manualshive.com logo in svg

Xirrus Wi-Fi Array XS-3500, User Manual

Share
Download
Xirrus Wi-Fi Array XS-3500 User Manual Download Page 92

Wi-Fi Array

70

Installing the Wi-Fi Array

Security Planning

This section offers some useful guidelines for defining your preferred encryption 
and authentication method. For additional information, see 

“Understanding 

Security” on page 210

 and the 

Security

 section of 

“Frequently Asked Questions” 

on page 398

.

Wireless Encryption

Encryption ensures that no user can decipher another user’s data transmitted 
over the airwaves. There are three encryption options available to you, including:

z

WEP-40bit or WEP-128bit

Because WEP is vulnerable to cracks, we recommend that you only use 
this for legacy devices that cannot support a stronger encryption type.

z

Wi-Fi Protected Access (WPA)

This is much more secure than WEP and uses TKIP for encryption.

z

Wi-Fi Protected Access (WPA2) with AES

 

This is government-grade encryption—available on most new client 
adapters—and uses the AES–CCM encryption mode (Advanced 
Encryption Standard–Counter Mode).

Authentication

Authentication ensures users are who they say they are, and occurs when users 
attempt to join the wireless network and periodically thereafter. The following 
authentication methods are available with the Wi-Fi Array:

z

RADIUS 802.1x 

802.1x uses a remote RADIUS server to authenticate large numbers of 
clients, and can handle different authentication methods (EAP-TLS, EAP-
TTLS, EAP-PEAP, and EAP-LEAP Passthrough). Administrators may 
also be authenticated via RADIUS when preferred, or to meet particular 
security standards. 

z

Xirrus Internal RADIUS server

Recommended for smaller numbers of users (about 100 or less). Supports 
EAP-PEAP only

Summary of Contents for Wi-Fi Array XS-3500

Page 1: ...October 28 2009 ...

Page 2: ......

Page 3: ...document may not be reproduced or disclosed in whole or in part by any means without the written consent of Xirrus Inc Part Number 800 0006 001 Revision W Wi Fi Array XN16 XN12 XN8 XN4 XS16 XS12 XS8 XS4 XS 3900 XS 3700 XS 3500 ...

Page 4: ...heir respective holders Please see Legal Notices Warnings Compliance Statements and Warranty and License Agreements in Appendix F Notices on page 433 Xirrus Inc 2101 Corporate Center Drive Thousand Oaks CA 91320 USA Tel 1 805 262 1600 1 800 947 7871 Toll Free in the US Fax 1 866 462 3980 www xirrus com ...

Page 5: ...view 9 Enterprise Class Security 9 Wi Fi Array Product Family 10 XN Family of Arrays 10 XS Family of Arrays 11 Deployment Flexibility 12 Power over Gigabit Ethernet PoGE Optional 13 Enterprise Class Management 14 Key Features and Benefits 16 High Capacity and High Performance 16 Extended Coverage 17 Flexible Coverage Schemes 18 Non Overlapping Channels 18 Secure Wireless Access 18 Applications Ena...

Page 6: ...52 Fine Tuning Cell Sizes 53 Roaming Considerations 54 Allocating Channels 54 Deployment Examples 57 IEEE 802 11n Deployment Considerations 59 MIMO Multiple In Multiple Out 60 Multiple Data Streams Spatial Multiplexing 62 Channel Bonding 63 Improved MAC Throughput 64 Short Guard Interval 64 Obtaining Higher Data Rates 65 802 11n Capacity 66 Failover Planning 67 Port Failover Protection 67 Switch F...

Page 7: ...Array 94 Dismounting the Array 95 Mounting Array on a Wall All models except 4 port Arrays 96 Kit Contents Wall Mount Assembly 96 Tools Required 96 Mark the Wall Position 97 Install the SNAPTOGGLE Toggle Bolts 98 Attach the Mounting Plate to the Wall Mounting Bracket 99 Attach the Wall Mounting Bracket Plate Assembly to the Wall 99 Mount the Array 100 Mounting the Wi Fi Array on a Wall XS4 and XS ...

Page 8: ...the WMI 121 User Interface 123 Utility Buttons 124 Logging In 126 Applying Configuration Changes 126 Viewing Status on the Wi Fi Array 127 Array Status Windows 127 Array Summary 128 Content of the Array Summary Window 128 Array Information 131 Array Configuration 132 Admin History 133 Network Status Windows 133 Network Map 134 Content of the Network Map Window 134 Spanning Tree Status 136 Routing ...

Page 9: ...s 170 Filter Statistics 171 Station Statistics 171 Per Station Statistics 172 System Log Window 173 Configuring the Wi Fi Array 175 Express Setup 176 Network 182 Network Interfaces 183 Network Interface Ports 184 DNS Settings 190 CDP Settings 191 Services 193 Time Settings NTP 194 NetFlow 196 System Log 197 SNMP 200 DHCP Server 203 VLANs 205 Understanding Virtual Tunnels 205 VLAN Management 207 Se...

Page 10: ...standing QoS Priority on the Wi Fi Array 237 SSID Management 240 SSID List top of page 240 SSID Limits 243 Web Page Redirect Configuration Settings 244 Groups 247 Understanding Groups 247 Using Groups 248 Group Management 249 Group Limits 251 IAPs 253 Understanding Fast Roaming 254 IAP Settings 255 Global Settings IAP 260 Beacon Configuration 262 Station Management 262 Advanced Traffic Optimizatio...

Page 11: ...System Tools 296 System 297 Configuration 298 Diagnostics 299 Web Page Redirect 300 Tools 301 Progress and Status Frames 303 CLI 303 Logout 305 The Command Line Interface 307 Establishing a Secure Shell SSH Connection 307 Getting Started with the CLI 309 Inputting Commands 309 Getting Help 309 Top Level Commands 311 Root Command Prompt 311 configure Commands 312 show Commands 315 statistics Comman...

Page 12: ...ation 338 management 338 more 338 netflow 339 no 340 pci audit 342 quit 343 radius server 343 reboot 344 reset 344 run tests 345 security 347 snmp 348 ssh 348 ssid 350 standby 350 syslog 351 telnet 353 uptime 353 vlan 354 Sample Configuration Tasks 355 Configuring a Simple Open Global SSID 356 Configuring a Global SSID using WPA PEAP 357 Configuring an SSID Specific SSID using WPA PEAP 358 ...

Page 13: ...e Wi Fi Array 371 Removing the Access Panel 373 Reinstalling the Access Panel 376 Replacing the FLASH Memory Module 378 Replacing the Main System Memory 380 Replacing the Integrated Access Point Radio Module 382 Replacing the Power Supply Module 385 Appendix B Quick Reference Guide 387 Factory Default Settings 387 Host Name 387 Network Interfaces 387 Serial 387 Gigabit 1 and Gigabit 2 388 Fast Eth...

Page 14: ... Output for the Upgrade Procedure 410 Power over Gigabit Ethernet Compatibility Matrix 414 Determining If an XS 3700 or XS 3900 is Modified for PoGE 416 Contact Information 417 Appendix D Implementing PCI DSS 419 Payment Card Industry Data Security Standard Overview 419 PCI DSS and Wireless 420 The Xirrus Array PCI Compliance Configuration 421 The pci audit Command 422 Additional Resources 423 App...

Page 15: ...Wi Fi Array Table of Contents xi Glossary of Terms 455 Index 467 ...

Page 16: ...Wi Fi Array xii Table of Contents ...

Page 17: ...ce 52 Figure 16 Transmit Power 53 Figure 17 Overlapping Cells 54 Figure 18 Allocating Channels Manually 56 Figure 19 Deployment Scenario 54 Mbps Per Sector 57 Figure 20 Deployment Scenario 36 Mbps Per Sector 57 Figure 21 Deployment Scenario 18 Mbps Per Sector 58 Figure 22 Classic 802 11 Signal Transmission 60 Figure 23 MIMO Signal Processing 61 Figure 24 Spatial Multiplexing 62 Figure 25 Channel B...

Page 18: ...hing the Wall Mounting Plate 99 Figure 50 Mounting the Array on a Wall 100 Figure 51 Wall Mount Marking the Holes 102 Figure 52 Installing the Toggle Bolts 103 Figure 53 Attaching the Array Mounting Plate 104 Figure 54 Attaching the Wall Mounting Bracket to the Wall 105 Figure 55 Mounting the Array on a Wall 106 Figure 56 LED Locations XS 3900 107 Figure 57 Network Interface Ports 110 Figure 58 Ex...

Page 19: ... Station Signal to Noise Ratio Values 160 Figure 89 Station SNR Values Colorized Graphical View 161 Figure 90 Station Noise Floor Values 162 Figure 91 Station Noise Floor Values Colorized Graphical View 163 Figure 92 Max by IAP 164 Figure 93 IAP Statistics Summary Page 166 Figure 94 Individual IAP Statistics Page for IAP abg n 1 167 Figure 95 Network Statistics 168 Figure 96 VLAN Statistics 169 Fi...

Page 20: ...RADIUS 217 Figure 125 Management Control 219 Figure 126 Access Control List 223 Figure 127 Global Settings Security 225 Figure 128 External RADIUS Server 228 Figure 129 Internal RADIUS Server 231 Figure 130 Rogue Control List 233 Figure 131 SSIDs 235 Figure 132 Four Traffic Classes 237 Figure 133 SSID Management 240 Figure 134 WPR Internal Splash Page Fields SSID Management 245 Figure 135 Groups 2...

Page 21: ...fic SSID using WPA PEAP 358 Figure 165 Enabling Global IAPs 359 Figure 166 Disabling Global IAPs 360 Figure 167 Enabling a Specific IAP 361 Figure 168 Disabling a Specific IAP 362 Figure 169 Setting the Cell Size for All IAPs 363 Figure 170 Setting the Cell Size for All IAPs 364 Figure 171 Setting the Cell Size for a Specific IAP 365 Figure 172 Configuring VLANs on an Open SSID 366 Figure 173 Conf...

Page 22: ... XS16 Integrated Splitter 416 Figure 188 Determining if XS 37000 3900 is modified 416 Figure 189 Sample output of pci audit command 423 Figure 190 Applying Three Seals to XS16 XS12 XS8 or XS 3900 XS 3700 426 Figure 191 Applying Two Tamper evident seals to the XS4 or XS 3500 427 Figure 192 SSID Management Window 428 Figure 193 Security Global Settings Window 429 Figure 194 Security Management Contr...

Page 23: ... specifications z The Xirrus Family of Products on page 2 z About this User s Guide on page 4 z Why Choose the Xirrus Wi Fi Array on page 7 z Wi Fi Array Product Overview on page 9 z Key Features and Benefits on page 16 z Product Specifications XN16 XN12 and XN8 on page 20 z Product Specifications XN4 on page 27 z Product Specifications XS16 XS 3900 XS12 and XS8 XS 3700 on page 34 z Product Specif...

Page 24: ...ed Wi Fi threat sensor and an embedded spectrum analyzer The Wi Fi Array provides more than enough bandwidth security and control to replace switched Ethernet to the desktop as the primary network connection The XS16 has 16 IAPs the XS12 has 12 IAPs the XS8 has 8 IAPs and the XS4 has 4 IAPs z The XN Series of Xirrus Wi Fi Arrays XN16 XN12 XN8 XN4 The newest Xirrus Wi Fi Arrays add the speed and re...

Page 25: ...e Xirrus Management System Users start the XMS client simply by entering the URL of the XMS server on a web browser The XMS server manages a number of Wi Fi Arrays via SNMP Figure 2 The Xirrus Management System If you need detailed information about this product refer to the XMS User s Guide part number 800 0007 001 z Xirrus Power over Gigabit Ethernet PoGE The PoGE modules eliminate the need for ...

Page 26: ...ed an1 through an12 for 16 port models The 802 11a b g n radios are named abgn1 to abgn4 and they also support both 2 4GHz and 5 GHz When referring to a port that may be on either an XN or XS model the nomenclature abg n and a n will be used e g abg n 2 or a n 6 The Xirrus Management System is referred to as XMS The Power over Gigabit Ethernet system may be referred to as PoGE About this User s Gu...

Page 27: ... Wi Fi Array Contains procedures for configuring the Array using its embedded Web Management Interface z Using Tools on the Wi Fi Array Contains procedures for using utility tools provided in the Web Management Interface It includes procedures for upgrading the system firmware uploading and downloading configurations and other files using diagnostic tools and resetting the Array to its factory def...

Page 28: ...rectly related to Xirrus product technology organized alphabetically z Index The index is a valuable information search tool Use the index to locate specific topics discussed in this User s Guide Simply click on any page number in the index to jump to the referenced topic Notes and Cautions The following symbols are used throughout this User s Guide Screen Images Some screen images of the Web Mana...

Page 29: ... the correct term should be For the sake of consistency this document uses the term Window when referring to how the Wi Fi Array s Web Management Interface is displayed on your monitor Why Choose the Xirrus Wi Fi Array The deployment of wireless LANs is becoming increasingly common as businesses strive for greater flexibility in the workplace and the need for employee mobility rises The only requi...

Page 30: ...as per radio to boost transmission speed as high as 300 Mbps increasing throughput range and maximum number of users 802 11n is backwards compatible with 802 11a b g Whether you have just a handful of users or thousands of users wireless has the scalability and flexibility to serve your needs See Also Key Features and Benefits Wi Fi Array Product Overview Product Specifications XN16 XN12 and XN8 P...

Page 31: ...calability and system control The optional Xirrus Management System XMS allows global management of hundreds of Arrays from a central location Multiple versions of the Array with different numbers of Integrated Access Points IAPs support a variety of deployment applications 16 IAPs XN16 XS16 XS 3900 12 IAPs XN12 XS12 8 IAPs XN8 XS8 XS 3700 and 4 IAPs XN4 XS4 XS 3500 Enterprise Class Security The l...

Page 32: ...rted by the Wi Fi Array product family XN Family of Arrays Feature XN16 XN12 XN8 XN4 Number of 802 11a b g n radios 4 4 4 4 Number of 802 11a n radios 12 8 4 0 Total radios 16 12 8 4 Number of integrated antennas 48 36 24 12 Integrated Wi Fi switch ports 16 12 8 4 Integrated RF spectrum analyzer threat sensors Yes Yes Yes Yes Uplink Ports 2 2 2 1 Wi Fi bandwidth 4 8 Gbps 3 6 Gbps 2 4 Gbps 1 2 Gbps...

Page 33: ...S8 XS 3700 Power over Gigabit Ethernet PoGE Optional Why Choose the Xirrus Wi Fi Array Feature XS16 XS 3900 XS12 XS8 XS 3700 XS4 XS 3500 Number of 802 11a b g radios 4 4 4 4 Number of 802 11a radios 12 8 4 0 Total radios 16 12 8 4 Integrated Wi Fi switch ports 16 12 8 4 Integrated RF spectrum analyzer and threat sensors Yes Yes Yes Yes Uplink Ports 2 2 2 1 Wi Fi bandwidth 864 Mb 648 Mb 432 Mb 216 ...

Page 34: ...depicts the following two scenarios z Full pattern coverage All radios are activated with coverage spanning 360 degrees If within range clients will always receive coverage regardless of their geographic position relative to the Array z Partial pattern coverage If desired the Wi Fi Array can be deployed close to an exterior wall In this case half of all available radios have been deactivated to pr...

Page 35: ... in proximity to each unit Figure 5 XP8 Power over Ethernet Usage Specific models of the Array are compatible with specific PoGE modules For details please see Power over Gigabit Ethernet Compatibility Matrix on page 414 See Also Key Features and Benefits Wi Fi Array Product Overview Product Specifications XN16 XN12 and XN8 Product Specifications XS4 XS 3500 Product Specifications XS16 XS 3900 XS1...

Page 36: ... the Array s embedded Web Management Interface WMI The WMI enables easy configuration and control from a graphical console along with a full compliment of troubleshooting tools and statistics Figure 6 WMI Array Status In addition a fully featured Command Line Interface CLI offers IT professionals a familiar management and control environment SNMP Simple Network ...

Page 37: ...ions XN16 XN12 and XN8 Product Specifications XN4 Product Specifications XS4 XS 3500 Product Specifications XS16 XS 3900 XS12 and XS8 XS 3700 Power over Gigabit Ethernet PoGE Optional The Xirrus Family of Products Why Choose the Xirrus Wi Fi Array For deployments of more than five Arrays we recommend that you use the Xirrus Management System XMS The XMS offers a rich set of features for fine contr...

Page 38: ... can enable wireless connectivity for 1 024 users The unit includes two Gigabit uplink ports for connection to the wired network A total of sixteen IAPs provides a maximum wireless capacity of 4 8 Gbps which offers ample reserves for the high demands of current and future applications Of the sixteen IAPs twelve operate as 802 11a n radios 5 GHz band and four operate as 802 11a b g n radios 5 GHz o...

Page 39: ... antennas provide increased wireless range and enhanced data rates in all directions With a Wi Fi Array deployed far fewer access points are needed and wired like resiliency is delivered throughout your wireless network Your Wi Fi Array deployment ensures z Continuous connectivity if an IAP radio fails z Continuous connectivity if an Array fails z Continuous connectivity if a WDS link or switch fa...

Page 40: ...and delivers maximum capacity On the XN16 up to 16 non overlapping channels are fully utilized across the 5GHz and 2 4GHz spectrums up to 12 across the 5GHz spectrum plus up to 3 across the 2 4 GHz spectrum typically one additional radio is used as a dedicated RF monitor Secure Wireless Access Multiple layers of authentication and encryption ensure secure data transmissions The Wi Fi Array is 802 ...

Page 41: ...us Roaming Protocol XRP ensuring fast and seamless roaming capabilities between IAPs or Arrays at both Layer 2 and Layer 3 Easy Deployment The Xirrus Management System XMS offers real time monitoring and management capabilities of the wireless network ideal for the Enterprise market It also allows you to import floor plans to help you plan your deployment The Xirrus Wi Fi Array chassis has a plenu...

Page 42: ...s per Array Physical Diameter 18 65 inches 47 37 cm Height 3 87 inches 9 83 cm Weight 10 lbs 3 63 kg Environmental Operating Temperature 0 C to 55 C 0 to 90 relative humidity non condensing Storage Temperature 20 C to 60 C 5 to 95 relative humidity non condensing System 1 GHz CPU 1 GB RAM 1 GB system flash Integrated Switch 2 1 Gbps integrated wireless switch Chassis Lockable mounting plate Kensin...

Page 43: ... PoGE see Power over Gigabit Ethernet Compatibility Matrix on page 414 Interfaces Serial Console Port 1 x RS232 RJ45 connector for local configuration Ethernet Interfaces 2 x Gigabit 100 1000 Mbps uplink ports for link aggregation redundancy or bridging 1 x Fast Ethernet 10 100 Mbps for out of band management Status LEDs System status Ethernet Radio Networking DHCP client DHCP server multiple DHCP...

Page 44: ...n external Collector FTP TFTP Syslog reporting for alerts alarms messages may be stored on internal Syslog server or sent to up to three external syslog servers Cisco Discovery Protocol CDP obtain protocol addresses and platform information for neighboring devices Quality of Service QoS Support Multiple SSIDs 16 unique SSIDs per Array Each SSID beacons a unique BSSID per radio VLAN and QoS setting...

Page 45: ...rtal MAC Address Access Control List ACL CHAP PAP Firewall Integrated stateful inspection rules based firewall IDS IPS Integrates with Xirrus XDM Intrusion Detection Prevention System for real time wireless security protection Rogue AP detection and blocking Integrated Rogue AP detection and alerting via dedicated internal RF Threat Sensor Rogue AP can be shielded Integrated RADIUS Server Integrat...

Page 46: ...802 11e 802 11h 802 11i 802 11j 802 11n Number of Radios XN16 12 x 802 11a n radios 4 x 802 11a b g n radios Only 12 radios should be used as 802 11a n radios i e 5 GHz band concurrently 48 integrated antennas XN12 8 x 802 11a n radios 4 x 802 11a b g n radios 36 integrated antennas XN8 4 x 802 11a n radios 4 x 802 11a b g n radios Advanced RF design includes 36 integrated antennas Spectrum Analyz...

Page 47: ... 2 412 2 484 GHz TELEC Channel Selection Manual and Automatic 802 11a n Antennas Integrated 6dBi sectorized 802 11b g n Antennas Integrated 3dBi sectorized Wi Fi Monitoring 1 Integrated Access Point can be set as a dedicated Wi Fi Threat Sensor 2 dBi 360 omni directional antenna 802 11a b g n External Antenna Connectors 3 RP TNC connectors NOTE TNC antenna connection is not for outside plant conne...

Page 48: ...hernet PoGE Optional The Xirrus Family of Products Why Choose the Xirrus Wi Fi Array Compliance Electromagnetic ICES 003 Canada EN 301 893 Europe EN 301 489 1 and 17 Europe Safety EN 60950 EN 50371 to 50385 CE Mark Certifications Wi Fi Alliance 802 11a b g WPA WPA2 and extended EAP types Our certifications may be viewed here Warranty Hardware Five Year Standard extendable Software 90 Days Standard...

Page 49: ...5 C 0 to 90 relative humidity non condensing Storage Temperature 20 C to 60 C 5 to 95 relative humidity non condensing System 825 MHz CPU 512 MB RAM 1 GB system flash Integrated Switch 2 1 Gbps integrated wireless switch Chassis Lockable mounting plate Kensington lock slot Electrical XN4 supports Power over Gigabit Ethernet PoGE only no splitter required PoGE DC Input Power 48VDC Maximum 2A Nomina...

Page 50: ...I CLI via SSHv2 Telnet local serial Console Enable disable management for any interface Read write and read only admin accounts may be authenticated via RADIUS SNMP v2c v3 Configuration Files text based files may be imported exported or compared NetFlow IP flow information traffic statistics may be sent to an external Collector FTP TFTP Syslog reporting for alerts alarms messages may be stored on ...

Page 51: ... SSID beacons a unique BSSID per radio VLAN and QoS settings for each SSID VLANs Up to 16 VLANs 802 1Q 802 1p Prioritization 802 11e wireless prioritization 802 1p wired prioritization Fair queuing of downstream traffic Wireless Voice Support Spectralink Voice Priority SVP protocol Element Specifications ...

Page 52: ...rtal MAC Address Access Control List ACL CHAP PAP Firewall Integrated stateful inspection rules based firewall IDS IPS Integrates with Xirrus XDM Intrusion Detection Prevention System for real time wireless security protection Rogue AP detection and blocking Integrated Rogue AP detection and alerting via dedicated internal RF Threat Sensor Rogue AP can be shielded Integrated RADIUS Server Integrat...

Page 53: ...ation Station Blocking Station to Station traffic blocking option Wireless Wireless Standards 802 11a 802 11b 802 11d 802 11g 802 11e 802 11h 802 11i 802 11j 802 11n Number of Radios 4 x 802 11a b g n radios Advanced RF design includes 20 integrated antennas Spectrum Analyzer 1 integrated into Array Element Specifications ...

Page 54: ... 2 412 2 484 GHz TELEC Channel Selection Manual and Automatic 802 11a n Antennas Integrated 6dBi sectorized 802 11b g n Antennas Integrated 3dBi sectorized Wi Fi Monitoring 1 Integrated Access Point can be set as a dedicated Wi Fi Threat Sensor 2 dBi 360 omni directional antenna 802 11a b g n External Antenna Connectors 1 RP TNC connector NOTE TNC antenna connection is not for outside plant connec...

Page 55: ...abit Ethernet PoGE Optional The Xirrus Family of Products Why Choose the Xirrus Wi Fi Array Compliance Electromagnetic ICES 003 Canada EN 301 893 Europe EN 301 489 1 and 17 Europe Safety EN 60950 EN 50371 to 50385 CE Mark Certifications Wi Fi Alliance 802 11a b g WPA WPA2 and extended EAP types Our certifications may be viewed here Warranty Hardware Five Year Standard extendable Software 90 Days S...

Page 56: ...00 Physical Diameter 18 65 inches 47 37 cm Height 3 87 inches 9 83 cm Weight 8lbs 3 63 kg Environmental Operating Temperature 10 C to 50 C 0 to 90 relative humidity non condensing Storage Temperature 20 C to 60 C 5 to 95 relative humidity non condensing System XS16 XS12 XS8 1 GHz CPU 1 GB RAM 1 GB system flash Expansion slot for future options XS 3900 XS 3700 825 MHz CPU 512 MB RAM XS 3900 XS 3700...

Page 57: ...quired 48VDC Nominal Power XS16 70W XS8 45W XS 3900 XS 3700 Separate AC and DC versions Input Power AC version 90VAC to 265VAC at 47Hz to 63Hz Input Power DC version 48VDC PoGE requires modified DC version and splitter All Models For PoGE see Power over Gigabit Ethernet Compatibility Matrix on page 414 Networking DHCP client DHCP server NTP client NAT VLAN Support 802 1Q 802 1p VLAN Supports up to...

Page 58: ...0bit 128bit encryption WPA and WPA2 with TKIP and AES encryption Rogue AP detection with alerts and classification User and System Authentication WPA and WPA2 Pre Shared Key authentication Internal RADIUS Server supports EAP PEAP only 802 1x EAP TLS 802 1x EAP TTLS MSCHAPv2 802 1x PEAPv0 EAP MSCHAPv2 802 1x PEAPv1 EAP GTC 802 1x EAP SIM 802 1x EAP LEAP Passthrough External RADIUS servers Authentic...

Page 59: ... Selection Manual and Automatic Frequency Bands 11a 4 945 4 985 restricted Public Safety band 11a 5 15 5 25 GHz UNII 1 11a 5 15 5 25 GHz TELEC 11a 5 25 5 35 GHz UNII 2 11a 5 470 5 725 ETSI 11a 5 725 5825 GHz UNII 3 11b g 2 412 2 462 GHz FCC 11b g 2 412 2 472 GHz ETSI 11b g 2 412 2 484 GHz TELEC Antennas XS16 XS 3900 12 x internal 6 dBi 60 802 11a sectorized 4 x internal 3 dBi 180 802 11b g sectori...

Page 60: ...ernal 6 dBi 60 802 11a sectorized 4x internal 3 dBi 180 802 11b g sectorized 1 x internal 2 dBi 360 omni directional for RF monitoring 3 x external RP TNC connectors for three 802 11a b g radios Radio Approvals FCC United States and EN 301 893 Europe Note External RP TNC antenna connectors are not for outside plant connection Management Web based HTTPS SNMP v2c v3 CLI via SSHv2 or Telnet FTP TFTP ...

Page 61: ... Xirrus Family of Products Why Choose the Xirrus Wi Fi Array Compliance UL cUL 60950 and EN 60950 FCC Part 15 107 and 15109 Class A EN 301 489 Europe EN60601 EU medical equipment directive for EMC Certifications Wi Fi Alliance 802 11a b g WPA WPA2 and extended EAP types Our certifications may be viewed here Federal Information Processing Standard FIPS Publication 140 2 Level 2 Warranty One year ha...

Page 62: ...nches 31 95 cm Height 2 58 inches 6 55 cm Weight 4lbs 1 81 kg Environmental Operating Temperature 10 C to 50 C 0 to 90 relative humidity non condensing Storage Temperature 20 C to 60 C 5 to 95 relative humidity non condensing System 825 MHz CPU XS4 666 MHz CPU XS 3500 512 MB RAM expandable XS4 256 MB RAM expandable XS 3500 512 MB system flash expandable Expansion slot for future options ...

Page 63: ...els work with all Xirrus PoGE modules splitter required 48VDC See Power over Gigabit Ethernet Compatibility Matrix on page 414 Interfaces Serial 1 x RS232 RJ45 connector Ethernet Interfaces 1 x Gigabit 100 1000 Mbps Status LEDs System status Ethernet Radio Management Web based HTTPS SNMP v2c v3 CLI via SSHv2 or Telnet FTP TFTP Serial Xirrus Management System XMS Syslog reporting for alerts alarms ...

Page 64: ...itization MAP CoS to TCID Fair queuing of downstream traffic Security Wireless Security WEP 40bit 128bit encryption WPA and WPA2 with TKIP and AES encryption Rogue AP detection with alerts and classification User and System Authentication WPA Pre Shared Key authentication Internal RADIUS Server supports EAP PEAP only 802 1x EAP TLS 802 1x EAP TTLS MSCHAPv2 802 1x PEAPv0 EAP MSCHAPv2 802 1x PEAPv1 ...

Page 65: ...825 GHz UNII 3 11b g 2 412 2 462 GHz FCC 11b g 2 412 2 472 GHz ETSI 11b g 2 412 2 484 GHz TELEC Antennas XS 3500 4 x internal 3 dBi 180 802 11b g sectorized 1 x internal 2 dBi 360 omni directional for RF monitoring 1 x external RP TNC connector for one 802 11a b g radio NOTE TNC antenna connection is not for outside plant connection Radio Approvals FCC United States and EN 301 893 Europe Complianc...

Page 66: ...XS16 XS 3900 XS12 and XS8 XS 3700 Power over Gigabit Ethernet PoGE Optional The Xirrus Family of Products Why Choose the Xirrus Wi Fi Array Certifications Wi Fi Alliance 802 11a b g WPA WPA2 and extended EAP types Our certifications may be viewed here Federal Information Processing Standard FIPS Publication 140 2 Level 2 Warranty One year hardware and software Element Specifications ...

Page 67: ...st wired wireless network including z Power Source Most Arrays are powered via Xirrus Power over Gigabit Ethernet PoGE supplies power over the same Cat 5e or Cat 6 cable used for data thus reducing cabling and installation effort PoGE power injector modules are available in 1 port and 8 port configurations and are typically placed near your Gigabit Ethernet switch An AC outlet is required for each...

Page 68: ...ic route for management as described in the warning above z Serial connection capability To connect directly to the console port on the Array your computer must be equipped with a male 9 pin serial port and terminal emulation software for example HyperTerminal The Xirrus Array only supports serial cable lengths up to 25 per the RS 232 specification The Array s Ethernet ports should be connected to...

Page 69: ...large Wi Fi Array deployments z External RADIUS server Although your Array comes with an embedded RADIUS server for 802 1x authentication in large deployments you may want to add an external RADIUS server Client Requirements The Wi Fi Array should only be used with Wi Fi certified client devices See Also Coverage and Capacity Planning Deployment Examples Failover Planning Planning Your Installatio...

Page 70: ... on page 75 z WDS Planning on page 76 z Common Deployment Options on page 79 General Deployment Considerations The Wi Fi Array s unique multi radio architecture generates 360 degrees of sectored high gain 802 11a b g n or 802 11a b g coverage that provides extended range However the number thickness and location of walls ceilings or other objects that the wireless signals must pass through may aff...

Page 71: ... angle the same wall is over 42 feet or 14 meters thick For best reception try to ensure that your wireless devices are positioned so that signals will travel straight through a wall or ceiling Figure 10 Wall Thickness Considerations 3 Try to position wireless client devices so that the signal passes through drywall between studs or open doorways and not other materials that can adversely affect t...

Page 72: ...environment cubicles rather than fixed walls 2 Keep the Array away from electrical devices or appliances that generate RF noise Because the Array is generally mounted on ceilings be aware of its position relative to lighting especially fluorescent lighting we recommend maintaining a distance of at least 3 to 6 feet 1 to 2 meters 3 If using multiple Arrays in the same area maintain a distance of at...

Page 73: ...sabling individual sectors Full Normal Coverage In normal operation the Array provides a full 360 degrees of coverage Figure 12 Full Normal Coverage Half Coverage If installing a unit close to an exterior wall you can deactivate half of the radios to prevent redundant signals from bleeding beyond the wall and extending service into public areas The same principle applies if you want to restrict se...

Page 74: ... used for example data video voice and the number of Arrays available at the location The capacity of a cell is defined as the minimum data rate desired for each sector multiplied by the total number of sectors being used Figure 15 Connection Rate vs Distance Figure 15 shows relative connection rates for 802 11n vs 802 11a g and 802 11b and the effect of distance on the connection rates Wireless e...

Page 75: ...iting the RF energy that could extend beyond the organizational boundary Auto Cell uses communication between Arrays to dynamically set radio power so that complete coverage is provided to all areas yet at the minimum power level required This helps to minimize potential interference with neighboring networks Additionally Arrays running Auto Cell automatically detect and compensate for coverage ga...

Page 76: ... cells By dynamically limiting each cell to a defined boundary cell size the trailing edge bleed of RF energy is reduced thus minimizing interference between neighboring Wi Fi Arrays or other Access Points To enable the Sharp Cell feature go to RF Power Sensitivity on page 279 For more information about this feature see the Xirrus Sharp Cell Application Note in the Xirrus Library Roaming Considera...

Page 77: ...ection has significant advantages including z Allows the Array to come up for the first time and not interfere with existing equipment that may be already running thereby limiting co channel interference z More accurately tunes the RF characteristics of a Wi Fi installation than manual configuration since the radios themselves are scanning the environment from their physical location z May be conf...

Page 78: ...Wi Fi Array 56 Installing the Wi Fi Array Figure 18 Allocating Channels Manually See Also Deployment Examples Failover Planning Installation Prerequisites Maintain channel separation ...

Page 79: ...ploy 802 11a cells each offering minimum throughputs of 54 Mbps 36 Mbps and 18 Mbps per sector respectively and assume a floor plan covering a total area of about 60 000 square feet 5574 sq m Figure 19 Deployment Scenario 54 Mbps Per Sector Figure 20 Deployment Scenario 36 Mbps Per Sector ...

Page 80: ...Wi Fi Array 58 Installing the Wi Fi Array Figure 21 Deployment Scenario 18 Mbps Per Sector See Also Coverage and Capacity Planning Failover Planning Planning Your Installation ...

Page 81: ...formance improvements and the results that can be expected are discussed in z MIMO Multiple In Multiple Out on page 60 z Multiple Data Streams Spatial Multiplexing on page 62 z Channel Bonding on page 63 z Improved MAC Throughput on page 64 z Short Guard Interval on page 64 z Obtaining Higher Data Rates on page 65 z 802 11n Capacity on page 66 Two very important techniques to consider are Channel ...

Page 82: ...l bonding A global setting is provided to enable or disable 802 11n mode See Global Settings 11n on page 273 to configure 802 11n operation MIMO Multiple In Multiple Out MIMO Multiple In Multiple Out signal processing is one of the core technologies of 802 11n It mitigates interference and maintains broadband performance even with weak signals Prior to 802 11n a data stream was transmitted via one...

Page 83: ...e In 802 11n these signals are used to enhance performance This extra sensitivity can be used for greater range or higher data rates The enhanced signal is the processed sum of individual antennas Signal processing eliminates nulls and fading that any one antenna would see MIMO signal processing is sophisticated enough to discern multiple spatial streams see Multiple Data Streams Spatial Multiplex...

Page 84: ...nto separate data streams Each separate stream is transmitted on a different antenna using its own RF chain MIMO signal processing at the receiver can detect and recover each stream Streams are then recombined yielding higher data rates Figure 24 Spatial Multiplexing Spatial multiplexing can double triple or quadruple the date rate depending on the number of transmit antennas used The Array uses t...

Page 85: ...are using two channels for an IAP We recommend the use of the 5 GHz band since it has many more channels than the 2 4 GHz band and thus more channels are available for bonding The Array provides an Automatic Channel Bonding setting that will automatically select the best channel for bonding on each IAP If you enable this option you may select whether bonding will be dynamic the bonded channel chan...

Page 86: ...rmally 800 ns long By using a short guard interval 400 ns the data rate is increased by approximately 11 The short interval may be used in many environments especially indoors If the short guard interval is used in an N ACK Frame N Data Frame 2 Data Frame PHY Header MAC Header Data Frame Payload ACK Frame Payload Legacy Operation High Throughput Operation Data Frame s s s s s s s s s 1 Data Frame ...

Page 87: ...increase to the 802 11 a b or g data rates selected for the Array Figure 27 Computing 802 11n Data Rates Optionally Multiply By 2 077 to Bond Two 20MHz Channels Optionally Multiply by 1 11 for Shorter Guard Interval to Increase Symbol Rate Optionally Multiply by 2 3 4 for the Number of Additional Spatial Streams Choose New Base Encoding Modulation BPSK 6 5 QPSK 13 19 5 QAM 16 26 39 QAM 64 58 5 65 ...

Page 88: ...eases Capacity 802 11a n Capacity 23 channels 150Mbps 3 4Gbps 802 11a Capacity 23 channels 54Mbps 1 2 Gbps 802 11g n Capacity 3 channels 150Mbps 450 Mbps 802 11g Capacity 3 channels 54Mbps 162 Mbps 802 11b Capacity 3 channels 11Mbps 33 Mbps 802 11a n Capacity 23 channels 150Mbps 3 4Gbps 802 11a Capacity 23 channels 54Mbps 1 2 Gbps 802 11g n Capacity 3 channels 150Mbps 450 Mbps 802 11g Capacity 3 c...

Page 89: ...ailover Protection In addition the Array has full failover protection between the Gigabit 1 and Gigabit 2 Ethernet ports see following table The Wi Fi Array Gigabit Ethernet ports actually support a number of modes z 802 3ad Link Aggregation Interface Bridges Data Bridges Management Traffic Fails Over To IP address Fast Ethernet No Yes None DHCP or static Gigabit 1 Yes Yes Gigabit 2 DHCP or static...

Page 90: ...nsure that service is continued in the event of a switch failure you can connect Arrays to more than one Ethernet switch not a hub Figure 30 Switch Failover Protection See Also Coverage and Capacity Planning Deployment Examples Installation Prerequisites Network Management Planning Planning Your Installation Power Planning Security Planning Gigabit Ethernet connections must be on the same subnet E...

Page 91: ...ord is provided with the unit Power over Gigabit Ethernet To deliver power to the Array you may use the optional XP1 or XP8 Power over Gigabit Ethernet PoGE modules They provide power over Cat 5e or Cat 6 cables to the Array without running power cables see Figure 5 on page 13 Specific models of the Array are compatible with specific PoGE modules For details please see Power over Gigabit Ethernet ...

Page 92: ... more secure than WEP and uses TKIP for encryption z Wi Fi Protected Access WPA2 with AES This is government grade encryption available on most new client adapters and uses the AES CCM encryption mode Advanced Encryption Standard Counter Mode Authentication Authentication ensures users are who they say they are and occurs when users attempt to join the wireless network and periodically thereafter ...

Page 93: ...ntries Meeting PCI DSS Standards The Payment Card Industry PCI Data Security Standard DSS was developed by major credit card companies It lays out a set of requirements that must be met in order to provide adequate security for sensitive data The the Wi Fi Array may be configured to satisfy PCI DSS standards For details please see Appendix D Implementing PCI DSS Meeting FIPS Standards The Federal ...

Page 94: ...uirements are illustrated in Figure 31 XMS requires ports 161 162 and 443 to be passed between Arrays and the XMS server Similarly ports 9090 and 9091 are required for communication between the XMS server and XMS clients and port 25 is typically used by the XMS server to access an SMTP server to send email notifications Figure 31 Port Requirements for XMS Firewall XMS Server XMS Client L2 Switchin...

Page 95: ...Yes 25 tcp SMTP Mail Server No 69 tcp TFTP TFTP Server No 161 tcp udp SNMP XMS Server No 162 tcp udp SNMP Traphost Note Up to four Traphosts may be configured XMS Server Yes but required by XMS 443 tcp HTTPS WMI WPR Client Yes 514 udp Syslog Syslog Server No 1812 1645 udp RADIUS some servers use 1645 RADIUS Server Yes 1813 1646 udp RADIUS Accounting some servers still use 1646 RADIUS Accounting Se...

Page 96: ... config file 1099 tcp RMI Registry Internal No 2000 tcp XMS Back end Server Internal No 3306 tcp MySQL Database Internal No 8001 tcp Status Viewer Internal No 8007 tcp Tomcat Shutdown Internal During installation 8009 tcp Web Container Internal During installation 9090 tcp XMS Webserver XMS client During installation 9091 tcp XMS Client Server XMS client Via XMS config file Internal to XMS Server ...

Page 97: ...d for small deployments one or two units z Centralized Web based management using the optional Xirrus Management System XMS which can be run on a dedicated Xirrus appliance XM 3300 or your own server The XMS is used for managing large Wi Fi Array deployments from a centralized Web based interface and offers the following features Globally manage large numbers of Arrays up to 500 Seamless view of t...

Page 98: ...lude z One to three IAPs may be used to form a single WDS link yielding up to 900 Mbps bandwidth per link up to 162 Mbps for XS model Arrays Up to three different WDS links may be created on a single Array z Automatic IAP Load Balancing z If desired you may allow clients to associate to a BSS on the same radio interface used for a WDS Host Link This will take bandwidth from the WDS link Figure 32 ...

Page 99: ...igure 33 A Multiple Hop WDS Connection z Multiple WDS links can provide link redundancy failover capability see Figure 34 A network protocol Spanning Tree Protocol STP prevents Arrays from forming network loops Figure 34 WDS Failover Protection ...

Page 100: ...e way that a station associates to an IAP The client side of the link must be configured with the root MAC address of the target host Array z A WDS Host Link acts like an IAP by allowing one WDS Client Link to associate to it An Array may have both client and host links WDS configuration is performed only on the client side Array See WDS on page 285 Note that both Arrays must be configured with th...

Page 101: ...ing Function Number of Wi Fi Arrays One or Two Three or More Power AC some Array models Power over Gigabit Ethernet AC some Array models Power over Gigabit Ethernet UPS backup recommended Failover Recommended Highly recommended VLANs Optional Optional use Can be used to put all APs on one VLAN or map to existing VLAN scheme Encryption WPA2 with AES recommended PSK or 802 1x WPA2 with AES recommend...

Page 102: ...he unit on a customer s network Figure 35 Installation Workflow Determine the number of Arrays needed Choose the location s for your Wi Fi Arrays AC PoGE Install the mounting plate Connect the cables and turn on the power Verify that the Ethernet link and radio LEDs are functioning correctly Perform the Express Setup procedure Run AC power and Ethernet cables Run Ethernet cables 100m total AC or P...

Page 103: ... Product Specifications XN16 XN12 and XN8 Product Specifications XS16 XS 3900 XS12 and XS8 XS 3700 Product Specifications XS4 XS 3500 Security Planning Unpacking the Wi Fi Array When you unpack your Wi Fi Array you will find the following items in the carton Item Quantity Xirrus Wi Fi Array 1 AC power cord for AC equipped models 1 Console cable 1 Mounting plate 1 Mounting screws 4 Tile grid mounti...

Page 104: ... the Wi Fi Array See Also Installation Prerequisites Installation Workflow CD ROM containing This User s Guide in PDF format End User License Agreement EULA README file 1 Quick Install Guide 1 Registration Card 1 Item Quantity ...

Page 105: ... The Wi Fi Array was designed to be mounted on a ceiling where the unit is unobtrusive and wireless transmissions can travel unimpeded throughout open plan areas You also have the option of mounting the Array on a wall using the optional wall mount assembly kit For wall mount instructions go to Mounting Array on a Wall All models except 4 port Arrays on page 96 Choose a location that is central to...

Page 106: ...d if using PoGE modules z Dedicated AC power if PoGE is not in use A UL approved cord is shipped with all AC equipped Arrays You must use a UL approved cord if using AC power Network z Gigabit 1 If using PoGE modules the total of all Cat 5e or Cat 6 cable segments from the Gigabit Ethernet switch to the Array must be less than 100m long The Array must be connected to PoGE networks without routing ...

Page 107: ...ia HyperTerminal When a network connection is established the Array can be managed from any of the available network connections either Fast Ethernet Gigabit 1 or Gigabit 2 The Array s Ethernet ports should be plugged into an Ethernet switch not an Ethernet hub if a hub is used we recommend that you connect only one Ethernet port The Gigabit1 Ethernet interface is the primary port for both data an...

Page 108: ...he original installation This section assumes that you are mounting the Array to a tiled ceiling If your ceiling is not tiled the mounting plate can be attached directly to the ceiling with the screws and anchors provided without using the tile grid mounting clamps Attaching the T Bar Clips to the Template Figure 37 Attaching the T Bar Clips to the Template The T bar clips create four mounting poi...

Page 109: ...a nearby exterior wall or entrance Figure 38 Attaching the T Bar Clips to the Ceiling Grid Use the mounting template to find the correct location for all four T bar clips then twist the clips onto the metal ceiling support grid Figure 38 Tighten the screw posts to 10 12 lbf ft 1 38 1 66 kgf m Do not overtighten the screw posts Disengage the template from the four screw posts and remove the templat...

Page 110: ...unting plate on the four screw posts Secure the plate to the four clamps using the nuts provided Tighten the nuts to 10 12 lbf ft 1 38 1 66 kgf m but do not overtighten Cut an access hole for the cables in the ceiling tile Figure 39 Installing the Mounting Plate Tile grid Mounting Plate ...

Page 111: ...e 40 to connect cables Otherwise skip to Connecting the Cables PoGE Option Figure 40 Connecting the Cables Feed the power and Ethernet cables through the access hole in the tile and the mounting plate then connect the cables to the Array See also Wiring Considerations on page 84 z AC power cord connect to AC source and AC socket on Array z Gigabit1 mandatory the Array s primary data and management...

Page 112: ...re 41 For the XS4 see Connecting the Cables AC Option on page 89 All of these Array models have an integrated splitter so an external splitter is not needed For the XS8 XS12 or XS16 Figure 41 Connecting the Cables PoGE XS8 XS12 XS16 z Feed the Ethernet cable s through the access hole in the ceiling tile and the mounting plate z Connect the Cat 5e or Cat 6 data cable coming from the PoGE injector t...

Page 113: ...he access hole in the ceiling tile and the mounting plate then connect the cable to the Gigabit1 port on the XS4 Array The Gigabit1 port is the data and management connection to the Array A splitter is integrated with this port Figure 42 Connecting the Cable PoGE XS4 Do not connect the cable from the injector directly to a Gigabit port It must be connected to the IN port towards the right in Figur...

Page 114: ...ght to lock the unit into place at the 4 lugs similar to a smoke detector Figure 43 Attaching the Unit XS4 shown Before attaching the Array to the mounting plate verify that it is powering up The Ethernet link LED lights up and the radio LEDs on the front of the unit will illuminate in rotation indicating that the Wi Fi Array software is loading and the unit is functioning correctly Key post Lug A...

Page 115: ...Array on a Wall All models except 4 port Arrays Securing the Array Mounting the XS 3900 XS 3700 Align the port recess on the Array with the access hole in the mounting plate then connect the Array with the lugs on the mounting plate 4 places and turn the Array clockwise to lock the unit into place similar to a smoke detector Figure 44 Attaching the Unit XS 3900 ...

Page 116: ...e unit from being inadvertently released Figure 45 Securing the Array Now that the Array is physically installed you must run the Express Setup procedure from the unit s Web Management Interface to enable the radios and establish initial system configuration settings Go to Powering Up the Wi Fi Array on page 107 See Also Installation Workflow Installing Your Wi Fi Array Mounting the Wi Fi Array on...

Page 117: ... face of the Array Figure 46 IAP Positions XS16 shown To dismount any other Array model For all Array models other than the XS 3700 3900 push up on the Array i e push it against the mounting plate Then turn the Array to the left to remove it This is similar to dismounting a smoke detector See Also Installation Workflow Installing Your Wi Fi Array Mounting the Wi Fi Array on a Wall XS4 and XS 3500 ...

Page 118: ...ed to mount the Wi Fi Array except for 4 port models on a wall instead of the traditional ceiling mount if mounting the Array on the ceiling is impractical at your location Kit Contents Wall Mount Assembly The wall mount assembly kit includes the following items z 5 x SNAPTOGGLE toggle bolts for attaching the wall bracket to the wall z 4 x 1 4 inch bolt assemblies for attaching the mounting plate ...

Page 119: ...cations on the wall for the mounting holes Figure 47 Wall Mount Marking the Holes When marking the holes ensure that the mounting plate is level you may need assistance The bracket must be secured to the wall in 5 places using the 2 holes at the top and the 3 holes at the bottom 5 toggle bolts are provided Mark holes 5 places ...

Page 120: ...ng your other hand now slide the plastic cap along the straps until the flange of the cap is flush with wall The straps provide a one way ratcheting mechanism similar to a cable tie Ensure that the toggle bolt assembly is oriented correctly as shown before sliding the plastic cap along the straps 5 Refer to Figure 48 graphic C Break the straps at the wall flush with the flange of the cap The strap...

Page 121: ...en the bolts to a torque of 10 12 lbf ft 1 38 1 66 kgf m Do not overtighten the bolts Figure 49 Attaching the Wall Mounting Plate Attach the Wall Mounting Bracket Plate Assembly to the Wall 7 Secure the Wall Mounting Bracket with attached Mounting Plate to the wall at the 5 toggle bolt anchors you created in Steps 1 through 5 using all 5 places Mounting Plate Secure x4 bolt assemblies ...

Page 122: ...hing the Array to the Mounting Plate on page 92 or Mounting the XS 3900 XS 3700 on page 93 Figure 50 Mounting the Array on a Wall See Also Installation Workflow Installing Your Wi Fi Array Mounting the Wi Fi Array on a Wall XS4 and XS 3500 Mounting the Array on a Ceiling Securing the Array Figure 50 shows the orientation of the Wi Fi Array when mounted on a wall It is not intended to show a fully ...

Page 123: ...mount a 4 port Wi Fi Array on a wall instead of the traditional ceiling mount where mounting the Array on the ceiling may be impractical at your location Kit Contents Wall Mount Assembly The wall mount assembly kit includes the following items z 5 x SNAPTOGGLE toggle bolts for attaching the wall bracket to the wall z 4 x 1 4 inch bolt assemblies for attaching the mounting plate to the wall bracket...

Page 124: ...es The bracket must be secured to the wall in 5 places using the top 2 holes and the bottom 3 holes 5 toggle bolts are provided When marking the holes ensure that the mounting plate is level you may need assistance Install the SNAPTOGGLE Toggle Bolts 2 At the locations you marked in Step 1 drill a 1 2 inch 13mm hole there must be a minimum clearance behind the wall of 1 7 8 inches 48mm Mark holes ...

Page 125: ...ap is flush with wall The straps provide a one way ratcheting mechanism similar to a cable tie Ensure that the toggle bolt assembly is oriented correctly as shown before sliding the plastic cap along the straps 5 Refer to Figure 52 graphic C Break the straps at the wall flush with the flange of the cap The straps can be broken by pushing them from side to side and simply snapping them off Figure 5...

Page 126: ...all Mounting Bracket 6 Secure the Wi Fi Array s mounting plate to the Wall Mounting Bracket in 4 places Tighten the bolts to a torque of 10 12 ft lb 1 38 1 66 kg m Do not overtighten the bolts Figure 53 Attaching the Array Mounting Plate Secure x4 bolt assemblies Mounting Plate ...

Page 127: ...cket Plate Assembly to the Wall 7 Secure the Wall Mounting Bracket with attached Mounting Plate to the wall at the 5 toggle bolt anchors you created in Steps 2 through 5 using all 5 places Figure 54 Attaching the Wall Mounting Bracket to the Wall Secure with 5 toggle bolts ...

Page 128: ...itioning the key post on the underside of the mounting bracket into the key receptacle on the underside of the Array When the key post is properly located gently turn the Array in a clockwise direction to secure the Array to the mounting plate Figure 55 Mounting the Array on a Wall Key Post Mounting Bracket Receptacle ...

Page 129: ...rt Arrays Mounting the Array on a Ceiling Securing the Array Powering Up the Wi Fi Array When powering up the Array follows a specific sequence of LED patterns showing the boot progress and following a successful boot will provide extensive status information Figure 56 LED Locations XS 3900 Array LED settings may be altered or disabled entirely for diagnostic purposes or for personal preference Ch...

Page 130: ... LEDs Power ON Blinking GREEN All OFF Boot loader power ON self test Blinking GREEN All ON Image load from compact FLASH Blinking GREEN Spinning pattern rotate all to ON then all to OFF Image load failure Blinking RED All OFF Hand off to ArrayOS Solid GREEN All OFF System software initialization Solid GREEN Walking pattern LED rotating one position per second Up and running Solid GREEN ON for IAPs...

Page 131: ...at IAP is up with stations associated but no traffic IAP LED flashing Flashing at 10 Hz Flashing at 5 Hz Flashing at 2 5 Hz IAP is up passing traffic Traffic 1500 packets sec Traffic 150 packets sec Traffic 1 packet sec IAP LED is GREEN IAP is operating in the 2 4 GHz band IAP LED is ORANGE IAP is operating in the 5 GHz band IAP LED flashing ORANGE to GREEN at 1 Hz IAP abg n 2 is in monitor mode s...

Page 132: ...munication package of your choice Using the Ethernet Ports By default the Array s Ethernet interfaces use DHCP to obtain an IP address If the Array is booted and does not receive DHCP addresses on either the Fast Ethernet or Gigabit Ethernet ports the Fast Ethernet port will default to an IP address of 10 0 1 1 and both Gigabit Ethernet ports will default to 10 0 2 1 If the Array is connected to a...

Page 133: ...1 Logging In When logging in to the Array use the default user name and password the default user name is admin and the default password is admin See Also Installation Workflow Performing the Express Setup Procedure Powering Up the Wi Fi Array ...

Page 134: ...Wi Fi Array Performing the Express Setup Procedure The Express Setup procedure establishes global configuration settings that enable basic Array functionality Changes made in this window will affect all radios Figure 58 Express Setup ...

Page 135: ...ontact you entered in Step 3 5 Admin Phone Enter the telephone number of the admin contact you entered in Step 3 6 Configure SNMPv2 Select whether to Enable SNMPv2 on the Array and change the SNMP Community Strings if desired If you are using the Xirrus Management System XMS these strings must match the values used by XMS The default values for the Array match the defaults in XMS For more details ...

Page 136: ...ty settings a SSID Wireless Network Name The SSID Service Set Identifier is a unique name that identifies a wireless network All devices attempting to connect to a specific WLAN must use the same SSID The default for this field is xirrus For additional information about SSIDs go to the Multiple SSIDs section of Frequently Asked Questions on page 398 b Wireless Security Select the desired wireless ...

Page 137: ...ation about security including a full review of all security options and settings go to Understanding Security on page 210 c Wireless Key Passphrase Depending on the wireless security scheme you selected enter a unique WEP key or WPA passphrase d Confirm Key Passphrase If you entered a WEP key or WPA passphrase confirm it here 9 Admin Settings This section allows you to change the default password...

Page 138: ...IP address or domain name of the NTP server d NTP Secondary Server Enter the IP address or domain name of an optional secondary NTP server to be used in case the Array is unable to contact the primary server e Set Time hrs min sec If you are not using NTP check this box if you want to adjust the current system time When the box is checked the time fields become active Enter the revised time hours ...

Page 139: ...sk When an IAP is enabled its LED is switched on Figure 59 Figure 59 LEDs are Switched On 12 Click on the Apply button to apply the new settings to this session 13 Click on the Save button to save your changes otherwise your new settings will not take effect This ends the Express Setup procedure See Also Establishing Communication with the Array Installation Prerequisites Installation Workflow Log...

Page 140: ...Wi Fi Array 118 Installing the Wi Fi Array ...

Page 141: ...us Wi Fi Array s embedded Web Management Interface WMI used for establishing your network s configuration settings and wireless operating parameters It also includes login instructions The following topics are discussed z An Overview z Structure of the WMI z User Interface z Logging In z Applying Configuration Changes ...

Page 142: ... Overview The WMI is an easy to use graphical interface to your Wi Fi Array It allows you to configure the product to suit your individual requirements and ensure that the unit functions efficiently and effectively Figure 60 Web Management Interface ...

Page 143: ...sion Detection Station Status Windows Stations Location Map RSSI Signal to Noise Ratio SNR Noise Floor Max by IAP Configuration Windows Express Setup Network Network Interfaces DNS Settings CDP Settings Configuration Windows cont d Services Time Settings NTP NetFlow System Log SNMP DHCP Server VLANs VLAN Management Security Admin Management Admin RADIUS Management Control Access Control List Globa...

Page 144: ... Interface Statistics Windows IAP Statistics Summary Per IAP Statistics Network Statistics VLAN Statistics WDS Statistics Filter Statistics Station Statistics Per Station Statistics System Log Window Tool Windows System Tools CLI Logout ...

Page 145: ...n designed with simplicity in mind making navigation quick and easy In the following example you ll see that windows are divided into left and right frames Figure 61 WMI Frames Left frame Right frame Array info Pull down menu Click to configure view statistics Message counters ...

Page 146: ...ray representation contains shortcut links Click a radio to view statistics for it Click the center of the Array to display the IAP Settings window which allows you to configure the Array s radios The right frame displays the status information or configuration parameters for the Wi Fi Array This is where you review the Array s current status and activity or input data if you want to make changes ...

Page 147: ... Click on the Print button to send a print file of the active window to your local printer z Click on the Help button to access the Array s online help system Submitting Your Comments When submitting comments via the Feedback button ensure that you provide as much detail as possible including your contact information the product model number that the comment relates to and the ArrayOS software ver...

Page 148: ... To log in to the Array s Web Management Interface enter admin when prompted for a user name and password Figure 64 Logging In to the Wi Fi Array Applying Configuration Changes When you have defined all your settings in any WMI configuration window you must click on the Apply button for the changes to take effect in the current session or click on the Save button to apply changes to this session a...

Page 149: ...F Monitor Windows on page 142 z Station Status Windows on page 150 z Statistics Windows on page 165 z System Log Window on page 173 Configuration and Tools windows are not discussed here For information on these windows please see z Configuring the Wi Fi Array on page 175 z Using Tools on the Wi Fi Array on page 295 Array Status Windows The following Array Status windows are available z Array Summ...

Page 150: ...take you to the proper window for making configuration changes Figure 65 Array Summary Content of the Array Summary Window The Array Summary window is sub divided into the Ethernet Interfaces section and the Integrated Access Points radio section providing you with the following information z Ethernet Interfaces Section This section provides information about network interface devices To make conf...

Page 151: ... that the Array uses to transmit data to other networks z Integrated Access Points Section This section provides information about the Integrated Access Points IAPs that are contained within the Array How many IAPs are listed depends on which product model you are using 16 IAPs for the XN16 XS16 or XS 3900 12 IAPs for the XN12 or XS12 8 IAPs for the XN8 XS8 or XS 3700 and 4 IAPs for the XN4 XS4 or...

Page 152: ...ansmit power and determines the IAP s overall coverage To define cell sizes go to IAP Settings on page 255 For additional information about cell sizes and the importance of planning for and defining the optimum cell sizes for your Array go to Coverage and Capacity Planning on page 50 Figure 67 IAP Cells Tx Power Shows the transit power for each IAP Rx Threshold Shows the receive threshold for each...

Page 153: ...s only window that shows you the current firmware versions utilized by the Array the serial numbers assigned to each module and MAC addresses You cannot make configuration changes in this window but if you are experiencing issues with network services you may want to print the content of this window for your records Figure 68 Array Information ...

Page 154: ...oot z Factory displays the configuration established at the factory Figure 69 Show Configuration If you want to see just the differences between the Running Saved Lastboot and Factory configurations you can do this by choosing a configuration option from the Select Config pull down menu then selecting an alternative configuration option from the Select Diff pull down menu To also include the defau...

Page 155: ...gure 70 Admin Login History Network Status Windows The following Network Status windows are available z Network Map displays information about this Array and neighboring Arrays that have been detected z Spanning Tree Status displays the spanning tree status of network links on this Array z Routing Table displays information about routing on this Array z ARP Table displays information about Address...

Page 156: ...y be displayed You may sort the rows based on any column that has an active column header indicated when the mouse pointer changes to the hand icon Click Refresh to update the information at any time Click Auto Refresh to instruct the Array to refresh this window automatically Content of the Network Map Window By default the network map shows the following status information for each Array z Array...

Page 157: ... Management on page 240 z In Range Informs you whether the Array is within wireless range of another Wi Fi Array z Fast Roam Informs you whether or not the Xirrus fast roaming feature is enabled This feature utilizes the Xirrus Roaming Protocol XRP ensuring fast and seamless roaming capabilities between IAPs or Arrays at both Layer 2 and Layer 3 To enable or disable fast roaming go to Global Setti...

Page 158: ...ay week and month Default z Sets the columns displayed to the default settings By default only Software and IAP Info are selected Spanning Tree Status Multiple active paths between stations can cause loops in the network If a loop exists in the network topology the potential exists for the duplication of messages The spanning tree protocol is a link management protocol that provides path redundanc...

Page 159: ...g tree status forwarding or blocked for path segments that terminate on the gigabit ports and WDS links of this Array You may sort the rows based on the VLAN Name or Number columns by clicking the column header Click Refresh to update the information at any time Click Auto Refresh to instruct the Array to refresh this window automatically See Also Network Network Interfaces Network Status Windows ...

Page 160: ...ross the network Figure 73 Routing Table See Also VLANs Configuring VLANs on an Open SSID ARP Table This status only window lists the entries in the Array s ARP table For a device with a given IP address this table lists the device s MAC address It also shows the Array interface through which this device may be reached The table typically includes devices that are on the same local area network se...

Page 161: ...ray has allocated to client stations For each it shows the IP address assigned from one of the defined DHCP pools and the MAC address and host name of the client station The start and end time of the lease show how long the allocation is valid The same IP address is normally renewed at the expiration of the current lease Figure 75 DHCP Leases See Also DHCP Server ...

Page 162: ...the Show Netbios checkbox at the bottom of the page to display NetBIOS name information for the source and destination location of the connection The Netbios columns will replace traffic statistics columns You may sort the rows based on any column that has an active column header indicated when the mouse pointer changes to the hand icon Click Refresh to update the information at any time Click Aut...

Page 163: ...ave been discovered Cisco devices and other devices on the network that have CDP running For each it shows the device s host name IP address manufacturer and model name the device interface that is connected to the network i e the port that was discovered and the network capabilities of the device switch router supported protocols etc Figure 77 CDP Neighbors CDP must be enabled on the Array in ord...

Page 164: ... and interference levels continually per channel This capability uses the built in threat sensor radio abg n 2 The associated software is part of the ArrayOS The following RF Status windows are available z IAPs displays current statistics and RF measurements for each of the Array s IAPs z Spectrum Analyzer displays current statistics and RF measurements for each of the Array s channels z Intrusion...

Page 165: ...gure 78 RF Monitor IAPs Figure 78 presents the data as a graphical display enabled by selecting the Graph checkbox on the lower left If this option is not selected data is presented as a numerical table You may sort the rows based on any column that has an active column header indicated when the mouse pointer changes to the hand icon Click Refresh to update the information at any time Click Auto R...

Page 166: ...el For the spectrum analyzer the abg n 2 radio is in a listen only mode scanning across all Wi Fi channels Each channel is scanned in sequence for a 250 millisecond interval per channel The spectrum analyzer window presents the data as a graphical display of vertical bar graphs for each statistic as shown in Figure 79 the default presentation or horizontally as bar graphs or numerical RF measureme...

Page 167: ...Wi Fi Array Viewing Status on the Wi Fi Array 145 Figure 79 RF Spectrum Analyzer Click Channel number to highlight Select Display Options ...

Page 168: ... hand icon Sorting is only available in the rotated view z At the bottom left of the frame you may select whether to display only 2 4 GHz channels 5 GHz channels or both both is the default Note that the data is an instantaneous snapshot it is not an average or a cumulative total Spectrum Analyzer Measurements The spectrum analyzer displays the following information z Packets Sec Total number of W...

Page 169: ... have CRC errors The Error rate percentage may be high on some channels since the monitor radio is set to receive at a very sensitive level enabling it to hear packets from devices at far distances z Average RSSI Average RSSI level seen on 802 11 packets received on the channel A dash value means no RSSI data was available for the interval z Average Data Rate Average data rate over time per byte n...

Page 170: ...ults based on the following parameters by clicking the desired column header Figure 80 Intrusion Detection Rogue AP List The Intrusion Detection window provides the easiest method for designating rogue APs as Known Approved or Unknown Choose one or more APs using the checkbox in the Select column then set whether they are Approved Known or Unknown using the buttons on the lower left z SSID z Secur...

Page 171: ...i Array 149 You can refresh the list at any time by clicking on the Refresh button or click in the Auto Refresh check box to instruct the Array to refresh the list automatically See Also Network Map Rogue Control List SSIDs SSID Management ...

Page 172: ...the array z RSSI for each associated station this displays the Received Signal Strength Indicator at each of the Array s IAPs z Signal to Noise Ratio SNR for each associated station this displays the SNR at each of the Array s IAPs z Noise Floor for each associated station this displays the ambient noise silence value at each of the Array s IAPs z Max by IAP for each IAP this shows the historical ...

Page 173: ... checkbox at the bottom of the window to show a number of additional columns including security settings used by the connection the channel and band used and additional RF measurements Figure 81 Stations You may sort the rows based on any column that has an active column header indicated when the mouse pointer changes to the hand icon Click again to reverse the sort order You may select a specific...

Page 174: ...s associated to this Array unassociated stations shown in gray or both The station count is shown on the left above the map You may also choose to display 5 GHz stations shown in orange or 2 4 GHz stations shown in green or both The map and Array are shown as if you were looking down on the Array from above say from a skylight on the roof Thus the positions of the radios abg n 1 to abg n 4 are a m...

Page 175: ...r each other they will be displayed slightly offset so that one station does not completely obscure another You may minimize a station that is not of interest by clicking it Click it again for normal display There is also a Minimize All button You may replace the range finder background image above with your own custom image of the floorplan of the area served by the Array Array Associated Station...

Page 176: ... If the map is too cluttered you can reduce the display for each station to a small rectangle You may still display The controls for the Location Map are all at the bottom of the window and take up a fair amount of width If some of the controls shown in Figure 83 are not visible resize your browser window to be wider until all of the controls appear Also the Location Map has its own scroll bars in...

Page 177: ...n of your location Click the Browse button and browse to the desired file on your computer This may be a gif jpg jpeg png htm or html file The scale of the file should be 100 feet per inch Then click Upload see below For more information on using the custom image see Working with the Custom Image on page 156 z Upload After browsing to the desired custom image click the Upload button to install it ...

Page 178: ...ation at your site The Location Map window provides a special set of controls for moving the location of the Array These controls are displayed on the upper right corner of the map Figure 85 The location controls only appear when you are using a custom image for your background You will not see them if you are using the default map background To move the Array on the map in a particular direction ...

Page 179: ...g Status on the Wi Fi Array 157 Figure 85 Setting Array location on a Custom Image Click an arrow to move the Array Array Location Controls are at upper left of Map Click here to move Array to center of map Apply Button ...

Page 180: ...ations as well with a checkbox at the bottom of the window Figure 86 Station RSSI Values By default the RSSI is displayed numerically You may display the relative strength using color if you select Colorize Intensity with the strongest signals indicated by the most intense color Figure 86 If you select Graph then the RSSI is shown on a representation of the Array either colorized or numerically ba...

Page 181: ...ew you may sort the rows based on any column that has an active column header indicated when the mouse pointer changes to the hand icon Click on the Refresh button to refresh the station list or click in the Auto Refresh check box to instruct the Array to refresh this window automatically See Also Station Status Windows RF Monitor Windows ...

Page 182: ...e sources of noise in the environment and or improve the signal from the station Figure 88 Station Signal to Noise Ratio Values You may choose to display Unassociated Stations as well with a checkbox at the bottom of the window By default the SNR is displayed numerically Figure 88 You may display the relative value using color if you select Colorize Intensity with the highest SNR indicated by the ...

Page 183: ...w you may sort the rows based on any column that has an active column header indicated when the mouse pointer changes to the hand icon Click on the Refresh button to refresh the station list or click in the Auto Refresh check box to instruct the Array to refresh this window automatically See Also Station Status Windows RF Monitor Windows ...

Page 184: ... of poor performance A relatively high value means that action may need to be taken to reduce sources of noise in the environment Figure 90 Station Noise Floor Values You may choose to display Unassociated Stations as well with a checkbox at the bottom of the window By default the noise floor is displayed numerically Figure 90 You may display the relative value using color if you select Colorize I...

Page 185: ... view you may sort the rows based on any column that has an active column header indicated when the mouse pointer changes to the hand icon Click on the Refresh button to refresh the station list or click in the Auto Refresh check box to instruct the Array to refresh this window automatically See Also Station Status Windows RF Monitor Windows ...

Page 186: ...r day week month and year In other words the Max Station Count shows the high water mark over the selected period of time the maximum count of stations for the selected period rather than a cumulative count of all stations that have associated This information aids in network administration and in planning for additional capacity Figure 92 Max by IAP You may click an IAP to go to the IAP Settings ...

Page 187: ...Statistics provides statistical data for all configured filters z Station Statistics provides statistical data associated with each station IAP Statistics Summary This is a status only window that provides an overview of the statistical data associated with all IAPs It also shows the channel used by each IAP For detailed statistics for a specific IAP see Per IAP Statistics on page 166 Click the Un...

Page 188: ...show the sum of that statistic for all IAPs For a summary of statistics for all IAPs see IAP Statistics Summary on page 165 Use the Display Percentages checkbox at the lower left to select the output format check this option to express each statistic as a percentage of the total at the top of the column or leave it blank to display raw numbers A quick way to display the statistics for a particular...

Page 189: ...w with the latest information or Clear the data reset all content to zero and begin counting again at any time by clicking on the appropriate button You can also click in the Auto Refresh check box to instruct the Array to refresh this window automatically See Also System Log Window Global Settings IAP Global Settings 11a Global Settings 11bg IAPs ...

Page 190: ...w with the latest information or Clear the data reset all content to zero and begin counting again at any time by clicking on the appropriate button You can also click in the Auto Refresh check box to instruct the Array to refresh this window automatically If you are experiencing problems on the Array you may also want to print this window for your records Figure 95 Network Statistics See Also DHC...

Page 191: ...ith your assigned VLANs You can refresh the information that is displayed on this page at any time by clicking on the Refresh button or select the Auto Refresh option for this window to refresh automatically The Clear All button at the lower left allows you to clear zero out all VLAN statistics Figure 96 VLAN Statistics See Also VLAN Management VLANs ...

Page 192: ...nt and host links To access data about a specific WDS client or host link simply click on the desired link in the left frame to access the appropriate window You may also choose to view a sum of the statistics for all client links all host links or all links both client and host links Figure 97 WDS Statistics See Also SSID Management WDS ...

Page 193: ... filter name to edit the filter settings Figure 98 Filter Statistics See Also Filters Station Statistics This status only window provides an overview of statistical data for all stations Stations are listed by MAC address and Receive and Transmit statistics are summarized for each For detailed statistics for a specific station click the desired MAC address in the Station column and see Per Station...

Page 194: ...s window click the MAC address of the desired entry in the Station column to display its Per Station Statistics window Receive and Transmit statistics are listed by Rate this is the data rate in Mbps For a summary of statistics for all stations see Station Statistics on page 171 You can Refresh the data update the window with the latest information or Clear the data reset all content to zero and b...

Page 195: ...igned to the message z Message sorts the list based on the message category The displayed messages may be filtered by using the Filter Priority option which allows control of the minimum priority level displayed For example you may choose under Services System Log to log messages at or above the Debug level but use Filter Priority to display only messages at the Information level and above Figure ...

Page 196: ...Wi Fi Array 174 Viewing Status on the Wi Fi Array ...

Page 197: ... z Security on page 209 z SSIDs on page 235 z Groups on page 247 z IAPs on page 253 z WDS on page 285 z Filters on page 289 After making changes to the configuration settings of an Array you must click on the Save button at the bottom of the configuration window otherwise the changes you make will not be applied the next time the Array is rebooted Click the Apply button if you want the changes app...

Page 198: ...lish global configuration settings that will enable basic Array functionality Any changes you make in this window will affect all radios When finished click on the Apply button to apply the new settings to this session or click Save to apply your changes and make them permanent Figure 102 WMI Express Setup ...

Page 199: ...ber of the admin contact you entered in Step 3 6 Configure SNMP Select whether to Enable SNMP on the Array and set the SNMP community strings The factory default value for the SNMP Read Only Community String is xirrus_read_only The factory default value for the SNMP Read Write Community String is xirrus If you are using the Xirrus Management System XMS the read write string must match the string u...

Page 200: ...ed subnet where the Array is located Default Gateway Enter a valid IP address for the default gateway This is the IP address of the router that the Array uses to forward data to other networks 8 SSID Settings This section specifies the wireless network name and security settings a The SSID Wireless Network Name is a unique name that identifies a wireless network SSID stands for Service Set Identif...

Page 201: ...ta protection and network access control It offers Enterprise and consumer Wi Fi users with a high level of assurance that only authorized users can access their wireless networks Like WPA WPA2 is designed to secure all versions of 802 11 devices including 802 11a 802 11b 802 11g and 802 11n multi band and multi mode WPA Both WPA and WPA2 This option makes use of both WPA and WPA2 For more informa...

Page 202: ...nal time NTP Network Time Protocol server or modifies the system time if you re not using a server a Time Zone Select your time zone from the choices available in the pull down list b Auto Adjust Daylight Savings If you are not using NTP check this box if you want the system to adjust for daylight savings automatically otherwise leave this box unchecked default c Use Network Time Protocol Check th...

Page 203: ...t g Set Date month day year If you are not using NTP check this box if you want to adjust the current system date When the box is checked the date fields become active Enter the revised date month day and year in the corresponding fields If you don t want to adjust the current date this box should be left unchecked default 11 IAP Settings Enable Configure All IAPs Click on the Execute button to en...

Page 204: ...ration window to make changes to any of the settings displayed here configuration changes cannot be made from this window You can click on any item in the Interface column to jump to the associated configuration window Figure 104 Network Interfaces WMI windows that allow you to change or view configuration settings associated with the network interfaces include z Network Interfaces on page 183 z D...

Page 205: ...ndow allows you to establish configuration settings for the 10 100 Fast Ethernet interface and the Gigabit 1 and Gigabit 2 interfaces Figure 105 Network Settings Gigabit 2 settings will mirror Gigabit 1 settings except for MAC addresses and cannot be configured separately ...

Page 206: ...d describing the change Network Interface Ports The following diagram shows the location of each network interface port on the underside of the Array Figure 106 Network Interface Ports Procedure for Configuring the Network Interfaces Configure the Fast Ethernet and Gigabit 1 network interfaces some Gigabit 2 settings cannot be configured separately and will mirror Gigabit 1 The fields for each of ...

Page 207: ... enabled If you disable the Auto Negotiate feature you must define the Duplex and Speed options manually otherwise these options are not available a Duplex Full duplex mode transmits data in two directions simultaneously for example a telephone is a full duplex device because both parties can talk and be heard at the same time Half duplex allows data transmission in one direction at a time only fo...

Page 208: ...ffic across both gigabit ports to increase link speed to the network Both ports act as a single logical interface trunk using a load balancing algorithm to balance traffic across the ports The destination IP address of a packet is used to determine its outgoing adapter For non IP traffic such as ARP the last byte of the destination MAC address is used to do the calculation The network switch must ...

Page 209: ...lt tolerance See Figure 108 d Figure 108 Port Modes c d e Load balance traffic between gig1 gig2 This option provides trunking similar to option b Aggregate Traffic from gig1 gig2 using 802 3ad but it uses a different load balancing algorithm to determine the outgoing gigabit port The outgoing port used is based on an exclusive OR of the source and destination MAC address Like option b this mode a...

Page 210: ...ceived on Gigabit2 is passed on to the onboard Gig1 Gig2 Switch Array load balances outgoing traffic based on source and destination address Destinations Gig1 Gig2 Received wireless traffic is sent to both links Gig1 Gig2 Traffic from Gig1 is processed for wireless transmission and copied to Gig 2 Gig1 Gig2 Traffic from Gig2 is processed for wireless transmission and copied to Gig1 Switch Switch S...

Page 211: ...ou selected the Static IP option enter a valid IP address for the subnet mask the default for Class C is 255 255 255 0 The subnet mask defines the number of IP addresses that are available on the routed subnet where the Array is located c Default Gateway If you selected the Static IP option enter a valid IP address for the default gateway This is the IP address of the router that the Array uses to...

Page 212: ...efined along with DHCP pools See DHCP Server on page 203 When finished click on the Apply button to apply the new settings to this session or click Save to apply your changes and make them permanent Figure 110 DNS Settings Procedure for Configuring DNS Servers 1 DNS Host Name Enter a valid DNS host name 2 DNS Domain Enter the DNS domain name 3 DNS Server 1 Enter the IP address of the primary DNS s...

Page 213: ...formation sent by neighbors see CDP Neighbors on page 141 This window allows you to establish your CDP settings When finished click on the Apply button to apply the new settings to this session or click Save to apply your changes and make them permanent Figure 111 CDP Settings Procedure for Configuring CDP Settings 1 Enable CDP When CDP is enabled the Array sends out CDP announcements of the Array...

Page 214: ... this period of time before aging out of the Array s neighbor list Thus if a neighbor stops sending announcements it will no longer appear on the CDP Neighbors window after CDP Hold Time seconds from its last announcement The default is 180 seconds See Also CDP Neighbors Network Network Interfaces Network Statistics ...

Page 215: ...ame whether the pool is enabled the IP address range the gateway address lease times and the DNS domain being used There are no configuration options available in this window but if you are experiencing issues with network services you may want to print this window for your records Figure 112 Services The following sections discuss configuring services on the Array z Time Settings NTP on page 194 ...

Page 216: ...use normally your local time zone from the pull down list 2 Auto Adjust Daylight Savings Check this box if you want the system to adjust for daylight savings automatically otherwise leave this box unchecked default 3 Use Network Time Protocol select whether to set time manually or use NTP to manage system time 4 Setting Time Manually a Adjust Time hrs min sec If you are not using NTP check this bo...

Page 217: ...this box should be left unchecked default 5 Using an NTP Server a NTP Primary Server If you are using NTP enter the IP address or domain name of the NTP server Figure 114 Time Settings NTP Time Enabled b NTP Secondary Server Enter the IP address or domain name of an optional secondary NTP server to be used in case the Array is unable to contact the primary server 6 Click on the Apply button to app...

Page 218: ... the statistics on a per flow basis and use this information to make key decisions Knowing how many packets and bytes are sent to and from certain IP addresses or across specific network interfaces allows administrators to track usage by various areas Traffic flow information may be used to engineer networks for better performance Figure 115 NetFlow Procedure for Configuring NetFlow 1 Enable NetFl...

Page 219: ...log service will send Syslog messages that are at the selected severity or above to the defined Syslog servers and email address Figure 116 System Log Procedure for Configuring Syslog 1 Enable Syslog Server Choose Yes to enable Syslog functionality or choose No to disable this feature 2 Console Logging If you enabled Syslog select whether or not to echo Syslog messages to the console as they occur...

Page 220: ...MTP server to be used for sending the email Note that this specifies the mail server not the email recipient b Email SMTP User Email SMTP Password Specify a user name and password for logging in to an account on the mail server designated in Step a c Email SMTP From Specify the From email address to be displayed in the email d Email SMTP To Specify the entire email address of the recipient of the ...

Page 221: ...y Server Choose the preferred level of reporting for the secondary tertiary server The default level is Information and more serious Optional e Email SMTP Server Choose the preferred level of Syslog reporting for the email notifications The default level is Warning and more serious This prevents your mailbox from being filled up with a large number of less severe messages such as informational mes...

Page 222: ...P v3 was designed to offer much stronger security You may enable either SNMP version neither or both If you enable both be aware that data and keys are not encrypted when SNMPv2 is used NOTE If you are managing your Arrays with XMS the Xirrus Management System it is very important to use SNMP v2 and the correct Read Write Community String for proper operation of XMS with the Array Both XMS and the...

Page 223: ...authenticating SNMPv3 packets SHA Secure Hash Algorithm or MD5 Message Digest Algorithm 5 6 Privacy Select the desired method for encrypting data DES Data Encryption Standard or the stronger AES Advanced Encryption Standard 7 Context Engine ID The unique identifier for this SNMP server We recommend that you do not change this value The Context Engine ID must be set if data collection is to be done...

Page 224: ...ter the read only password for privacy i e a key for encryption The default is xirrus ro 14 SNMP Trap Host IP Address Enter the IP Address or domain name as well as the Port number of an SNMP management station that is to receive SNMP traps You may specify up to four hosts that are to receive traps 15 Send Auth Failure Traps Choose Yes to log authentication failure traps or No to disable this feat...

Page 225: ...maximum and establish the IP address range that the DHCP server can use Figure 118 DHCP Management Procedure for Configuring the DHCP Server 1 New Internal DHCP Pool Enter a name for the new DHCP pool then click on the Create button The new pool ID is added to the list of available DHCP pools 2 On Click this checkbox to make this pool of addresses available or clear it to disable the pool 3 Lease ...

Page 226: ... for this IP range for the DHCP server The default is 255 255 255 0 9 Gateway If necessary enter the IP address of the gateway 10 Domain Enter the DNS domain name See also DNS Settings on page 190 11 DNS Servers 1 to 3 Enter the IP address of the primary DNS server secondary DNS server and tertiary DNS server These DNS server addresses will be passed to stations when they associate along with the ...

Page 227: ...l VLANs this window shows your settings for the Default Route VLAN and the Native Untagged VLAN Step 1 page 207 Figure 119 VLANs Understanding Virtual Tunnels Xirrus Arrays support Layer 2 tunneling with Virtual Tunnels This allows an Array to use tunnels to transport traffic for one or more SSID VLAN pairs onto a single destination network through the Layer 3 core network The Array has low overhe...

Page 228: ...ish options are available z Keepalive yes Client Server Interaction The Array is a client of the Virtual Tunnel Server When you specify a VTS for a an active VLAN SSID pair the Array contacts the VTS The server then creates a tunnel session to the Array VTun encapsulated packets will cross the Layer 3 network from the Array to the VTS When packets arrive at the VTS they will be de encapsulated and...

Page 229: ...d for this function to work 2 Native VLAN This option allows you to choose the Native VLAN from the pull down list When you click Apply the VLAN you choose will appear in the corresponding VLAN Number field The Wi Fi Array supports dynamic VLAN assignments specified by RADIUS policy settings When RADIUS sends these assignments the Array dynamically assigns wireless stations to VLANs as requested V...

Page 230: ... Mask If the DHCP option is disabled enter the subnet mask IP address for this VLAN association 9 Gateway If the DHCP option is disabled enter the IP gateway address for this VLAN association 10 Tunnel Server If this VLAN is to be tunneled enter the IP address or host name of the tunnel server that will perform the tunneling For more information on virtual tunnels please see Understanding Virtual ...

Page 231: ...ns available in this window but if you are experiencing issues with security you may want to print this window for your records Figure 121 Security For additional information about wireless network security refer to z Security Planning on page 70 z Understanding Security on page 210 z The Security section of Frequently Asked Questions on page 398 For information about secure use of the WMI refer t...

Page 232: ...re over network connections and should be used only with a direct serial port connection When connecting to the unit s Command Line Interface over a network connection you must use a Secure SHell version 2 SSH 2 utility SSH 2 provides stronger security than SSH 1 The most commonly used freeware providing SSH tools is PuTTY z Configuration auditing The optional Xirrus Management System XMS offers p...

Page 233: ...ctionality and prevents active attacks on the wireless network AES is the strongest encryption standard and is used by government agencies however old legacy hardware may not be capable of supporting the AES mode it probably won t work on older wireless clients Because AES is the strongest encryption standard currently available WPA2 with AES is highly recommended for Enterprise networks Any of th...

Page 234: ...ible Authentication Protocol authentication methods including EAP TLS EAP TTLS EAP PEAP and LEAP Passthrough The RADIUS server can be internal provided by the Wi Fi Array or external An external RADIUS server offers more functionality and security and is recommended for large deployments When using this method user names and passwords must be entered into the RADIUS server for user authentication ...

Page 235: ...A it checks to ensure the host name and IP address match those on the certificate If any of these checks fail you get a security warning when connecting to the WMI The Array ships with a default certificate that is signed by the Xirrus CA You may choose to use this certificate or to use a certificate issued by the CA of your choice as described in the following sections z Using the Array s Default...

Page 236: ...sign a new certificate This happens automatically the next time you reboot after changing the host name If you have already installed the Xirrus CA on a browser this new Array certificate should automatically be trusted When you install the Xirrus CA in your browser it will trust a certificate signed by any Xirrus Array as long as you connect using the Array s host name Using an External Certifica...

Page 237: ...click on the Save button to save your changes Figure 123 Admin Management Procedure for Creating or Modifying Network Administrator Accounts 1 Admin ID Enter the login name for a new network administrator ID The length of the ID must be between 5 and 50 characters inclusive For special characters that may be used see See Also on page 126 2 Read Write Choose Read Write if you want to give this admi...

Page 238: ...effort you don t have to set up user names and passwords on each Array just enter them once on the RADIUS server and then all of the Arrays can pull from the RADIUS server z Enforced policies you may set password rules e g passwords must contain at least one number and be at least 12 characters in length and you may set expiration times for passwords Admin RADIUS settings override any local admini...

Page 239: ...figuring administrator accounts on the RADIUS server you must observe the same restrictions for length and legal characters as when creating these accounts on the Array using the Admin Management window the user name and password must be between 5 and 50 characters inclusive For special characters that may be used see See Also on page 126 Figure 124 Admin RADIUS Procedure for Configuring Admin RAD...

Page 240: ...DIUS server The default is 1812 c Shared Secret Verify Secret Enter the shared secret that this RADIUS server will be using then re enter the shared secret to verify that you typed it correctly 3 Admin RADIUS Secondary Server optional If desired enter an alternative external RADIUS server If the primary RADIUS server becomes unreachable the Array will failover to the secondary RADIUS server define...

Page 241: ...r inactivity time outs set The supported range is 300 default to 100 000 seconds Figure 125 Management Control Procedure for Configuring Management Control 1 SSH a Enable Management Choose Yes to enable management of the Array over a Secure Shell SSH 2 connection or No to disable this feature Be aware that only SSH 2 connections are supported by the ...

Page 242: ...eature SSH offers a more secure connection than Telnet and is recommended over Telnet b Connection Timeout 30 100000 Seconds Enter a value in this field to define the timeout in seconds before your Telnet connection is disconnected The value you enter here must be between 30 seconds and 100 000 seconds c Port Enter a value in this field to define the port used by Telnet The default port is 23 3 Se...

Page 243: ... on page 213 Click the link xirrus ca crt and then click Open to view or install the current Xirrus CA certificate Click Install Certificate to start your browser s Certificate Install Wizard We recommend that you use this process to install Xirrus as a root authority in your browser When you assign a Host Name to your Array using the Express Setup window then the next time you reboot the Array it...

Page 244: ... creating a certificate signing request csr file Step 6 click the View button to review it If it is satisfactory click the name of the csr file to display the text of the request You can then copy this text and use it as required by the CA You may also click on the filename of the csr file to download it to your local computer b Upload Signed Certificate To use a custom certificate signed by an au...

Page 245: ...em permanent See Also Network Interfaces to enable disable management over an Ethernet interface Global Settings IAP to enable disable management over IAPs Admin Management External Radius Global Settings IAP Internal Radius Access Control List Security Access Control List This window allows you to create new station access lists delete existing lists and add remove MAC addresses When finished cli...

Page 246: ...o add a MAC address to the ACL enter the new MAC address here then click on the Create button The MAC address is added to the ACL 3 Delete You can delete selected MAC addresses from this list by checking their Delete buttons then clicking Apply or Save 4 Click on the Apply button to apply the new settings to this session or click Save to apply your changes and make them permanent See Also External...

Page 247: ...ng WEP WPA WPA2 and RADIUS authentication When finished click on the Apply button to apply the new settings to this session or click Save to apply your changes and make them permanent For additional information about wireless network security refer to Security Planning on page 70 and Understanding Security on page 210 Figure 127 Global Settings Security ...

Page 248: ...nabled Choose Yes to enable TKIP Temporal Key Integrity Protocol or choose No to disable TKIP 3 AES Enabled Choose Yes to enable AES Advanced Encryption Standard or choose No to disable AES If both AES and TKIP are enabled the station determines which will be used 4 WPA Group Rekey Time seconds Enter a value to specify the group rekey time in seconds The default is Never 5 PSK Authentication Choos...

Page 249: ...e enter the key to verify that you typed it correctly Hexadecimal characters are defined as ABCDEF and 0 9 For ASCII mode you may include special characters except for the double quote symbol 9 Encryption Key 2 to 4 Verify Key 2 to 4 Key Mode Length optional If desired enter up to four encryption keys in the same way that you entered the first key 10 Default Key Choose which key you want to assign...

Page 250: ...tion To set up an external RADIUS server you must choose External as the RADIUS server mode in Global Settings Refer to Global Settings on page 225 Figure 128 External RADIUS Server If you want to include user group membership in the RADIUS account information for users see Understanding Groups on page 247 User groups allow you to easily apply a uniform configuration to a user on the Array ...

Page 251: ...le the Array will failover to the secondary RADIUS server defined here a Address Enter the IP address or domain name of this external RADIUS server b Port Number Enter the port number of this external RADIUS server The default is 1812 c Shared Secret Verify Secret Enter the shared secret that this external RADIUS server will be using then re enter the shared secret to verify that you typed it corr...

Reviews:

No comments

Brands by name

Popular brands

Load more brands