APs follow these steps 1 First time Setup Perform First Time Setup of the HiPath Wireless Controller on the physical network to modify the Management Port IP address for the enterprise network 2 Product Key Apply a Product Key file for licensing purposes If no Product Key is enabled the HiPath Wireless Controller func...

Page 41: ...Modify properties or settings of the Wireless AP if desired 7 Virtual Network Services VNS Setup Set up one or more virtual subnetworks on the HiPath Wireless Controller For each VNS configure the following Topology Configure the VNS RF Assign the Wireless APs radios to the VNS Authentication and Accounting Configure the authentication method for the wireless device user and enable the accounting ...

Page 42: ...ccess Points and Convergence Software solution A31003 W1040 U101 1 7619 July 2006 DRAFT 42 HiPath Wireless Controller Access Points and Convergence Software V4 0 C10 C100 C1000 User Guide hwc_intro fm System Configuration Overview ...

Page 43: ...lized management network access and routing to wireless devices that use Wireless APs to access the network It can also be configured to handle data traffic from third party access points The HiPath Wireless Controller provides the following functionality Controls and configures Wireless APs providing centralized management Authenticates wireless devices that contact a Wireless AP Assigns each wir...

Page 44: ...100 Four fast Ethernet ports 10 100 BaseT supporting up to 75 Wireless APs One management port 10 100 1000 BaseT One console port DB9 serial Power supply redundant R C1000 Two GigE ports dual 1GB SX network interfaces supporting up to 200 Wireless APs One management port 10 100 1000 BaseT One console port DB9 serial Power supply redundant R HiPath Wireless Controller Model Number Specifications C2...

Page 45: ...rotocol table To configure a physical port to attach to a VLAN define the VLAN as part of the IP address assignment Applying the product license key Apply a product license key file If a product license key is not applied the HiPath Wireless Controller functions with some features enabled in demonstration mode Not all features are enabled in demonstration mode For example mobility is not enabled a...

Page 46: ... the Qos Policy For more information see Section Virtual Network Services on page 107 Step 6 Registering and assigning APs to the VNS Deploy Wireless APs to their corresponding network locations Connect the Wireless APs to the HiPath Wireless Controller Once the Wireless APs are powered on they automatically begin the Discovery process of the HiPath Wireless Controller based on factors that includ...

Page 47: ...ulation attached to the DB9 serial port COM1 port of the HiPath Wireless Controller via a cross over null modem cable Use the Command Line Interface CLI commands For more information see the HiPath Wireless Controller Access Points and Convergence Software CLI Reference Guide Use a laptop computer with a Web browser Connect the supplied cross over Ethernet cable between the laptop and management E...

Page 48: ...ireless Controller Access Points and Convergence Software V4 0 C10 C100 C1000 User Guide hwc_startup fm Performing the first time setup of the HiPath Wireless Controller 4 In the User Name box type your user name The default is admin 5 In the Password box type your password The default is abc123 ...

Page 49: ...s for the HiPath Wireless Controller are displayed In the footer of the HiPath Wireless Assistant the following is displayed host name product name up time For example HWC C1000 0 days 17 11 If there is no key unlicensed the product name will not be displayed User is the user id you used to login in For example admin Port Status is the connectivity state of the port M is for the Management interfa...

Page 50: ...0 C100 C1000 User Guide hwc_startup fm Performing the first time setup of the HiPath Wireless Controller 9 In the Management Port Settings section click Modify The System Port Configuration screen appears 10 Type the following information Hostname Specifies the name of the HiPath Wireless Controller Domain Specifies the IP domain name of the enterprise network ...

Page 51: ...y the network 11 To save your changes click OK 4 2 1 1 Changing the administrator password It is recommended to change your default administrator password once your system is installed To change the administrator password 1 From the main menu click Wireless Controller Configuration The HiPath Wireless Controller Configuration screen appears 2 In the left pane click Management Users 3 In the user_a...

Page 52: ...nt port 2 Connect the HiPath Wireless Controller management port to the enterprise Ethernet LAN The HiPath Wireless Controller resets automatically 3 Log on to the HiPath Wireless Assistant The system is visible to the enterprise network 4 2 3 Applying the product license key To ensure all available system functionality is enabled your product license key must be applied To apply the product licen...

Page 53: ...kets associated with that port will be tagged with the corresponding VLAN This allows the HiPath Wireless Controller to directly attach to a VLAN network without the need to remove VLAN tags at the connection port You can redefine the data ports to function as one of three types Host Port Use a host port definition for connecting Wireless APs with no dynamic routing A host port has dynamic routing...

Page 54: ...d automatically on the HiPath Wireless Controller when a new VNS is defined The VNS port becomes the default gateway for wireless devices on this VNS No Wireless APs can be associated with a VNS port and no routing is permitted on this port The chart below summarizes the port types and their functions To configure the data port interfaces on the HiPath Wireless Controller 1 From the main menu clic...

Page 55: ... portion of the HiPath Wireless Controller Configuration screen displays the four Ethernet ports For each port the MAC address is displayed automatically 3 To select a port click it Port configuration allows for the explicit state of the administration state for each interface By default data interface states will be disabled You can then enable each of the data interfaces individually A disabled ...

Page 56: ...agement interfaces 7 To enable the SLP protocol select the SLP checkbox Wireless APs use this port for discovery and registration Other controllers can use this port to enable inter controller device mobility if this port is configured to use SLP or the HiPath Wireless Controller is running as a manager and SLP is the discovery protocol used by the agents 8 To allow Multicast Support select Enable...

Page 57: ...that do not match a more specific route definition To set a static route on the HiPath Wireless Controller 1 From the main menu click Wireless Controller Configuration The HiPath Wireless Controller Configuration screen appears 2 In the left pane click Routing Protocols The Static Routes tab appears 3 To add a new route in the Destination Address box type the destination IP address of a packet To ...

Page 58: ...outes checkbox to give priority over the OSPF learned routes including the default route which the HiPath Wireless Controller uses for routing This option is selected by default To remove this priority for static routes so that routing is controlled dynamically at all times clear the Override dynamic routes checkbox 8 To save your changes click Save To view the forwarding table on the HiPath Wirel...

Page 59: ...ing To enable OSPF OSPF RFC2328 routing you must Define one data port as a router port in the IP Addresses screen Enable OSPF globally on the HiPath Wireless Controller Define the global OSPF parameters Enable or disable OSPF on the port that you defined as a router port Ensure that the OSPF parameters defined here for the HiPath Wireless Controller are consistent with the adjacent routers in the ...

Page 60: ...ing Global Settings on the HiPath Wireless Controller 1 From the main menu click Wireless Controller Configuration The HiPath Wireless Controller Configuration screen appears 2 In the left pane click Routing Protocols The Static Routes tab appears 3 Click the OSPF tab 4 From the OSPF Status drop down list select ON to enable OSPF 5 In the Router ID box type the IP address of the HiPath Wireless Co...

Page 61: ...lick the OSPF tab The OSPF Settings screen appears 4 From the Port Status drop down list select Enabled to enable OSPF on the port The default setting is Disabled 5 In the Link Cost box type the OSPF standard for your network for this port This is the cost of sending a data packet on the interface The lower the cost the more likely the interface is to be used to forward data traffic The default se...

Page 62: ...isements LSAs received by the currently running OSPF process The LSAs describe the local state of a router or network including the state of the router s interfaces and adjacencies 2 To update the display click Refresh 4 2 7 Filtering at the interface level The Controller Access Points and Convergence Software has a number of built in filters that protect the system from unauthorized traffic These...

Page 63: ...stem s interface topology changes for example a change of IP address for any interface Enabling management traffic on an interface adds additional rules to the exception filter which opens up the well known IP TCP UDP ports corresponding to the HTTPS SSH and SNMP applications The port based built in exception filtering rules in the case of traffic from VNS users are applicable to traffic targeted ...

Page 64: ...ilters You can add specific filtering rules at the port level in addition to the built in rules Such rules give you the capability of restricting access to a port for specific reasons such as a Denial of Service DoS attack The filtering rules are set up in the same manner as filtering rules defined for a VNS specify an IP address and then either allow or deny traffic to that address For more infor...

Page 65: ...icable data port from the Port drop down list 4 In the IP subnet port box type the destination IP address You can also specify an IP range a port designation or a port range on that IP address 5 From the Protocol drop down list select the protocol you want to specify for the filter This list may include UDP TCP IPsec ESP IPsec AH ICMP The default is N A 6 Click Add The new filter appears in the Fi...

Page 66: ...0 C100 C1000 User Guide hwc_startup fm Performing the first time setup of the HiPath Wireless Controller 7 To select the new filter click it 8 To allow traffic select the Allow checkbox 9 To adjust the order of the filtering rules click Up or Down to position the rule The filtering rules are executed in the order defined here 10 To save your changes click Save ...

Page 67: ...n page 107 Registering and assigning APs to the VNS For more information see Section Configuring the wireless AP on page 69 4 4 Ongoing Operations of the Controller Access Points and Convergence Software Once you have configured the VNS and registered and assigned APs to the VNS the Controller Access Points and Convergence Software system configuration is complete Ongoing operations of the Control...

Page 68: ...roller A31003 W1040 U101 1 7619 July 2006 DRAFT 68 HiPath Wireless Controller Access Points and Convergence Software V4 0 C10 C100 C1000 User Guide hwc_startup fm Ongoing Operations of the Controller Access Points and Convergence Software ...

Page 69: ...etwork traffic to an Ethernet LAN The wireless AP is provided with proprietary software that allows it to communicate only with the HiPath Wireless Controller The Wireless AP physically connects to a LAN infrastructure and establishes an IP connection to the HiPath Wireless Controller The wireless AP has no user interface instead the wireless AP is managed through the HiPath Wireless Assistant The...

Page 70: ...he radios on the wireless AP are enabled or disabled through the HiPath Wireless Assistant Both radios can be enabled to offer service simultaneously For more information see Section 7 1 Topology for a VNS on page 124 The Unlicensed National Information Infrastructure U NII bands are three frequency bands of 100 MHz each in the 5 GHz band designated for short range high speed wireless networking c...

Page 71: ...fully locates a HiPath Wireless Controller to which it can register You must ensure that the appropriate services on your enterprise network are prepared to support the discovery process The following five steps summarize the discovery process Step 1 Use the IP address of the last successful connection to a HiPath Wireless Controller Once a wireless AP has successfully registered with a HiPath Wir...

Page 72: ...ation from SAs and creates a central repository SLP RFC2608 The HiPath Wireless Controller contains an SLP SA that when started queries the DHCP server for Option 78 and if found registers itself with the DA as service type Siemens The HiPath Wireless Controller contains a DA slpd The wireless AP queries DHCP servers for Option 78 in order to locate any DAs The wireless APs SLP User Agent then que...

Page 73: ...ess AP must be configured After the wireless AP is registered and configured it can be assigned to a Virtual Network Segment VNS to handle wireless traffic 5 2 2 1 Default AP configuration Default AP configuration simplifies the registration after discovery process Default AP configuration acts as a configuration template that can be automatically assigned to new registering APs The default AP con...

Page 74: ...f Failure during POST Green Off Green Random delay State displayed only after a vulnerable reset Green Off Off Green Green Off Vulnerable time interval The Wireless AP resets to factory default if powered off for three consecutive times during this state No vulnerable period when AP is resetting to factory defaults Green Off Off Off Green Off Off Off Green Resetting to factory defaults announcemen...

Page 75: ...Instructions Once the above processes are complete you can then continue with the wireless AP initial configuration The wireless AP initial configuration involves two steps Step One Define parameters for the discovery process For more information see Section 5 3 1 Defining properties for the discovery process on page 77 Step Two Connect the wireless AP to a power source to initiate the discovery a...

Page 76: ...uide hwc_apstartup fm Configuring the wireless APs for the first time Adding a wireless AP manually option An alternative to the automatic discovery and registration process of the wireless AP is to manually add and register a wireless AP to the HiPath Wireless Controller For more information see Section 5 4 Adding and registering a Wireless AP manually on page 80 ...

Page 77: ...hin MDL license limit The AP receives a default configuration The default configuration can be the default template assignment If the HiPath Wireless Controller recognizes the serial number it indicates that the registering device is pre registered with the controller The controller uses the existing registration record to authenticate the AP and the existing configuration record to configure the ...

Page 78: ... The HiPath Wireless AP screen appears 2 In the left pane click AP Registration The Wireless AP Registration screen appears During the initial setup of the network it is recommended to select the Allow all Wireless APs to connect option This option is the most efficient way to get a large number of wireless APs registered with the HiPath Wireless Controller Once the initial setup is complete it is...

Page 79: ...uide 79 Configuring the wireless AP Configuring the wireless APs for the first time 3 In the Security Mode section select one of the following Allow all Wireless APs to connect Allow only approved Wireless APs to connect The Allow all Wireless APs to connect option is selected by default For more information see Section 5 3 1 Security mode on page 77 ...

Page 80: ...process When a Wireless AP is powered on it automatically begins the discovery and registration process with the HiPath Wireless Controller A Wireless AP can be connected and powered in the following ways Power over Ethernet 802 3af PoE enabled switch port PoE Injector Power by AC adaptor For more information see the AP Install Guide 5 4 Adding and registering a Wireless AP manually An alternative...

Page 81: ...rough which the Wireless AP can be reached 8 Click Add Wireless AP The wireless AP is added and registered 9 Click Close 5 5 Modifying wireless AP settings Wireless APs are added with default settings which you can adjust and configure according to your network requirements In addition you can modify the properties and the settings for each radio on the wireless AP You can also locate and select A...

Page 82: ...ller security mode was Allow only approved Wireless APs to connect then the status of the wireless AP is Pending You must modify the security mode to Allow all Wireless APs to connect For more information see Section 5 3 1 Security mode on page 77 To modify a wireless AP s registration status 1 From the main menu click Wireless AP Configuration The HiPath Wireless AP screen appears 2 In the left p...

Page 83: ...ess APs after recovery from a failover Delete Delete this Wireless AP from the VNS 5 5 2 Configuring the default AP settings Wireless APs are added with default settings You can modify the system s AP default settings accordingly and then use these default settings to configure newly added APs In addition you can base the system s AP default settings on an existing AP configuration or have configu...

Page 84: ...pectively RTS CTS Frag Threshold For each radio type the size of a data unit which if below a Request To Send RTS Clear to Send CTS handshake is not performed Also type the maximum size of a packet or data unit that can be delivered The default values are 2346 Channel For each radio select the wireless channel that the Wireless AP will use to communicate with wireless devices Depending on the regu...

Page 85: ...s select the maximum data rate that clients can operate at while associated with the AP 11 12 18 24 36 48 or 54 Mbps 6 In the Static Configuration section modify the following In the Add box type the IP address of the HiPath Wireless Controller that will control this Wireless AP Click Add The IP address is added to the list Repeat to add additional HiPath Wireless Controllers Click Up and Down to ...

Page 86: ... range of transmit power can be adjusted dynamically 8 In the VNS Assignments section assign the radios for each VNS in the list by selecting or clearing the radio checkbox 9 To save your changes click Save 5 5 3 Modifying a wireless AP s properties Once a wireless AP has successfully registered you can then modify its properties Modifying an APs properties can include modifying properties on the ...

Page 87: ...ption Type comments for the wireless AP Port Select the Ethernet port of the controller the wireless AP is connected to Poll Timeout Type the timeout value in seconds for polling the controller The default value is 10 seconds Poll Interval Type the interval value in seconds for polling the controller The default value is 2 seconds Telnet Access Select whether Telnet Access to the wireless AP is en...

Page 88: ...plays the current version of the Wireless AP hardware Application Version Displays the current version of the Wireless AP software Status Approved Indicates that the wireless AP has received its binding key from the HiPath Wireless Controller after the discovery process Pending Indicates that the wireless AP has not yet successfully been approved for access with the secure controller You can modif...

Page 89: ...AC addresses appear in the Base Settings area The HiPath Wireless Controller C2400 can support up to 64 VNSs The HiPath Wireless Controller C1000 can support up to 50 VNSs the C100 can support up to 32 VNSs and the C10 can support up to 16 The AP radios can be assigned to each of the configured VNSs in a system Each AP can be the subject of 8 VNS assignments corresponding to the number of SSIDs it...

Page 90: ...The Auto selection allows the wireless AP to select the appropriate channel automatically For more information see Chapter 2 Regulatory information Tx Power Level Select the Tx power level Min 13 25 50 or Max If Dynamic Radio Management DRM was enabled on the DRM screen this option is read only Rx Diversity Select Best for the best signal from both antennas or Left or Right to choose either of the...

Page 91: ...ect the number of retries for the Voice transmission queue The default value is 1 The recommended rate is adaptive multi rate No of Retries for Turbo Voice TVO Select the number of retries for the Turbo Voice transmission queue The default value is 1 The recommended rate is adaptive multi rate Preamble Select a preamble value Short Long or Auto Protection Mode Select a protection mode None Auto or...

Page 92: ... Type the size of a data unit which if below a Request To Send RTS Clear to Send CTS handshake is not performed The default value is 2346 Frag Threshold Type the maximum size of a packet or data unit that can be delivered The default value is 2346 802 11a Select to enable the 802 11a radio 802 11j Select to enable the 802 11j radio This radio is only available in Japan Channel Select the wireless ...

Page 93: ...ive multi rate No of Retries for Best Effort BE Select the number of retries for the Best Effort transmission queue The default value is 4 The recommended rate is adaptive multi rate No of Retries for Video VI Select the number of retries for the Video transmission queue The default value is 4 The recommended rate is adaptive multi rate No of Retries for Voice VO Select the number of retries for t...

Page 94: ...tral network To achieve this model a static configuration is used To set up a wireless AP using static configuration 1 From the main menu click Wireless AP Configuration The HiPath Wireless AP screen appears 2 Click the appropriate wireless AP in the list In static configuration if the wireless AP cannot register with the HiPath Wireless Controller within the specified number of retries the wirele...

Page 95: ... type the value in the box Untagged Select if you want this AP to be untagged This option is selected by default 5 Select one of the two methods of IP address assignment for the wireless AP Use DHCP Select this option to enable Dynamic Host Configuration Protocol DHCP This option is enabled by default Static Values Select this option to specify the IP address of the wireless AP IP Address Type the...

Page 96: ...our changes click Save 5 5 6 Configuring Dynamic Radio Management The Dynamic Radio Management DRM feature for the wireless AP is enabled by default The DRM feature Adjusts power levels to balance coverage if another wireless AP which is assigned to the same SSID and is on the same channel is added to or leaves the network Allows wireless clients to be moved to another wireless AP if the load is t...

Page 97: ...eckbox is selected 4 To refresh the wireless APs list click Save The list is populated with the wireless APs 5 From the list of registered wireless APs select the checkbox corresponding to the wireless AP you want to configure for DRM The DRM properties are populated with default values when DRM is enabled 6 In the Coverage drop down list select Std Standard Coverage Adjusts the range to the clien...

Page 98: ...ult AP configuration If you have a wireless AP that is already configured with its own settings but would like the wireless AP to be reset to use the system s default AP settings use the Reset to Defaults feature on the AP Properties tab To configure a wireless AP with the system s default AP settings 1 From the main menu click Wireless AP Configuration The HiPath Wireless AP screen appears 2 In t...

Page 99: ... displays wireless AP information 3 If applicable modify the AP s properties For more information see Section 5 5 3 Modifying a wireless AP s properties on page 86 4 Click Copy to Defaults to make this AP s configuration be the system s default AP settings A pop up window asking you to confirm the configuration change appears 5 Click OK to confirm resetting the system s default AP settings 5 8 Con...

Page 100: ... from the list while pressing the CTRL key When using multi edit configuration any box or option that is not explicitly modified will not be changed by the update The Wireless APs shown in the Wireless APs list can be from any version of the software Attributes that are common between software versions are set on all Wireless APs Attributes that are not common are only sent to the AP versions to w...

Page 101: ...e new version of the AP software is installed from the HiPath Wireless Controller The software for each wireless AP can be uploaded either immediately or the next time the wireless AP connects Part of the wireless AP boot sequence is to seek and install its software from the HiPath Wireless Controller Although a number of the properties of each radio on a wireless AP can be modified without requir...

Page 102: ...led Upgrade The Controlled Upgrade tab appears Controlled upgrade allows you to individually select and control the state of an AP image upgrade which APs to upgrade when to upgrade how to upgrade and to which image the upgrade or downgrade should be done Administrators decide on the levels of software releases that the equipment should be running Always upgrade AP to default image overrides Contr...

Page 103: ... AP Images for Platform drop down list select the appropriate platform 4 To select an image in the AP Images list to delete click it 5 Click the Delete button The image is removed from the list To download a new wireless AP software image 1 From the main menu click Wireless AP Configuration The Wireless AP Configuration screen appears 2 From the left pane click AP Maintenance The AP Software Maint...

Page 104: ...enance tab appears 3 Click the Controlled Upgrade tab 4 From the Select AP Platform drop down list select the type of AP you want to upgrade 5 From the Select an image to use drop down list select the software image you want to use for the upgrade 6 In the list of registered Wireless APs select the checkbox for each Wireless APs to be upgraded with the selected software image 7 Click Apply AP imag...

Page 105: ...ss AP Performing wireless AP software maintenance 8 To save the software upgrade strategy to be run later click Save for later 9 To run the software upgrade immediately click Upgrade Now The selected Wireless AP reboots and the new software version is loaded The Always upgrade AP to default image checkbox on the AP Software Maintenance tab overrides the Controlled Upgrade settings ...

Page 106: ...e wireless AP A31003 W1040 U101 1 7619 July 2006 DRAFT 106 HiPath Wireless Controller Access Points and Convergence Software V4 0 C10 C100 C1000 User Guide hwc_apstartup fm Performing wireless AP software maintenance ...

Page 107: ...signed a Service Set Identifier SSID The SSID does not have to be unique Each VNS is assigned a range of IP addresses for wireless devices All of the wireless devices share the same IP address prefix the part of the IP address that identifies the network and subnet The IP addresses of the wireless devices are assigned dynamically by the HiPath Wireless Controller s Dynamic Host Configuration Proto...

Page 108: ...p a VNS on the HiPath Wireless Controller you are defining a subnet for a group of wireless device users The VNS definition creates a virtual IP subnet where the HiPath Wireless Controller acts as a default gateway to wireless devices In addition you can determine if the VNS is to apply for traffic bridging at the AP This type of VNS requires specification of RF parameters and authentication param...

Page 109: ... Bridging at the AP is useful in branch office deployments in which APs must provide service even when the connection to the controller is unavailable User access plan The user access plan should analyze the enterprise network and identify which users should have access to which areas of the network What areas of the network should be separated Which users can go out to the World Wide Web The Cont...

Page 110: ...e a VNS define the global settings that will apply to all VNS definitions For example global settings can include identifying the location of the RADIUS servers and enabling priority traffic handling for voice over internet traffic and dynamic authorization server support The type of network assignment determines all the other factors of the VNS There are two options for network assignment SSID Ha...

Page 111: ...dio can be assigned to any of the VNSs defined in the system with up to 8 assignments per radio Once a VNS definition is saved the HiPath Wireless Controller updates this information on the Wireless AP The VNS broadcasts the updates during beacon transmission unless the SSID beacon is suppressed on the Topology tab The Wireless AP Configuration screen lists defined VNSs and which radio each has be...

Page 112: ...ials userID password to be authenticated The captive portal redirection operation will redirect any web page requests corresponding to targets not explicitly allowed by the non authenticated filter The redirection will instruct the user s web page to contact the defined authentication web server You must ensure that the authentication web server is explicitly listed as an allow destination in orde...

Page 113: ...certificates for server authentication and privacy and its support for a variety of user authentication mechanisms For 802 1x the RADIUS server must support RADIUS extensions RFC2869 Until the access accept is received from the RADIUS server for a specific user the user is kept in an unauthenticated state 802 1x rules dictate no other packets other than EAP are allowed to traverse between the AP a...

Page 114: ...e Default filter Controls access if there is no matching filter ID for a user Within each type of filter define a sequence of filtering rules The filtering rule sequence must be arranged in the order that you want them to take effect Each rule is defined to allow or deny traffic in either direction In From a wireless device in to the network Out From the network out to a wireless device 6 6 1 Fina...

Page 115: ...ntication by AAA 802 1x AAA assignment requires that user authentication is completed using the 802 1x EAP protocol before a user is granted access to a network resource Therefor the enforcement of non authenticated traffic rules is not applicable When authentication is returned then the filter ID group filters are applied A VNS can have a subgoup with Login LAT Group ID that has its own filtering...

Page 116: ...ting to the highest encryption method Two modes are available Enterprise Specifies 802 1x authentication and requires an authentication server Pre Shared Key PSK Relies on a shared secret The PSK is a shared secret pass phrase that must be entered in both the wireless access point or router and the WPA clients 6 8 VNS global settings Before defining a specific VNS define the global settings that w...

Page 117: ...word that is required in both directions This password is used to validate the connection between controller and the RADIUS server 4 In order to proofread your password before saving the configuration click Unmask The password is displayed To mask the password click Mask This precautionary step is highly recommended in order to avoid an error later when the HiPath Wireless Controller attempts to c...

Page 118: ... tab 4 To enable DAS support select the Enable DAS Support checkbox 5 In the seconds box type the replay protection time limit The default value is 300 6 To enable authorize only service type select the Enable Authorize only service type checkbox By default the Require Username attribute to identify a session checkbox is selected 7 To save your changes click Save To define admission control thresh...

Page 119: ... drop down lists define the thresholds for the following Max Voice VO bandwidth for re association Max Voice VO bandwidth for association Max Video VI bandwidth for re association Max Video VI bandwidth for association Reserved Video VI bandwidth Reserved bandwidth for non admission controlled flows These global QoS settings apply to all APs that serve QoS enabled VNS with admission control 5 To s...

Page 120: ...box type a password between 8 and 63 characters long to be used between HiPath Wireless Controllers The same shared secret must also be defined on the other HiPath Wireless Controllers on the network The Inter HWC shared secret is also used to protect communications between the HiPath Wireless Controller and the HiPath Wireless Manager 5 In order to proofread your password before saving the config...

Page 121: ...rk Services Setting up a new VNS 6 9 Setting up a new VNS Now that you are familiar with the VNS concepts you can now set up a new VNS Setting up a new VNS involves the following general steps Step one Create a VNS name Step two Define the topology parameters Step three Configure the VNS For information on setting up a new VNS see Chapter 7 Virtual Network configuration ...

Page 122: ...irtual Network Services A31003 W1040 U101 1 7619 July 2006 DRAFT 122 HiPath Wireless Controller Access Points and Convergence Software V4 0 C10 C100 C1000 User Guide hwc_vnsintro fm Setting up a new VNS ...

Page 123: ...oup of wireless device users where the HiPath Wireless Controller acts as a default gateway to wireless devices For each VNS you define its topology authentication accounting RADIUS servers filtering multicast parameters privacy and policy mechanism When you set up a new VNS additional tabs appear only after you save the topology A critical topology option to define for a VNS is the VNS type Route...

Page 124: ...hoice for a VNS is the type of network assignment which determines all the other factors of the VNS When you have completed defining the topology for your VNS save the topology settings Once your topology is saved you can then access the remaining VNS tabs and continue configuring your VNS There are two options for network assignment SSID The SSID determines the VNS to which a user profile will be...

Page 125: ...Configuration The Virtual Network Configuration screen appears 2 In the left pane Virtual Networks list click the VNS you want to create an SSID for The Topology tab is displayed 3 From the Assignment by drop down list select SSID 7 1 1 1 Defining session timeout parameters The HiPath Wireless Controller allows a client to associate to the AP and exist on the network without having authentication ...

Page 126: ... timeout parameters for a VNS 1 From the main menu click Virtual Network Configuration The Virtual Network Configuration screen appears 2 In the left pane Virtual Networks list click the VNS you want to define the session timeout parameters for The Topology tab is displayed 3 In the Idle pre box type the number of minutes that a client is allowed to be idle on the VNS before authentication 4 In th...

Page 127: ... left pane Virtual Networks list click the VNS you want to enable third party APs for The Topology tab is displayed 3 Select the Use 3rd Party AP checkbox The definition of third party AP identification parameters allows the system to be able to differentiate the third party AP device and corresponding traffic from user devices on that segment Devices identified as third party APs are considered p...

Page 128: ...sing OSPF sends only the part that has changed and only when a change has taken place To define a next hop route and OSPF advertisement 1 From the main menu click Virtual Network Configuration The Virtual Network Configuration screen appears 2 In the left pane Virtual Networks list click the VNS you want to define a next hop route for The Topology tab is displayed 3 In the Next Hop Address box typ...

Page 129: ... HiPath Wireless Controller s own point of presence on the VLAN In this case the controller s interface is typically not the gateway for the subnet The gateway for the subnet is the infrastructure router defined to handle the VLAN 4 In the Mask box type the appropriate subnet mask for this IP address to separate the network portion from the host portion of the address typically 255 255 255 0 The f...

Page 130: ...vide To save your changes click Save The DHCP Address Exclusion subscreen closes 5 The Broadcast Address box populates automatically based on the Gateway IP address and subnet mask of the VNS 6 In the Domain Name box type the external enterprise domain name 7 1 1 6 Modifying time limits for IP assignments The following procedure is only applicable for configurations if the controller is the DHCP s...

Page 131: ...the context of DHCP definitions and therefor these values are not available for configurations if DHCP service is not defined A VLAN bridged VNS has an option to define the DHCP behavior for the VNS By default the DHCP service is disable although the administrator can elect to have the controller s VNS interface on the VLAN become either the actual DHCP server enable DHCP or become the relay agent...

Page 132: ...teway box type the IP address for the VNS 5 In the Mask box type the appropriate subnet mask for this IP address 6 In the DHCP Server box type the IP address of the DHCP server to which DHCP discover and request messages will be forwarded for clients on this VNS In the case of relay the HiPath Wireless Controller does not handle DHCP requests from users but instead forwards the requests to the ind...

Page 133: ... save your changes click Save 7 1 3 Saving your topology properties Once your topology is defined you can then save your topology properties to continue configuring your VNS To save your topology properties click Save 7 2 Assigning Wireless AP radios to a VNS If two HiPath Wireless Controllers have been paired for availability for more information see Section 8 1 Availability overview on page 189 ...

Page 134: ...lect the following Suppress SSID Select to prevent this SSID from appearing in the beacon message sent by the Wireless AP The wireless device user seeking network access will not see this SSID as an available choice and will need to specify it Enable proprietary IE attention reviewer need definition Im not sure what this option does Enable 11h support Select to enable TPC Transmission Power Contro...

Page 135: ...S The next step in configuring a VNS is to set up the authentication mechanism There are various authentication combinations available If network assignment is by SSID authentication can be none by Captive Portal using internal Captive Portal by Captive Portal using external Captive Portal by MAC based authentication If network assignment is by AAA 802 1x authentication can be by 802 1x authentica...

Page 136: ...Siemens URL Redirection 1 string Returned from RADIUS server A URL that can be returned to redirect a session to a specific Web page Siemens AP Name 2 string Sent to RADIUS server The name of the AP the client is associating to It can be used to assign policy based on AP name or location Siemens AP Serial 3 string Sent to RADIUS server The AP serial number It can be used instead of or in addition ...

Page 137: ... network access Captive Portal authentication relies on a RADIUS server on the enterprise network There are three mechanisms by which Captive Portal authentication can be carried out Internal Captive Portal The HiPath Wireless Controller presents the Captive Portal Web page carries out the authentication and implements policy External Captive Portal After an external server presents the Captive Po...

Page 138: ...guration fm Authentication for a VNS 4 Click Auth The Authentication fields are displayed 5 From the RADIUS drop down list select the server you want to use for Captive Portal authentication and then click Use The server s default information is displayed The RADIUS servers are defined in the Global Settings screen For more information see Section 6 8 VNS global settings on page 116 ...

Page 139: ...g purposes A red asterisk appears next to Auth indicating that a server has been assigned 6 In the Port box type the port used to access the RADIUS server The default is 1812 7 In the of Retries box type the number of times the HiPath Wireless Controller will attempt to access the RADIUS server 8 In the Timeout box type the maximum time that a HiPath Wireless Controller will wait for a response fr...

Page 140: ...are configuring has already been selected as the primary server the Reset to Primary checkbox is selected RADIUS redundancy defines additional backup RADIUS servers that the system will attempt to communicate with in case a connection with the identified primary server fails If connection to an active primary server fails the system automatically attempts to connect to one of the alternate servers...

Page 141: ... VNS you want to define the RADIUS server priority for The Topology tab is displayed 3 Click the Auth Acct tab 4 From the drop down list select the servers group you want to prioritize Configured Servers Authentication Servers MAC Servers Accounting Servers 5 In the server list select the RADIUS server and click Up or Down to arrange the order The first server in the list is the active one 6 To te...

Page 142: ...an external server The authentication can be carried out by an external authentication server or by the HiPath Wireless Controller request to a RADIUS server For more information on configuring Captive Portal settings see Section 7 3 2 2 To configure the Captive Portal settings for internal Captive Portal on page 142 or Section 7 3 2 2 To configure the Captive Portal Settings for external Captive ...

Page 143: ...ar above the Login box to greet the user For example the message could explain why the Captive Portal page is appearing and instructions for the user 11 In the Replace Gateway IP with FQDN box type the appropriate name if a Fully Qualified Domain Name FQDN is used as the gateway address 12 In the Default Redirection URL box type the URL to which the wireless device user will be directed to before ...

Page 144: ... The Topology tab is displayed 3 Click the Auth Acct tab 4 Click Configure Captive Portal Settings The Captive Portal Configurations window appears 5 Select the External Captive Portal option 6 In the HWC Connection drop down list select the IP address 7 Type the port of the HiPath Wireless Controller The external Captive Portal page on the external authentication server will send the request back...

Page 145: ... for network access along with login identification or a user profile is forwarded by the HiPath Wireless Controller to a RADIUS server To define authentication by AAA 802 1x 1 From the main menu click Virtual Network Configuration The Virtual Network Configuration screen appears 2 In the left pane Virtual Networks list click the VNS you want to set up authentication by AAA for The Topology tab is...

Page 146: ...guration fm Authentication for a VNS 4 Click Auth The Authentication fields are displayed 5 From the RADIUS drop down list select the server you want to use for Captive Portal authentication and then click Use The server s default information is displayed The RADIUS servers are defined in the Global Settings screen For more information see Section 6 8 VNS global settings on page 116 ...

Page 147: ...been assigned 6 In the Port box type the port used to access the RADIUS server The default is 1812 7 In the of Retries box type the number of times the HiPath Wireless Controller will attempt to access the RADIUS server 8 In the Timeout box type the maximum time that a HiPath Wireless Controller will wait for a response from the RADIUS server before attempting again 9 In the NAS Identifier box typ...

Page 148: ... UserID MAC and Password MAC for each user If MAC based authentication is to be used in conjunction with the 802 1x or Captive Portal authentication an additional account with a real UserID and Password must also be set up on the RADIUS server To define MAC based authentication for a VNS 1 From the main menu click Virtual Network Configuration The Virtual Network Configuration screen appears 2 In ...

Page 149: ...r more information see Section 6 8 VNS global settings on page 116 6 If applicable to use a server that has already been used for another type of authentication or accounting select the server you want to use for MAC authentication and then select User server for MAC Authentication 7 In the Port box type the port used to access the RADIUS server The default is 1812 8 In the of Retries box type the...

Page 150: ...methods for a VNS The next step in configuring a VNS is to define the methods of accounting Accounting tracks the activity of a wireless device users There are two types of accounting available HiPath Wireless Controller accounting Enables the HiPath Wireless Controller to generate Call Data Records CDRs in a flat file on the HiPath Wireless Controller RADIUS accounting Enables the HiPath Wireless...

Page 151: ...ge 116 6 Select Use server for RADIUS Accounting 7 In the Port box type the port used to access the RADIUS server The default is 1812 8 In the of Retries box type the number of times the HiPath Wireless Controller will attempt to access the RADIUS server 9 In the Timeout box type the maximum time that a HiPath Wireless Controller will wait for a response from the RADIUS server before attempting ag...

Page 152: ...trol access to the network If you define a group within an AAA VNS the group or child definition acquires the same authentication and privacy parameters as the parent VNS However you need to define a different topology and filtering rules for this group All the filters are exposed For the Assignment by SSID with no authentication the filter that is applied to the client session is the default filt...

Page 153: ...AAA a VNS can have a sub group with Login LAT group ID that has its own filtering rules If no filter ID matches are found then the default filter is applied VNS Policy is also applicable for Captive Portal and MAC based authorization 7 6 1 Filtering rules for an exception filter The exception filter provides a set of rules aimed at restricting the type of traffic that is delivered to the controlle...

Page 154: ...lter on an VNS applies only to the destination portion of the packet Traffic to a specified IP address and IP port is either allowed or denied Adding exception filtering rules allows network administrators to either tighten or relax the built in filtering that automatically drops packets not specifically allowed by filtering rule definitions The exception filtering rules can deny access in the eve...

Page 155: ... port range on that IP address In the Protocol drop down list select the applicable protocol The default is N A 6 Define a rule to allow access to the default gateway for this VNS Select IP Port Type the default gateway IP address VNS IP address that you defined in the Topology tab for this VNS 7 Click Add The information appears in the Filter Rules area of the tab 8 Select the new filter then sel...

Page 156: ...ific IP definition of a server outside the HiPath Wireless Controller Redirection and Captive Portal credentials apply to HTTP traffic only A wireless device user attempting to reach websites other than those specifically allowed in the non authenticated filter will be redirected to the allowed destinations Most HTTP traffic outside of those defined in the non authenticated filter will be redirect...

Page 157: ...ter ID values for The Topology tab is displayed 3 Click the Filtering tab 4 From the Filter ID drop down list select Non Authenticated The Filtering tab automatically provides a Deny All rule already in place Use this rule as the final rule in the non authenticated filter for Captive Portal 5 For each filtering rule you are defining do the following In the IP subnet port box type the destination I...

Page 158: ...ng the Up and Down buttons The filtering rules are executed in the order you define here 10 To save your changes click Save 7 6 2 1 Non authenticated filter examples A basic non authenticated filter for internal Captive Portal should have three rules in the following order Administrators must ensure that the non authenticated filter allows access to the corresponding authentication server Internal...

Page 159: ...om the authentication server 7 6 3 Filtering rules for a filter ID group When the wireless device user provides the identification credentials identification is sent by the HiPath Wireless Controller to the RADIUS server or other authentication server through a sequence of exchanges depending on the type of authentication protocol used When the server allows this request for authentication the ser...

Page 160: ... no filter ID is returned by the authentication server or no match is found on the HiPath Wireless Controller the filtering rules in the default filter will apply to the wireless device user To define filtering rules for a filter ID group 1 From the main menu click Virtual Network Configuration The Virtual Network Configuration screen appears 2 In the left pane Virtual Networks list click the VNS ...

Page 161: ...g to get on the network If applicable select Out to refer to traffic from the network host that is trying to get to a wireless device Select the Allow checkbox applicable to the rule you defined 8 Edit the order of a filter by selecting the filter and clicking the Up and Down buttons The filtering rules are executed in the order you define here 9 To save your changes click Save 7 6 3 1 Filtering r...

Page 162: ... rule in the default filter should be a catch all rule for any traffic that did not match a filter A final Allow All rule in a default filter will ensure that a packet is not dropped entirely if no other match can be found VNS Policy is also applicable for Captive Portal and MAC based authorization To define the filtering rules for a default filter 1 From the main menu click Virtual Network Config...

Page 163: ...s a Deny All rule already in place This rule can be modified to Allow All if appropriate to the network access needs for this VNS 7 6 4 1 Default filter examples The following are examples of filtering rules for a default filter In Out Allow IP Port Description x x Intranet IP range Deny all access to an IP range x x Port 80 HTTP Deny all access to web browsing x x Intranet IP Deny all access to a...

Page 164: ...p filtering rules that allow each wireless device access to the default gateway but also prevent each device from communicating with each other Add the following two rules to a filter ID filter before allowing everything else In Out Allow IP Port Description x Port 80 HTTP on host IP Deny all incoming wireless devices access to web browsing the host x Intranet IP 10 3 0 20 ports 10 30 Deny all tra...

Page 165: ...orwarded to and from the VNS The default behavior is to drop the packets For each group defined you can enable Multicast Replication by group To enable multicast for a VNS 1 From the main menu click Virtual Network Configuration The Virtual Network Configuration screen appears 2 In the left pane Virtual Networks list click the VNS you want to enable Multicast for The Topology tab is displayed 3 Cl...

Page 166: ...ttons IP Group Type the IP address range Defined groups Select from the drop down list 6 Click Add The group is added to the list above 7 To enable the wireless multicast replication for this group select the corresponding Wireless Replication checkbox 8 To modify the priority of the multicast groups select the group row and click the Up or Down buttons A Deny All rule is automatically added as th...

Page 167: ...ch radio can support up to eight SSIDs 16 per AP Each AP can participate in up to 50 VNSs For each VNS only one WEP key can be specified It is treated as the first key in a list of WEP keys Wi Fi Protected Access WPA Pre Shared key PSK Privacy in PSK mode using a Pre Shared Key PSK or shared secret for authentication WPA PSK is a security solution that adds authentication to enhanced WEP encryptio...

Page 168: ...select the WEP encryption key length 40 bit 104 bit 128 bit 6 Select one of the following input methods Input Hex If you select Input Hex type the WEP key input in the WEP Key box The key is generated automatically based on the input Input String If you select Input String type the secret WEP key string used for encrypting and decrypting in the WEP Key String box The WEP Key box is automatically f...

Page 169: ... by WPA PSK for a Captive Portal The Topology tab is displayed 3 Click the Privacy tab 4 Select WPA PSK 5 To enable WPA v1 encryption select WPA v 1 6 If WPA v 1 is enabled select one of the following encryption types from the Encryption drop down list Auto The AP will advertise both TKIP and CCMP Counter Mode with Cipher Block Chaining Message Authentication Code Protocol for WPAv1 CCMP is an IEE...

Page 170: ... This will reduce the level of security for wireless communications 9 In the Broadcast re key interval box type the time interval after which the broadcast encryption key is changed automatically The default is 3600 10 In the Pre Shared Key box type the shared secret key to be used between the wireless device and Wireless AP The shared secret key is used to generate the 256 bit key 11 In order to ...

Page 171: ... Access WPA version 2 with encryption by Advanced Encryption Standard with Counter Mode CBC MAC Protocol AES CCMP To set up static WEP privacy for an AAA VNS 1 From the main menu click Virtual Network Configuration The Virtual Network Configuration screen appears 2 In the left pane Virtual Networks list click the AAA VNS you want to configure privacy by WPA PSK for a Captive Portal The Topology ta...

Page 172: ...To set up dynamic WEP privacy for a selected AAA VNS 1 From the main menu click Virtual Network Configuration The Virtual Network Configuration screen appears 2 In the left pane Virtual Networks list click the AAA VNS you want to set up dynamic WEP privacy for The Topology tab is displayed 3 Click the Privacy tab 4 Select Dynamic Keys 5 To save your changes click Save 7 8 2 2 Wi Fi Protected Acces...

Page 173: ...iterated 10 times A per packet key mixing function that shares a starting key between devices and then changes their encryption key for every packet or after the specified re key time interval expires The Counter Mode CBC MAC Protocol CCMP a new mode of operation for a block cipher that enables a single key to be used for both encryption and authentication The two underlying modes employed in CCM ...

Page 174: ...ntrolled with permissions and policy applied by the HiPath Wireless Controller To set up Wi Fi Protected Access privacy WPA for an AAA VNS 1 From the main menu click Virtual Network Configuration The Virtual Network Configuration screen appears 2 In the left pane Virtual Networks list click the AAA VNS you want to configure privacy by WPA PSK for a Captive Portal The Topology tab is displayed 3 Cl...

Page 175: ... 3600 9 To save your changes click Save 7 9 Defining a VNS with no authentication You can set up a VNS that will bypass all authentication mechanisms and run Controller Access Points and Convergence Software with no authentication of a wireless device user A VNS with no authentication can still control network access using filtering rules For more information on how to set up filtering rules that ...

Page 176: ...ndard that allow for data packets to wait their turn in order to avoid data collisions Regular traffic on a wireless network is an asynchronous process in which data streams are broken up by random intervals To reconcile the needs of isochronous data mechanisms are added to the network that give voice data traffic or another traffic type priority over all other traffic and allow for continuous tra...

Page 177: ...guration screen appears 2 In the left pane Virtual Networks list click the VNS you want to configure for voice over IP traffic The Topology tab is displayed 3 From the Assignment by drop down list select SSID 4 Click the Auth Acct tab 5 Click Configure Captive Portal Settings The Captive Portal Configurations subscreen appears 6 Select No Captive Portal Support and then click Save No authenticatio...

Page 178: ... For a VoIP VNS you should select the voice priority level that is the highest priority value allowed by the system 16 To save your changes click Save To configure a Wireless AP radio for a voice traffic VNS 1 From the main menu click Wireless AP Configuration The Wireless AP screen appears 2 In the left pane click the Wireless AP you want to configure for voice over IP traffic The AP Properties t...

Page 179: ...Controller Access Points and Convergence Software V4 0 C10 C100 C1000 User Guide 179 Virtual Network configuration Defining priority level for VNS traffic For more information see Section 5 5 4 Modifying the wireless AP s radio properties on page 88 6 To save your changes click Save ...

Page 180: ...defined as voice priority will have access to the higher priority queue The HiPath Wireless Controller supports the definition of 8 levels of user priority These priority levels are mapped at the AP to the best appropriate access class Of the 8 levels of user priority 6 are considered low priority levels and 2 are considered high priority levels WMM clients have the same 4 AC queues WMM clients wi...

Page 181: ...follows Table 16 Tagged packets mapping Where xxx can be either 1 or 0 The following 6 options are available for configuring the QoS behavior of the VNS Best Effort WMM is disabled and all traffic to and from the wireless client device will be handled as best effort traffic and will use the queue designated as best effort VNS type Packet type L2 L3 Tunneled Untagged No Yes Branch VLAN tagged Yes Y...

Page 182: ...nd upstream directions but it also enables prioritization of the traffic in the downstream direction for the non WMM clients Voice VNS w o WMM Forces the highest priority AC_VO for the traffic in the downstream direction for all clients WMM or non WMM in the VNS This mode changes the channel access parameters for the downstream direction in order to provide optimum voice performance With this mode...

Page 183: ...op behavior PHB The packet marking of the output packets user traffic and or transport Table 17 Service class At this time Layer 2 802 1d bits are not carried across the tunnel The HiPath Wireless Controller C2400 supports functionality CTP_QoS field by which L2 priority flags for user traffic received from a core VLAN is copied into the CTP header CTP_QoS field and passed to the AP to determine t...

Page 184: ...QoS 3 Click the QoS Policy tab 4 From the Wireless QoS list select the following Legacy Select if your VNS will support legacy devices that use SpectraLink Voice Protocol SVP for prioritizing voice traffic If selected the Turbo Voice option is displayed WMM Select to enable WMM WMM is part of the 802 11e standard for QoS attention reviewer need descriptions of what this option does If selected the...

Page 185: ...num 5 Gold 4 Silver 3 Bronze 2 Best Effort 1 Background 0 The lowest priority level DSCP marking 6 If you want to assign a service class to each DSCP marking clear the Priority Override checkbox and define the DSCP service class priorities in the DSCP classification table 7 The Advanced Wireless QoS options are only displayed if the WMM or 802 11e checkboxes are selected Enable U APSD checkbox nee...

Page 186: ...enu click Virtual Network Configuration The Virtual Network Configuration screen appears 2 In the left pane Virtual Networks list click the VNS that you want to define topology parameters for 3 Click the Topology tab 4 In the VNS Mode drop down list click Bridge Traffic Locally at AP to enable branch office mode 5 To define the VLAN Setting select one of the following Tagged Untagged If you select...

Page 187: ...N ID is unique per AP and there is at most one untagged VNS per AP In previous releases an entire AP had to be put into branch mode In the current release an individual VNS can be put into bridging mode An AP can have bridged and non bridged VNSs If it has more then one branch mode VNS only one bridged VNS can be untagged per AP The other branch mode VNSs need to have unique VLAN ID You must have ...

Page 188: ...etwork configuration A31003 W1040 U101 1 7619 July 2006 DRAFT 188 HiPath Wireless Controller Access Points and Convergence Software V4 0 C10 C100 C1000 User Guide hwc_vnsconfiguration fm Bridging traffic locally ...

Page 189: ...about a client session A maximum of up to 8 controllers can be linked to allow users to transparently roam across controllers in the mobility domain 8 1 Availability overview The HiPath Wirelesss Controller Access Points and Convergence Software system provides this feature to maintain service availability in the event of a HiPath Wireless Controller outage The availability feature links two HiPat...

Page 190: ...ld attempt to automatically connect to when a connection with an active controller link is lost The provided list identifies the local active interfaces enabled on the primary and backup controllers for the active controller as well as the active interfaces for the backup controller The list is sorted by top down priority If the active link is lost poll failure the AP automatically scans pings all...

Page 191: ... addresses must be unique For more information see A HiPath Wireless Controller C2400 VLAN Bridged VNS can permit two controllers to share the same subnet different IP addresses This setup provides support for mobility users in a VLAN Bridged VNS Section 7 1 Topology for a VNS on page 124 3 On both HiPath Wireless Controllers set the Registration Mode to Allow only approved so that no more wireles...

Page 192: ...ess AP 3 Define the wireless AP and click Add Wireless AP Manually defined APs will inherit the AP default configuration settings To set the primary or secondary HiPath Wireless Controllers for availability 1 From the main menu click Wireless AP Configuration The Wireless APs screen appears 2 In the left pane click AP Registration The Wireless AP Registration screen appears 3 To enable availabilit...

Page 193: ...er select one of the following options Allow all Wireless APs to connect If the HiPath Wireless Controller does not recognize the serial number it sends a default configuration to the wireless AP Or if the HiPath Wireless Controller recognizes the serial number it sends the specific configuration port and binding key set for that wireless AP Allow only approved Wireless APs to connect If the HiPat...

Page 194: ... HiPath Wireless Controller registers as an SLP service called ac_manager The controller service directs the Wireless APs to the appropriate HiPath Wireless Controller During an outage if the remaining HiPath Wireless Controller is the secondary controller It registers as the SLP service ru_manager To view SLP activity 1 From the main menu click Wireless AP Configuration The Wireless APs screen ap...

Page 195: ...er the wireless AP on the failed HiPath Wireless Controller loses its connection it will attempt a reboot unless the Link Persistence option is enabled If the AP is unsuccessful after five minutes of attempting to register with the controller the AP does not reboot and instead waits five minutes before attempting to reboot and register again If the AP is assigned to different VNSs on the two contr...

Page 196: ... log of the remaining HiPath Wireless Controller in the Reports and Displays area 2 After recovery on the HiPath Wireless Controller that did not fail select the foreign Wireless APs and click on the Release button in the Wireless AP Configuration AP Maintenance screen 8 2 Mobility manager The Controller Access Points and Convergence Software system allows multiple HiPath Wireless Controllers up t...

Page 197: ...istens for connection attempts from mobility agents Establishes connection and sends a message to the mobility agent specifying the Heartbeat interval and the mobility manager s IP address if it receives a connection attempt from the agent Sends regular Heartbeat messages containing wireless device session changes and agent changes to the mobility agents and waits for a returned update message The...

Page 198: ... that have roamed from the manager controller to other agents are terminated and required to re register as local users with the agent where they are currently located Participant controllers are reset to nodal operation Any user sessions that roamed away from their home AP are terminated and must reconnect Users need to reconnect to network re authenticate and obtain new IP address The data link ...

Page 199: ...nager process Ensure that the selected interface is routable on the network 6 In the Heartbeat box type the time interval in seconds at which the mobility manager sends a Heartbeat message to a mobility agent The default is 5 seconds 7 In the SLP Registration drop down list select whether to enable or disable SLP registration 8 In the Permission list select the agent IP addresses you want to appro...

Page 200: ...to the mobility manager 10 To save your changes click Save To designate a mobility agent 1 From the main menu click Wireless Controller Configuration The Wireless Controller Configuration screen appears 2 In the left pane click Mobility Manager The Mobility Manager Settings screen appears 3 To enable mobility for this controller select the Enable Mobility checkbox The controller mobility options a...

Page 201: ...efore trying again The default is 60 seconds 7 From the Discovery Method drop down list select one of the following SLPD Service Location Protocol Daemon is a background process acting as a SLP server It provides the functionality of the Directory Agent and Service Agent for SLP Use SLP to support the discovery of siemensNET service to attempt to locate the area mobility manager controller Static ...

Page 202: ...Defining management users In this screen you define the login user names that have access to the HiPath Wireless Assistant either for Controller Access Points and Convergence Software administrators with read write privileges or users with read only privileges For each user added you can also define and modify a user ID and password To add a HiPath Wireless Controller management user 1 From the ma...

Page 203: ...he Add User button The new user is added to the appropriate user list To modify a HiPath Wireless Controller management user 1 From the main menu click Wireless Controller Configuration The Wireless Controller Configuration screen appears 2 In the left pane click the Management Users option The Management Users screen appears 3 To select a user to be modified click it 4 In the Password box type th...

Page 204: ... system time using Network Time Protocol NTP an Internet standard protocol that synchronizes client workstation clocks To apply time zone settings 1 From the main menu click Wireless Controller Configuration The Wireless Controller Configuration screen appears 2 In the left pane click Network Time The Network Time screen appears 3 From the Continent or Ocean drop down list select the appropriate l...

Page 205: ...rs 2 In the left pane click Network Time The Network Time screen appears 3 To use Network Time Protocol select the Use NTP radio button 4 In the Use System TIme box type the time setting using the mm dd yyyy hh mm format 5 In the Time Server 1 box type the IP address or FQDN of a standard NTP Time Server You can repeat this step for the Time Server 2 and Time Server 3 boxes 6 To apply your changes...

Page 206: ...In the left pane click Check Point The Check Point Configuration screen appears 3 To enable check point logging select the Enable Check Point Logging checkbox 4 Type the following information Check Point Server IP Specifies the IP address of the ELA Management Station ELA Port Specifies the port to use for ELA The default port is 18187 Before you set up the HiPath Wireless Controller you must firs...

Page 207: ...d ID SIC Password Specifies your Secure Internal Communication SIC password You can use the Unmask button to display the password 5 To save your changes click Save 6 To create the certificate to be sent to the ELA Management Station click Generate Certificate button If the certificate is properly generated and the connection with the ELA Management Station is made the Connection Status area displa...

Page 208: ... the SNMP requesters 8 6 1 MIB support The Controller Access Points and Convergence Software system accepts SNMP Get commands and generates Trap messages Support is provided for the retrieval information from the router MIB II SNMP_GET as well as SNMP traps The supported MIBs include SNMPv2 MIB IF MIB IEEE802dot11 MIB RFC1213 MIB The Siemens Enterprise MIB includes HIPATH WIRELESS HWC MIB HIPATH W...

Page 209: ...ireless Controller to retrieve statistics and configuration information To enable SNMP Parameters 1 From the main menu click Wireless Controller Configuration The Wireless Controller Configuration screen appears 2 In the left pane click SNMP The Simple Network Management Protocol screen appears 3 Type the following information Contact Name Specifies the name of SNMP administrator Location Specifie...

Page 210: ...ps are monitored if Manager A is not available 8 7 Using controller utilities You can use HiPath Wireless Controller utilities to test a connection to the target IP address or to record the route through the Internet between your computer and the target IP address To test or record IP address connections 1 From the main menu click Wireless Controller Configuration The Wireless Controller Configura...

Page 211: ...nality Configuring Web session timeouts 8 8 Configuring Web session timeouts You can configure the time period to allow Web sessions to remain inactive before timing out To configure Web session timeouts 1 From the main menu click Wireless Controller Configuration The Wireless Controller Configuration screen appears 2 In the left pane click Web Settings The Wireless Controller Web Management Setti...

Page 212: ...sion Timeout box type the time period to allow the Web session to remain inactive before it times out This can be entered as hour minutes or as minutes The range is 1 minute to 168 hours 4 Select the Show VNS names on the Wireless AP SSID list checkbox to allow the names of the VNSs to appear in the SSID list for wireless APs 5 To save your settings click Save Pages that auto refresh will time out...

Page 213: ...access control This process requires the following steps Step 1 Define a data port as a third party AP port Step 2 Define a VNS for the third party AP port Step 3 Define authentication by captive portal for the third party AP VNS Step 4 Define filtering rules for the third party APs To set up third party APs Step 1 Define a data port as a third party AP port 1 From the main menu click Wireless Con...

Page 214: ... down list Make sure that Management Traffic and SLP are disabled for this port 4 Connect the third party access point to this port via a switch Step 2 Define a VNS for the third party AP port 1 From the main menu click Virtual Network Configuration The Virtual Network Configuration screen appears 2 In the left pane type a name that will identify the new VNS in the Add subnet box and then click Ad...

Page 215: ...ontinue configuring your VNS as described in Section 7 1 1 Configuring topology for a VNS for Captive Portal on page 125 Step 3 Define authentication by captive portal for the third party AP VNS 1 Click on the Authentication tab In the Authentication configuration screen 2 click the Captive Portal radio button 3 In the Captive Portal portion of the screen define the RADIUS Attributes and the filte...

Page 216: ...he HiPath Wireless Controller with VNS information Disable the third party access point s layer 3 IP routing capability and set the access point to work as a layer 2 bridge Here are the differences between third party access points and Wireless APs on the Controller Access Points and Convergence Software system A third party access point exchanges data with the HiPath Wireless Controller s data po...

Page 217: ... Wireless Controller runs a data collector application that receives and manages the RF scan messages sent by the wireless AP The scan data includes lists of all connected wirless APs third party APs other friendly APs and the RF scan information that has been collected from the wireless APs The data collector also informs the Analysis Engine of all the connected and unconnected access points thir...

Page 218: ...uration The Wireless Controller Configuration screen appears 2 In the left pane click Mitigator The Mitigator Configuration screen appears 3 To enable the Mitigator Analysis Engine select the Mitigator Analysis Engine checkbox 4 To enable the Mitigator Data Collection Engine on this HiPath Wireless Controller select the Enable Local Mitigator Data Collection Engine checkbox 5 To identify the remot...

Page 219: ...d Poll Retry parameters appears in the list 8 To add a new collection engine click Add Collection Engine 9 Repeat steps 4 to 7 10 To save your changes click Apply 10 3 Running Mitigator scans The Mitigator feature allows you to view the following Scan Groups Friendly APs Third Party APs To run the Mitigator scan task mechanism 1 From the main menu click Mitigator The Mitigator screen appears 2 Cli...

Page 220: ...up which will perform the scan function 5 In the Radio drop down list select one of the following Both The 2 4 GHz and 5 0 GHz radios both perform the scan function 2 4 GHz Only the 2 4 GHz radio performs the scan function 5 0 GHz Only the 5 0 GHz radio performs the scan function 6 In the Channel List drop down list select one of the following All Scanning is performed on all channels Current Scan...

Page 221: ...sponse in active scanning 9 In the Scan Time Interval box type the time in minutes to define the frequency at which a Wireless AP within the Scan Group will initiate a scan of the RF space The range is from one minute to 120 minutes 10 To initiate a scan using the periodic scanning parameters defined above click Start Scan 11 To initiate an immediate scan that will run only once click Run Now 12 T...

Page 222: ...oller that has its RF Data Collector enabled and has been associated with the Analysis Engine on this HiPath Wireless Controller The Analysis Engine looks for access points with one or more of the following conditions Unknown MAC address and unknown SSID critical alarm Unknown MAC with a valid SSID a known SSID is being broadcast by the unknown access point critical alarm Known MAC with an unknown...

Page 223: ... scan results 1 From the main menu click Mitigator The Mitigator screen appears 2 Click the Rogue Detection tab 3 To modify the screen s refresh rate type a time in seconds in the Refresh every __ seconds box 4 Click Apply The new refresh rate is applied 5 To view the Rogue Summary report click Rogue Summary The Rogue Summary report appears in a popup window 6 To clear all detected rogue devices f...

Page 224: ...ccess point item is removed from this list and appears in the Friendly AP Definitions area of the Friendly APs tab To delete an AP from the Mitigator scan results 1 From the main menu click Mitigator The Mitigator screen appears 2 Click the Rogue Detection tab 3 To delete a specific AP from the Mitigator scan results click the corresponding Delete button The AP is removed from the list To avoid th...

Page 225: ... All APs are removed from the list 10 6 Working with friendly APs To view the friendly APs 1 From the main menu click Mitigator The Mitigator screen appears 2 Click the Friendly APs tab To add friendly APs manually 1 From the main menu click Mitigator The Mitigator screen appears 2 Click the Friendly APs tab 3 To add friendly access points manually to the Friendly AP Definitions list type the foll...

Page 226: ...ck the Friendly APs tab 3 To select an access point from the Friendly AP Definitions list to delete click it 4 Click Delete The selected access point is removed from the Friendly AP Definitions list 5 To save your changes click Save To modify a friendly AP 1 From the main menu click Mitigator The Mitigator screen appears 2 Click the Friendly APs tab 3 To select an access point from the Friendly AP...

Page 227: ...V4 0 C10 C100 C1000 User Guide 227 Working with the Mitigator Maintaining the Mitigator list of APs 10 8 Maintaining the Mitigator list of APs To maintain the wireless APs 1 From the main menu click Mitigator The Mitigator screen appears 2 Click the AP Maintenance tab The deleted access points are marked with a Deleted flag ...

Page 228: ...and Convergence Software V4 0 C10 C100 C1000 User Guide hwc_mitigator fm Maintaining the Mitigator list of APs 3 To delete the marked access points from the Mitigator database click Delete marked APs The selected access points are deleted from the Mitigator database not from the HiPath Wireless Controller database ...

Page 229: ...lay the IP address of the Data Collector engine The status of the Data Collector engine is indicated by one of the following colors Green The Analysis Engine has connection with the Data Collector on that HiPath Wireless Controller Yellow The Analysis Engine has connected to the communication system of the other controller but has not synchronized with the Data Collector Ensure that the Data Colle...

Page 230: ...ith the Mitigator A31003 W1040 U101 1 7619 July 2006 DRAFT 230 HiPath Wireless Controller Access Points and Convergence Software V4 0 C10 C100 C1000 User Guide hwc_mitigator fm Viewing the Scanner Status report ...

Page 231: ...lays available in the HiPath Wireless Controller Access Points and Convergence Software system 11 1 Viewing the displays The following displays are available in the HiPath Wireless Controller Access Points and Convergence Software system Active Wireless APs Active Clients by Wireless AP Active Clients by VNS Wireless Controller Port Statistics Wireless AP Availability Wired Ethernet Statistics by ...

Page 232: ...e hwc_reports fm Viewing the displays To view reports and displays 1 From the main menu click Reports Displays The HiPath Reports Displays screen appears 2 In the List of Displays click the display you want to view some examples will follow The two displays on the right hand side of the screen only appear if the mobility manager function has been enabled for the controller ...

Page 233: ...HiPath Wireless Controller the display will show all Wireless APs as green If the Wireless APs are not attached they do not appear in the report 11 1 2 Viewing statistics for Wireless APs Two displays are snapshots of activity at that point in time on a selected Wireless AP Wired Ethernet Statistics by Wireless APs Wireless Statistics by Wireless APs The statistics displayed are those defined in t...

Page 234: ...e displays 3 In the Wired Ethernet Statistics by Wireless APs display click a registered Wireless APs to display its information To view Wireless Statistics by Wireless APs 1 From the main menu click Reports Displays The HiPath Reports Displays screen appears 2 Click the Wireless Statistics by Wireless APs display option The Wireless Statistics by Wireless APs display appears in a new browser wind...

Page 235: ...play its information 4 Click the appropriate tab to display information for each radio on the Wireless AP 5 To view information on a selected associated client click View Client The Associated Clients display appears in a new browser window To view wired Ethernet statistics by Wireless APs 1 From the main menu click Reports Displays The HiPath Reports Displays screen appears 2 Click the Active Cli...

Page 236: ...P If the client roams from one AP to another the session stays therefore Time Conn does not reset A client appears as soon as the client connects or after refresh of screen The client disappears as soon as it times out 11 1 3 Viewing displays for the mobility manager When a HiPath Wireless Controller has been configured as a mobility manager two additional displays appear as options in the List of...

Page 237: ... of Displays screen appears 2 Click the appropriate mobility manager display Client Location in Mobility Zone Mobility Tunnel Matrix The colored status indicates the following Green The mobility manager is in communication with an agent and the data tunnel has been successfully established Yellow The mobility manager is in communication with an agent but the data tunnel is not yet successfully est...

Page 238: ...umber of clients roamed Mobility loading Local controller loading Mobility membership list A HiPath Wireless Controller is only removed from the mobility matrix if it is explicitly removed by the administrator from the Mobility permission list If a particular link between controllers or the controller is down the corresponding matrix connections are identified in red colour to identify the link Th...

Page 239: ...troller Routing Protocols screen OSPF Neighbor if OSPF is enabled in the Routing Protocols screen OSPF Linkstate if OSPF is enabled in the Routing Protocols screen AP Inventory a consolidated summary of Wireless AP setup To view reports 1 From the main menu click Reports Displays The HiPath Reports Displays screen appears 2 In the Reports list click the report you want to view Forwarding Table OSP...

Page 240: ... to the location where you want to save the exported XML data file and in the File name box enter an appropriate name for the file 4 Click Save The XML data file is saved in the specified location If you open only automatically refreshed report pages the web management session timer will not be updated or reset Your session will eventually timeout If your default XML viewer is Internet Explorer or...

Page 241: ...wireless device You can view all the associated wireless devices by MAC address on a selected Wireless AP You can Disassociate a selected wireless device from its Wireless AP Add a selected wireless device s MAC address to a Blacklist of wireless clients that will not be allowed to associate with the Wireless AP Backup and restore the HiPath Wireless Controller database For more information see Se...

Page 242: ...applicable 5 Click Disassociate The client s session terminates immediately 12 1 2 Blacklisting a client The Blacklist tab displays the current list of MAC addresses that are not allowed to associate A client is added to the blacklist by selecting it from a list of associated APs or by entering its MAC address You can search for a client by MAC Address IP Address or User ID by selecting the search...

Page 243: ... Client Management The Disassociate tab appears 3 In the Select AP list click the AP you want to dissassociate 4 In the Select Client s list select the checkbox next to the client you want to disassociate if applicable 5 Click Add to Blacklist The selected wireless client s MAC address is added to the blacklist You can search for a client by MAC Address IP Address or User ID by selecting the searc...

Page 244: ...C address 1 From the main menu click Wireless AP Configuration The Wireless AP Configuration screen appears 2 From the left pane click Client Management The Disassociate tab appears 3 Click the Blacklist tab 4 To add a new MAC address to the blacklist in the MAC Address box enter the client s MAC address 5 Click Add The client appears in the MAC Addresses list 6 To save your changes click Save You...

Page 245: ...ist 1 From the main menu click Wireless AP Configuration The Wireless AP Configuration screen appears 2 From the left pane click Client Management The Disassociate tab appears 3 Click the Blacklist tab 4 Click Browse and navigate to the file of MAC addresses you want to import and add to the blacklist 5 Select the file and then click Import The list of MAC addresses is imported To export a list of...

Page 246: ...assword and the default IP settings To reset the AP to its factory default settings 1 Reboot the AP 2 Depower and repower the AP during the vulnerable time interval 3 Repeat Step 2 two more times When the AP reboots for the fourth time after having its power supply interrupted three consecutive times it restores its factory default settings The AP then reboots again to put the default settings int...

Page 247: ... the System Log Level area from the Wireless Controller Log Level drop down list select the least severe log level for the Controller that you want to receive Information Minor Major Critical For example if you select Minor you receive all Minor Major and Critical messages If you select Major you receive all Major and Critical messages The default is Information 3 Click Apply 4 From the Wireless A...

Page 248: ...abled syslog server in the IP box type a valid IP address for the server on the network 5 For each enabled syslog server in the Port box type a valid port number to connect on The default port for syslog is 514 6 To include all system messages select the Include all service messages checkbox If the box is not selected only component messages logs and traces are relayed This setting applies all thr...

Page 249: ...ystem including associated Wireless APs select the appropriate shut down option Halt system reboot Halt system reset database to factory default and reboot Halt system reset to factory default and reboot Halt system shutdown power 4 Click Apply Now The system is immediately halted The syslog daemon must be running on both the HiPath Wireless Controller and on the remote syslog server before the lo...

Page 250: ...ckup and restore the HiPath Wireless Controller database is also available The maintenance interface also includes the product key maintenance for first time setup and upgrades if appropriate For more information see Section 4 2 3 Applying the product license key on page 52 12 4 1 Updating HiPath Wireless Controller software You can update the core HiPath Wireless Controller software files using t...

Page 251: ... the main menu click Wireless Controller Configuration The Wireless Controller Configuration screen appears 2 From the left pane click Software Maintenance The HWC Software tab appears 3 To download a new image to be added to the list in the Download Image area type the following FTP Server The IP of the FTP server to retrieve the image file from User ID The user ID that the controller should use ...

Page 252: ...pears 2 From the left pane click Software Maintenance The HWC Software tab appears 3 To delete a software image from the list in the Available HWC Images list click the image 4 Click Delete The image is removed from the list 12 4 2 Updating operating system software You can update the Operating System OS software using the Software Maintenance function To upgrade operating system software 1 From t...

Page 253: ...2 From the left pane click Software Maintenance The HWC Software tab appears 3 Click the OS Software tab 4 To download a new image to be added to the list in the Download Image area type the following FTP Server The IP of the FTP server to retrieve the image file from User ID The user ID that the controller should use when it attempts to log in to the FTP server Password The corresponding password...

Page 254: ...the HiPath Wireless Controller database You can also schedule the backups to occur When a scheduled backup is defined you can configure to have the scheduled backup copied to an FTP server when the backup is complete To back up the HiPath Wireless Controller software 1 From the main menu click Wireless Controller Configuration The Wireless Controller Configuration screen appears 2 From the left pa...

Page 255: ... to retrieve the image file from User ID The user ID that the controller should use when it attempts to log in to the FTP server Password The corresponding password for the user ID Confirm The corresponding password for the user ID to confirm it was typed correctly Directory The directory on the server where the image file will be stored Filename The name that will be given to the image file when ...

Page 256: ...n The Wireless Controller Configuration screen appears 2 From the left pane click Software Maintenance The HWC Software tab appears 3 Click the Backup tab 4 Click Schedule Backup The Schedule Backups screen appears 5 In the What to backup drop down list select what you want to backup Config s CDRs Logs Audit and Rogue Configurations only CDRs only Logs only Audit only Rogue only 6 In the Schedule ...

Page 257: ...ver Password The corresponding password for the user ID Confirm The corresponding password for the user ID to confirm it was typed correctly Directory The directory on the server where the image file will be stored 8 To save your changes click Save 12 4 4 Restoring HiPath Wireless Controller software You can restore the HiPath Wireless Controller database To restore the HiPath Wireless Controller ...

Page 258: ...e to use drop down list 5 To launch the backup with the selected items click on the Restore Now button 6 In the dialog box that appears confirm the restore The image is restored To download for restore 1 From the main menu click Wireless Controller Configuration The Wireless Controller Configuration screen appears 2 From the left pane click Software Maintenance The System Maintenance screen appear...

Page 259: ...ferent images 5 Click Download The image is downloaded and added to the list To delete a backup available for restore 1 From the main menu click Wireless Controller Configuration The Wireless Controller Configuration screen appears 2 From the left pane click Software Maintenance The System Maintenance screen appears 3 Click the Restore tab 4 To delete a backup from the list in the Available Backup...

Page 260: ...troller images change to var chantry upgrade For OS archives change to var chantry osupgrade 3 Upload the image file using the SFTP client upload feature 4 To complete a HiPath Wireless Controller upgrade or an AP upgrade go to the appropriate Software Maintenance page For more information see Section 12 4 1 Updating HiPath Wireless Controller software on page 250 or Section 12 4 2 Updating operat...

Page 261: ...th Wireless Manager 1 From the main menu click Wireless Controller Configuration The Wireless Controller Configuration screen appears 2 From the left pane click Secure Connections The Shared Secret for Remote Connections screen appears 3 In the first box type the controller s IP address 4 In the second box type the shared secret to be used by both the HiPath Wireless Controller and the HiPath Wire...

Page 262: ...re maintained in a circular buffer when all are full the most recent replaces the earliest 12 4 8 Viewing log alarm and trace messages The HiPath Wireless Controller generates three types of messages Logs including alarms messages that are triggered by events Traces messages that display activity by component for system debugging troubleshooting and internal monitoring of software Audits files tha...

Page 263: ... alarm conditions will trigger a trap in SNMP Simple Network Management Protocol An SNMP trap is an event notification sent by the managed agent a network device to the management system to identify the occurrence of conditions For more information see Section 9 4 Setting up SNMP on page 159 To view logs 1 From the main menu click Logs Traces The Logs Traces screen appears 2 In the Navigation bar ...

Page 264: ...ile click the Export button The component called Langley is the term for the inter process messaging infrastructure on the HiPath Wireless Controller To view traces 1 From the main menu click Logs Traces The Logs Traces screen appears 2 In the Navigation bar click one of the Traces tabs The selected Trace screen appears The following is an example of the HiPath Wireless Controller traces The event...

Page 265: ... file click the Export button To view audits 1 From the main menu click Logs Traces The Logs Traces screen appears 2 In the Navigation bar click the Audit GUI tab The Audit screen appears The events are displayed in chronological order sorted by the Timestamp column 3 To sort the display by User Section Page or Audit Message click the appropriate column heading 4 To clear the audits from the list ...

Page 266: ...Path Wireless Controller software maintenance To clear logs 1 From the main menu click Logs Traces The Logs Traces screen appears 2 In the Navigation bar click one of the Log tabs The selected Log screen appears The following is an example of the HiPath Wireless Controller logs The events are displayed in chronological order sorted by the Timestamp column 3 To clear the logs click Clear Log Messag...

Page 267: ...or IPSec and Internet Key Exchange IKE AES has a variable key length the algorithm can specify a 128 bit key the default a 192 bit key or a 256 bit key For the WPA2 802 11i implementation of AES a 128 bit key length is used AES encryption includes 4 stages that make up one round Each round is then iterated 10 12 or 14 times depending upon the bit key size For the WPA2 802 11i implementation of AES...

Page 268: ... were added through the network or charges for operator services among other details of the call In essence call accounting is a database application that processes call data from your switch PBX iPBX or key system via a CDR call detail record or SMDR station message detail record port The call data record details your system s incoming and outgoing calls by thresholds including time of call durat...

Page 269: ...onnected DHCP also supports a mix of static and dynamic IP addresses DHCP consists of two components a protocol for delivering host specific configuration parameters from a DHCP server to a host and a mechanism for allocation of network addresses to hosts IETF RFC1531 Option 78 specifies the location of one or more SLP Directory Agents Option 79 specifies the list of scopes that a SLP Agent is con...

Page 270: ...ata rate bit sequence or chipping code that divides the user data according to a spreading ratio The chipping code is a redundant bit pattern for each bit that is transmitted which increases the signal s resistance to interference If one or more bits in the pattern are damaged during transmission the original data can be recovered due to the redundancy of the transmission Compare FHSS DTIM DTIM de...

Page 271: ...ion and can be used to dynamically generate user based and session based WEP keys EAP TTLS Tunneled Transport Layer Security is an extension of EAP TLS to provide certificate based mutual authentication of the client and network through an encrypted tunnel as well as to generate dynamic per user per session WEP keys Unlike EAP TLS EAP TTLS requires only server side certificates See also PEAP ELA O...

Page 272: ...ent and in some cases network routing FQDN Fully Qualified Domain Name A friendly designation of a computer of the general form computer subnetwork organization domain The FQDN names must be translated into an IP address in order for the resource to be found on a network usually performed by a Domain Name Server FTM Forwarding Table Manager FTP File Transfer Protocol Gateway In the wireless world ...

Page 273: ...t 443 instead of HTTP port 80 in its interactions with the lower layer TCP IP SSL uses a 40 bit key size for the RC4 stream encryption algorithm which is considered an adequate degree of encryption for commercial exchange IBSS Independent Basic Service Set See BSS An IBSS is the 802 11 term for an adhoc network See adhoc network ICMP Internet Control Message Protocol an extension to the Internet P...

Page 274: ...eiving end the steps are reversed Over the public Internet voice quality varies considerably Protocols that support Quality of Service QoS are being implemented to improve this IP Internet Protocol is the method or protocol by which data is sent from one computer to another on the Internet Each computer host on the Internet has at least one IP address that uniquely identifies it Internet Protocol ...

Page 275: ... is accomplished through a protocol known as Internet Security Association and Key Management Protocol Oakley ISAKMP Oakley which allows the receiver to obtain a public key and authenticate the sender using digital certificates isochronous Isochronous data is data such as voice or video that requires a constant transmission rate where data must be delivered within certain time constraints For exam...

Page 276: ...ode MIC also called Michael is part of WPA and TKIP The MIC is an additional 8 byte code inserted before the standard 4 byte integrity check value ICV that is appended in by standard WEP to the 802 11 message This greatly increases the difficulty in carrying out forgery attacks Both integrity check mechanisms are calculated by the receiver and compared against the values sent by the sender in the ...

Page 277: ...P that assures accurate synchronization to the millisecond of computer clock times in a network of computers Based on UTC NTP synchronizes client workstation clocks to the U S Naval Observatory Master Clocks in Washington DC and Colorado Springs CO Running as a continuous background client program on a computer NTP sends periodic time requests to servers obtaining server time stamps and using them...

Page 278: ...es switching and routing technologies creating logical paths known as virtual circuits for transmitting data from node to node Routing and forwarding are functions of this layer as well as addressing internetworking error handling congestion control and packet sequencing OSPF Open Shortest Path First an interior gateway routing protocol developed for IP networks based on the shortest path first or...

Page 279: ...tocol Data Unit A data object exchanged by protocol machines such as management stations SMUX peers and SNMP agents and consisting of both protocol control information and user data PDU is sometimes used as a synonym for packet PEAP PEAP Protected Extensible Authentication Protocol is an IETF draft standard to authenticate wireless LAN clients without requiring them to have certificates In PEAP au...

Page 280: ...shaping network traffic setting traffic priorities across the network Quality of Service QoS A set of service requirements to be met by the network while transporting a flow RFC2386 RADIUS Remote Authentication Dial In User Service An authentication and accounting system that checks User Name and Password and authorizes access to a network The RADIUS specification is maintained by a working group ...

Page 281: ...ways of increasing available bandwidth on the LAN SLP Service Location Protocol A method of organizing and locating the resources such as printers disk drives databases e mail directories and schedulers in a network Using SLP networking applications can discover the existence location and configuration of networked devices With Service Location Protocol client applications are User Agents and serv...

Page 282: ...ent parts of a network SNMP compliant devices called agents store data about themselves in Management Information Bases MIBs and return this data to the SNMP requesters SNMP includes a limited set of management commands and responses The management system issues Get GetNext and Set messages to retrieve single or multiple object variables or to establish the value of a single variable The managed a...

Page 283: ... Secure Sockets Layer A protocol developed by Netscape for transmitting private documents via the Internet SSL works by using a public key to encrypt data that s transferred over the SSL connection URLs that require an SSL connection start with https instead of http SSL uses a program layer located between the Internet s Hypertext Transfer Protocol HTTP and Transport Control Protocol TCP layers Th...

Page 284: ...s the user datagram protocol UDP as its underlying transport layer mechanism The UDP port that has been assigned to syslog is 514 RFC3164 TCP IP Transmission Control Protocol TCP together with IP Internet Protocol is the basic communication language or protocol of the Internet Transmission Control Protocol manages the assembling of a message or file into smaller packets that are transmitted over t...

Page 285: ...h frame The level of service is determined by a set of service parameters which provide a three way trade off between low delay high reliability and high throughput The use of service parameters may increase the cost of service TSN Transition Security Network A subset of Robust Security Network RSN which provides an enhanced security solution for legacy hardware The Wi Fi Alliance has adopted a so...

Page 286: ...ire when they may be physically located on different segments of a LAN VLANs are configured through software rather than hardware which makes them extremely flexible When a computer is physically moved to another location it can stay on the same VLAN without any hardware reconfiguration The standard is defined in IEEE 802 1Q Virtual LANs which states that IEEE 802 Local Area Networks LANs of all t...

Page 287: ...formed in 1999 to certify interoperability of wireless Local Area Network products based on IEEE 802 11 specification WINS Windows Internet Naming Service A system that determines the IP address associated with a particular network computer called name resolution WINS supports network client and server computers running Windows and can provide name resolution for other computers with special arran...

Page 288: ... WPA software WPA PSK Wi Fi Protected Access with Pre Shared Key a special mode of WPA for users without an enterprise authentication server Instead for authentication a Pre Shared Key is used The PSK is a shared secret passphrase that must be entered in both the wireless access point or router and the WPA clients This preshared key should be a random sequence of characters at least 20 characters ...

Page 289: ...ts Langley Langley is a Controller Access Points and Convergence Software term for the inter process messaging infrastructure on the HiPath Wireless Controller Mitigator The Mitigator is a mechanism that assists in the detection of rogue access points The feature has three components 1 a radio frequency RF scanning task that runs on the Wireless AP 2 an application called the Data Collector on the...

Page 290: ... subnets for groups of wireless users This VNS definition creates a virtual IP subnet where the HiPath Wireless Controller acts as a default gateway for wireless devices This technique enables policies and authentication to be applied to the groups of wireless users on a VNS as well as the collecting of accounting information When a VNS is set up on the HiPath Wireless Controller one or more Wirel...

Page 291: ...n the wired network The HiPath Wireless Controller enters Active state on startup in the user interface It responds to the Wireless AP s discover message by returning a message indicating that the Wireless AP can enter the active state A 1 1 Activity and traffic monitoring The activity and traffic on the HiPath Wireless Controller is monitored via three LEDs on the back of the HiPath Wireless Cont...

Page 292: ...Task started Solid Amber Blinking Amber Startup Manager Task completes startup all components started Solid Green Blinking green if traffic Blank if no traffic A component fails to start or needs restarting Startup Manager Task retrying that component Solid Amber Blinking green HiPath Wireless Controller fails to boot Solid Red Off A component fails no more retries Solid Red Off System about to be...

Page 293: ...any wireless device traffic it will drop the traffic Green blink Wireless AP fails to register It will wait 5 seconds and try again Red slow blink Firmware download from the HiPath Wireless Controller is in progress Orange green blink Active Ready Wireless AP has received a control message from an active HiPath Wireless Controller to enter active or ready state It is ready to receive wireless traf...

Page 294: ...tem states and LEDs A31003 W1040 U101 1 7619 July 2006 DRAFT 294 HiPath Wireless Controller Access Points and Convergence Software V4 0 C10 C100 C1000 User Guide hwc_appendixa fm Wireless AP system states ...

Page 295: ...ion of wireless AP 93 C call data records CDRs 150 Captive Portal authentication on a VNS 137 configuring internal external Captive Por tal 142 defined 112 non authenticated filtering rules 156 privacy mechanisms 167 set up a VNS topology 125 view sample page 144 Check Point event logging 205 configuring Captive Portal internal external 142 software overview steps 40 static routes 57 controller av...

Page 296: ... rules exam ples 158 on a VNS for third party APs 216 overview of packet filtering 38 overview four types 114 port based 62 rules for filter ID values 159 set filter ID values RADIUS policy 151 foreign wireless APs for availability 134 formatting conventions 10 forwarding table report 58 G gateway default on a VNS 129 global settings for a VNS 116 RADIUS servers for authentication 138 146 149 151 ...

Page 297: ...ortal 140 R radio 5 GHz a and 2 4 GHz b g 70 channels 89 93 radio settings view and modify 88 RADIUS server deployment with no server 109 filter ID values 159 for authentication 138 146 149 151 for MAC based authentication 148 priority for redundancy 140 RADIUS accounting 150 RADIUS policy for a VNS 151 required as part of solution 30 VSAs in RADIUS message 136 random delays 74 read write privileg...

Page 298: ...e 136 RADIUS server vendor specific attributes 140 147 Virtual Network Services 37 Virtual Network Services VNS authentication by AAA 802 1x 145 authentication by Captive Portal 137 define filtering rules 153 defined 107 for third party APs 214 global settings 116 multicast 165 network assignment overview 110 privacy for AAA 170 privacy overview 167 set up for VoIP 176 topology for Captive Portal ...

Page 299: ......

Page 300: ...r strengths Your advantages Siemens is known worldwide as a trailblazer in the advancement of information and communication technologies No other company offers such a comprehensive and innovative product portfolio With the one of a kind Siemens conver gence architecture HiPath guide your cus tomers to a secure and flexible migration into the world of innovative IP convergence solutions www siemen...

Reviews:

No comments

Related manuals for HiPath C10

SPH-a660 Series

Brand: Samsung Pages: 2

Brand: Samsung Pages: 73

Brand: Samsung Pages: 164

SCH-a600 Series

Brand: Samsung Pages: 2

Brand: Talkswitch Pages: 29

Brand: Talkswitch Pages: 3

Brand: Xorcom Pages: 2

Brand: Olitech Pages: 12

Brand: Hama Pages: 27

Brand: Aastra Pages: 24

Brand: TCL Pages: 74

Brand: Novatel Pages: 25

One Touch Spop 4030D

Brand: Alcatel Pages: 73

Digital Mova SO503iS HYPER

Brand: Docomo Pages: 396

Brand: Lephone Pages: 23

Brand: ORA Pages: 30

Curve 9320 Series

Brand: Blackberry Pages: 4

Konftel EGO 8105s OmniSound

Brand: Alcatel-Lucent Pages: 20

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands