manualshive.com logo in svg

Dell PowerConnect B-RX4, Руководство пользователя

Dell PowerConnect B-RX4 - сетевой коммутатор высокой производительности. Этот устройство обеспечит надежное подключение вашей сети. Скачайте бесплатный пользовательский руководство с manualshive.com, чтобы узнать о всех функциях и настройках этого устройства.

Поделиться
Скачать
background image

EAP-Generic Token Card (GTC)— This EAP method permits the transfer of unencrypted
usernames and passwords from client to server. The main uses for EAP-GTC are one-time token
cards such as SecureID and the use of LDAP or RADIUS as the user authentication server. You
can also enable caching of user credentials on the W-IAP as a backup to an external
authentication server.

EAP-Microsoft Challenge Authentication Protocol version 2 (MS-CHAPv2)— This EAP method is
widely supported by Microsoft clients. A RADIUS server must be used as the backend
authentication server.

If you are using the W-IAP’s internal database for user authentication, you need to add the names
and passwords of the users to be authenticated. If you are using an LDAP server for user
authentication, you need to configure the LDAP server on the Virtual Controller, and configure
user IDs and passwords. If you are using a RADIUS server for user authentication, you need to
configure the RADIUS server on the Virtual Controller.

Configuring an External RADIUS Server

To configure an external RADIUS server for a wireless network:

1. Click

New

in the

Networks

tab and select the appropriate

Primary usage

.

2. Click

Next

to continue.

3. Use the

VLAN

tab to specify how the clients on this network get their IP address and VLAN.

4. Click

Next

to continue.

5. In the

Security

tab, slide the bar to

Enterprise

and update the following fields:

a.

Key Management

— Select the type of key for encryption and authentication.

b.

Termination

— Select Enabled to terminate the EAP portion of 802.1X authentication on

the access point instead of RADIUS server.

c.

Authentication server 1

— Select

New

from the drop-down list to authenticate user

credentials for the RADIUS server at run time and update the following fields:

l

RADIUS Server

n

Name— Enter the name of the new external RADIUS server.

n

IP address— Enter the IP address of the external RADIUS server.

n

Auth port— Enter the authorization port number of the external RADIUS server. The
port number is set to 1812 by default.

n

Accounting port— Enter the accounting port number. This port is used to send
accounting records to the RADIUS server. The port number is set to 1813 by default

n

Shared key— Enter a shared key for communicating with the external RADIUS server.

n

Timeout— Indicates the timeout for one RADIUS request. The W-IAP retries to send
the request several times (as configured in the "Retry count") before the user gets
disconnected. e.g. If the "Timeout" is 5 sec, "Retry counter" is 3, user is disconnected
after 20 sec ("Timeout" x "Retry c 1). The default value is 5 seconds.

n

Retry count— Specify a number between 1 and 5. Indicates the maximum number of
authentication requests that are sent to server group, and the default value is 3
requests.

n

RFC 3576— When enabled, the Access Points process RFC 3576-compliant Change
of Authorization (CoA) and Disconnect messages from the RADIUS server.
Disconnect messages cause a user session to be terminated immediately, whereas CoA
messages modify session authorization attributes such as data filters.

Dell PowerConnect W-Series Instant Access Point

6.2.0.0-3.2.0.0

|

User Guide

113

|

Authentication

Содержание PowerConnect B-RX4

Страница 1: ...Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 2: ...Code Certain Aruba products include Open Source software code developed by third parties including software code subject to the GNU General Public License GPL GNU Lesser General Public License LGPL or other Open Source Licenses The Open Source code used can be found at this site http www arubanetworks com open_source Legal Notice The use of Aruba Networks Inc switching platforms and software by al...

Страница 3: ... Setup 17 Pre Installation Checklist 17 Connecting a W IAP 18 Assigning an IP Address to the W IAP 18 Connecting to a Provisioning Wi Fi Network 18 Disabling the Provisioning Wi Fi Network 20 Assigning a Static IP 20 Log in to the Dell W Series Instant UI 21 Specifying a Country Code 21 W IAP Cluster 22 Dell W Instant User Interface 23 Understanding the Dell W Series Instant UI Layout 23 Banner 24...

Страница 4: ...ist 36 Channel Utilization and Monitoring 36 Channel Details 37 Alerts 37 Client Alerts 37 Fault History 38 Active Faults 38 IDS 39 Configuration 39 AirGroup 40 Language 40 Dell PowerConnect W AirWave Setup 40 Pause Resume 41 Views 41 Wireless Network 43 Network Types 43 Employee Network 44 Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 4 Contents ...

Страница 5: ...o Join Mode 71 Terminal Access 72 LED Display 72 TFTP Dump Server 72 Extended SSID 73 Deny Inter User Bridging and Deny Local Routing 73 Syslog Server 73 Syslog Facility Levels 74 Adding a W IAP to the Network 74 Removing a W IAP from the Network 75 Editing W IAP Settings 75 Changing W IAP Name 75 Changing IP Address of the W IAP 76 Configuring Adaptive Radio Management 78 Configuring Uplink Manag...

Страница 6: ...erview 91 Configuring a Mobility Domain 92 Home Agent Load Balancing 95 Spectrum Monitor 97 Creating Spectrum Monitors and Hybrid APs 97 Converting W IAPs into Hybrid W IAPs 97 Converting a W IAP to a Spectrum Monitor 98 Spectrum Data 100 Overview Device List 100 Non Wi Fi Interferers 101 Channel Metrics 103 Channel Details 104 Spectrum Alerts 105 Time Management 107 NTP Server 107 Configuring an ...

Страница 7: ...18 Management Authentication Settings 120 Captive Portal 121 Internal Captive Portal 121 Configuring Internal Captive Portal Authentication when Adding a Guest Network 122 Configuring Internal Captive Portal Authentication when Editing a Guest Network 123 Configuring Internal Captive Portal with External RADIUS Server Authentication when Adding a Guest Network 124 Customizing a Splash Page 125 Dis...

Страница 8: ...ncryption 143 Encryption Types Supported in Dell W Instant 143 WEP 143 TKIP 143 AES 143 Encryption Recommendations 143 Understanding WPA and WPA2 144 Recommended Authentication and Encryption Combinations 144 Role Derivation 145 User Roles 145 Creating a New User Role 145 Creating Role Assignment Rules 147 MAC Address Attribute 147 DHCP Option and DHCP Fingerprinting 148 802 1X Authentication Type...

Страница 9: ...eny FTP Service except to a Particular Server 160 Deny bootp Service except to a Particular Network 161 Content Filtering 163 Enabling Content Filtering 163 Enterprise Domains 164 OS Fingerprinting 167 Adaptive Radio Management 169 ARM Features 169 Channel or Power Assignment 169 Voice Aware Scanning 169 Load Aware Scanning 169 Band Steering Mode 169 Airtime Fairness Mode 170 Airtime Fairness Mode...

Страница 10: ... to the Ethernet Port 190 Hierarchical Deployment 193 Deployment 193 Uplink Configuration 195 Uplink Interface Configuration 195 Ethernet Uplink 195 3G 4G Uplink 196 Types of Modems 196 Provisioning 3G 4G Uplink Manually 198 Provisioning 3G Uplink Automatically 199 Provisioning a 3G 4G Switch Network 199 Wi Fi Uplink 200 Provisioning Wi Fi Uplink 200 Provisioning 3G 4G and Wi Fi Uplink with Factor...

Страница 11: ...onnect W AirWave 207 Creating your Organization String 207 About Shared Key 208 Entering the Organization String and AMP Information into the W IAP 208 Dell PowerConnect W AirWave Discovery through DHCP Option 208 Standard DHCP option 60 and 43 on Windows Server 2008 208 Alternate Method for Defining Vendor Specific DHCP Options 212 AirGroup 215 Introducing AirGroup 215 What is Bonjour and Zero Co...

Страница 12: ...oting and Log Messages 226 Monitoring 229 Virtual Controller View 229 Monitoring Link 230 Info 230 RF Dashboard 230 Usage Trends 230 Client Alerts Link 232 IDS Link 232 Network View 232 Info 233 Usage Trends 233 Dell W Instant Access Point View 235 Info 235 RF Dashboard 235 Overview 236 Client View 243 Info 244 RF Dashboard 244 RF Trends 244 Mobility Trail 247 Alert Types and Management 249 Alert ...

Страница 13: ...256 Adding a Client to the Manual Blacklist 256 Dynamic Blacklisting 257 Authentication Failure Blacklisting 257 Session Firewall Based Blacklisting 257 PEF Settings 258 Firewall ALG Configuration 258 Firewall based Logging 259 VPN Configuration 261 VPN Configuration 261 Fast Failover 262 Routing Profile Configuration 262 DHCP Server Configuration 263 NAT DHCP Configuration 264 Distributed L2 DHCP...

Страница 14: ...eshooting 283 IAP VPN 285 Licensing Requirements 285 VPN Configuration 286 Creating a W IAP Whitelist 286 Controller Whitelist DB 286 External Whitelist DB 286 VPN Local Pool Configuration 287 VPN Profile Configuration 287 Radius Proxy for VPN Connected IAPs 287 Viewing Branch Status 288 Example 288 Troubleshooting 289 Viewing Logs 289 Support Commands 289 Abbreviations 295 Abbreviations 295 Dell ...

Страница 15: ...e geographically dispersed locations Designed specifically for easy deployment and proactive management of networks Instant is ideal for small customers or remote locations without any on site IT administrator Dell W Instant consists of an Instant Access Point W IAP and a Virtual Controller VC The Virtual Controller resides within one of the access points In an Dell W Instant deployment only the f...

Страница 16: ... illustrate l Screen output l On screen system prompt l Filenames software devices and specific commands Bold This style is used to emphasize Instant UI elements For example name of a text box or the name of a drop down list Table 1 Conventions The following informational icons are used throughout this guide NOTE Indicates helpful suggestions pertinent information and important things to remember ...

Страница 17: ... W IAP The choice of endspan or midspan depends on the capabilities of the switch to which the IAP is connected Typically if a switch is in place and does not support PoE midspan power injectors are used NOTE A DNS server functions as a phonebook for the internet and internet users It converts human readable computer hostnames into IP addresses and vice versa A DNS server stores several records fo...

Страница 18: ...onnectivity When you connect the W IAP to a network the W IAP receives an IP address from a DHCP server To get an IP address for a W IAP 1 Connect the ENET 0 port of W IAP to a switch or router using an Ethernet cable Ensure that the DHCP service is enabled on the network 2 Connect the W IAP to a power source The W IAP receives an IP address provided by the switch or router NOTE If there is no DHC...

Страница 19: ...i network ensure that the client is not connected to any wired network Figure 1 Connecting to a provisioning Wi Fi Network Microsoft Windows Figure 2 Connecting to a provisioning Wi Fi Network Mac OS Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 19 InitialConfiguration ...

Страница 20: ... None Table 2 Terminal Communication Settings 5 In the apboot mode use the following commands to disable the provisioning network n apboot factory_reset n apboot setenv disable_prov_ssid 1 n apboot saveenv n apboot reset Assigning a Static IP To assign a static IP to a W IAP using APBoot 1 Connect a terminal or PC workstation running a terminal emulation program to the Console port on the W IAP 2 ...

Страница 21: ...n credentials after you log in for the first time Specifying a Country Code NOTE Skip this section if you are installing the W IAP in the United States or Japan Dell W Instant Access Points are shipped in three variants n W IAP US United States n W IAP JP Japan n W IAP ROW Rest of World After you successfully log in to the Dell W Series Instant User Interface the Country Code window appears if W I...

Страница 22: ...ing a Country Code W IAP Cluster W IAPs in the same VLAN automatically find each other and form a single functioning network managed by a Virtual Controller CAUTION Moving a W IAP from one cluster to another requires a factory reset of the W IAP that is being moved See Managing W IAPs on page 71 for more information ...

Страница 23: ...led on the web browser to view the Dell W Series Instant UI Supported browsers are l Internet Explorer 8 0 7601 17514 and 9 0 11 l Safari 6 0 2 l Google Chrome 23 0 1271 95 m l Mozilla Firefox 17 0 NOTE The Dell W Series Instant UI logs out automatically if the window is inactive for fifteen minutes Understanding the Dell W Series Instant UI Layout The Dell W Series Instant UI consists of the foll...

Страница 24: ...mes Click on the tabs to see the expanded view and click again to compress the expanded view Items in each tab are associated with a triangle icon Click on the triangle icon to sort the data in increasing or decreasing order Each tab is explained in the following sections Networks Tab This tab displays a list of Wi Fi networks that are configured in the Dell W Instant network The network names app...

Страница 25: ... to detect interference whether from neighboring APs or from non Wi Fi devices such as microwaves and cordless phones When Spectrum is enabled the AP does not provide access services to clients l Clients Number of clients that are connected to the W IAP l Type Model number of the W IAP l Channel Channel the W IAP is currently broadcasting on l Power dB Maximum transmit EIRP of the radio l Utilizat...

Страница 26: ...e Figure 8 Client Tab Compressed View and Expanded View Links The following links allow you to configure the features and settings for the W Instant network Each of these links are explained in the subsequent sections l New Version Available on page 27 l Settings on page 27 l RF on page 29 l PEF on page 30 l WIP on page 30 l VPN on page 31 l Wired on page 31 l Maintenance on page 32 l Support on p...

Страница 27: ...nd NTP Server see Virtual Controller on page 109 and Time Management on page 107 n For information about Auto join mode Terminal Access LED display TFTP Dump Server and Deny inter user bridging see Managing W IAPs on page 71 l Admin View or edit the admin credentials for access to the Virtual Controller Management User Interface See 802 1X Authentication on page 111 for more information You can al...

Страница 28: ...ettings See SNMP on page 183 for more information l OpenDNS Instant supports OpenDNS business solutions which requires an OpenDNS www opendns com account comprising a username and a password These credentials are used by W Instant to access OpenDNS to provide enterprise level content filtering NOTE For OpenDNS to work enable Content Filtering feature while creating a new network Click New in the N...

Страница 29: ...lity on page 91 for more information l AirGroup View or configure the AirGroup settings See AirGroup on page 215 for more information l WISPr View or configure the WISPr settings See WISPr Authentication on page 132 for more information RF This link displays the configuration parameters Adaptive Radio Management ARM and Radio features Figure 11 RF ARM View or assign channel and power settings for ...

Страница 30: ...page 269 Roles This window displays all the roles defined for all the Networks The Access Rules part indicates the permissions for each role For more information see User Roles on page 145 Blacklisting Use this window to manually blacklist clients See Client Blacklisting on page 255 for more information Policy Enforcement Firewell PEF Settings Use this window to enable disable Application Layer Ga...

Страница 31: ...ler See VPN Configuration on page 261 for more information Figure 14 VPN Default View Wired Specify the desired profile for each port of the W IAP See Ethernet Downlink on page 187 for more information Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 31 DellW Instant User Interface ...

Страница 32: ...e Firmware Image Server in Cloud Network on page 86 l Reboot Displays the W IAPs in the network and provides an option to reboot the required access point or all access points For more information see Rebooting the W IAP on page 84 l Convert Provides an option to change the network from W Instant to an Dell PowerConnect W Series Mobility Controller managed network or standalone AP For more informa...

Страница 33: ...sists of the following sections l Info on page 33 l RF Dashboard on page 34 l Usage Trends on page 35 Figure 16 Monitoring on Instant UI Info Displays the configuration information of the Virtual Controller by default In a Network View on page 232 this section displays configuration information of the selected network Similarly in an Dell W Instant Access Point View on page 235 or Client View on p...

Страница 34: ...ame Description 1 Signal Icon Displays the signal strength of the client Depending on the signal strength of the client the color of the lines on the Signal bar changes from Green Orange Red l Green Signal strength is more than 20 decibels l Orange Signal strength is between 15 20 decibels l Red Signal strength is less than 15 decibels To view the signal graph for a client click on the signal icon...

Страница 35: ...d l Green Errors are less than 5000 frames per second l Orange Errors are between 5000 10000 frames per second l Red Errors are more than 10000 frames per second To view the errors graph of a W IAP click on the Errors icon against the W IAP in the Errors column Usage Trends Displays the following graphs n Clients In the default homepage the Clients graph displays the number of clients that were as...

Страница 36: ...he device list display consists of a device summary table and channel information for active non Wi Fi devices currently seen by a spectrum monitor or hybrid AP radio Figure 20 Device List Channel Utilization and Monitoring This chart provides an overview of channel quality across the spectrum It shows channel utilization information such as channel quality availability and utilization metrics as ...

Страница 37: ...ctrum Monitor on page 97 Alerts Alerts are generated when a user faces problems while accessing or connecting to the Wi Fi network The Alerts link appears in red if there are any Client Alerts or Active Faults Figure 22 Alerts Link Client Alerts These alerts occur when clients are connected to the W Instant network A client alert consists of the following fields l Timestamp Displays the time at wh...

Страница 38: ... Indicates the number of sequence l Cleared by Displays the module which cleared this fault l Description Displays the event details Figure 24 Fault History Active Faults These alerts occur in the event of a system fault An Active Fault consists of the following fields l Time Displays the system time when an event occurs l Number Indicates the number of sequence l Description Displays the event de...

Страница 39: ...lients that are not controlled by the Virtual Controller The following information is displayed for each foreign client n MAC address Displays the MAC address of the foreign client n Network Displays the name of the network to which the foreign client is connected n Classification Displays the classification of the foreign client Interfering client n Channel Displays the channel in which the forei...

Страница 40: ...the internal database of AirGroup l CPPM By clicking on this you get details of the registered rules in Dell PowerConnect W ClearPass Policy Manager CPPM for this server l MDNS Cache By clicking on this you receive MDNS record details of a particular server Language The language links are provided in the login screen to allow users to select the preferred language before logging in to the Dell W S...

Страница 41: ...the Dell W Series Instant UI displays information about the Virtual Controller Wi Fi networks W IAPs or the clients in the Info section The views on the Dell W Series Instant UI are classified as follows l Virtual Controller view The Virtual Controller view is the default view This view allows you to monitor the Dell W Instant network l Network view The Network view provides information that is ne...

Страница 42: ...nnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide Clients tab Click the IP address of the client that you want to monitor Client view for that client appears For more information on the graphs and the views see Monitoring on page 229 ...

Страница 43: ... 802 11g 2 4 54 802 11n 2 4 or 5 0 300 Table 4 IEEE 802 11 Standards During start up a wireless client searches for radio signals or beacon frames that originate from the nearest W IAP After locating the W IAP the following transactions take place between the client and the W IAP 1 Authentication The W IAP communicates with a RADIUS server to validate or authenticate the client 2 Connection After ...

Страница 44: ...ary usage options This selection determines whether the network is primarily intended to be used for employee data guest data or voice traffic 3 Click the Show advanced options link and perform the following steps a Broadcast Multicast l Broadcast filtering When set to All the W IAP drops all broadcast and multicast frames except for DHCP and ARP When set to ARP in addition to the above the W IAP ...

Страница 45: ...o c Transmit Rates Indicates the ability to configure the basic and supported rates per SSID for Dell W Instant Select to set the minimum and maximum legacy non 802 11n transmit rates for each band 2 4 GHz and 5 GHz d Miscellaneous l Content filtering When enabled all DNS requests to non corporate domains on this wireless network are sent to OpenDNS l Band Set the band at which the network transmi...

Страница 46: ...and IP address management for a multi site wireless network See Virtual Controller on page 109 for configuring the DHCP server Network assigned By default the client VLAN is assigned to the native VLAN on the wired network l Default The client obtains the IP address in the same subnet as the W IAPs l Static Select to specify a single VLAN a comma separated list of VLANS or a range of VLANs for all...

Страница 47: ... Session Key from the RADIUS Server to derive pair wise unicast keys This is required for old printers that use dynamic WEP via LEAP authentication This is Disabled by default For more information on encryption and recommended encryption type see Encryption on page 143 2 Termination Enable this option to terminate the EAP portion of 802 1X authentication on the W IAP instead of the RADIUS server F...

Страница 48: ...erver as an internal server then this feature is not applicable When enabled this feature allows W Instant to authenticate the previously connected clients using EAP PEAP authentication even when connectivity to Dell PowerConnect W ClearPass Policy Manager is temporarily lost Cache timeout global Indicates the duration after which the authenticated credentials in the cache expire When the cache ex...

Страница 49: ...hen Enabled user must configure at least one RADIUS server for authentication server See MAC Authentication on page 133 for further details 5 Authentication server 1 Select the required Authentication server option from the drop down list Available options are l New If you select this option an external RADIUS server has to be configured to authenticate the users For information on configuring an ...

Страница 50: ... on adding a user see Adding a User on page 269 NOTE Navigate to PEF Blacklisting in the Dell W Series Instant UI to specify the duration of the blacklisting on the Blacklisting tab of the PEF window 12 Click Upload Certificate and browse to upload a certificate file for the internal server See Certificates on page 138 for more information Figure 33 Employee Security Tab Personal If then You selec...

Страница 51: ...n as RADIUS INTERIM accounting records to the RADIUS server 6 Blacklisting Select Enabled to enable blacklisting of the clients with a specific number of authentication failures 7 Max authentication failures Users who fail to authenticate the number of times specified here are dynamically blacklisted The maximum value for this entry is 10 NOTE Navigate to PEF Blacklisting in the Dell W Series Inst...

Страница 52: ...Instant Firewall treats packets based on the first rule matched For more information see Instant Firewall on page 155 To edit the default rule a Select the rule and then click Edit b Select appropriate options in the Edit Rule window and click OK To define an access rule a Click New b Select appropriate options in the New Rule window c Click OK 1 Role based Select Role based if you want to specify...

Страница 53: ...e voice like prioritization need connectivity Adding a Voice Network This section provides the procedure to add a voice network 1 In the Networks tab click the New link The New WLAN window appears Figure 36 Adding a Voice Network WLAN Settings Tab 2 In the WLAN Settings tab perform the following steps a Name SSID Enter a name that uniquely identifies a wireless network Dell PowerConnect W Series I...

Страница 54: ... the wireless link DMO enhances the quality and reliability of streaming video while preserving the bandwidth available to non video clients l DMO channel utilization threshold When dynamic multicast optimization is enabled the W IAP converts multicast streams into multicast unicast streams as long as the channel utilization does not exceed this threshold The default value is 90 and the maximum th...

Страница 55: ...DHCP server Network assigned By default the client VLAN is assigned to the native VLAN on the wired network l Default The client obtains the IP address in the same subnet as the W IAPs l Static Select to specify a single VLAN a comma separated list of VLANs or a range of VLANs for all clients on this network l Dynamic Select to create rules for per user VLAN assignment See VLAN Derivation Rule on ...

Страница 56: ...r wise unicast keys This is required for old printers that use dynamic WEP via LEAP authentication This is Disabled by default For more information on encryption and recommended encryption type see Encryption on page 143 2 Termination Enable this option to terminate the EAP portion of 802 1X authentication on the W IAP instead of the RADIUS server For more information see External RADIUS Server on...

Страница 57: ...l Both WPA 2 WPA 2 Static WEP If you have selected Static WEP then do the following l Select appropriate WEP key size from the WEP key size drop down list Available options are 64 bit and 128 bit l Select appropriate Tx key from the Tx Key drop down list Available options are 1 2 3 and 4 l Enter an appropriate WEP key and reconfirm For more information on encryption and recommended encryption type...

Страница 58: ... of times specified here are dynamically blacklisted The maximum value for this entry is 10 NOTE Navigate to PEF Blacklisting in the Dell W Series Instant UI to specify the duration of the blacklisting on the Blacklisting tab of the PEF window 12 InternalServer If you select this option then users who are required to authenticate with the internal RADIUS server must be added Click the Users link t...

Страница 59: ...PEF window 8 InternalServer If you select this option then users who are required to authenticate with the internal RADIUS server must be added Click the Users link to add the users For information on adding a user see Adding a User on page 269 9 Click Upload Certificate and browse to upload a certificate file for the internal server See Certificates on page 138 for more information 10 Click Next ...

Страница 60: ...Tab 12 Click Finish The network is added and listed in the Networks tab Guest Network The Guest wireless network is created for guests visitors contractors and any non employee users who use the enterprise Wi Fi network The Virtual Controller assigns the IP address for the guest clients Captive portal or passphrase based authentication methods can be set for this wireless network Typically a guest...

Страница 61: ...D profile The default value is 1 which means the client checks for buffered data on the W IAP at every beacon You may choose to configure a larger DTIM value for power saving l Multicast transmission optimization When Enabled the W IAP chooses the optimal rate for sending broadcast and multicast frames based on the lowest of unicast rates across all associated clients The default values are 1 Mbps...

Страница 62: ...ll option is selected by default It is also the recommended option l Inactivity timeout Indicates the time in seconds after which an idle client ages out The minimum value is 60 seconds and the default value is 1000 seconds l Hide SSID Select this check box to hide the SSID network name 4 Click Next to continue 5 Select the required Client IP assignment option Virtual Controller assigned or Networ...

Страница 63: ...an external RADIUS server has to be configured to authenticate the users For information on configuring an external RADIUS server see Configuring an External RADIUS Server on page 113 l Internal Server If you select this option then users who are required to authenticate with the internal RADIUS server must be added Click the Users link to add the users For information on adding a user see Adding ...

Страница 64: ...exadecimal string Ensure that the hexadecimal string must be exactly 64 digits in length 3 Passphrase Enter a pre shared key PSK passphrase External RADIUS Server An external server is used to display the splash page to the user If this option is selected then do the following External splash page l IP or hostname Enter the IP or hostname of the external server in the IP or hostname text box l URL...

Страница 65: ... 134 External Authentication Text An external splash page returns a specified string to indicate successful authentication l IP or hostname Enter the IP or hostname of the external server in the IP or hostname text box l URL Enter the URL of the captive portal page in the URL text box l Port Enter the number of the port to be used for communicating with the external server in the Port text box l A...

Страница 66: ... on page 134 None Select this option if you do not want to set the captive portal authentication Figure 40 Adding a Guest Network Splash Page Settings Select Enabled from the Encryption drop down list and perform the following steps these steps are optional a Select the required key management option from the Key management drop down list Available options are n WPA 2 Personal n WPA Personal n Bot...

Страница 67: ...ers The Allow any to all destinations access rule is enabled by default This rule allows traffic to all destinations W Instant Firewall treats packets based on the first rule matched For more information see Instant Firewall on page 155 To edit the default rule a Select the rule and then click Edit b Select appropriate options in the Edit Rule window and click OK To define an access rule a Click N...

Страница 68: ...ck Finish Deleting a Network To delete a network 1 In the Networks tab click the network which you want to delete A x link appears against the network to be deleted 2 Click x A delete confirmation window appears 3 Click Delete Now Number of WLAN SSIDs Supported By default you can create up to six networks or WLANs You can enable the Extended SSID option and create up to 16 WLANs W IAP175P W IAP104...

Страница 69: ... a large number of clients in the same VLAN This leads to a high level of broadcasts in the same subnet The solution to this is to partition the network into reasonably sized subnets and use L3 mobility between those subnets when clients roam However there are various situations like simple network design considerations where a large number of clients need to be in the same subnet VLAN pooling pro...

Страница 70: ...70 Wireless Network Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 71: ...radio access points NOTE Reboot the W IAP after configuring the radio profile settings in order for the changes to take effect Auto Join Mode The Auto Join Mode feature allows W IAPs to automatically 1 Discover the Virtual Controller 2 Join the network 3 Begin functioning The Auto Join Mode feature is enabled by default When the Auto Join Mode feature is disabled a New link appears in the Access P...

Страница 72: ...elease As of that release when the Terminal Access option is enabled only SSH access to the CLI will be possible NOTE W Instant does not support configuration using CLI LED Display Administrators have the ability to turn off LED for all W IAPs in an Instant network Navigate to Settings Advanced LED Display to enable or disable the LEDs When Disabled all the LEDs are turned off Use this option in e...

Страница 73: ...stant network l Deny local routing This feature allows you to deny local routing traffic between clients which are connected to the same W IAP or are on the same Instant network Syslog Server To specify a Syslog Server for sending syslog messages to the external servers navigate to Settings click Show advanced options Syslog Server in the Dell W Series Instant UI and update the following fields l ...

Страница 74: ...east severe Logging Level Description Emergency Panic conditions that occur when the system becomes unusable Alert Any condition requiring immediate attention and correction Critical Any critical conditions such as a hard drive error Errors Error conditions Warning Warning messages Notice Significant events of a non critical and normal nature Informational Messages of general interest to system us...

Страница 75: ...TE The deleted W IAP s cannot join the W Instant network anymore and no longer appear in the Dell W Series Instant UI However the master W IAP cannot be deleted from the Virtual Controller Editing W IAP Settings This section explains how to change the W IAP settings such as Name IP Address and steps for configuring Adaptive Radio Management ARM Wired Bridging on Ethernet 0 Port Uplink Management V...

Страница 76: ...Edit the W IAP name in the Name text box 4 Click OK Changing IP Address of the W IAP The Dell W Series Instant UI allows you to change the IP address of the W IAP connected to the network To change the IP address of the W IAP 1 In the Access Points tab click the W IAP for which you want to change the IP address The edit link appears 2 Click the edit link The Edit AP window appears ...

Страница 77: ... a Enter the new IP address for the W IAP in the IP address text box b Enter the netmask of the network in the Netmask text box c Enter the IP address of the default gateway in the Default gateway text box d Enter the IP address of the DNS server in the DNS server text box e Enter the domain name in the Domain name text box Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide...

Страница 78: ... W IAP Configuring Adaptive Radio Management Adaptive Radio Management ARM is enabled in Dell W Instant by default However if ARM is disabled perform the following steps to enable it 1 In the Access Points tab click the W IAP for which you want to configure ARM 2 Click the edit link An Edit AP window appears 3 In the Edit AP window select the Radio tab 4 Select Adaptive radio management assigned ...

Страница 79: ...2 Click the edit link An Edit AP window appears 3 In the Edit AP window select the Uplink tab 4 Specify the VLAN in the Uplink Management VLAN field 5 Click OK NOTE This configuration requires a W IAP reboot to take effect Configuring Wired Bridging on Ethernet 0 Instant supports wired bridging on the Ethernet 0 port of a W Instant AP Perform the following steps to enable wired bridging on the Eth...

Страница 80: ...ler sends the RAP convert command to all the other W IAPs The Virtual Controller along with the other slave W IAPs then setup a VPN tunnel to the remote controller and download the firmware by FTP The Virtual Controller uses IPsec to communicate to the Dell PowerConnect W Series Mobility Controller over the Internet l If the W IAP obtains AirWave information via DHCP Option 43 and Option 60 it est...

Страница 81: ...ntroller is running W Instant 6 1 4 or later The following table describes the supported W IAP platforms and minimal AOS version for W IAP to CAP RAP conversion Table 13 W IAP Platforms and Minimal AOS and W IAP Versions for W IAP to RAP Conversion W IAP Platform AOS Version W Instant Version W IAP92 6 1 4 or later 1 0 or later W IAP93 6 1 4 or later 1 0 or later W IAP104 6 1 4 or later 3 0 or lat...

Страница 82: ... list 4 Enter the hostname fully qualified domain name or the IP address of the controller in the Hostname or IP Address of Mobility Controller text box This information is provided by your network administrator NOTE Ensure the Mobility Controller IP Address is reachable by the W IAPs 5 Click Convert Now to complete the conversion Figure 56 Confirm Access Point Conversion 6 The W IAP reboots and b...

Страница 83: ...gure 57 Converting a W IAP to CAP 3 Select Campus APs managed by a Mobility Controller from the drop down list 4 Enter the hostname fully qualified domain name or the IP address of the controller in the Hostname or IP Address of Mobility Controller text box This is provided by your network administrator NOTE Ensure the Mobility Controller IP Address is reachable by the W IAPs 5 Click Convert Now t...

Страница 84: ... button converts it back to a W IAP To reset a W IAP follow the instructions below 1 Power off the W IAP 2 Press and hold the reset button using a small narrow object such as a paperclip 3 Power on the W IAP without releasing the reset button The power LED flashes within 5 seconds indicating that the reset is completed 4 Release the reset button The W IAP then boots with the factory default settin...

Страница 85: ... IAPs in the network click Reboot All 4 The Confirm Reboot for W IAP window appears Click Reboot Now to proceed Figure 60 Confirm Reboot message 5 The Reboot in Progress message appears indicating that the reboot is in progress Figure 61 Reboot In Progress Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 85 Managing W IAPs ...

Страница 86: ...ave image upgrades can be done through the cloud based image check feature When new W IAPs joining the network need to synchronize its software with that of the Virtual Controller and the new W IAP is of a different class the image file for the new W IAP is provided by the cloud server Image Management Using Dell PowerConnect W AirWave If the multi class W IAP network is managed by Dell PowerConne...

Страница 87: ...he image check locates a new version of the W Instant software on the image server then a New version available link appears at the top right corner of the Dell W Series Instant UI Figure 63 Automatic Image Check New Version Available Link After the Automatic image check feature identifies a new version perform the following steps to upgrade to the new version 1 The Maintenance window appears Clic...

Страница 88: ...progress l Upgrade successful When the upgrading is successful l Upgrade fail When the upgrading fails Upgrading to New Version To manually check for a new firmware image version Manual 1 Navigate to Maintenance Firmware to select and manually upgrade the image file Figure 65 Single class or Multi class W IAPNetworks Firmware Upgrade ...

Страница 89: ...Instant_Cassiopeia_6 2 0 0 3 2 0 0_xxxx n URL for W IAP105 92 93 tftp IP address DellInstant_Orion_6 2 0 0 3 2 0 0_xxxx n URL for W IAP108 109 tftp IP address DellInstant_Pegasus_6 2 0 0 3 2 0 0_xxxx FTP n ftp IP address DellInstant_Cassiopeia_6 2 0 0 3 2 0 0_xxxx n ftp IP address DellInstant_Orion_6 2 0 0 3 2 0 0_xxxx n ftp IP address DellInstant_Pegasus_6 2 0 0 3 2 0 0_xxxx HTTP n http IP addres...

Страница 90: ...t Connection or session between the image server and the W IAP is timed out n Image server failure If the image server does not respond n A new image version found If a new image version is found 2 If a new version is found the Upgrade Now button becomes available and displays the version number 3 Click Upgrade Now The W IAP downloads the image from the server saves it to flash and reboots Dependi...

Страница 91: ...ks are able to continue using their IP addresses after roaming You can configure a list of Virtual Controller IP addresses across which L3 mobility is supported Overview Dell W Instant Layer 3 mobility solution defines a Mobility Domain as a set of Instant networks with same WLAN access parameters across which client roaming is supported The W Instant network to which the client first connects is ...

Страница 92: ...onfigure a mobility domain you have to specify the list of all W Instant networks that form the mobility domain In order to allow clients to roam seamlessly among all the APs specify the Virtual Controller IP for each foreign subnet You may include the local Instant VC IP address so that the same configuration can be used across all W Instant networks in the mobility domain Best practice is to con...

Страница 93: ...section and specify the following a Enter the client subnet in the IP address text box b Enter the mask in the Subnet mask text box c Enter the VLAN ID in the home network in the VLAN ID text box d Enter the home VC IP address for this subnet in the Virtual Controller IP text box Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 93 Layer 3 Mobility ...

Страница 94: ...94 Layer 3 Mobility Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide Figure 69 Add Subnets Information 6 Click OK Figure 70 Example Layer 3 Configuration ...

Страница 95: ...s acting as Home Agents for roamed clients is uniformly distributed across the W Instant cluster By default home agent load balancing is disabled To enable home agent load balancing by performing the following steps 1 Click the Settings link at the upper right corner of the Instant UI 2 Click the Show advanced options link and then click L3 Mobility 3 Select Enabled from the Home agent load balanc...

Страница 96: ...96 Layer 3 Mobility Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 97: ...or devices However the recorded spectrum is not reported to the Virtual Controller A spectrum alert is sent to the VC when a non Wi Fi interference device is detected The spectrum monitor is supported on W IAP104 W IAP105 W IAP134 and W IAP135 radios Creating Spectrum Monitors and Hybrid APs A W IAP can be provisioned to function as a spectrum monitor or as a hybrid W IAP The radios on groups of A...

Страница 98: ...igure a W IAP to function as a standalone spectrum monitor In spectrum mode spectrum monitoring is performed on entire bands However for the 5 GHz radio spectrum monitoring is performed on only one of the three bands 5 GHz lower 5 GHz middle or 5 GHz higher By default spectrum monitoring is performed on the 5 GHz higher band Follow the procedure below to convert a W IAP to a spectrum monitor 1 In ...

Страница 99: ...the RF link at the upper right corner of the Dell W Series Instant UI b Click Show advanced options to view the Radio tab c For the 5 GHz radio specify the spectrum band you want that radio to monitor by selecting Lower Middle or Higher from the Standalone spectrum band drop down list d Click OK Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 99 Spectrum Monitor ...

Страница 100: ...have enabled the spectrum monitoring feature You can view the following spectrum data in the Dell W Series Instant UI l Overview Device List on page 100 l Channel Metrics on page 103 l Channel Details on page 104 Overview Device List The device list consists of a device summary table and channel information for active non Wi Fi devices currently seen by a spectrum monitor or hybrid AP radio To vie...

Страница 101: ...nal strength Strength of the signal sent from the device in dBm Duty cycle Device duty cycle This value represents the percent of time the device broadcasts a signal Add time Time at which the device was first detected Update time Time at which the device s status was updated Table 14 Device Summary and Channel Information Non Wi Fi Interferers The following table describes each type of non Wi Fi ...

Страница 102: ...example 5 GHz for Base to handset and 2 4 GHz for Handset to base These phones may be classified as unique Frequency Hopper devices on both bands Frequency Hopper Xbox The Microsoft Xbox device uses a frequency hopping protocol in the 2 4 GHz band These devices are classified as Frequency Hopper Xbox Frequency Hopper Other When the classifier detects a frequency hopper that does not fall into one ...

Страница 103: ...hannel that is available for use or the current relative quality of selected channels in the 2 4 GHz or 5 GHz radio bands While spectrum monitors can display data for all channels in their selected band hybrid APs display data for their one monitored channel only To view this graph click 2 4 GHz in the Spectrum section of the dashboard Figure 74 Channel Metrics for the 2 4 GHz Radio Channel To vie...

Страница 104: ... channel seen by the spectrum monitor radio including the maximum AP power interference and the signal to noise and interference Ratio SNIR SNIR is the ratio of signal strength to the combined levels of interference and noise on that channel Spectrum monitors display spectrum data seen on all channels in the selected band and hybrid APs display data from the one channel they are monitoring Figure ...

Страница 105: ...ls of interference and noise on that channel This value is calculated by determining the maximum noise floor and interference signal levels and then calculating how strong the desired signal is above this maximum Spectrum Alerts When new non Wi Fi device is found an alert is reported to the Virtual Controller The spectrum alert messages include the device ID device type IP address of the spectrum ...

Страница 106: ...106 Spectrum Monitor Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 107: ...e network element to a corresponding event on another l Maintain accurate time for billing services and similar Network Time Protocol NTP is required to obtain the precise time from a server and to regulate the local time in each network element If NTP server is not configured in the Dell W Instant network a W IAP reboot may lead to variation in time and data Configuring an NTP Server The NTP serv...

Страница 108: ...ractice of advancing clocks so that evenings have more daylight and mornings have less Typically clocks are adjusted forward one hour near the start of spring and are adjusted backward in autumn Many countries observe DST and many do not If the time zone you selected for a W IAP supports DST you can enable daylight saving time feature on this W IAP to ensure the W IAP reflects the seasonal time ch...

Страница 109: ...irtual Controller when the existing VC is down and avoid race conditions This protocol ensures stability of the network during initial startup or when the VC goes down by allowing only one W IAP to self elect as a VC Preference to an IAP with 3G 4G Card The Master Election Protocol prefers the Instant AP W IAP with a 3G 4G card when electing a VC for the Dell W Instant network during initial start...

Страница 110: ... set to Virtual Controller Assigned The default size of the IP address pool has been increased to 512 You can customize the DHCP pool s subnet and address range if you need to provide simultaneous access to more number of clients The largest address pool supported is 2048 To configure the domain name DNS server and lease time for the DHCP server network and mask perform the following steps 1 At th...

Страница 111: ...IAP The wireless client can pass data traffic only after successful 802 1X authentication The steps involved in 802 1X authentication are 1 The NAS requests authentication credentials from the wireless client 2 The wireless client sends the authentication credentials to the NAS 3 The NAS sends these credentials to a RADIUS server 4 The RADIUS server checks the user identity and begins authenticati...

Страница 112: ...l ensuring the user credentials are kept secure l LEAP Lightweight Extensible Authentication Protocol LEAP uses dynamic WEP keys for authentication between the client and authentication server NOTE Dell does not recommend to use the LEAP authentication method because it does not provide any resistance to network attacks External RADIUS Server In the external RADIUS server the IP address of the Vir...

Страница 113: ...b Termination Select Enabled to terminate the EAP portion of 802 1X authentication on the access point instead of RADIUS server c Authentication server 1 Select New from the drop down list to authenticate user credentials for the RADIUS server at run time and update the following fields l RADIUS Server n Name Enter the name of the new external RADIUS server n IP address Enter the IP address of the...

Страница 114: ... the admin user who has read search privileges across all the entries in the LDAP database The user may not have write privileges but is able to search the database and read attributes of the other users in the database n Admin password Enter a admin password n Base DN Enter a Distinguished Name of the node which contains the entire user database n Filter Indicates the filter that should be applie...

Страница 115: ...oxy drop down list When enabled the Virtual Controller network uses the IP Address of the Virtual Controller for communication with external RADIUS servers You must set the Virtual Controller IP address as a NAS client in the RADIUS server if Dynamic RADIUS Proxy is enabled Figure 80 Enabling RADIUS Server Support 3 Click OK Authentication Survivability This feature provides authentication and aut...

Страница 116: ...ttributes for the user the ClearPass Policy Manager returns additional information in the RADIUS Access Accept message which the IAP caches to support authentication survivability As seen in the figure below the information sent by the ClearPass Policy Manager varies depending on the authentication method used Figure 81 802 1X Authentication when Dell PowerConnect W ClearPass Policy Manager is rea...

Страница 117: ...reachable again The W IAP will send the RADIUS Request message to the CPPM server directly for client authentication Figure 83 802 1X Authentication when Dell PowerConnect W ClearPass Policy Manager is reachable again Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 117 Authentication ...

Страница 118: ...l ARAP Features l ARAP Security l ARAP Security Data l ARAP Zone Access l Acct Authentic l Acct Delay Time l Acct Input Gigawords l Acct Input Octets l Acct Input Packets l Acct Link Count l Acct Multi Session Id l Acct Output Gigawords l Acct Output Octets l Acct Output Packets l Acct Session Id l Acct Session Time l Acct Status Type l Acct Terminate Cause l Acct Tunnel Packets Lost l Add Port To...

Страница 119: ...ppleTalk Link l Framed AppleTalk Network l Framed AppleTalk Zone l Framed Compression l Framed IP Address l Framed IP Netmask l Framed IPX Network l Framed MTU l Framed Protocol l Framed Route l Framed Routing l Full Name l Group l Group Name l Hint l Huntgroup Name l Idle Timeout l Login IP Host l Login LAT Node l Login LAT Port l Login LAT Service l Login Service l Login TCP Port l Menu Dell Pow...

Страница 120: ...te l Strip User Name l Suffix l Termination Action l Termination Menu l Tunnel Assignment Id l Tunnel Client Auth Id l Tunnel Client Endpoint l Tunnel Connection Id l Tunnel Medium Type l Tunnel Preference l Tunnel Private Group Id l Tunnel Server Auth Id l Tunnel Server Endpoint l Tunnel Type l User Category l User Name l User Vlan l Vendor Specific Management Authentication Settings Use this pag...

Страница 121: ...on Settings Captive Portal Dell W Instant network supports captive portal authentication method for a Guest network type In this method a web page is displayed to a guest user who tries to access the Internet The user has to authenticate or accept company s network usage policy in the web page Two types of captive portal authentication are supported on Dell W Instant l Internal Captive Portal on p...

Страница 122: ... VLAN 4 Click Next to continue 5 In the Security tab select one of the following options for the splash page type a Internal Authenticated b Internal Acknowledged c External RADIUS Server d External Authentication text e None See Guest Network on page 60 for more information on the splash page type options Figure 85 Configuring Captive Portal when Adding A Guest Network The appearance of a splash ...

Страница 123: ...uired key management option from the Key management drop down list Available options are l WPA 2 Personal l WPA Personal l Both WPA 2 WPA b Passphrase format Specify either an alphanumeric or a hexadecimal string Ensure that the hexadecimal string must be exactly 64 digits in length c Passphrase Enter a pre shared key PSK passphrase 14 Click Next and click Finish Configuring Internal Captive Porta...

Страница 124: ...ps 1 In the Network tab click the New link The New WLAN window opens 2 In the WLAN Settings tab perform the following a Enter a name for the network in the Name SSID text box b Select Guest and then click Next 3 Use the VLAN tab to specify how the clients on this network get their IP address and VLAN 4 Click Next to continue 5 In the Security tab select Internal Authenticated under the splash page...

Страница 125: ... the Security tab and perform the following steps Splash Page Visuals Use the in place editor below to specify text and colors for the initial page that users connecting to the network see This page asks for user credentials or email depending on the splash page type Internal Authenticated or Internal Acknowledged you set a To change the color of the splash page click the Splash page rectangle and...

Страница 126: ...m or policy in the Splash Page Visuals to modify the text in the red box These fields accept double byte characters or a combination of English and double byte characters Disabling Captive Portal Authentication To disable captive portal authentication perform the following steps 1 In the Network tab click the guest network for which you want to disable captive portal authentication The edit link f...

Страница 127: ...ir IP address and VLAN 4 Click Next to continue 5 In the Security tab select External Authentication Text from the Splash page type drop down list and enter the Auth text This entry is not mandatory The Authentication text indicates the text string returned by the external server after a successful authentication Or Select External RADIUS Server from the Splash page type drop down list and select ...

Страница 128: ...thentication drop down list to disable or enable the MAC authentication For information on MAC authentication see MAC Authentication on page 133 Figure 91 External Captive Portal when Adding a Guest Network External Authentication text 8 Authentication server 1 Select New and update the fields for the external RADIUS server to authenticate user credentials at runtime Refer to Configuring an Extern...

Страница 129: ...elds below to specify edit the server for this guest network s splash page Splash page type External Authentication Text a Reauth interval When set to a value greater than zero the Access Points periodically reauthenticate all associated and authenticated clients b Blacklisting Select Enabled to enable blacklisting of the clients with a specific number of authentication failures c Max authenticati...

Страница 130: ...re details on server settings b Reauth interval When set to a value greater than zero the Access Points periodically reauthenticate all associated and authenticated clients c Blacklisting Select Enabled to enable blacklisting of the clients with a specific number of authentication failures d Max authentication failures Users who fail to authenticate the number of times specified here are dynamical...

Страница 131: ...ess With ClearPass Guest your non technical staff have controlled access to a dedicated visitor management user database Through a customizable web portal your staff can easily create an account reset a password or set an expiry time for visitors Visitors can be registered at reception and provisioned with an individual guest account that defines their visitor profile and the duration of their vis...

Страница 132: ...ternet service providers even if the wireless hotspot uses an Internet Service Provider ISP with whom the client may not have an account If you are a hotspot operator using WISPr authentication and a client that has an account with your ISP attempts to access the Internet at your hotspot then your ISP s WISPr AAA server authenticates that client directly and allows the client access on the network...

Страница 133: ...scribed above to define WISPr RADIUS attributes are specific to the RADIUS server your ISP uses for WISPr authentication Contact your ISP to determine these values You can find a list of ISO and ITU country and area codes at the ISO and ITU websites www iso org and http www itu int NOTE A Boingo smart client uses a NAS identifier in the format CarrierID _ VenueID for location identification To sup...

Страница 134: ...C Authentication for a wireless network 1 In the Network tab click the network for which you want to enable MAC authentication The edit link for the network appears 2 Click the edit link and navigate to the Security tab 3 For a network with Personal or Open security level select Enabled from the MAC authentication drop down list 4 Click OK to continue Figure 94 Configuring MAC Authentication 5 Cli...

Страница 135: ...e domain name or URL in the Whitelist section of the window This allows access to a domain while the user remains unauthenticated Specify a POSIX regular expression regex 7 for example l yahoo com matches various domains such as news yahoo com travel yahoo com and finance yahoo com l www apple com library test is only allow a subset of www apple com site corresponding to path library test l favico...

Страница 136: ...ncept for role based access rules when MAC authentication is enabled for 802 1X authentication The macauth only role is assigned to a client if MAC authentication succeeds and 802 1X authentication fails If 802 1X authentication succeeds it will be overwritten by the final role The mac auth only role is primarily used for wired clients l L2 authentication fall through Allows an administrator to en...

Страница 137: ...ule configuration section when MAC authentication is enabled with captive portal authentication Configuring MAC Captive Portal Authentication To configure the MAC Captive Portal authentication for a wireless network 1 In the Network tab click the network for which you want to enable MAC Captive Portal authentication The edit link for the network appears 2 Click the edit link and navigate to the Se...

Страница 138: ...to apply an existing Ethernet downlink profile to the Ethernet ports NOTE Configure bridging on the Ethernet port before you apply a profile The devices for example IP phone printer connected to the wired ports are now authenticated using the profile that is applied to the port A list of all the wired users is available in the Wired window Certificates A certificate is a digital file that certifie...

Страница 139: ...rWave Navigate to Device Setup Certificate and then click Add New Certificate Refer to Loading Certificates using Dell PowerConnect W AirWave on page 140 for further instructions Loading Certificates using Dell W Series Instant UI To load a certificate in the Dell W Series Instant UI 1 Navigate to the Maintenance Certificates page Figure 98 Loading Certificates 2 Click Upload New Certificate and t...

Страница 140: ...ading Certificates using Dell PowerConnect W AirWave You can now manage W Instant AP certificates using the Dell PowerConnect W AirWave Management server AMP The AMP directly provision the certificates for basic certificate verification i e certificate type format version serial number etc before accepting the certificate and uploading to a W IAP network The AMP packages the text of the certificat...

Страница 141: ...rtificate Type if you want to upload a CA certificate Figure 101 CA Certificate Figure 102 Server Certificate 4 After you upload the certificate navigate to Groups click on the Instant Group and then select Basic The Group name appears only if you have entered the Organization name in the Dell W Series Instant UI Refer to Creating your Organization String on page 207 for further information Dell P...

Страница 142: ...l Controller Certificate section displays the certificates CA cert and Server as highlighted in the figure below Figure 104 Virtual Controller Certificate 6 Click Save to apply the changes only to Dell PowerConnect W AirWave Click Save and Apply to apply the changes to the Instant AP NOTE To unselect the certificate options click Revert ...

Страница 143: ... WEP but TKIP is much more secure and has an additional message integrity check MIC Recently some cracks have begun to appear in the TKIP encryption methods Dell recommends that all users migrate from TKIP to AES as soon as possible AES The Advanced Encryption Standard AES encryption algorithm is now widely supported and is the recommended encryption type for all wireless networks that contain any...

Страница 144: ...onnel Key change intervals can also be configured l Enterprise Enterprise is more secure than WPA Personal In this type every client automatically receives a unique encryption key after securely logging on to the network This key is long and automatically updated regularly While WPA uses TKIP WPA2 uses AES algorithm Certification Authentication Encryption WPA l PSK l IEEE 802 1X with Extensible Au...

Страница 145: ...ate a new user role Figure 105 Access Tab Instant User Role Settings Creating a New User Role To create a new user role 1 Click the New link in the Networks tab To define the access rule to an existing network click the network The edit link appears Click the edit link and navigate to the Access tab 2 In the WLAN Settings tab enter the appropriate information and click Next to continue 3 Use the V...

Страница 146: ...to distinguish between Windows devices and other devices such as iPads n Machine Auth only role This indicates a Windows machine with no user logged in The device supports machine authentication and has a valid RADIUS account but a user has not yet logged in and authenticated n User Auth only role This indicates a known user or a non Windows device The device does not support machine auth or does ...

Страница 147: ...p down list The following types of operators are supported l contains To check if the attribute contains the operand value l Is the role To check if the role is same as the operand value l equals To check if the attribute is equal to the operand value l not equals To check if the attribute is not equal to the operand value l starts with To check if the attribute the starts with the operand value l...

Страница 148: ...option select equals from the Operator drop down list and enter 370103060F77FC in the String text box Since 370103060F77FC is the fingerprint for Apple iOS devices such as iPad and iPhone W IAP assigns Apple iOS devices to the role that you choose Device DHCP Option DHCP Fingerprint Apple iOS Option 55 370103060F77FC Android Option 60 3C64686370636420342E302E3135 Blackberry Option 60 3C426C61636B4...

Страница 149: ...ntication or MAC authentication using the following rules l Vendor Specific Attributes VSA l VLAN derivation rule l User role l SSID Profile The user VLAN cannot be derived in the following scenarios l Captive Portal authentication l Guest SSID network Vendor Specific Attributes VSA When an external RADIUS server is used the user VLAN can be derived from the Dell User Vlan VSA The VSA is then carr...

Страница 150: ...rts return attributes and sets an attribute value to the reply message W IAP can analyze the return message and match attributes with a user pre defined VLAN derivation rule If the rule is matched the VLAN value defined by the rule is assigned to the user Figure 110 Configuring RADIUS Attributes on the RADIUS Server Configuring VLAN Derivation Rules on a W IAP The rule assigns the user to a VLAN b...

Страница 151: ...r the string to match l VLAN Enter the VLAN to be assigned 4 Click OK Figure 111 Configuring VLAN Derivation Rules on a W IAP User Role If the VSA and VLAN derivation rules are not matching then the user VLAN can be derived by a user role Configuring a User Role 1 Click the PEF link at the top right corner of Dell W Series Instant UI 2 Select Roles tab 3 Click the New button under roles 4 Enter th...

Страница 152: ...rule for the defined role from the list of Access rules 5 Click the New button under the New Role Assignment window 6 Select the attribute from the Attribute drop down list 7 Select the operator to match from the Operator drop down list 8 Enter the string to match in the String text box 9 Select the role to be assigned from the Role text box 10 Click OK Figure 113 To use a Defined User VLAN Role S...

Страница 153: ...t UI and click on the edit link 2 Select the VLAN tab and check the static radio button under the client VLAN assignment 3 Enter the ID of the VLAN in the VLAN ID text box 4 Click OK Figure 114 Configuring VLAN Derivation Rules Using an SSID Profile Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 153 User VLAN Derivation ...

Страница 154: ...154 User VLAN Derivation Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 155: ...e The New Rule window consists of the following options l Rule type Select the rule type Access control VLAN assignment from the drop down list NOTE This release of W Instant supports configuration of up to 64 access control rules l Action Select Allow Deny or Destination NAT from the drop down list to allow or deny traffic with the specified service type and destination l Log Select this check bo...

Страница 156: ...nstant Firewall Settings Service Options Table 21 lists the set of service options available in the Dell W Series Instant UI You can allow or deny access to any or all of these services depending on your requirements Service Description any Access is allowed or denied to all services custom Available options are TCP UDP and Other If you select the TCP or UDP options enter appropriate port numbers ...

Страница 157: ...srpc tcp Microsoft Remote Procedure Call Transmission Control Protocol msrpc udp Microsoft Remote Procedure Call User Datagram Protocol netbios dgm Network Basic Input Output System Datagram Service netbios ns Network Basic Input Output System Name Service netbios ssn Network Basic Input Output System Session Service ntp Network Time Protocol papi Point of Access for Providers of Information pop3 ...

Страница 158: ...d or denied to a particular server You have to specify the IP address of the server Except to a particular server Access is allowed or denied to servers other than the specified server You have to specify the IP address of the server To a network Access is allowed or denied to a network You have to specify the IP address and netmask for the network Except to a network Access is allowed or denied t...

Страница 159: ...elect TCP from the Protocol drop down list n Enter appropriate port number in the Port s text box d Select to a network from the Destination drop down list n Enter appropriate IP address in the IP text box n Enter appropriate netmask in the Netmask text box Figure 116 Defining Rule Allow TCP Service to a Particular Network e Click OK 6 Click Finish Allow POP3 Service to a Particular Server 1 Click...

Страница 160: ...Networks tab To define the access rule to an existing network click the network The edit link appears Click the edit link and navigate to the Access tab 2 In the WLAN Settings tab enter the appropriate information and click Next to continue 3 Use the VLAN tab to specify how the clients on this network get their IP address and VLAN Click Next to continue 4 Click Next and set appropriate security le...

Страница 161: ...lick Next and set appropriate security levels using the slider bar in the Security tab 5 Click Next The Access tab appears The Allow any to all destinations access rule is enabled by default This rule allows traffic to all destinations To define deny bootp service access rule except to a network a Click New the New Rule window appears b Select Deny from the Action drop down list c Select bootp fro...

Страница 162: ...162 Instant Firewall Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide Figure 119 Defining Rule Deny bootp Service Except to a Network ...

Страница 163: ...less network are sent to the open DNS server NOTE Regardless of whether content filtering is disabled or enabled instant dell pcw com is always resolved internally on W Instant Enabling Content Filtering To enable content filtering per SSID 1 Click New in the Networks tab and then click Show advanced options 2 Select Enabled from the Content Filtering drop down list and click Next to continue When...

Страница 164: ...sabled globally across all the wireless networks that are configured in the Dell W Series Instant UI Enterprise Domains The Enterprise Domain Names list displays all the DNS domain names that are valid on the enterprise network This list is used to determine how client DNS requests should be routed When Content Filtering is enabled for the wireless network everything that does not match this list ...

Страница 165: ... Dell W Series Instant UI and then select Enterprise Domains in the UI 2 Click New and enter a New Domain Name or select the domain and click Delete to remove the domain name from the list 3 Click OK to apply the changes Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 165 Content Filtering ...

Страница 166: ...166 Content Filtering Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 167: ... l Identifying outdated operating systems Helps to locate outdated and unexpected OS in the company network l Locating and patching vulnerable operating systems Assists in locating and patching specific operating system versions on the network that have known vulnerabilities thereby securing the company network OS Fingerprinting is enabled in the Dell W Instant network by default The following ope...

Страница 168: ...168 OS Fingerprinting Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 169: ... the network according to changes in the RF environment This feature automates many setup tasks during network installation and during ongoing operations when RF conditions change Voice Aware Scanning This feature stops a W IAP supporting an active voice call from scanning for other channels in the RF spectrum The W IAP resumes scanning when no more active voice calls are present on that W IAP Thi...

Страница 170: ...rovides equal access to all clients on the wireless medium regardless of client type capability or operating system thus delivering uniform performance to all clients This feature prevents some clients from monopolizing resources at the expense of other clients NOTE Reboot the W IAP after configuring the radio profile settings in order for the changes to take effect Airtime Fairness Modes Navigate...

Страница 171: ...t support this value is reduced to the highest supported power setting Default value 127 dBm Client Aware When Enabled Adaptive Radio Management ARM does not change channels for the Access points when the clients are active except for high priority events such as radar or excessive noise This should be enabled in most deployments for a stable WLAN If the Client Aware mode is Disabled the W IAP may...

Страница 172: ...nt Each W IAP gathers other metrics on its ARM assigned channel to provide a snapshot of the current RF health state Configuring Administrator Assigned Radio Settings for W IAP Adaptive Radio Management ARM is enabled on Dell W Instant by default It automatically assigns appropriate channel and power settings for the W IAPs To manually configure radio settings 1 In the Access Points tab click the ...

Страница 173: ...a dedicated full spectrum RF monitor scanning all channels to detect interference whether from neighboring APs or from non Wi Fi devices such as microwaves and cordless phones Monitor Enabled AP does not provide access service to clients Table 23 Mode Spectrum and AP Operation 5 Select Administrator assigned in 2 4 GHz and 5 GHz band sections 6 Select appropriate channel number from the Channel dr...

Страница 174: ... Enable the radio to advertise its 802 11d Country Information and 802 11h Transmit Power Control capabilities This is disabled by default Beacon interval Enter the Beacon period 60ms to 500ms for the W IAP in msec This indicates how often the 802 11 beacon management frames are transmitted by the access point The default value is 100 msec Interference immunity level Select to increase the immunit...

Страница 175: ...ents that must be sent prior to switching to a new channel This allows associated clients to recover gracefully from a channel change Channel reuse type When set to Dynamic the access point when busy automatically adjust its Clear Channel Assessment CCA threshold to accommodate transmissions to the most distant associated client When set to Static the access point sets its CCA threshold to the val...

Страница 176: ...176 Adaptive Radio Management Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 177: ... network However an interfering AP may be reclassified as a rogue AP Navigate to IDS in the Dell W Series Instant UI and click the IDS link The built in IDS scans for access points that are not controller by this Virtual Controller These are listed below and classified as either Interfering or Rogue depending on whether they are on a foreign network or your network Figure 126 Intrusion Detection W...

Страница 178: ... policies that are enabled in the Infrastructure Detection Custom settings field Detection Level Detection Policy Off Rogue Classification Low l Detect AP Spoofing l Detect Windows Bridge l IDS Signature Deauthentication Broadcast l IDS Signature Disassociation Broadcast Medium l Detect Adhoc networks using VALID SSID Valid SSID list is auto configured based on Instant AP configuration l Detect Ma...

Страница 179: ... Level Detection Policy Off All detection policies are disabled Low l Detect Valid Station Misassociation Medium l Detect Disconnect Station Attack l Detect Omerta Attack l Detect FATA Jack Attack l Detect Block ACK DOS l Detect Hotspotter Attack l Detect unencrypted Valid Client l Detect Power Save DOS Attack High l Detect EAP Rate Anomaly l Detect Rate Anomaly l Detect Chop Chop Attack l Detect ...

Страница 180: ...etection policies are disabled Low l Protect SSID Valid SSID list should be auto derived from Instant configuration l Rogue Containment High l Protect from Adhoc Networks l Protect AP Impersonation Table 27 Infrastructure Protection Policies The following table describes the detection policies that are enabled in the Client Protection Custom settings field Detection Level Detection Policy Off All ...

Страница 181: ...tempting to connect to the identified Access Point n None Disables all the containment mechanisms n Deauthenticate only With deauthentication containment the Access Point or client is contained by disrupting the client association on the wireless interface n Tarpit containment With Tarpit containment the Access Point is contained by luring clients that are attempting to associate with it to a tarp...

Страница 182: ...182 Intrusion Detection System Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 183: ...col used This can take one of the two values l MD5 HMAC MD5 96 Digest Authentication Protocol l SHA HMAC SHA 96 Digest Authentication Protocol Authentication protocol password If messages sent on behalf of this user can be authenticated the private authentication key for use with the authentication protocol This is a string password for MD5 or SHA depending on the choice above Privacy protocol An ...

Страница 184: ... the name of the user in the Name text box 4 Select the type of authentication protocol from the Auth protocol drop down list 5 Enter the authentication password in the Password text box and retype the password in the Retype text box 6 Select the type of privacy protocol from the Privacy protocol drop down list 7 Enter the privacy protocol password in the Password text box and retype the password ...

Страница 185: ...p receivers in the Dell W Series Instant UI Only the W IAP acting as the Virtual Controller generates traps The OID of the traps is 1 3 6 1 4 1 14823 2 3 3 1 200 2 X Figure 132 SNMP Traps To configure an SNMP trap receiver Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 185 SNMP ...

Страница 186: ...n specifies the format of traps generated by the access point 3 Community Username Specify the community string for SNMPV1 and SNMPV2c traps and a username for SNMPV3 traps 4 Port Enter the port to which the traps are sent The default value is 162 5 Inform When enabled traps are sent as SNMP INFORM messages It is applicable to SNMPV3 only The default value is Yes 3 Click OK to view the trap receiv...

Страница 187: ...ed link on the top right corner of the W Instant 2 Click on the New button below the Wired Networks window and enter the following information in the Wired tab Field Description Name Name of the Ethernet downlink profile Primary Usage l Employee Employee access l Guest Guest access Speed Duplex Only experienced network administrators should change the speed and duplex parameters manually POE When ...

Страница 188: ...e Native VLAN l In Trunk mode the port carries packets for multiple VLANs specified as the Allowed VALN Native VLAN Specifies the VLAN carried by the port in Access mode Allowed VLANs Specifies the VLAN carried by the port in Trunk mode Table 31 Ethernet Downlink Profile Parameters VLAN Tab The following figure displays the VLAN parameters of the Ethernet profile configuration Figure 134 Ethernet ...

Страница 189: ... Click the Access tab and configure the access rule for the profile Field Description Access Rules l Unrestricted User obtains unrestricted access on the port l Network based User is authenticated using the access rules defined here Table 33 Ethernet Downlink Profile Parameters Access Tab NOTE This release of W Instant supports configuration of up to 64 access rules The following figure displays t...

Страница 190: ...ccess Rule Parameters The following figure displays the parameters of the access rule configuration Figure 137 Access Rule Parameters 7 Click Finish to configure the new network profile 8 To edit an Ethernet downlink profile select the configured Ethernet downlink profile and click the Edit button below the Wired Networks window 9 To delete an Ethernet downlink profile select the configured Ethern...

Страница 191: ...fore you can assign a Ethernet downlink profile l To assign an Ethernet downlink profile to Ethernet 1 port select the profile from the 0 1 drop down list l To assign an Ethernet downlink profile to Ethernet 2 port select the profile from the 0 2 drop down list Figure 138 Assigning a Profile to the Ethernet Ports Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 191 Ethern...

Страница 192: ...192 Ethernet Downlink Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 193: ... release of Dell W Instant you can form a W IAP network by connecting the downlink port of an AP to other APs Only one AP in the network uses its downlink port to connect to the other APs This AP called the root AP acts as the wired device for the network provides DHCP service and an L3 connection to the ISP uplink with NAT The root AP is always the master of the Instant network On a single Ethern...

Страница 194: ...194 HierarchicalDeployment Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 195: ...ble backup link for the Ethernet based Instant network Uplink Interface Configuration The following figure describes the W IAP when the Ethernet connection is not configurable on a W IAP network The other W IAPs also join the Virtual Controller as slave W IAPs through a wired or mesh Wi Fi uplink Figure 140 Uplink Types The following types of uplinks are supported on Instant l Ethernet n PPPoE n D...

Страница 196: ...tically and hence no configuration is necessary Plug and Play l Auto detect ISP country Modems of this type require the user to specify the Country and ISP The same modem is used for different ISPs with different parameters configured for each of them l No Auto detect Modems of this type are used where the modems share the same Device ID Country and ISP but need to configure different parameters f...

Страница 197: ...untry l Sierra USB 306 HK CLS 1010 HK l Sierra 306 308 Telstra Aus l Sierra 503 PCIe Telstra Aus l Sierra 312 Telstra Aus l Aircard USB 308 AT T s Shockwave l Compass 597 Sierra Sprint l U597 Sierra Verizon l Tstick C597 Sierra Telecom NZ l Ovation U727 Novatel Sprint l USB U727 Novatel Verizon l USB U760 Novatel Sprint l USB U760 Novatel Verizon l Novatel MiFi 2200 Verizon Mifi 2200 l Huawei E272...

Страница 198: ...e the UML290 for the 3G network only manually set the USB type to pantech 3g To configure the UML290 for the 4G network only manually set the 4G USB type to pantech lte Provisioning 3G 4G Uplink Manually To provision a 3G 4G uplink manually configure the modem parameters The W IAP has to be rebooted if you configure USB modem parameter from the Dell W Series Instant UI Use the following procedure ...

Страница 199: ...atically Figure 143 Provisioning 3G Uplink Automatically NOTE In the Dell W Series Instant UI you can view the list of country or ISP in the country and ISP drop down lists You can either use the country or ISP to configure the modem or configure the individual modem parameters manually If you cannot view the list of country or ISP from the drop down list then configure the modem parameters manual...

Страница 200: ...rming a Wi Fi uplink with a W IAP Provisioning Wi Fi Uplink To provision the Wi Fi Uplink 1 Navigate to Settings Show advanced options Uplink 2 Under WiFi enter the name of the wireless network that is used for the Wi Fi uplink in the Name SSID text box 3 Select the type of key for uplink encryption and authentication from the Key management drop down list If the uplink wireless router uses mixed ...

Страница 201: ...switch to the lower priority uplink if the current uplink is down NOTE A W IAP reboot is not required for uplink switchover process Uplink Switching Based on VPN Status W Instant supports switching uplinks based on the VPN status when deploying mixed uplinks Eth0 3G 4G Wi Fi When VPN is used with multiple backhaul options the W IAP switches to an uplink connection based on the VPN connection statu...

Страница 202: ...ernet typically used with DSL services where the client connects to the DSL modem You can use PPPoE for your uplink connectivity in both normal W IAP and VPN W IAP deployments PPPoE is supported only in a single AP deployment NOTE Uplink redundancy with the PPPoE link is not supported When the Ethernet link is up it is used as a PPPoE or DHCP uplink Once the PPPoE settings are configured PPPoE has...

Страница 203: ...ecret and confirm it c Enter the user name for the PPPoE connection in the User field d In the Password and Retype fields enter the PPPoE password and confirm it 4 Click OK 5 Reboot the IW IAP for the configuration to take effect Figure 147 PPPoE Settings Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 203 Uplink Configuration ...

Страница 204: ...204 Uplink Configuration Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 205: ... W AirWave allows you to manage firmware updates on WLAN devices by defining a minimum acceptable firmware version for each make and model of a device It remotely distributes the firmware image to the WLAN devices that require updates and it schedules the firmware updates such that updating is completed without requiring you to manually monitor the devices The following models can be used to upgra...

Страница 206: ...irrespective of their location in the network and prevents authorized W IAPs from being detected as rogue W IAPs It tracks and correlates the IDS events to provide a complete picture of network security Wireless Intrusion Detection System WIDS Event Reporting to Dell PowerConnect W AirWave Dell PowerConnect W AirWave supports Wireless Intrusion Detection System WIDS Event Reporting which is provid...

Страница 207: ...werConnect W AirWave you need the following l IP address of the Dell PowerConnect W AirWave server l Shared key for service authorization This is assigned by the Dell PowerConnect W AirWave administrator Creating your Organization String The Organization String is a set of colon separated strings created by the Dell PowerConnect W AirWave administrator to accurately represent the deployment of eac...

Страница 208: ...W AirWave server in the Dell PowerConnect W AirWave backup IP text box The backup server provides connectivity when the primary server is down If the W IAP cannot send data to the primary server the Virtual Controller switches to the backup server automatically 5 Enter the shared key in the Shared key text box and reconfirm This shared key is used for configuring the first AP in the Dell W Instant...

Страница 209: ...DHCP Server IPv4 2 Right click on IPv4 and select Set Predefined Options Figure 151 Instant and DHCP options for Dell PowerConnect W AirWave Set Predefined Options 3 Select DHCP Standard Options in the Option class drop down list and then click Add Enter the following information n Name Dell W Instant n Data Type String n Code 60 n Description Dell W Instant AP Dell PowerConnect W Series Instant A...

Страница 210: ...CP options for Dell PowerConnect W AirWave Predefined Options and Values 4 Navigate to Server Manager and select Server Options in the IPv4 window This sets the value globally Use options on a per scope basis to override the global options 5 Right click on Server Options and select the configuration options ...

Страница 211: ...in the String Value Figure 154 W Instant and DHCP options for Dell PowerConnect W AirWave 060 Dell W Instant AP in Server Options 7 Select 043 Vendor Specific Info and enter a value for airwave orgn airwave ip airwave key in the ASCII field for example tme instant store1 10 169 240 8 Dell123 Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 211 ...

Страница 212: ...156 W Instant and DHCP options for Dell PowerConnect W AirWave Scope Options Alternate Method for Defining Vendor Specific DHCP Options This section describes how to add vendor specific DHCP options for Dell W Instant APs in a network that already uses DHCP options 60 and 43 for other services Some networks use DHCP standard options 60 and 43 to give the DHCP clients info about certain services su...

Страница 213: ...es DHCP Server Domain DHCP Server IPv4 2 Select a scope subnet Scope 10 169 145 0 145 is selected in the example shown in the figure below 3 Right click and select Advanced and then specify the following options n Vendor class DHCP Standard Options n User class Default User Class n Available options Select 043 Vendor Specific Info n String Value DellInstantAP tme store4 10 169 240 8 Dell123 which ...

Страница 214: ...214 Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide Figure 158 Dell PowerConnect W AirWave New Group Figure 159 Dell PowerConnect W AirWave Monitor ...

Страница 215: ...rence room Apple TVs An administrator can grant global access to each device or restrict access according to the username role or user location NOTE Dell AirGroup is a technology which is made available as part of the Dell W Instant 6 2 0 0 3 2 0 0 version See Enabling or Disabling AirGroup on page 220 to enable AirGroup after you have upgraded to Dell W Instant 6 2 0 0 3 2 0 0 version What is Bon...

Страница 216: ... dorm room can be associated with the student who owns it l AirGroup is aware of shared resources This might be an Apple TV in a meeting room or a printer in a supply room that is available to certain users such as the marketing department Or in a classroom teachers can use AirPlay to wirelessly project a laptop screen onto an HDTV monitor using an Apple TV l AirGroup is aware of the location of s...

Страница 217: ...ed on VLANs l Match users devices such as iPads to their closest Bonjour devices such as printers This requires CPPM support Dell PowerConnect W ClearPass Policy Manager and ClearPass Guest Features l Registration portal for WLAN users to register their personal devices such as Apple TVs and printers l Registration portal for WLAN administrators to register shared devices such as conference room A...

Страница 218: ...ervices in the network How Does AirGroup Work AirGroup functionality is described in the steps below This flow occurs when an Dell WLAN is powered by an Dell W Instant and Dell PowerConnect W ClearPass Policy Manager A device can be registered by an administrator or a guest user 1 The AirGroup administrator gives an end user the AirGroup operator role which authorizes the user to register the user...

Страница 219: ...ine which Bonjour services are visible to an end user s mobile device Figure 162 AirGroup in a Higher Education Environment The AirGroup Solution Components The components that make up the AirGroup Solution include the Dell W Instant Dell PowerConnect W ClearPass Policy Manager and Dell PowerConnect W ClearPass Guest The version requirements are described below Dell PowerConnect W Series Instant A...

Страница 220: ...s not share the mDNS database information with the other clusters In the Inter Cluster model the W IAP shares the mDNS database information with the other clusters l Enable Air Group across mobility domains Select Enable Air Group across mobility domains to enable Inter cluster By default this feature is disabled Navigate to L3 Mobility tab of Settings to define a set of clusters l Enable Air Prin...

Страница 221: ...e by all user roles configured in your W IAP cluster The disallow role option selectively prevents specified user roles from accessing AirGroup services Perform the following steps to configure disallow role from accessing AirPrint servers and disallow learning of AirPrint servers on the configured VLAN as shown in Figure 164 and Figure 165 Dell PowerConnect W Series Instant Access Point 6 2 0 0 3...

Страница 222: ... selected roles as disallowed roles Disallow VLAN By default an AirGroup service is accessible by users or devices in all VLANs configured in your W IAP cluster You can enable or disable learning of AirGroup services in a specific VLAN using the Air Print Disallowed VLANs configuration window Figure 165 AirPrint Disallowed VLANs 1 Select Edit the field next to Air Print disallowed VLANs The Air Pr...

Страница 223: ...e Enter the name of the new external RADIUS server The maximum length is 32 characters n IP address Enter the IP address of the external RADIUS server n Auth port Enter the authorization port number of the external RADIUS server The port number is set to 1812 by default n Accounting port Enter the accounting port number This port is used to send accounting records to the RADIUS server The port num...

Страница 224: ... the IP address the Virtual Controller IP address is used by default when Dynamic RADIUS Proxy is enabled n NAS identifier Use this to configure strings for RADIUS attribute 32 NAS Identifier to be sent with RADIUS requests to the RADIUS server 2 Click OK to apply the changes NOTE Alternatively you can also create a RADIUS server in the Air Group window of the Dell W Series Instant UI Navigate to ...

Страница 225: ...date the following fields to enable change of authorization Figure 168 Change of Authorization n Name Enter the name of the new external RADIUS server The maximum length is 32 characters n IP address Specify the IP address of the external RADIUS server n Air Group CoA port Indicates that the AirGroup CoA is sent on a different port than the standard CoA port The default value is 5999 n Shared key ...

Страница 226: ...ld displays the user name If the server is connected via PSK or open auth this field will be blank l AP NAME Displays the MAC address of the W IAP where the server is connected l Update no hash This is used for debugging issues Use this to identify the internal database of AirGroup l CPPM By clicking on this you get details of the registered rules in Dell PowerConnect W ClearPass Policy Manager CP...

Страница 227: ...e VLAN type of connection of the Bonjour devices for the selected W IAP s l VC AirGroup Service Displays the bonjour services supported for the selected W IAP s l VC AirGroup Status Displays the enable disable status of the AirGroup and the parameters of the CPPM servers for the selected W IAP s l VC AirGroup vlan Displays the AirGroup status information for a VLAN of the selected W IAP s Dell Pow...

Страница 228: ...228 AirGroup Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 229: ...view is the default view This view allows you to monitor the Dell W Instant network The following Dell W Series Instant UI elements are available in this view l Tabs Contains three tabs Networks Access Points and Clients For detailed information about the tabs see Dell W Instant User Interface on page 23 l Links Contains three links Monitoring Client Alerts and IDS The Spectrum link is visible if ...

Страница 230: ... Displays the OpenDNS status If the OpenDNS is Not connected make sure you have provided the correct credentials on the OpenDNS tab of the Settings window In addition please check if the Internet connection is up l Uplink type Displays the type of uplink Ethernet and 3G l Uplink status Displays whether the uplink is up or down RF Dashboard The RF Dashboard section displays the following informatio...

Страница 231: ...rsor over the graph line To check the number of clients associated with the Virtual Controller for the last 15 minutes 1 Log in to the Dell W Series Instant UI The Virtual Controller view appears This is the default view 2 Study the Clients graph in the Usage Trends pane For example the graph shows that one client is associated with the Virtual Controller at 11 43 hours Throughput The Throughput g...

Страница 232: ...The Virtual Controller view appears This is the default view 2 Study the Throughput graph in the Usage Trends pane For example the graph shows 2 0 kbps outgoing traffic throughput at 12 00 hours It also shows some incoming traffic throughput at the same time Client Alerts Link For information about the Client Alerts link see Clients Tab on page 25 and Alert Types and Management on page 249 section...

Страница 233: ...ee Guest or Voice l IP Assignment Source of IP address for the client l Access The level of access control for this network l Security level The type of user authentication and data encryption for this network Usage Trends The Usage Trends section displays the following graphs for the selected network l Clients Figure 175 Clients Graph l Throughput Dell PowerConnect W Series Instant Access Point 6...

Страница 234: ... example the graph shows that one client is associated with the selected network at 12 00 hours Throughput The Throughput graph shows the throughput of the selected network for the last 15 minutes l Outgoing traffic Throughput for outgoing traffic is displayed in green Outgoing traffic is shown above the median line l Incoming traffic Throughput for incoming traffic is displayed in blue Incoming t...

Страница 235: ...hile also monitoring for rogue APs in the background In Monitor mode the W IAP acts as a dedicated monitor scanning all channels for rogue APs and clients l Spectrum Displays the status of the spectrum monitor l Clients Number of clients associated with the W IAP l Type Displays the model number of the W IAP l CPU Utilization Displays the CPU utilization in percentage l Memory Free Displays the me...

Страница 236: ...displays the common RF metrics for the selected access point over the last 15 minutes The following graphs are displayed for the selected W IAP l Neighboring APs Figure 178 Neighboring APs Graph l CPU Utilization Figure 179 CPU Utilization Graph l Neighboring Clients Figure 180 Neighboring Clients Graph l Memory Free MB ...

Страница 237: ...ber of APs heard by the selected IAP Valid APs An AP that is part of the enterprise providing WLAN service Interfering APs An AP that is seen in the RF environment but is not To check the neighboring APs detected by the W IAP for the last 15 minutes 1 Log in to the Dell W Series Instant UI The Virtual Controller view appears This is the default view Table 41 Dell W Instant Access Point View Usage ...

Страница 238: ...ighboring Clients graph shows the number of clients not connected to the selected AP but heard by it Valid Any client that successfully authenticates with a valid AP and passes encrypted traffic is classified as a valid client Interfering A client associated to any AP and is not valid To see the number of different types of neighboring clients for the last 15 minutes hover the cursor over the resp...

Страница 239: ...going traffic Throughput for outgoing traffic is displayed in green Outgoing traffic is shown about the median line l Incoming traffic Throughput for incoming traffic is displayed in blue Incoming traffic is shown below the median line To see an enlarged view click the graph l The enlarged view provides Last Minimum Maximum and Average statistics for the incoming and outgoing traffic throughput of...

Страница 240: ...nt Access Point 6 2 0 0 3 2 0 0 User Guide Figure 185 2 4 GHz Management Frames fps Graph l Drops fps Figure 186 Drops fps Graph l Noise Floor dBm Figure 187 Noise Floor dBm Graph l 2 4 GHz Mgmt Frames Figure 188 2 4 GHz Management Frames fps Graph ...

Страница 241: ... In the Access Points tab click the W IAP for which you want to monitor the utilization The W IAP view appears 3 Study the Utilization graph in the RF Trends pane For example the graph shows 84 W IAP radio utilization for the 2 4 GHz band at 12 15 hours NOTE You can also click the rectangle icon under the Utilization column in the RF Dashboard pane to see the Utilization graph for the selected W I...

Страница 242: ...appears 3 Study the Drops graph For example the graph shows that 6 frames per second were dropped at 13 34 hours Noise Floor The Noise Floor graph shows the signals created by all the noise sources and unwanted signals in the network Noise floor is measured in decibels metre Too many unwanted signals hamper the performance of the W IAP Monitor the noise floor regularly for optimal performance of t...

Страница 243: ...e the exact utilization percent at a particular time hover the cursor over the graph line To monitor the errors for the W IAP for the last 15 minutes 1 Log in to the Dell W Series Instant UI The Virtual Controller view appears This is the default view 2 In the Access Points tab click the name link of the W IAP for which you want to monitor the errors The W IAP view appears 3 Study the Errors graph...

Страница 244: ...rk to which the client is connected to l Access Point W IAP to which the client is connected to l Channel Channel that the client is using l Type Channel type that the client is broadcasting on RF Dashboard In the Client view the RF Dashboard section is moved below the Info section The RF Dashboard section in the client view shows the speed and the signal information for the client and the RF info...

Страница 245: ...93 Speed Graph l Throughput Figure 194 Throughput Graph For more information about RF trends graphs in the client view and for monitoring procedures see Table 43 Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 245 Monitoring ...

Страница 246: ... and is show above the median line l Retry In Retries for the incoming frames is displayed in red and is shown below the median line To see an enlarged view click the graph The enlarged view provides Last Minimum Maximum and Average statistics for the In Out Retries In and Retries Out frames To see the exact frames at a particular time hover the cursor over the graph line To monitor the In and Out...

Страница 247: ...tor the errors for the client for the last 15 minutes 1 Log in to the Dell W Series Instant UI The Virtual Controller view appears This is the default view 2 In the Clients tab click the IP address of the client for which you want to monitor the throughput The client view appears 3 Study the Throughput graph in the RF Trends pane For example the graph shows 1 0 kbps outgoing traffic throughput for...

Страница 248: ...248 Monitoring Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 249: ...iation request The W IAP cannot allow this client to associate because the association request received contains an unknown SSID Identify the client and check its Wi Fi driver and manager software 100103 Mismatched authen tication encryption setting The W IAP cannot allow this client to associate because its authentication or encryption settings do not match W IAP s configuration Ascertain the cor...

Страница 250: ...espond to the authentication request If the W IAP is using the internal RADIUS server recommend checking the related configuration as well as the installed certificate and passphrase If the W IAP is using an external RADIUS server check if there are any issues with the RADIUS server and try connecting again 100309 RADIUS server authentication failure The W IAP cannot authenticate this client using...

Страница 251: ...ients and to enable or disable the protocols for ALG Navigate to the PEF link at the top right corner of the Dell W Series Instant UI to view the following features Authentication Servers This section displays the currently defined external authentication servers l Name Indicates the name of the external authentication server l Type Indicates the type of the authentication server RADIUS or LDAP 1 ...

Страница 252: ...n the Users list See User Database on page 269 for more information Roles This window consists of the following options l Roles This table displays all the roles defined for all the networks See User Role on page 151 for more information NOTE A special default role with the same name as the network is automatically defined for each network These roles cannot be deleted or renamed l Access Rules Th...

Страница 253: ...Facetime Voice and video devices use a signaling protocol to establish control and terminate voice and video calls These control or signaling sessions are usually permitted using pre defined ACLs If however the control signaling packets are encrypted the W IAP cannot determine which dynamic ports are used for voice or video traffic In these cases the W IAP has to use an ACL with the Dell PowerConn...

Страница 254: ... traffic starts flowing audio and video data are sent through that same port using RTP The audio and video packets are interleaved in the air though individual the sessions can be uniquely identified using their payload type and sequence numbers The RTP header and payload also get encapsulated under the TURN ChannelData Messages The Facetime call is terminated with a SIP BYE message that can be se...

Страница 255: ...ed clients When a client is blacklisted in an Dell W IAP the client is not allowed to associate with the W IAP in the network If a client is connected to the network when it is blacklisted a deauthentication message is sent to force the client to disconnect Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 255 Policy Enforcement Firewall ...

Страница 256: ...e simplest way to add a client to the blacklist In manual blacklisting the MAC address of the client has to be known to the user These clients would be added into a permanent blacklist These clients are not allowed to connect to the network unless they are removed from the blacklist Adding a Client to the Manual Blacklist To add a client to the blacklist manually using the MAC address of the clien...

Страница 257: ... automation blacklisting when the ACL rule is hit it would send out blacklist information and the client would be blacklisted To set the blacklist duration 1 Select the PEF link and then select Blacklisting tab l Auth failure blacklist time Enter the duration since the blacklisting has been triggered when the authentication failure threshold is exceeded l PEF rule blacklisted time Enter the durati...

Страница 258: ...able the protocols for ALG in Dell W Instant perform the following steps 1 Select PEF from the top right of the Dell W Series Instant UI 2 Select PEF Settings tab 3 Select Enabled from the corresponding drop down list to enable SIP VOCERA Alcatel NOE and Cisco skinny protocols Figure 204 Enabling ALG Protocols 4 Click OK NOTE When the protocols for ALG are Disabled the changes do not take effect u...

Страница 259: ... firewall now supports firewall based logging function The firewall logs on the W Instant APs are generated as syslog messages Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 259 Policy Enforcement Firewall ...

Страница 260: ...260 Policy Enforcement Firewall Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 261: ... survivability feature of W Instant APs with the VPN connectivity of RAPs providing corporate connectivity to non corporates VPN Configuration The VPN configuration functionality enables the W IAP to create a single VPN tunnel from the Virtual Controller to a Dell PowerConnect W Series Mobility Controller in your corporate office Here the VPN tunnels from the Instant APs terminate on the Dell Powe...

Страница 262: ... back to the primary host when and if it becomes available again This step is optional 7 Select Enabled or Disabled from the Fast failover drop down list 8 Enter Connection test frequency at which packets are sent to the controller The unit is seconds per packet and the default value is 10 seconds which means that every 10 seconds the W IAP will send one packet to the controller NOTE This value sh...

Страница 263: ...ables different DHCP pools various deployment models in addition to allocating IP subnets to each branch The following modes of DHCP server are supported l Local Subnet In this mode the VC assigns an IP address from a configured subnet and forwards traffic to both corporate and non corporate destinations This is achieved by appropriately translating the network address NAT and forwarding the packe...

Страница 264: ...ute on the controller after the VPN tunnel is set up during the registration of the subnet Figure 207 Tunneling DHCP Server NAT DHCP Configuration In NAT mode the scope of the subnet is local to the W IAP and forwards traffic through the IPSec tunnel or through the uplink 1 Click New in the DHCP Server window and select Local to configure the following parameters for NAT mode DHCP pool n Name Name...

Страница 265: ...referenced in the SSID configuration to make use of this subnet n Network Network to be used for this subnet n Netmask Net mask of the subnet This along with Network determines the size of the subnet n Excluded address This determines the exclusion range of the subnet Based on the size of the subnet and value configured here location within the subnet scope this is used to either exclude IP addres...

Страница 266: ...pe Indicates the type of DHCP server Available options are Local Distributed L3 Distributed L2 Centralized L2 Distributed L3 implies that this is a Distributed mode L3 DHCP subnet n VLAN VLAN ID of the subnet This needs to be referenced in the SSID configuration to make use of this subnet n Network Network to be used for this subnet n Netmask Net mask of the subnet This along with Network determin...

Страница 267: ... Relay Agent and Option 82 Select to enable or disable these features When a DHCP server is configured with a DHCP Relay agent the client s Broadcast DHCP Discover packet is not sent to the corporate network instead the Virtual Controller acts as the DHCP Relay and unicasts DHCP packets to the corporate DHCP server Enable DHCP Option 82 to allow clients to send DHCP packets with the Option 82 stri...

Страница 268: ... string Enabled Disabled DHCP packet relayed without the ALU specific Option 82 string Disabled Enabled DHCP packet not relayed but broadcasted with the ALU specific Option 82 string Disabled Disabled DHCP packet not relayed but broadcasted without the ALU specific Option 82 string Table 46 DHCP Relay and Option 82 2 Click OK to apply these changes Figure 211 Centralized L2 DHCP Configuration ...

Страница 269: ...rom the enterprise traffic you can create a Guest WLAN specify the required authentication encryption and access rules and allow the guest user to use the enterprise network An employee user is the employee who is using the enterprise network for various official tasks You can create Employee WLANs specify the required authentication encryption and access rules and allow the employees to use the e...

Страница 270: ... which you want to edit the settings and click Edit The user s details appear on the right side 3 Edit as required and click OK Deleting a User To delete a user 1 At the top right corner of the Dell W Series Instant UI click the Users link The Users window appears 2 In the Users section select the username that you want to delete and click Delete To delete all users or multiple users at a time sel...

Страница 271: ...country code for the country in which the Dell W Instant operates This configuration sets the regulatory domain for the radio frequencies that the W IAPs use Within the regulated transmission spectrum a high throughput 802 11a 802 11b g or 802 11n radio setting can be configured The available 20 MHz and 40 MHz channels are dependent on the specified country code You cannot change the country code ...

Страница 272: ...Netherlands IT Italy PT Portugal LU Luxembourg NO Norway FI Finland DK Denmark CH Switzerland CZ Czech Republic ES Spain GB United Kingdom KR Republic of Korea South Korea CN China FR France HK Hong Kong SG Singapore TW Taiwan BR Brazil SA Saudi Arabia LB Lebanon AE United Arab Emirates ZA South Africa AR Argentina AU Australia AT Austria ...

Страница 273: ...a MX Mexico MA Morocco NZ New Zealand PL Poland PR Puerto Rico SK Slovak Republic SI Slovenia TH Thailand UY Uruguay PA Panama RU Russia KW Kuwait LI Liechtenstein LT Lithuania MX Mexico MA Morocco NZ New Zealand PL Poland Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 273 Regulatory Domain ...

Страница 274: ...Rico SK Slovak Republic SI Slovenia TH Thailand UY Uruguay PA Panama RU Russia EG Egypt TT Trinidad and Tobago TR Turkey CR Costa Rica EC Ecuador HN Honduras KE Kenya UA Ukraine VN Vietnam BG Bulgaria CY Cyprus EE Estonia MU Mauritius RO Romania CS Serbia and Montenegro ID Indonesia PE Peru VE Venezuela JM Jamaica BH Bahrain ...

Страница 275: ...CO Colombia DO Dominican Republic GT Guatemala PH Philippines LK Sri Lanka SV El Salvador TN Tunisia PK Islamic Republic of Pakistan QA Qatar DZ Algeria Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 275 Regulatory Domain ...

Страница 276: ...276 Regulatory Domain Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 277: ... use the following CLI command Dell3400 local userdb ap add mac address 00 11 22 33 44 55 ap group test Dell3400 The ap group parameter is not used for any configuration but needs to be configured The parameter can be any valid string If an external whitelist is being used the AP MAC address needs to be saved in the RADIUS server as a lower case entry without any delimiter VPN Local Pool Configura...

Страница 278: ...proxy Dell3400 config ip access list session iaprole Dell3400 config sess iaprole any host radius server ip any src nat Dell3400 config sess iaprole any any any permit Dell3400 config sess iaprole Dell3400 config user role iaprole Dell3400 config role session acl iaprole Dell3400 config role Dell3400 config aaa authentication vpn default iap Dell3400 VPN Authentication Profile default iap server g...

Страница 279: ...this chapter is to help you configure AirGroup with Dell PowerConnect W ClearPass 6 0 1 Dell PowerConnect W ClearPass Setup 1 On Dell PowerConnect W ClearPass Guest navigate to Administration AirGroup Services 2 Click Configure AirGroup Services Figure 214 Configure AirGroup Services 3 Click Add a new controller Figure 215 Add a New Controller for AirGroup Services 4 Update the fields with the app...

Страница 280: ...the W IAP configuration Figure 216 Configure AirGroup Services Controller Settings 5 Click Save Configuration In order to demonstrate AirGroup either an AirGroup Administrator or an AirGroup Operator account must be created 1 Navigate to theDell PowerConnect W ClearPass Policy Manager UI and navigate to Configuration Identity Local Users Figure 217 Configuration Identity Local Users Selection 2 Cl...

Страница 281: ...example the password used is test123 Click Add 5 Now click Add User and create an AirGroup Operator Figure 220 Create an AirGroup Operator 6 Click Add to save the user with an AirGroup Operator role Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide 281 DellPowerConnect W Clear Pass Configuration for AirGroup ...

Страница 282: ...ure 221 Local Users UI Screen 8 Navigate to the Dell PowerConnect W ClearPass Guest UI and click Logout The ClearPass Guest Login page appears Use the AirGroup admin credentials to log in 9 After logging in click Create Device Figure 222 Create a Device The following page is displayed Figure 223 Register Shared Device For this test add your AppleTV device name and MAC address but leave all other f...

Страница 283: ...ld 3 Disconnect and remove the OSX Mountain Lion iOS 6 device from the controller s user table Reconnect the device by not using the username that you added to the Shared With field The AppleTV should not be available to this device 4 Disconnect the OSX Mountain Lion iOS 6 device and delete it from the controller s user table Reconnect using the username that was added to the Shared With field The...

Страница 284: ...284 DellPowerConnect W Clear Pass Configuration for AirGroup Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 285: ...t are supported on the DellOS 6 2 0 release will work on IAP VPN 6 1 3 1 Licensing Requirements The following table lists the licensing requirements for IAP VPN functionality Table 49 Licensing Requirements for IAP VPN License Name Supported Functionality Limitations Base OS Without license IPSec tunnel works with both internal and external DBs l IPSec tunnel does not work with internal DB for ver...

Страница 286: ...e Radius server as a lower case entry without any delimiter External Whitelist DB The external whitelist functionality enables you to configure the RADIUS server to use an external whitelist for authentication of MAC addresses of RAPs If you are using Windows 2003 server perform the following steps to configure external whitelist on it There are equivalent steps available for Windows Server 2008 a...

Страница 287: ... src nat rule to Radius server to get Dynamic Radius proxy working 1 Navigate to the Configuration Security Authentication L3 Authentication page 2 In the Profiles list select the VPN Authentication Profile default iap 3 For Default Role enter the user role you created previously for example InstantAP 4 Click Apply 5 In the Profile list under VPN Authentication Profile select Server Group 6 Select...

Страница 288: ...0 0 0 00 1a 1e 08 23 f4 be5ffcf801eedd92a76b978ceee53f4e2284c8e8f3dbd84457 5 DOWN 0 0 0 0 00 24 6c c9 27 cf b5d279460166c39a5fb9462a65559eb91266b9ac9f8e2356a0 13 DOWN 0 0 0 0 d8 c7 c8 c0 01 6c 0f7057990174cde7901a0c8779baeb7393b26d974a45eb8602 10 DOWN 0 0 0 0 00 24 6c c0 41 f2 a1e23c1201cfb76a50fb3328e58c9825e716a259dd71874c67 4 UP 10 15 207 207 00 24 6c c9 18 64 47f930fc019317069d04fd1c2ffdf6a49a...

Страница 289: ...all the ACL rules of the selected W IAP l AP Active Displays all the APs of Instant l AP Airgroup Cache Displays the Bonjour mDNS records for the selected W IAP s l AP Airgroup CPPM Entries Displays the AirGroup CPPM policies of the registered devices l AP Airgroup CPPM Servers Displays the AirGroup CPPM server information l AP Airgroup Debug Statistics Displays the debug statistics for the select...

Страница 290: ...on l AP Datapath ACL Tables l AP Datapath Bridge Table Displays bridge table entry statistics including MAC address VLAN assigned VLAN Destination and flag information for the selected W IAP l AP Datapath DMO Session l AP Datapath Multicast Table Displays datapath multicast table statistics for the selected W IAP l AP Datapath Route Table Displays datapath route table statistics for the selected W...

Страница 291: ...e Malloc State dump details l AP Memory Utilization Displays memory utilization of the selected W IAP l AP Mesh Counters Displays the mesh counters of the selected W IAP l AP Mesh Link Displays the mesh link of the selected W IAP l AP Mesh Neighbors Displays the mesh link neighbors of the selected W IAP l AP Monitor Active Laser Beams l AP Monitor AP Table Displays the list of monitored APs of the...

Страница 292: ...Displays the CA certificate and server certificate of the selected W IAP l VC About Displays some info of the selected W IAP including AP type build time of image image version l VC Active Configuration Displays the active configuration of Virtual Controller l VC Airgroup Service Displays the Bonjour services supported for the selected W IAP s l VC Airgroup Status Displays the enable disable statu...

Страница 293: ...butes Displays the RADIUS attributes of the selected W IAP l VC Radius Servers Displays the RADIUS servers configuration of the selected W IAP l VC Saved Configuration Displays the saved configuration of Virtual Controller l VC Scanning Statistics l VC SNMP Configuration Displays the SNMP configuration of the selected W IAP l VC Uplink 3G 4G Configuration l VC Uplink Management Configuration l VC ...

Страница 294: ...294 Troubleshooting Dell PowerConnect W Series Instant Access Point 6 2 0 0 3 2 0 0 User Guide ...

Страница 295: ...d Line Interface DHCP Dynamic Host Configuration Protocol DMZ Demilitarized Zone DNS Domain Name System EAP TLS Extensible Authentication Protocol Transport Layer Security EAP TTLS Extensible Authentication Protocol Tunneled Transport Layer Security W IAP Instant Access Point IDS Intrusion Detection System IEEE Institute of Electrical and Electronics Engineers ISP Internet Service Provider Instant...

Страница 296: ...sion NAT Network Address Translation NS Name Server NTP Network Time Protocol PEAP Protected Extensible Authentication Protocol PEM Privacy Enhanced Mail PoE Power over Ethernet RADIUS Remote Authentication Dial In User Service VC Virtual Controller VSA Vendor Specific Attributes WLAN Wireless Local Area Network ...

Отзывы:

Нет отзывов

Похожие инструкции для PowerConnect B-RX4

D-Link DAP-1650 Quick Install Manual preview
DAP-1650
Бренд: D-Link Страницы: 16
D-Link DCH-G020 How-To preview
DCH-G020
Бренд: D-Link Страницы: 2
Jabra Link 950 USB-A How Do preview
Link 950 USB-A
Бренд: Jabra Страницы: 4
Jabra LINK 14201-20 - DATASHEET FOR TOSHIBA PHONES Datasheet preview
LINK 14201-20 - DATASHEET FOR TOSHIBA PHONES
Бренд: Jabra Страницы: 2
Xantech AC1 Installation Instructions preview
AC1
Бренд: Xantech Страницы: 2
Dataprobe iBoot-G2 Quick Start Manual preview
iBoot-G2
Бренд: Dataprobe Страницы: 3
Panasonic AV-HS6000 Operation Manual preview
AV-HS6000
Бренд: Panasonic Страницы: 206
Lantronix SM8TAT2SA Quick Start Manual preview
SM8TAT2SA
Бренд: Lantronix Страницы: 2
Grizzly H8239 Instructions preview
H8239
Бренд: Grizzly Страницы: 2
NBase Communications NH2001M Installation And User Manual preview
NH2001M
Бренд: NBase Communications Страницы: 72
Ruby Tech GS-1148L Technical Specifications preview
GS-1148L
Бренд: Ruby Tech Страницы: 2
DirectConnect 43136 User Manual preview
43136
Бренд: DirectConnect Страницы: 10
Phonocar 5-981 Mounting Instructions preview
5-981
Бренд: Phonocar Страницы: 2
Farallon Fast Starlet User Manual preview
Fast Starlet
Бренд: Farallon Страницы: 22
StarTech.com VS221HD20 Quick Start Manual preview
VS221HD20
Бренд: StarTech.com Страницы: 2
H-Tronic TS 1000 Instruction Manual preview
TS 1000
Бренд: H-Tronic Страницы: 15
Unipoe PM5003GSN User Manual preview
PM5003GSN
Бренд: Unipoe Страницы: 9
Cabletron Systems ELS10-26TX User Manual preview
ELS10-26TX
Бренд: Cabletron Systems Страницы: 116

Бренды по названию

Популярные бренды

Загрузить еще бренды