manualshive.com logo in svg

Extreme Networks Summit WM20, Руководство пользователя

Поделиться
Скачать
Extreme Networks Summit WM20 Скачать руководство пользователя страница 90

WM Access Domain Services

Summit WM20 User Guide, Software Release 4.2

90

Extensible Authentication Protocol with Tunneled Transport Layer Security (EAP-TTLS)

 – Relies 

on mutual authentication of client and server through an encrypted tunnel. Unlike EAP-TLS, it 
requires only server-side certificates. The client uses PAP, CHAP, or MS-CHAPv2 for authentication.

Protected Extensible Authentication Protocol (PEAP)

 – Is an authentication protocol similar to TTLS 

in its use of server side certificates for server authentication and privacy and its support for a variety 
of user authentication mechanisms.

For 802.1x, the RADIUS server must support RADIUS extensions (RFC2869).

Until the access-accept is received from the RADIUS server for a specific user, the user is kept in an 
unauthenticated state. 802.1x rules dictate no other packets other than EAP are allowed to traverse 
between the AP and the Summit WM Controller until authentication completes. Once authentication is 
completed (access-accept is received), the user's client is then allowed to proceed with IP services, 
which typically implies the request of an IP address via DHCP. 

In addition, the definition of a specific filter ID is optional configuration. If a specific filter ID is not 
defined or returned by the access-accept operation, the Summit WM Controller assigns the WM-AD 
default filter for authenticated users.

NOTE

The Summit WM Controller only assigns the device's IP after the client requests one.

Both Captive Portal and AAA (802.1x) authentication mechanisms in Summit WM Controller, Access 
Points and Software rely on a RADIUS server on the enterprise network. You can identify and prioritize 
up to three RADIUS servers on the Summit WM Controller—in the event of a failover of the active 
RADIUS server, the Summit WM Controller will poll the other servers in the list for a response. Once 
an alternate RADIUS server is found, it becomes the active RADIUS server, until it either also fails, or 
the administrator redefines another.

Filtering for a WM-AD

The WM-AD capability provides a technique to apply policy, to allow different network access to 
different groups of users. This is accomplished by packet filtering.

After setting authentication, define the filtering rules for the filters that apply to your network and the 
WM-AD you are setting up. Several filter types are applied by the Summit WM Controller:

Exception filter

 – Protect access to a system's own interfaces, including the WM-AD's own interface. 

WM-AD exception filters are applied to user traffic intended for the Summit WM Controller's own 
interface point on the WM-AD. These filters are applied after the user's specific WM-AD state 
assigned filters. 

Non-authenticated filter with filtering rules that apply before authentication

 – Controls network 

access and to direct users to a Captive Portal Web page for login.

Group filters, by filter ID, for designated user groups

 – Controls access to certain areas of the 

network, with values that match the values defined for the RADIUS filter ID attribute.

Default filter

 – Controls access if there is no matching filter ID for a user.

Содержание Summit WM20

Страница 1: ...etworks Inc 3585 Monroe Street Santa Clara California 95051 888 257 3000 408 579 2800 http www extremenetworks com Summit WM20 User Guide Software Version 4 2 Published January 2008 Part number 120398 00 Rev 01 ...

Страница 2: ...ng others are trademarks or registered trademarks of Extreme Networks Inc or its subsidiaries in the United States and or other countries Adobe Flash and Macromedia are registered trademarks of Adobe Systems Incorporated in the U S and or other countries Avaya is a trademark of Avaya Inc Merit is a registered trademark of Merit Network Inc Internet Explorer is a registered trademark of Microsoft C...

Страница 3: ... of the Summit WM Controller Access Points and Software Solution 21 Conventional Wireless LANS 21 Elements of the Summit WM Controller Access Points and Software Solution 22 Summit WM Controller Access Points and Software and Your Network 24 Network Traffic Flow 25 Network Security 26 WM Access Domain Services 28 Static Routing and Routing Protocols 28 Packet Filtering Policy 29 Mobility and Roami...

Страница 4: ...Modifying a Wireless AP s Properties 68 Modifying the Wireless AP s Radio Properties 70 Setting up the Wireless AP Using Static Configuration 75 Configuring Dynamic Radio Management 77 Modifying a Wireless AP s Properties Based on a Default AP Configuration 79 Modifying the Wireless AP s Default Setting Using the Copy to Defaults Feature 79 Configuring APs Simultaneously 80 Performing Wireless AP ...

Страница 5: ...hentication 140 Defining Priority Level and Service Class for WM AD Traffic 141 Defining the Service Class for the WM AD 142 Configuring the Priority Override 142 Working with Quality of Service QoS 143 QoS Modes 143 Configuring the QoS Policy on a WM AD 145 Bridging Traffic Locally 148 Chapter 6 Availability and Controller Functionality 151 Availability Overview 151 Availability Prerequisites 152...

Страница 6: ...ntenance 202 Updating Summit WM Controller Software 202 Updating Operating System Software 204 Backing up Summit WM Controller Software 206 Restoring Summit WM Controller Software 208 Upgrading a Summit WM Controller Using SFTP 210 Configuring Summit WM Controller Access Points and Software Logs and Traces 211 Viewing Log Alarm and Trace Messages 211 Glossary 217 Networking Terms and Abbreviations...

Страница 7: ...246 European Community 247 Certifications of Other Countries 253 Altitude 350 2 Int AP 15958 and Altitude 350 2 Detach 15939 Access Points 253 Optional Approved 3rd Party External Antennas 254 Antenna Diversity 254 Optional 3rd Party External Antennas for the United States 254 Optional 3rd Party External Antennas for Canada 258 Optional 3rd Party External Antennas the European Community 262 Index ...

Страница 8: ...Table of Contents Summit WM20 User Guide Software Release 4 2 8 ...

Страница 9: ...how it discovers and registers with the Summit WM Controller how to view and modify the radio configuration and how to enable Dynamic Radio Frequency Management Chapter 4 WM Access Domain Services provides an overview of WM Access Domain Services WM AD the mechanism by which the Summit WM Controller Access Points and Software controls and manages network access Chapter 5 WM Access Domain Services ...

Страница 10: ...terface such as menu items and section of pages as well as the names of buttons and text boxes For example Click Logout Monospace font is used in code examples and to indicate text that you type For example Type https wm20 address mgmt port The following symbols are used to draw your attention to additional information NOTE Notes identify useful information that is not essential such as reminders ...

Страница 11: ...orne materials that can conduct electricity Well ventilated and away from sources of heat including direct sunlight Away from sources of vibration or physical shock Isolated from strong electromagnetic fields produced by electrical devices Secured enclosed and restricted access ensuring that only trained and qualified service personnel have access to the equipment In regions that are susceptible t...

Страница 12: ...urge suppressor line conditioner or uninterruptible power supply to protect the system from momentary increases or decreases in electrical power For hot swappable power supplies do not slam PSU into the bay If multiple power supplies are used in a controller connect each power supply to different independent power sources If a single power source fails it will affect only that power supply to whic...

Страница 13: ...chassis so that it is always available when you need to handle ESD sensitive components Ensure that all cables are installed in a manner to avoid strain Use tie wraps or other strain relief devices Replace power cord immediately if it shows any signs of damage General Safety Precautions Ensure that you conform to the following guidelines Do not attempt to lift objects that you think are too heavy ...

Страница 14: ...y grounded before plugging the AC supply power cord into a PSU Note the following country specific requirements Argentina The supply plug must comply with Argentinean standards Australia 10 A minimum service receptacle AS 3112 for 110 220 VAC power supplies Denmark The supply plug must comply with section 107 2 D1 standard DK2 1a or DK2 5a Japan 10 A service receptacle JIS 8303 for 110 220 VAC pow...

Страница 15: ...n this unit are not user replaceable Contact your Extreme Service personal for complete product replacement WARNING If replacement is attempted the following guidelines must be followed to avoid danger of explosion 1 replaced with the same or equivalent type as recommended by the battery manufacturer 2 dispose of the battery in accordance with the battery manufacturer s recommendation ...

Страница 16: ...licht Ausreichender Abstand zu Quellen die Erschütterungen oder Schläge Stöße hervorrufen können Isolierung von starken elektromagnetischen Feldern wie sie durch Elektrogeräte erzeugt werden Sicherer abgeschlossener Arbeitsbereich mit beschränktem Zugang sodass nur geschultes und qualifiziertes Servicepersonal Zugriff auf das Gerät hat In für elektrische Stürme anfälligen Gebieten wird empfohlen d...

Страница 17: ... Netzteile jeweils an unterschiedliche unabhängige Stromquellen anzuschließen Auf diese Weise ist bei einem Ausfall einer einzelnen Stromquelle nur das daran angeschlossene Netzteil betroffen Wenn alle Netzteile eines einzelnen Controller an dieselbe Stromquelle angeschlossen sind ist der gesamte Controller für einen Ausfall der Stromversorgung anfällig Leistungsspezifikationen für Netzteile von E...

Страница 18: ... Bauteile Zum Schutz ESD gefährdeter Bauteile grundsätzlich vor der Aufnahme von Arbeiten an Leiterplatten oder Modulen ein Armband anlegen Leiterplatten nur in antistatischer Verpackung transportieren Vor der Aufnahme von Arbeiten an Leiterplatten diese immer auf einer geerdeten Fläche ablegen Verlegen von Kabeln Kabel so verlegen dass keine Schäden entstehen oder Unfälle z B durch Stolpern verur...

Страница 19: ...eit verschieden Extreme Networks empfiehlt daher ausdrücklich einen Elektroinstallateur zu beauftragen um die sachgemäße Geräteerdung und Stromverteilung für Ihre spezifische Installation sicherzustellen Austauschen und Entsorgen von Batterien Im Umgang mit Batterien sind folgende Hinweise zu beachten Austauschen der Lithium Batterie Die in diesem Gerät enthaltenen Batterien können nicht vom Anwen...

Страница 20: ...About this Guide Summit WM20 User Guide Software Release 4 2 20 ...

Страница 21: ...etworks operating on multiple floors in more than one building and is ideal for public environments such as airports and convention centers that require multiple access points This chapter provides an overview of the fundamental principles of the Summit WM Controller Access Points and Software system Conventional Wireless LANS Wireless communication between multiple computers requires that each co...

Страница 22: ...ows a single Summit WM Controller to control many Wireless APs making the administration and management of large networks much easier There can be several Summit WM Controllers in the network each with a set of registered Wireless APs The Summit WM Controllers can also act as backups to each other providing stable network availability In addition to the Summit WM Controllers and Wireless APs the s...

Страница 23: ...plies access policies Simplifying the Wireless APs makes them cost effective easy to manage and easy to deploy Putting control on an intelligent centralized Summit WM Controller enables Centralized configuration management reporting and maintenance High security Flexibility to suit enterprise Scalable and resilient deployments with a few Summit WM Controllers controlling hundreds of Wireless APs T...

Страница 24: ...ork routing and authentication techniques Prevents rogue devices Unauthorized access points are detected and identified as harmless or dangerous rogue APs Provides accounting services Logs wireless user sessions user group activity and other activity reporting enabling the generation of consolidated billing records Offers troubleshooting capability Logs system and session activity and provides rep...

Страница 25: ...d for an external Captive Portal server RADIUS Accounting Server Remote Access Dial In User Service RFC2866 A server that is required if RADIUS Accounting is enabled Simple Network Management Protocol SNMP A Manager Server that is required if forwarding SNMP messages is enabled Check Point Server Check Point Event Logging API A server for security event logging that is required if a firewall appli...

Страница 26: ...tatic route if dynamic routing is not preferred Network Security The Summit WM Controller Access Points and Software system provides features and functionality to control network access These are based on standard wireless network security practices Current wireless network security methods provide protection These methods include Shared Key authentication that relies on Wired Equivalent Privacy W...

Страница 27: ...ween the wireless device and the network until authentication is complete Authentication by 802 1x standard uses Extensible Authentication Protocol EAP for the message exchange between the Summit WM Controller and the RADIUS server When 802 1x is used for authentication the Summit WM Controller provides the capability to dynamically assign per wireless device WEP keys called per station WEP keys i...

Страница 28: ...ces associated with a WM AD directly to a specified core VLAN The following lists how many WM ADs the Summit WM20 Controller can support WM20 Up to 8 WM ADs The Wireless AP radios can be assigned to each of the configured WM ADs in a system Each AP can be the subject of 8 WM AD assignments corresponding to the number of SSIDs it can support Once a radio has all 8 slots assigned it is no longer eli...

Страница 29: ...mit WM APs are setup as bridges that bridge wireless traffic to the local subnet In bridging configurations the user obtains an IP address from the same subnet as the AP If the user roams within APs on the same subnet it is able to keep using the same IP address However if the user roams to another AP outside of that subnet its IP address is no longer valid The user s client device must recognize ...

Страница 30: ...ion to the CTP header this is referred to as Adaptive QoS Quality of Service QoS management is also provided by Assigning high priority to an SSID configurable Adaptive QoS automatic Support for legacy devices that use SpectraLink Voice Protocol SVP for prioritizing voice traffic configurable System Configuration Overview To set up and configure the Summit WM Controller and Wireless APs follow the...

Страница 31: ...WM AD Setup Set up one or more virtual subnetworks on the Summit WM Controller For each WM AD configure the following Topology Configure the WM AD RF Assign the Wireless APs radios to the WM AD Authentication and Accounting Configure the authentication method for the wireless device user and enable the accounting method RAD Policy Define filter ID values and WM AD Groups Filtering Define filtering...

Страница 32: ...Overview of the Summit WM Controller Access Points and Software Solution Summit WM20 User Guide Software Release 4 2 32 ...

Страница 33: ...tegrate with an existing wired Local Area Network LAN The rack mountable Summit WM Controller provides centralized management network access and routing to wireless devices that use Wireless APs to access the network It can also be configured to handle data traffic from third party access points The Summit WM Controller provides the following functionality Controls and configures Wireless APs prov...

Страница 34: ... Control console port One USB Server port future use Built in PSU Hard Drive Fans and Controller card not field replaceable Supporting up to 32 APs WM200 Four Data ports 10 100 1000 BaseT One Management port 10 100 BaseT One Console port DB9 serial Redundant and Field Replaceable Power modules Redundant and Field Replaceable Fan modules Field Replaceable Supervisory module Field Replaceable Networ...

Страница 35: ...it is recommended that you configure the time zone during the initial installation and configuration of the Summit WM Controller to avoid network interruptions For more information see Configuring Network Time on page 158 To configure a physical port to attach to a VLAN define the VLAN as part of the IP address assignment Applying the Product License Key Apply a product license key file If a produ...

Страница 36: ...cation and accounting configuration is optional It only applies to Captive Portal or AAA WM ADs RAD Policy Define filter ID values and WM AD Groups This configuration is optional Filtering Define filtering rules to control network access Multicast Define groups of IP addresses for multicast traffic This configuration is optional By default the multicast feature is disabled Privacy Select and confi...

Страница 37: ... Summit WM Controller by one of two methods Use the method described in Console Port for Summit WM20 Controller on page 238 to access Summit WM20 Controller console Use the Command Line Interface CLI commands For more information see the Summit WM20 CLI Reference Guide Use a laptop computer with a Web browser Connect the supplied cross over Ethernet cable between the laptop and management Ethernet...

Страница 38: ...r Summit WM20 User Guide Software Release 4 2 38 4 In the User Name box type your user name The default is admin 5 In the Password box type your password The default is abc123 6 Click Login The Summit WM GUI main menu screen is displayed ...

Страница 39: ... id you used to login in For example admin Port Status is the connectivity state of the port M represents the Management interface which is on eth0 and the numbered lights reflect the esa ports on the system Green indicates the interface is up and running Red indicates the interface is down 7 From the main menu click Summit Switch Configuration The Summit WM Controller Configuration screen is disp...

Страница 40: ... subnet mask for the IP address to separate the network portion from the host portion of the address typically 255 255 255 0 Management Gateway Specifies the default gateway of the network Primary DNS Specifies the primary DNS server used by the network Secondary DNS Specifies the secondary DNS server used by the network 11 To save your changes click OK NOTE The Web connection between the computer...

Страница 41: ...he management port configuration settings the next step is to connect the Summit WM Controller to your enterprise network To connect the Summit WM Controller to your enterprise network 1 Disconnect your computer from the Summit WM Controller management port 2 Connect the Summit WM Controller management port to the enterprise Ethernet LAN The Summit WM Controller resets automatically 3 Log on to th...

Страница 42: ...all data ports Port configuration allows for the explicit state of the administration state for each interface By default data interface states will be disabled You can then enable each of the data interfaces individually A disabled interface does not allow data to flow receive transmit VLAN ID Parameter You can define a specific VLAN tag to be applied to a particular interface All packets associa...

Страница 43: ...he Summit WM Controller assumes control over the layer 3 functions including DHCP Router Port Use a router port definition for a port that you want to connect to a OSPF area to exchange routes to other OSPF routers Wireless APs can be attached to a router port The Summit WM Controller will create a virtual WM AD port and handle wireless device traffic in the same manner as a host port NOTE Third p...

Страница 44: ...Management Port Settings and Interfaces screen is displayed The lower portion of the Summit WM Controller Configuration screen displays the number of Ethernet ports of the Summit WM Controller Summit WM20 Two Ethernet ports Table 2 Port Types and Functions Port Type Host 3rd Party AP Router WM AD OSPF route advertisement No No Selectable Route wireless device traffic only No Wireless AP support Ye...

Страница 45: ...he drop down list Host Port Specifies a port for connecting Wireless APs with no OSPF routing function on this port Third Party AP Port Specifies a port to which you will connect third party access points Router Port Specifies a port that you want to connect to an upstream next hop router for OSPF route advertisement in the network NOTE For OSPF routing on a port the port must be configured as a r...

Страница 46: ...address type 0 0 0 0 5 In the Gateway box type the IP address of the specific router port or gateway on the same subnet as the Summit WM Controller to which to forward these packets This is the IP address of the next hop between the Summit WM Controller and the packet s ultimate destination 6 Click Add The new route is added to the list of routes 7 Select the Override dynamic routes checkbox to gi...

Страница 47: ...u must Define one data port as a router port in the IP Addresses screen Enable OSPF globally on the Summit WM Controller Define the global OSPF parameters Enable or disable OSPF on the port that you defined as a router port Ensure that the OSPF parameters defined here for the Summit WM Controller are consistent with the adjacent routers in the OSPF area This consistency includes the following If t...

Страница 48: ...6 In the Area ID box type the area 0 0 0 0 is the main area in OSPF 7 From the Area Type drop down list select one of the following Default The default acts as the backbone area also known as area zero It forms the core of an OSPF network All other areas are connected to it and inter area routing happens via a router connected to the backbone area Stub The stub area does not receive external route...

Страница 49: ...ion drop down list select the authentication type for OSPF on your network None or Password The default setting is None 7 If Password was selected as the authentication type in the Password box type the password If None was selected as the Authentication type leave this box blank This password must match on either end of the OSPF connection 8 Type the following Hello Interval Specifies the time in...

Страница 50: ...sers connected on a WM AD the WM AD configuration itself must have allow management enabled and users will only be able to target the WM AD interface specifically NOTE You can also enable management traffic in the WM AD definition For example on the Summit WM Controller s data interfaces both physical interfaces and WM AD virtual interfaces the built in exception filter prohibits invoking SSH HTTP...

Страница 51: ...les give you the capability of restricting access to a port for specific reasons such as a Denial of Service DoS attack The filtering rules are set up in the same manner as filtering rules defined for a WM AD specify an IP address and then either allow or deny traffic to that address For more information see Configuring Filtering Rules for a WM AD on page 122 The rules defined for port exception f...

Страница 52: ...ss 5 From the Protocol drop down list select the protocol you want to specify for the filter This list may include UDP TCP IPsec ESP IPsec AH ICMP The default is N A 6 Click Add The new filter is displayed in the Filter section of the screen 7 To select the new filter click it 8 To allow traffic select the Allow checkbox 9 To adjust the order of the filtering rules click Up or Down to position the...

Страница 53: ...s Points and Software Once you have configured the WM AD and registered and assigned APs to the WM AD the Summit WM Controller Access Points and Software system configuration is complete Ongoing operations of the Summit WM Controller Access Points and Software system can include the following Summit WM Controller System Maintenance Wireless AP Maintenance Client Disassociate Logs and Traces Report...

Страница 54: ...Configuring the Summit WM Controller Summit WM20 User Guide Software Release 4 2 54 ...

Страница 55: ... traffic to an Ethernet LAN The Wireless AP is provided with proprietary software that allows it to communicate only with the Summit WM Controller The Wireless AP physically connects to a LAN infrastructure and establishes an IP connection to the Summit WM Controller The Wireless AP has no user interface instead the Wireless AP is managed through the Summit WM GUI The Wireless AP s configuration i...

Страница 56: ...multaneously For more information see Topology for a WM AD on page 98 The Unlicensed National Information Infrastructure U NII bands are three frequency bands of 100 MHz each in the 5 GHz band designated for short range high speed wireless networking communication The Wireless AP supports the full range of 802 11a 5 15 to 5 25 GHz U NII Low Band 5 25 to 5 35 GHz U NII Middle Band 5 725 to 5 825 GH...

Страница 57: ...e Location Protocol SLP Directory Agent DA followed by a unicast SLP request to the Directory Agent To use the DHCP and unicast SLP discovery method you must ensure that the DHCP server on your network supports Option 78 DHCP for SLP RFC2610 The Wireless APs use this method to discover the Summit WM Controller This solution takes advantage of two services that are present on most networks DHCP Dyn...

Страница 58: ...port IP address and binding key Once the Wireless AP is registered with a Summit WM Controller the Wireless AP must be configured After the Wireless AP is registered and configured it can be assigned to a WM Access Domain Service WM AD to handle wireless traffic Default Wireless AP Configuration Default AP configuration simplifies the registration after discovery process Default Wireless AP config...

Страница 59: ...owered off Off Green Off Beginning of Power On Self Test POST 0 5 seconds Off Off Off POST Off Red Off Failure during POST Green Off Green Random delay State displayed only after a vulnerable reset Green Off Off Green Green Off Vulnerable time interval The Wireless AP resets to factory default if powered off for three consecutive times during this state No vulnerable period when AP is resetting to...

Страница 60: ...o a power source to initiate the discovery and registration process For more information see Connecting the Wireless AP to a Power Source and Initiating the Discovery and Registration Process on page 63 Adding a Wireless AP Manually Option An alternative to the automatic discovery and registration process of the Wireless AP is to manually add and register a Wireless AP to the Summit WM Controller ...

Страница 61: ... minimum configuration which only allows it to maintain an active link with the controller for future state change The AP s radios are not configured or enabled Pending APs are not eligible for configuration operations WM AD Assignment default template Radio parameters until approved If the Summit WM Controller recognizes the serial number the controller uses the existing registration record to au...

Страница 62: ...t Allow only approved Altitude APs to connect The Allow all Altitude APs to connect option is selected by default For more information see Security Mode on page 60 4 In the Discovery Timers section type the discovery timer values in the following boxes Number of retries Delay between retries The number of retries is limited to 255 in a five minutes discovery period The default number of retries is...

Страница 63: ...matic discovery and registration process of the Wireless AP is to manually add and register a Wireless AP to the Summit WM Controller The Wireless AP is added with default settings For more information see Modifying Wireless AP Settings on page 64 To add and register a Wireless AP manually 1 From the main menu click Altitude APs The Altitude AP screen is displayed 2 Click Add Altitude AP The Add A...

Страница 64: ...ation states to modify their settings For example this feature is useful when approving pending Wireless APs when there are a large number of other Wireless APs that are already registered From the Access Approval screen click Pending to select all pending Wireless APs then click Approve to approve all selected Wireless APs Modifying a Wireless AP s Status If during the discovery process the Summi...

Страница 65: ...reen was set to register only approved Wireless APs Pending AP is removed from the Active list and is forced into discovery Release Release foreign Wireless APs after recovery from a failover Releasing an AP corresponds to the Availability functionality For more information see Chapter 6 Availability and Controller Functionality Delete Delete this Wireless AP from the WM AD Configuring the Default...

Страница 66: ...ion is enabled by default Country Select the country of operation This option is only available with some licenses 5 In the Radio Settings section modify the following Enable Radio Select the radios you want to enable DTIM Beacon Period For each radio type the desired DTIM Delivery Traffic Indication Message period the number of beacon intervals between two DTIM beacons To ensure the best client p...

Страница 67: ... in the vicinity of this AP Select Long if compatibility with pre 11b clients is required Protection Mode Select a protection mode None Auto or Always The default and recommended setting is Auto Select None if 11b APs and clients are not expected Select Always if you expect many 11b only clients Protection Rate Select a protection rate 1 2 5 5 or 11 Mbps The default and recommended setting is 11 O...

Страница 68: ...ns in Discovery and Registration Overview on page 56 7 In the Dynamic Radio Management section modify the following Enable Select Enable or Disable Coverage Select Shaped or Standard Shaped coverage adjusts the range based on neighboring Wireless APs and standard coverage adjusts the range to the client that is the most distant as indicated by its signal strength Avoid WLAN For each radio select O...

Страница 69: ...less AP s properties as an access point 1 From the main menu click Altitude APs The Altitude APs screen is displayed 2 In the Wireless AP list click the Wireless AP whose properties you want to modify The WAP Properties tab displays Wireless AP information 3 Modify the Wireless AP s information ...

Страница 70: ...eboot Use broadcast for disassociation Select if you want the Wireless AP to use broadcast disassociation when disconnecting all clients instead of disassociating each client one by one This will affect the behavior of the AP under the following conditions If the Wireless AP is preparing to reboot or to enter one of the special modes DRM initial channel selection If a BSSID is deactivated or remov...

Страница 71: ...ar in the Base Settings section The following lists how many WM ADs each Summit WM Controller can support WM20 Up to 8 WM ADs The AP radios can be assigned to each of the configured WM ADs in a system Each radio can be the subject of 8 WM AD assignments corresponding to the number of SSIDs it can support Once a radio has all 8 slots assigned it is no longer eligible for further assignment The BSS ...

Страница 72: ...e power ratio in decibel dB of the measured power referenced to one milliwatt If Dynamic Radio Management DRM was enabled on the DRM screen this option is read only Rx Diversity Select Alternate for the best signal from both antennas or Left or Right to choose either of the two diversity antennas The default and recommended selection is Alternate If only one antennae is connected use the correspon...

Страница 73: ...s is required Protection Mode Select a protection mode None Auto or Always The default and recommended setting is Auto Select None if 11b APs and clients are not expected Select Always if you expect many 11b only clients Protection Rate Select a protection rate 1 2 5 5 or 11 Mbps The default and recommended setting is 11 Only reduce the rate if there are many 11b clients in the environment or if t...

Страница 74: ...s above which the packets will be fragmented by the AP prior to transmission The default value is 2346 which means all packets are sent unfragmented Reduce this value only if necessary 802 11a Select to enable the 802 11a radio Channel Select the wireless channel that the Wireless AP will use to communicate with wireless devices Depending on the regulatory domain based on country some channels may...

Страница 75: ...e Max Basic Rate NOTE Radio a channels 100 to 140 occupy the 5470 5725 MHz band in the regulatory domains of the European Union and European Union free trade countries Radio B G Channels 12 and 13 are not available in North America Radio B G channel 14 is only available in Japan No of Retries for Background BK Select the number of retries for the Background transmission queue The default value is ...

Страница 76: ... to a specific VLAN and type the value in the box Untagged Select if you want this AP to be untagged This option is selected by default CAUTION Caution should be exercised when using this feature If a VLAN tag is not configured properly the connectivity with the AP will be lost To configure the AP VLAN do the following Connect the AP to the Summit WM Controller or to the network point that does no...

Страница 77: ...n if necessary If the AP IP address is not configured properly connecting to the AP may not be possible To recover from this situation you will need to reset the AP to its factory default settings For more information see Resetting the AP to Its Factory Default Settings on page 199 6 In the Add box type the IP address of the Summit WM Controller that will control this Wireless AP 7 Click Add The I...

Страница 78: ...Ps select the checkbox corresponding to the Wireless AP you want to configure for DRM The DRM properties are populated with default values when DRM is enabled 6 In the Coverage drop down list select Std Standard Coverage Adjusts the range to the client that is the most distant as indicated by its signal strength Shpd Shaped Coverage Adjusts the range based on neighboring Wireless APs 7 If applicab...

Страница 79: ...s use the Reset to Defaults feature on the WAP Properties tab To configure a Wireless AP with the system s default AP settings 1 From the main menu click Altitude APs The Altitude APs screen is displayed 2 In the Altitude AP list click the Wireless AP whose properties you want to modify The WAP Properties tab displays Wireless AP information 3 Click Reset to Defaults to have the Wireless AP inheri...

Страница 80: ... Simultaneously In addition to configuring APs individually you can also configure multiple APs simultaneously by using the AP Multi edit functionality To configure APs simultaneously 1 From the main menu click Altitude APs The Altitude APs screen is displayed 2 In the left pane click WAP Multi edit 3 In the Altitude AP list select one or more APs to edit To select multiple APs select the appropri...

Страница 81: ...e Periodically the software used by the Wireless APs is altered for reasons of upgrade or security The new version of the AP software is installed from the Summit WM Controller The software for each Wireless AP can be uploaded either immediately or the next time the Wireless AP connects Part of the Wireless AP boot sequence is to seek and install its software from the Summit WM Controller Although...

Страница 82: ...ides Controlled Upgrade settings Selected by default Allows for the selection of a default revision level firmware image for all APs in the domain As the AP registers with the controller the firmware version is verified If it does not match the same value as defined for the default image the AP is automatically requested to upgrade to the default image 6 Select the Do not upgrade WAP images if cur...

Страница 83: ...ve the image file from User ID The user ID that the controller should use when it attempts to log in to the FTP server Password The corresponding password for the user ID Confirm The corresponding password for the user ID to confirm it was typed correctly Directory The directory on the server in which the image file that is to be retrieved is stored Filename The name of the image file to retrieve ...

Страница 84: ...lect the software image you want to use for the upgrade 6 In the list of registered Altitude APs select the checkbox for each Wireless AP to be upgraded with the selected software image 7 Click Apply WAP image version The selected software image is displayed in the Upgrade To column of the list 8 To save the software upgrade strategy to be run later click Save for later 9 To run the software upgra...

Страница 85: ...ly by the Summit WM Controller s Dynamic Host Configuration Protocol DHCP server within the assigned range NOTE If the WM AD is in branch mode the Summit WM Controller s DHCP server will not assign IP addresses to the wireless devices For a routed WM AD you can allow the enterprise network s DHCP server to provide the IP addresses for the WM AD by enabling DHCP Relay The assigned addresses must be...

Страница 86: ...ces can selectively be enabled including DHCP Relay allowing you to use the controller to become the default DHCP server for the VLAN if applicable Before defining a WM AD the following properties must be determined A user access plan for both individual users and user groups The RADIUS attribute values that support the user access plan The location and identity of the Wireless APs that will be us...

Страница 87: ...ring Sales Finance Role such as student teacher library user Status such as guest administration technician For each user group you should set up a filter ID attribute in the RADIUS server and then associate each user in the RADIUS server to at least one filter ID name You can define specific filtering rules by filter ID attribute that will be applied to user groups to control network access Filte...

Страница 88: ...ing lists how many WM ADs each Summit WM Controller can support WM20 Up to 8 WM ADs Each AP s radio can be assigned to any of the WM ADs defined in the system with up to 8 assignments per radio Once a WM AD definition is saved the Summit WM Controller updates this information on the Wireless AP The WM AD broadcasts the updates during beacon transmission unless the SSID beacon is suppressed on the ...

Страница 89: ...o access it The Summit WM Controller supports two modes of Captive Portal authentication Internal Captive Portal The controller s own Captive Portal authentication page configured as an editable form is used to request user credentials External Captive Portal An entity outside of the Summit WM Controller is responsible for handling the user authentication process presenting the credentials request...

Страница 90: ...equests one Both Captive Portal and AAA 802 1x authentication mechanisms in Summit WM Controller Access Points and Software rely on a RADIUS server on the enterprise network You can identify and prioritize up to three RADIUS servers on the Summit WM Controller in the event of a failover of the active RADIUS server the Summit WM Controller will poll the other servers in the list for a response Once...

Страница 91: ...he type of authentication used No authentication network assignment by SSID Only the default filter will apply Specific network access can be defined Authentication by captive portal network assignment by SSID The non authenticated filter will apply before authentication Specific network access can be defined The filter should also include a rule to allow all users to get as far as the Captive Por...

Страница 92: ...rd AES or by Temporal Key Integrity Protocol TKIP Two modes are available Enterprise Specifies 802 1x authentication and requires an authentication server Pre Shared Key PSK Relies on a shared secret The PSK is a shared secret pass phrase that must be entered in both the Wireless AP or router and the WPA clients WM AD Global Settings Before defining a specific WM AD define the global settings that...

Страница 93: ...tion between controller and the RADIUS server 4 In order to proofread your password before saving the configuration click Unmask The password is displayed To mask the password click Mask This precautionary step is highly recommended in order to avoid an error later when the Summit WM Controller attempts to communicate with the RADIUS server 5 To add the server to the list click Add 6 To remove a s...

Страница 94: ...r a new voice stream Max Video VI BW for roaming streams The maximum allowed overall bandwidth on the new AP when a client with an active video stream roams to a new AP and requests admission for the video stream Max Video VI BW for new streams The maximum allowed overall bandwidth on an AP when an already associated client requests admission for a new video stream These global QoS settings apply ...

Страница 95: ...liar with the WM AD concepts you can now set up a new WM AD Setting up a new WM AD involves the following general steps Step one Create a WM AD name Step two Define the topology parameters Step three Configure the WM AD For information on setting up a new WM AD see Chapter 5 WM Access Domain Services Configuration ...

Страница 96: ...WM Access Domain Services Summit WM20 User Guide Software Release 4 2 96 ...

Страница 97: ...eless device users where the Summit WM Controller acts as a default gateway to wireless devices For each WM AD you define its topology authentication accounting RADIUS servers filtering multicast parameters privacy and policy mechanism When you set up a new WM AD additional tabs appear only after you save the topology A critical topology option to define for a WM AD is the WM AD type Routed WM AD ...

Страница 98: ...ed defining the topology for your WM AD save the topology settings Once your topology is saved you can then access the remaining WM AD tabs and continue configuring your WM AD There are two options for network assignment SSID The SSID determines the WM AD to which a user profile will be assigned user topology IP filters Has Captive Portal authentication or no authentication as well as MAC based au...

Страница 99: ...llows a client to associate to the AP and exist on the network without having authentication Every associated user has a user session tracked by the Summit WM Controller from the time of association with the AP Users can be temporarily or longer for SSID assigned WM ADs be in the non authenticated state Pre timeout is the maximum amount of time allowed to elapse from the last time any traffic was ...

Страница 100: ...reen is displayed 2 In the left pane WM Access Domains list click the WM AD you want to define the session timeout parameters for The Topology tab is displayed 3 In the Idle pre box type the number of minutes that a client is allowed to be idle on the WM AD before authentication 4 In the Idle post box type the number of minutes that a client is allowed to be idle on the WM AD after authentication ...

Страница 101: ...ically Captive Portal enforcement In addition third party APs have a specific set of filters third party applied to them by default which allows the administrator to provide different traffic access restrictions to the third party AP devices for the users that use those resources The third party filters could be used to allow access to third party APs management operations for example HTTP SNMP 4 ...

Страница 102: ...LAN at AP port The IP address definition is only required for a routed WM AD or VLAN bridged WM AD To define the IP address for the WM AD 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the left pane WM Access Domains list click the WM AD you want to define the IP address for The Topology tab is displayed 3 In the Gateway box type the Summit WM Contr...

Страница 103: ...le address in the From box and type the last available address in the to box Click Add for each IP range you provide To specify a IP address select the Single Address option and type the IP address in the box Click Add for each IP address you provide To save your changes click Save The Address Exclusion screen closes 5 The Broadcast Address box populates automatically based on the Gateway IP addre...

Страница 104: ... the controller s WM AD interface on the VLAN become either the actual DHCP server enable DHCP or become the relay agent for DHCP requests To set the name server configuration 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the left pane WM Access Domains list click the WM AD you want to set the name server configuration for The Topology tab is displ...

Страница 105: ...n the case of relay the Summit WM Controller does not handle DHCP requests from users but instead forwards the requests to the indicated DHCP server NOTE The DHCP Server must be configured to match the WM AD settings In particular for Routed WM AD the DHCP server must identify the Summit WM Controller s interface IP as the default Gateway router for the subnet Users intending to reach devices outs...

Страница 106: ...operties click Save Assigning Wireless AP Radios to a WM AD If two Summit WM Controllers have been paired for availability for more information see Availability Overview on page 151 each Summit WM Controller s registered Wireless APs will appear as foreign in the list of available Wireless APs on the other Summit WM Controller Once you have assigned a Wireless AP radio to eight WM ADs it will not ...

Страница 107: ... disabled It is recommended to enable this option Apply power back off Select to enable the AP to use reduced power as does the 11h client By default this option is disabled It is recommended to enable this option Process client IE requests Select to enable the AP to accept IE requests sent by clients via Probe Request frames and responds by including the requested IE s in the corresponding Probe ...

Страница 108: ... to determine if the wireless client s MAC address is authorized to access the network Vendor Specific Attributes In addition to the standard RADIUS message you can include Vendor Specific Attributes VSAs The Summit WM Controller Access Points and Software authentication mechanism provides six VSAs for RADIUS and other authentication mechanisms Table 4 Vendor Specific Attributes Attribute Name ID ...

Страница 109: ...Controller implements policy and allows the appropriate network access Captive Portal authentication relies on a RADIUS server on the enterprise network There are three mechanisms by which Captive Portal authentication can be carried out Internal Captive Portal The Summit WM Controller presents the Captive Portal Web page carries out the authentication and implements policy External Captive Portal...

Страница 110: ...on Summit WM20 User Guide Software Release 4 2 110 Auth Use to define authentication servers MAC Use to define servers for MAC based authentication Acct Use to define accounting servers 4 Click Auth The Authentication fields are displayed ...

Страница 111: ...used to access the RADIUS server The default is 1812 7 In the of Retries box type the number of times the Summit WM Controller will attempt to access the RADIUS server 8 In the Timeout box type the maximum time that a Summit WM Controller will wait for a response from the RADIUS server before attempting again 9 In the NAS Identifier box type the Network Access Server NAS identifier The NAS identif...

Страница 112: ...E If you have already assigned a server to either MAC based authentication or accounting and you want to use it again for authentication highlight its name in the list next to the Up and Down buttons and select the Use server for Authentication checkbox The server s default information is displayed Defining the RADIUS Server Priority for RADIUS Redundancy If more than one server has been defined f...

Страница 113: ...oint for AAA WM ADs there is no need for a client password below 7 In the User ID box type the user ID that you know can be authenticated 8 In the Password box type the corresponding password 9 Click Test The Test Result screen is displayed 10 To view a summary of the RADIUS configuration click View Summary The RADIUS summary screen is displayed 11 To save your changes click Save Configuring Capti...

Страница 114: ...a label for the user login field 7 In the Password Label box type the text that will appear as a label for the user password field 8 In the Header URL box type the location of the file to be displayed in the Header portion of the Captive Portal screen This page can be customized to suit your organization with logos or other graphics CAUTION If you use logos or graphics ensure that the graphics or ...

Страница 115: ... those identifiers 16 To provide users with a logoff button select Logoff The Logoff button launches a pop up logoff screen allowing users to control their logoff 17 To provide users with a status check button select Status check The Status check button launches a pop up window which allows users to monitor session statistics such as system usage and time left in a session 18 To save your changes ...

Страница 116: ...ltering for a WM AD on page 90 Defining Authentication for a WM AD for AAA If network assignment is AAA with 802 1x authentication the wireless device must successfully complete the user authentication verification prior to being granted network access This enforcement is performed by both the user s client and the AP The wireless device s client utility must support 802 1x The user s EAP packets ...

Страница 117: ...n fields are displayed 5 From the RADIUS drop down list select the server you want to use for Captive Portal authentication and then click Use The server s default information is displayed The RADIUS servers are defined in the Global Settings screen For more information see WM AD Global Settings on page 92 ...

Страница 118: ... The Vendor Specific Attributes must be defined on the RADIUS server 11 If applicable select Set as primary server 12 To save your changes click Save NOTE If you have already assigned a server to either MAC based authentication or accounting and you want to use it again for authentication highlight its name in the list next to the Up and Down buttons and select the Use server for Authentication ch...

Страница 119: ...k Use The server s default information is displayed and a red asterisk is displayed next to MAC indicating that a server has been assigned The RADIUS servers are defined in the Global Settings screen For more information see WM AD Global Settings on page 92 6 If applicable to use a server that has already been used for another type of authentication or accounting select the server you want to use ...

Страница 120: ...nges click Save Defining Accounting Methods for a WM AD The next step in configuring a WM AD is to define the methods of accounting Accounting tracks the activity of a wireless device users There are two types of accounting available Summit WM Controller accounting Enables the Summit WM Controller to generate Call Data Records CDRs in a flat file on the Summit WM Controller RADIUS accounting Enabl...

Страница 121: ...o define the filter ID values for a WM AD These filter ID values must match those set up on the RADIUS servers NOTE This configuration step is optional If filter ID values are not defined the system uses the default filter as the applicable filter group for authenticated users within a WM AD However if more user specific filter definitions are required for example filters based on a user s departm...

Страница 122: ...e box type the name of a WM AD group you want to create and define within the selected parent WM AD 8 Click the corresponding Add button The Group Name will appear as a child of the parent WM AD in the left pane WM Access Domains list 9 To your changes click Save Configuring Filtering Rules for a WM AD The next step in configuring a WM AD is to configure the filtering rules for a WM AD In an AAA W...

Страница 123: ...les may inadvertently create security lapses in the system s protection mechanism or create a scenario that filters out packets that are required by the system NOTE Use exception filters only if absolutely necessary It is recommended to avoid defining general allow all or deny all rule definitions since those definitions can easily be too liberal or too restrictive to all types of traffic The exce...

Страница 124: ...d in the Topology tab for this WM AD 7 Click Add The information is displayed in the Filter Rules section of the tab 8 Select the new filter then select the Allow checkbox applicable to the rule you defined 9 Edit the order of a filter by selecting the filter and clicking the Up and Down buttons The filtering rules are executed in the order you define here 10 To save your changes click Save NOTE F...

Страница 125: ...TP traffic outside of those defined in the non authenticated filter will be redirected NOTE Although non authenticated filters definitions are used to assist in the redirection of HTTP traffic for restricted or denied destinations the non authenticated filter is not restricted to HTTP operations The filter definition is general Any traffic other than HTTP that the filter does not explicitly allow ...

Страница 126: ... 6 For Captive Portal assignment define a rule to allow access to the default gateway for this WM AD Select IP Port Type the default gateway IP address that you defined in the Topology tab for this WM AD 7 Click Add The information is displayed in the Filter Rules section of the tab 8 Select the new filter then do the following If applicable select In to refer to traffic from the wireless device t...

Страница 127: ...l URLs mentioned in the page definition Here is another example of a non authenticated filter that adds two more filtering rules The two additional rules do the following Deny access to a specific IP address Allows only HTTP traffic Table 5 Non authenticated filter example A In Out Allow IP Port Description x x x IP address of default gateway WM AD Interface IP Allow all incoming wireless devices ...

Страница 128: ...lso send back to the Summit WM Controller a filter ID attribute value associated with the user For an AAA WM AD a Login LAT Group identifier for the user may also be returned WM AD Policy is also applicable for Captive Portal and MAC based authorization If the filter ID attribute value or Login LAT Group attribute value from the RADIUS server matches a filter ID value that you have set up on the S...

Страница 129: ... destination IP address You can also specify an IP range a port designation or a port range on that IP address In the Protocol drop down list select the applicable protocol The default is N A 6 Click Add The information is displayed in the Filter Rules section of the tab 7 Select the new filter then do the following If applicable select In to refer to traffic from the wireless device that is tryin...

Страница 130: ...or any traffic that did not match a filter A final Allow All rule in a default filter will ensure that a packet is not dropped entirely if no other match can be found WM AD Policy is also applicable for Captive Portal and MAC based authorization To define the filtering rules for a default filter 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the lef...

Страница 131: ...mple A In Out Allow IP Port Description x x Intranet IP range Deny all access to an IP range x x Port 80 HTTP Deny all access to Web browsing x x Intranet IP Deny all access to a specific IP x x x Allow everything else Table 10 Default Filter Example B In Out Allow IP Port Description x Port 80 HTTP on host IP Deny all incoming wireless devices access to Web browsing the host x Intranet IP 10 3 0 ...

Страница 132: ...multicast traffic can be enabled as part of a WM AD definition This mechanism is provided to support the demands of VoIP and IPTV network traffic while still providing the network access control Define a list of multicast groups whose traffic is allowed to be forwarded to and from the WM AD The default behavior is to drop the packets For each group defined you can enable Multicast Replication by g...

Страница 133: ...by selecting one of the radio buttons IP Group Type the IP address range Defined groups Select from the drop down list 6 Click Add The group is added to the list above 7 To enable the wireless multicast replication for this group select the corresponding Wireless Replication checkbox 8 To modify the priority of the multicast groups select the group row and click the Up or Down buttons A Deny All r...

Страница 134: ... up to eight SSIDs Each AP can participate in up to 8 WM ADs For each WM AD only one WEP key can be specified It is treated as the first key in a list of WEP keys Wi Fi Protected Access WPA Pre Shared key PSK Privacy in PSK mode using a Pre Shared Key PSK or shared secret for authentication WPA PSK is a security solution that adds authentication to enhanced WEP encryption and key management WPA PS...

Страница 135: ...select Input String type the secret WEP key string used for encrypting and decrypting in the WEP Key String box The WEP Key box is automatically filled by the corresponding Hex code 7 To save your changes click Save To configure privacy by WPA PSK for a Captive Portal WM AD 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the left pane WM Access Domai...

Страница 136: ... 2 8 To enable re keying after a time interval select Broadcast re key interval If this checkbox is not selected the Broadcast encryption key is never changed and the Wireless AP will always use the same broadcast key for Broadcast Multicast transmissions This will reduce the level of security for wireless communications 9 In the Broadcast re key interval box type the time interval after which the...

Страница 137: ...ryption Standard with Counter Mode CBC MAC Protocol AES CCMP NOTE In order to use WPA with 802 1x authentication network assignment must be AAA To set up static WEP privacy for an AAA WM AD 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the left pane WM Access Domains list click the AAA WM AD you want to configure privacy by WPA PSK for a Captive Po...

Страница 138: ...rivacy for an AAA WM AD The WM AD Privacy feature supports Wi Fi Protected Access WPA v1 and WPA v2 a security solution that adds authentication to enhanced WEP encryption and key management The authentication portion of WPA for AAA is in Enterprise Mode Specifies 802 1x with Extensible Authentication Protocol EAP Requires a RADIUS or other authentication server Uses RADIUS protocols for authentic...

Страница 139: ...th Wireless AP Step two Wireless AP blocks the client s network access while the authentication process is carried out the Summit WM Controller sends the authentication request to the RADIUS authentication server Step three The wireless client provides credentials that are forwarded by the Summit WM Controller to the authentication server Step four If the wireless device client is not authenticate...

Страница 140: ...is checkbox is not selected the Broadcast encryption key is never changed and the Wireless AP will always use the same broadcast key for Broadcast Multicast transmissions This will reduce the level of security for wireless communications 8 In the Broadcast re key interval box type the time interval after which the broadcast encryption key is changed automatically The default is 3600 9 To save your...

Страница 141: ... are enabling the integration of internet telephony technology on wireless networks Various issues including Quality of Service QoS call control network capacity and network architecture are factors in VoIP over 802 11 WLANs Wireless voice data requires a constant transmission rate and must be delivered within a time limit This type of data is called isochronous data This requirement for isochrono...

Страница 142: ...verride is enabled the configured service class overrides the queue selection in the downlink direction the 802 1P UP for the VLAN tagged Ethernet packets and the UP for the wireless QoS packets WMM or 802 11e according to the mapping in Table 13 If Priority Override is enabled and the WM AD is not locally bridged the configured DSCP value is used to tag the IP header of the encapsulated packets T...

Страница 143: ...ify and prioritize the uplink traffic 802 11e If enabled the AP will accept WMM client associations and will classify and prioritize the downlink traffic for all 802 11e clients The 802 11e clients will also classify and prioritize the uplink traffic Turbo Voice If any of the above QoS modes are enabled the Turbo Voice mode is available If enabled all the downlink traffic that is classified to the...

Страница 144: ...he QoS tagging within the packets as set by the wireless devices and the host devices on the wired network Both Layer 3 tagging DSCP and Layer 2 802 1d tagging are supported and the mapping is conformant with the WMM specification If both L2 and L3 priority tags are available then both are taken into account and the chosen AC is the highest resulting from L2 and L3 If only one of the priority tags...

Страница 145: ...together with QoS modes Legacy WMM or 802 11e DL voice traffic is sent via Turbo Voice queue instead of voice queue A separate turbo voice queue allows for some WM ADs to use the Turbo Voice parameters for voice traffic while other WM ADs use the voice parameters for voice traffic If WMM mode is also enabled WMM clients use Turbo Voice like contention parameters for UL voice traffic If 802 11e mod...

Страница 146: ...ower Save Delivery U APSD feature Works in conjunction with WMM and or 802 11e and it is automatically disabled if both WMM and 802 11e are disabled Step 6 Configure Global Admission Control Enable admission control Admission control protects admitted traffic against new bandwidth demands Available for Voice and Video To configure QoS Policy on a WM AD 1 From the main menu click WM AD Configuratio...

Страница 147: ...affic for all 802 11e clients The 802 11e clients will also classify and prioritize the uplink traffic If selected the Turbo Voice and the Advanced Wireless QoS options are displayed Turbo Voice Select to enable all downlink traffic that is classified to the Voice VO AC and belongs to that WM AD to be transmitted by the AP via a queue called Turbo Voice TVO instead of the normal Voice VO queue Whe...

Страница 148: ...s while being in power save mode This feature works in conjunction with WMM and or 802 11e and it is automatically disabled if both WMM and 802 11e are disabled Use Global Admission Control for Voice VO Select to enable admission control for Voice With admission control clients are forced to request admission in order to use the high priority access categories in both downlink and uplink direction...

Страница 149: ...ed as a single WM AD VLAN with different SSIDs on different radios An effective scenario of the configuration described above in which the same subnet is used with different SSIDs on radio a and b g is when this configuration is defined consistently on all APs It would allow dual band a b g clients to associate to one of the radios by specifying the correct SSID This is particularly effective with...

Страница 150: ...WM Access Domain Services Configuration Summit WM20 User Guide Software Release 4 2 150 ...

Страница 151: ...he second Summit WM Controller provides the wireless network and a pre assigned WM AD for the Wireless AP NOTE During a failover event the maximum number of failover APs a backup controller can accommodate is equal to the maximum number of APs supported by the hardware platform NOTE Wireless APs that attempt to connect to a backup controller during a failover event are assigned to the WM AD that i...

Страница 152: ...the primary and secondary Summit WM Controllers are identical platforms For more information on availability support between platforms see the Summit WM20 Technical Reference Guide Verify the network accessibility for the TCP IP connection between the two controllers The availability link is established as a TCP session on port 13907 Set up a DHCP server for AP subnets to support Option 78 for SLP...

Страница 153: ... AP assignments are used An alternate method to setting up APs includes 1 Add each Wireless AP manually to each Summit WM Controller 2 From the AP Properties screen click Add Wireless AP 3 Define the Wireless AP and click Add Wireless AP Manually defined APs will inherit the default AP configuration settings CAUTION If two Summit WM Controllers are paired and one has the Allow All option set for W...

Страница 154: ...options Allow all Altitude APs to connect If the Summit WM Controller does not recognize the serial number it sends a default configuration to the Wireless AP Or if the Summit WM Controller recognizes the serial number it sends the specific configuration port and binding key set for that Wireless AP Allow only approved Altitude APs to connect If the Summit WM Controller does not recognize the seri...

Страница 155: ... During an outage if the remaining Summit WM Controller is the secondary controller It registers as the SLP service ru_manager To view SLP activity 1 From the main menu click Altitude APs The Altitude APs screen is displayed 2 In the left pane click AP Registration The Altitude APs Registration screen is displayed 3 To confirm SLP registration click the View SLP Registration button A pop up screen...

Страница 156: ...e AP is assigned to different WM ADs on the two controllers it will reboot Because of the pairing of the two Summit WM Controllers the Wireless AP will then register with the other Summit WM Controller All user sessions using the AP that fails over will terminate unless the Maintain client sessions in event of poll failure option is enabled on the AP Properties tab or AP Default Settings screen NO...

Страница 157: ...r the critical messages for the failover mode message in the information log of the remaining Summit WM Controller in the Reports and Displays section of the Summit WM Controller 2 After recovery on the Summit WM Controller that did not fail select the foreign Wireless APs and click on the Release button on the Access Approval screen Defining Management Users In this screen you define the login us...

Страница 158: ...displayed 2 In the left pane click the Management Users option The Management Users screen is displayed 3 To select a user to be modified click it 4 In the Password box type the new password for the user 5 In the Confirm Password retype the new password 6 To change the password click Change Password To remove a Summit WM Controller management user 1 From the main menu click Summit Switch The Summi...

Страница 159: ...or Ocean drop down list 5 From the Time Zone Region drop down list select the appropriate time zone region for the selected country 6 To apply your changes click Apply Time Zone To set system time parameters 1 From the main menu click Summit Switch The Summit Switch Configuration screen is displayed 2 In the left pane click Network Time The Network Time screen is displayed 3 To use system time sel...

Страница 160: ...gram Interface On the ELA server the event messages are tracked and analyzed so suspicious messages can be forwarded to a firewall application that can take corrective action Check Point created the OPSEC Open Platform for Security alliance program for security application and appliance vendors to enable an open industry wide framework for inter operability When ELA is enabled on the Summit WM Con...

Страница 161: ... The default is 100 milliseconds ELA Retry Interval Specifies the amount of time in milliseconds you want the system to wait before attempting a re connection between Summit WM Controller and the Check Point gateway The default is 2000 milliseconds ELA Message Queue Size Specifies the number of messages the log queue holds if the Summit WM Controller and the Check Point gateway become disconnected...

Страница 162: ... SNMP The Summit WM Controller Access Points and Software system supports Simple Network Management Protocol SNMP Version 1 and 2c SNMP a set of protocols for managing complex networks is used to retrieve Summit WM Controller statistics and configuration information SNMP sends messages called protocol data units PDUs to different parts of a network Devices on the network that are SNMP compliant ca...

Страница 163: ...roller is the only point of SNMP access for the entire system In effect the Summit WM Controller proxies sets gets and alarms from the associated Wireless APs Enabling SNMP on the Summit WM Controller You can enable SNMP on the Summit WM Controller to retrieve statistics and configuration information To enable SNMP Parameters 1 From the main menu click Summit Switch The Summit Switch Configuration...

Страница 164: ...lt this option is enabled When this option is enabled all Wireless APs and their interfaces are published as interfaces of the Summit WM Controller when you retrieve topology statistics and configuration information using the SNMP protocol Topology statistics and configuration information on Wireless APs are retrievable using both proprietary and standard MIB The Publish AP as interface of control...

Страница 165: ... 4 2 165 3 In the Target IP Address box type the IP address of the destination computer 4 To test a connection to the target IP address click Ping A pop up window is displayed with the ping results The following is an example of a screen after clicking the Ping button ...

Страница 166: ...net between your computer and the target IP address click Trace Route A pop up window is displayed with the trace route results The following is an example of a screen after clicking the Trace Route button Configuring Web Session Timeouts You can configure the time period to allow Web sessions to remain inactive before timing out ...

Страница 167: ...yed 3 In the Web Session Timeout box type the time period to allow the Web session to remain inactive before it times out This can be entered as hour minutes or as minutes The range is 1 minute to 168 hours 4 Select the Show WM AD names on the Wireless AP SSID list checkbox to allow the names of the WM ADs to appear in the SSID list for Wireless APs 5 To save your settings click Save NOTE Screens ...

Страница 168: ...Availability and Controller Functionality Summit WM20 User Guide Software Release 4 2 168 ...

Страница 169: ...tive Portal and RAD policy for the third party AP WM AD on page 170 Step 4 Define filtering rules for the third party APs on page 171 To set up third party APs Step 1 Define a data port as a third party AP port 1 From the main menu click Summit Switch The Summit Switch Configuration screen is displayed 2 From the left pane click IP Address The Management Port Settings and Interfaces screen is disp...

Страница 170: ... SSID 4 To define a WM AD for a third party AP select the Use 3rd Party AP checkbox 5 Continue configuring your WM AD as described in Configuring Topology for a WM AD for Captive Portal on page 99 NOTE Bridge Traffic at AP and MAC based authentication are not available for third party WM ADs Step 3 Define authentication by Captive Portal and RAD policy for the third party AP WM AD 1 Click the Auth...

Страница 171: ...y access point s layer 3 IP routing capability and set the access point to work as a layer 2 bridge Here are the differences between third party access points and Wireless APs on the Summit WM Controller Access Points and Software system A third party access point exchanges data with the Summit WM Controller s data port using standard IP over Ethernet protocol The third party access points do not ...

Страница 172: ...Working With Third Party APs Summit WM20 User Guide Software Release 4 2 172 ...

Страница 173: ...Summit WM series Spy is a mechanism that assists in the detection of rogue APs Summit WM series Spy functionality does the following Wireless AP Runs a radio frequency RF scanning task Alternating between scan functions providing its regular service to the wireless devices on the network Summit WM Controller Runs a data collector application that receives and manages the RF scan messages sent by t...

Страница 174: ...sis Engine select the Enable Summit Spy Analysis Engine checkbox 4 To enable the Summit Spy Data Collection Engine on this Summit WM Controller select the Enable Local Summit Spy Data Collection Engine checkbox 5 To save your changes click Apply NOTE Currently the Summit WM Controller WM20 does not support the Remote Collection Engines functionality of the Summit WM Controller Access Points and So...

Страница 175: ...is displayed as part of the Scan Group If it becomes active it will be sent a scan request during the next periodic scan To run the Summit WM series Spy scan task mechanism 1 From the main menu click Summit Spy The Summit Spy screen is displayed 2 Click the Scan Groups tab 3 In the Scan Group Name box type a unique name for this scan group 4 In the Altitude APs list select the checkbox correspondi...

Страница 176: ...ireless AP within the Scan Group will initiate a scan of the RF space The range is from one minute to 120 minutes 10 To initiate a scan using the periodic scanning parameters defined above click Start Scan 11 To initiate an immediate scan that will run only once click Run Now NOTE If necessary you can stop a scan by clicking Stop Scan A scan must be stopped before modifying any parameters of the S...

Страница 177: ...n SSID critical alarm Known Wireless AP with an unknown SSID major alarm In ad hoc mode major alarm NOTE In the current release there is no capability to initiate a DoS attack on the detected rogue access point Containment of a detected rogue requires an inspection of the geographical location of its Scan Group area where its RF activity has been found Working With Summit WM Series Spy Scan Result...

Страница 178: ...ry The Rogue Summary report is displayed in a pop up window 6 To clear all detected rogue devices from the list click Clear Detected Rogues NOTE To avoid the Summit WM series Spy s database becoming too large it is recommended that you either delete Rogue APs or add them to the Friendly APs list rather than leaving them in the Rogue list ...

Страница 179: ...ion of the Friendly AP s tab To delete an AP from the Summit WM series Spy scan results 1 From the main menu click Summit Spy The Summit Spy screen is displayed 2 Click the Rogue Detection tab 3 To delete a specific AP from the Summit WM series Spy scan results click the corresponding Delete button The AP is removed from the list 4 To clear all rogue access points from the Summit WM series Spy sca...

Страница 180: ...in menu click Summit Spy The Summit Spy screen is displayed 2 Click the Friendly APs tab 3 To select an access point from the Friendly AP Definitions list to delete click it 4 Click Delete The selected access point is removed from the Friendly AP Definitions list 5 To save your changes click Save To modify a friendly AP 1 From the main menu click Summit Spy The Summit Spy screen is displayed 2 Cli...

Страница 181: ...e Release 4 2 181 Maintaining the Summit WM Series Spy List of APs To maintain the Wireless APs 1 From the main menu click Summit Spy The Summit Spy screen is displayed 2 Click the WAP Maintenance tab Inactive APs and known third party APs are displayed 3 Select the applicable APs ...

Страница 182: ... RF Data Collector Engine You can also delete the selected third party APs if they are removed from the corresponding WM AD in the RF Collector Engine or if that WM AD has been deleted from the WM AD list Viewing the Scanner Status Report When the Summit WM series Spy is enabled you can view a report on the connection status of the RF Data Collector Engines with the Analysis Engine To view the Sum...

Страница 183: ...to the communication system of the other controller but has not synchronized with the Data Collector Ensure that the Data Collector is running on the remote controller Red The Analysis Engine is aware of the Data Collector and attempting connection If no box is displayed the Analysis Engine is not attempting to connect with that Data Collector Engine NOTE If the box is displayed red and remains re...

Страница 184: ...Working With the Summit WM Series Spy Summit WM20 User Guide Software Release 4 2 184 ...

Страница 185: ...he Displays The following displays are available in the Summit WM Controller Access Points and Software system Active Wireless APs Active Clients by Wireless AP Active Clients by WM AD Port WM AD Filter Statistics WM AD Interface Statistics Wireless Controller Port Statistics Wireless AP Availability Wired Ethernet Statistics by Wireless AP Wireless Statistics by Wireless AP System Information Man...

Страница 186: ... the AP has sent that data to a client and Packets Rec d means the AP has received packets from a client Viewing the Wireless AP Availability Display This display reports the active connection state of a Wireless AP availability to the Summit WM Controller for service Depending on the state of the Wireless AP the following is displayed Green Wireless AP is configured on the Summit WM Controller an...

Страница 187: ...ireless APs Two displays are snapshots of activity at that point in time on a selected Wireless AP Wired Ethernet Statistics by Altitude AP Wireless Statistics by Altitude AP The statistics displayed are those defined in the 802 11 MIB in the IEEE 802 11 standard To view wired Ethernet statistics by Altitude AP 1 From the main menu click Reports Displays The Reports Displays screen is displayed 2 ...

Страница 188: ...stics by Altitude AP display option The Wireless Statistics by Altitude APs display opens in a new browser window 3 In the Wired Statistics by Altitude APs display click a registered Wireless AP to display its information 4 Click the appropriate tab to display information for each radio on the Wireless AP 5 To view information on selected associated clients click View Client The Associated Clients...

Страница 189: ...ime Conn is the length of time that a client has been on the system not just on an AP If the client roams from one AP to another the session stays therefore Time Conn does not reset A client is displayed as soon as the client connects or after refresh of screen The client disappears as soon as it times out Viewing the System Information and Manufacturing Information Displays System Information Dis...

Страница 190: ... The Manufacturing Information display opens in a new browser window Viewing Reports The following reports are available in the Summit WM Controller Access Points and Software system Forwarding Table routes defined in the Summit WM Controller Routing Protocols screen OSPF Neighbor if OSPF is enabled in the Routing Protocols screen OSPF Linkstate if OSPF is enabled in the Routing Protocols screen A...

Страница 191: ...t you want to view Forwarding Table OSPF Neighbor OSPF Linkstate WAP Inventory NOTE The WAP Inventory report opens in a new browser window All other reports appear in the current browser window The following is an example of a Forwarding Table report NOTE If you open only automatically refreshed reports the Web management session timer will not be updated or reset Your session will eventually time...

Страница 192: ...ponding radio PL Power Level Defined in the Wireless AP radio properties pages BR Basic Rate Only applies to Wireless APs running 3 1 or earlier ORS Operational Rate Set Only applies to Wireless APs running 3 1 or earlier MnBR Minimum Basic Rate For more information see the Wireless AP radio configuration tabs MxBR Maximum Basic Rate MxOR Maximum Operational Rate RxDV Receive Diversity TxDV Tx Div...

Страница 193: ...cally Configured IP If the Wireless AP s IP address is configured statically the IP address is displayed Netmask If the Wireless AP s IP address is configured statically the netmask that is statically configured for the Wireless AP Gateway If the Wireless AP s IP address is configured statically the IP address of the gateway router that the Wireless AP will use SWM Search List The list of IP addre...

Страница 194: ...Working With Reports and Displays Summit WM20 User Guide Software Release 4 2 194 ...

Страница 195: ...sues you want to cut the connection with a particular wireless device You can view all the associated wireless devices by MAC address on a selected Wireless AP You can do the following Disassociate a selected wireless device from its Wireless AP Add a selected wireless device s MAC address to a blacklist of wireless clients that will not be allowed to associate with the Wireless AP Backup and rest...

Страница 196: ... by selecting the search parameters from the drop down lists and typing a search string in the Search box and clicking Search You can also use the Select All or Clear All buttons to help you select multiple clients 5 Click Disassociate The client s session terminates immediately Blacklisting a client The Blacklist tab displays the current list of MAC addresses that are not allowed to associate A c...

Страница 197: ...selecting the search parameters from the drop down lists and typing a search string in the Search box and clicking Search You can also use the Select All or Clear All buttons to help you select multiple clients 5 Click Add to Blacklist The selected wireless client s MAC address is added to the blacklist To blacklist a wireless device client using its MAC address 1 From the main menu click Altitude...

Страница 198: ...o save your changes click Save To clear an address from the blacklist 1 From the main menu click Altitude APs The Altitude APs Configuration screen is displayed 2 From the left pane click Client Management The Disassociate tab is displayed 3 Click the Blacklist tab 4 To clear an address from the blacklist select the corresponding checkbox in the MAC Addresses list 5 Click Remove Selected The selec...

Страница 199: ...ist file is exported Resetting the AP to Its Factory Default Settings You can reset the Wireless AP to its factory default settings The AP boot up sequence includes a random delay interval followed by a vulnerable time interval During the vulnerable time interval 2 seconds the LEDs flash in a particular sequence to indicate that the Summit WM Controller is in the vulnerable time interval For more ...

Страница 200: ...s and a collector a syslog server receives the messages without relaying them NOTE The log statements Low water mark level was reached and Incoming message dropped because of the rate limiting mechanism indicate that there is a burst of log messages coming to the event server and the processing speed is slower than the incoming rate of log messages These messages do not indicate that the system is...

Страница 201: ...on the network 5 For each enabled syslog server in the Port box type a valid port number to connect on The default port for syslog is 514 6 To include all system messages select the Include all service messages checkbox If the box is not selected only component messages logs and traces are relayed This setting applies to all three servers The additional service messages are DHCP messages reporting...

Страница 202: ... address reverts to 192 168 10 1 and the license key is removed Halt system The system enters the halted state which stops all functional services and the application To restart the system the power to the system must be reset 4 Click Apply Now The system is immediately halted Performing Summit WM Controller Software Maintenance You can update the core Summit WM Controller software files and the O...

Страница 203: ... compatible upgrade RPM and OS patch and the Skip backup during RPM un install options remain disabled 4 To launch the upgrade with the selected image click on the Upgrade Now button 5 In the dialog box that is displayed confirm the upgrade At this point all sessions are closed The previous software is uninstalled automatically The new software is installed The Summit WM Controller reboots automat...

Страница 204: ... of AP and they require different images 4 Click Download The image is downloaded and added to the list To delete a Summit WM Controller software image 1 From the main menu click Summit Switch The Summit Switch Configuration screen is displayed 2 From the left pane click Software Maintenance The SWM Software tab is displayed 3 To delete a software image from the list in the Available SWM Images li...

Страница 205: ...mage 1 From the main menu click Summit Switch The Summit SwitchConfiguration screen is displayed 2 From the left pane click Software Maintenance The SWM Software tab is displayed 3 Click the OS Software tab 4 To download a new image to be added to the list in the Download Image section type the following FTP Server The IP of the FTP server to retrieve the image file from User ID The user ID that t...

Страница 206: ...removed from the list Backing up Summit WM Controller Software You can backup the Summit WM Controller database You can also schedule the backups to occur When a scheduled backup is defined you can configure to have the scheduled backup copied to an FTP server when the backup is complete To back up the Summit WM Controller software 1 From the main menu click Summit Switch The Summit Switch Configu...

Страница 207: ...sword for the user ID to confirm it was typed correctly Directory The directory on the server where the image file will be stored Filename The name that will be given to the image file when it is stored on the FTP server Platform The AP hardware type to which the image applies The are several types of AP and they require different images 5 Click Upload The backup is uploaded and added to the list ...

Страница 208: ...to User ID The user ID that the controller should use when it attempts to log in to the FTP server Password The corresponding password for the user ID Confirm The corresponding password for the user ID to confirm it was typed correctly Directory The directory on the server where the image file will be stored 8 To save your changes click Save Restoring Summit WM Controller Software You can restore ...

Страница 209: ...ce The System Maintenance screen is displayed 3 Click the Restore tab 4 To download an image for restore which will be added to the list in the Download for Restore section type the following FTP Server The FTP server to retrieve the image file from User ID The user ID that the controller should use when it attempts to log in to the FTP server Password The corresponding password for the user ID Co...

Страница 210: ...ummit WM Controller supports any SFTP client NOTE You must enable management traffic before you try to connect with a SFTP client Specify the exact image path for the corresponding SW package see directory information below Otherwise the Summit WM Controller cannot locate them for SW upgrades updates To upload an image file 1 Launch the SFTP client point it to the Summit WM Controller and login in...

Страница 211: ...dministrative changes made to the system the GUI Audit displays changes to the Graphical User Interface on the Summit WM Controller Traces Messages that display activity by component for system debugging troubleshooting and internal monitoring of software CAUTION In order for the Debug Info option on the Wireless AP Traces screen to return Trace messages this option must enabled while Wireless AP ...

Страница 212: ... log statements Low water mark level was reached and Incoming message dropped because of the rate limiting mechanism indicate that there is a burst of log messages coming to the event server and the processing speed is slower than the incoming rate of log messages These messages do not indicate that the system is impaired in any way To view logs 1 From the main menu click Logs Traces The Logs Trac...

Страница 213: ...ck Logs Traces The Logs Traces screen is displayed 2 Click one of the Traces tabs The following is an example of the Summit WM Controller traces The events are displayed in chronological order sorted by the Timestamp column 3 To sort the display by Type or Component click the appropriate column heading 4 To filter the traces by severity in order to display only Info Minor Major or Critical traces ...

Страница 214: ...he Audit screen is displayed The events are displayed in chronological order sorted by the Timestamp column 3 To sort the display by User Section Page or Audit Message click the appropriate column heading 4 To clear the audits from the list click Clear Audits 5 To refresh the information in any display click Refresh 6 To export information from a display as an HTML file click the Export button ...

Страница 215: ... To clear logs 1 From the main menu click Logs Traces The Logs Traces screen is displayed 2 Click one of the Log tabs The following is an example of the Summit WM Controller logs The events are displayed in chronological order sorted by the Timestamp column 3 To clear the logs click Clear Log Messages ...

Страница 216: ...Performing System Maintenance Summit WM20 User Guide Software Release 4 2 216 ...

Страница 217: ...ES encryption includes 4 stages that make up one round Each round is then iterated 10 12 or 14 times depending upon the bit key size For the WPA2 802 11i implementation of AES each round is iterated 10 times AES CCMP AES uses the Counter Mode CBC MAC Protocol CCMP CCM is a new mode of operation for a block cipher that enables a single key to be used for both encryption and authentication The two u...

Страница 218: ...ber dialed Call data is stored in a PC database CHAP Challenge Handshake Authentication Protocol One of the two main authentication protocols used to verify a user s name and password for PPP Internet connections CHAP is more secure than PAP because it performs a three way handshake during the initial link establishment between the home and remote machines It can also repeat the authentication any...

Страница 219: ... Agents The User Agent issues a multicast Service Request SrvRqst on behalf of the client application specifying the services required The User Agent will receive a Service Reply SrvRply specifying the location of all services in the network which satisfy the request For larger networks a third entity called a Directory Agent receives registrations from all available Service Agents A User Agent se...

Страница 220: ... through an access point which then requests the identity of the user and transmits that identity to an authentication server such as RADIUS The server asks the access point for proof of identity which the access point gets from the user and then sends back to the server to complete the authentication EAP TLS provides for certificate based and mutual authentication of the client and the network It...

Страница 221: ...dles secure roaming quality of service and user authentication The central management controller also handles AP configuration and management A fat or thick AP architecture concentrates all the WLAN intelligence in the access point The AP handles the radio frequency RF communication as well as authenticating users encrypting communications secure roaming WLAN management and in some cases network r...

Страница 222: ...ertext Transfer Protocol over Secure Socket Layer or HTTP over SSL is a Web protocol that encrypts and decrypts user page requests as well as the pages that are returned by the Web server HTTPS uses Secure Socket Layer SSL as a sublayer under its regular HTTP application layering HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer TCP IP SSL uses a 40 bit key size ...

Страница 223: ...l called Transmission Control Protocol TCP which establishes a virtual connection between a destination and a source IPC Interprocess Communication A capability supported by some operating systems that allows one process to communicate with another process The processes can be running on the same computer or on different computers connected through a network IPsec IPsec ESP IPsec AH Internet Proto...

Страница 224: ...n See WPA and TKIP L LAN Local Area Network License installation LSA Link State Advertisements received by the currently running OSPF process The LSAs describe the local state of a router or network including the state of the router s interfaces and adjacencies See also OSPF M MAC Media Access Control layer One of two sublayers that make up the Data Link Layer of the OSI model The MAC layer is res...

Страница 225: ...ast communication over a network between a single sender and a single receiver N NAS Network Access Server a server responsible for passing information to designated RADIUS servers and then acting on the response returned A NAS Identifier is a RADIUS attribute identifying the NAS server RFC2138 NAT Network Address Translator A network capability that enables a group of computers to dynamically sha...

Страница 226: ...tform for Security is a security alliance program created by Check Point to enable an open industry wide framework for interoperability of security products and applications Products carrying the Secured by Check Point seal have been tested to guarantee integration and interoperability OS Operating system OSI Open System Interconnection An ISO standard for worldwide communications that defines a n...

Страница 227: ...tocol TCP layer of TCP IP divides the file into packets Each packet is separately numbered and includes the Internet address of the destination The individual packets for a given file may travel different routes through the Internet When they have all arrived they are reassembled into the original file by the TCP layer at the receiving end PAP Password Authentication Protocol is the most basic for...

Страница 228: ... such technologies as Frame Relay Asynchronous Transfer Mode ATM Ethernet and 802 1 networks SONET and IP routed networks QoS features provide better network service by supporting dedicated bandwidth improving loss characteristics avoiding and managing network congestion shaping network traffic setting traffic priorities across the network Quality of Service QoS A set of service requirements to be...

Страница 229: ... LAN segment into multiple smaller segments is one of the most common ways of increasing available bandwidth on the LAN SLP Service Location Protocol A method of organizing and locating the resources such as printers disk drives databases e mail directories and schedulers in a network Using SLP networking applications can discover the existence location and configuration of networked devices With ...

Страница 230: ...y the occurrence of conditions such as a threshold that exceeds a predetermined value SSH Secure Shell sometimes known as Secure Socket Shell is a Unix based command interface and protocol for securely getting access to a remote computer SSH is a suite of three utilities slogin ssh and scp secure versions of the earlier UNIX utilities rlogin rsh and rcp With SSH commands both ends of the client se...

Страница 231: ...net can be used to increase the bandwidth on the network by breaking the network up into segments SVP SpectraLink Voice Protocol a protocol developed by SpectraLink to be implemented on access points in order to facilitate voice prioritization over an 802 11 wireless LAN that will carry voice packets from SpectraLink wireless telephones Switch In networks a device that filters and forwards packets...

Страница 232: ...acket key mixing function a message integrity check MIC an extended initialization vector IV with sequencing rules and a re keying mechanism The encryption keys are changed rekeyed automatically and authenticated between devices after the rekey interval either a specified period of time or after a specified number of packets has been transmitted TLS Transport Layer Security See EAP Extensible Auth...

Страница 233: ...etwork A network of computers that behave as if they are connected to the same wire when they may be physically located on different segments of a LAN VLANs are configured through software rather than hardware which makes them extremely flexible When a computer is physically moved to another location it can stay on the same VLAN without any hardware reconfiguration The standard is defined in IEEE ...

Страница 234: ...t Naming Service A system that determines the IP address associated with a particular network computer called name resolution WINS supports network client and server computers running Windows and can provide name resolution for other computers with special arrangements WINS supports dynamic addressing DHCP by maintaining a distributed database that is automatically updated with the names of comput...

Страница 235: ...mode of WPA for users without an enterprise authentication server Instead for authentication a Pre Shared Key is used The PSK is a shared secret passphrase that must be entered in both the Wireless AP or router and the WPA clients This preshared key should be a random sequence of characters at least 20 characters long or hexadecimal digits numbers 0 9 and letters A F at least 24 hexadecimal digits...

Страница 236: ...it WM series Spy is a mechanism that assists in the detection of rogue access points The feature has three components 1 a radio frequency RF scanning task that runs on the Wireless AP 2 an application called the Data Collector on the Summit WM Controller that receives and manages the RF scan messages sent by the Wireless AP 3 an Analysis Engine on the Summit WM Controller that processes the scan d...

Страница 237: ... Width dimension is without adjustable rack mounting brackets provided Weight Approx 16 lbs 7 3 Kg Hard Drive 80 GB SATA Drive Integrated Not a Field Replaceable Unit FRU PSU Integrated Not a FRU Fans Integrated Not a FRU Controller Card Data Mgmt Control plane processing Integrated Not a FRU Management Ports 1x10 100 1000 Copper Ethernet Management port auto sensing 1 USB 2 0 Device Slave Port Co...

Страница 238: ...ropriate driver and install it on your host machine The link to download the virtual serial driver is the following http www silabs com tgwWebApp public web_content products Microcontrollers USB en mcu_vcp htm Table 20 Summit WM20 Controller Panel Legend Legend Item Description 1 Power Switch Power socket on the rear panel 2 Management Port eth0 Used to access WM20 Management via the GUI interface...

Страница 239: ...8N1 no flow 9600 bps 8 bits no parity 1 stop bit no flow Summit WM20 Controller LED Indicators Summit WM20 Controller s LEDs The Summit WM20 Controller has four lights on its front panel NOTE The hot swap lever is not enabled in the current release Pulling the hot swap lever will not affect the normal operation if the Summit WM20 Controller is already running However if you attempt to reboot the S...

Страница 240: ...ut Summit WM20 Controller LED States and Corresponding System States Table 21 Summit WM20 Controller LED States and Corresponding System States System state Status LED Activity LED Power up BIOS POST Blinking Amber Green System booting failed to boot Off Green Startup Manager Task Started Solid Amber Blinking Amber Startup Manager Task completes the startup All components active Solid Green Blinki...

Страница 241: ...tory information regarding operation of the Altitude 350 2 Access Point Only authorized Extreme Networks service personnel are permitted to service the system Procedures that should be performed only by Extreme Networks personnel are clearly identified in this guide Changes or modifications made to the Summit WM series switch or the Altitude APs which are not expressly approved by Extreme and part...

Страница 242: ...ity IEC EN 61000 4 2 Electrostatic Discharge 8kV Contact 15kV Air Criteria A IEC EN 61000 4 3 Radiated Immunity 10V m Criteria A IEC EN 61000 4 4 Transient Burst 1kV Criteria A IEC EN 61000 4 5 Surge 2kV L L 2kV L G Level 3 Criteria A IEC EN 61000 4 6 Conducted Immunity 0 15 80MHz 10V m mod RMS Criteria A IEC EN 61000 4 11 Power Dips Interruptions 30 25 periods Criteria C Country Specific VCCI Cla...

Страница 243: ... Humidity 10 93 RH Shock 18g 6ms Sinusoidal Vibration 5 62Hz Velocity 5mm s 62 500 Hz 2G Random Vibration 5 20 Hz 1 0 ASD w 3dB oct from 20 200 Hz Packaging Drop 1 meter RoHS RoHS 6 China RoHS WEEE Short term test condition Environmental Operating Conditions for Summit WM100 1000 Summit WM200 2000 and Altitude 350 2 AP Environmental Standards EN ETSI 300 019 2 1 v2 1 2 Class 1 2 Storage EN ETSI 30...

Страница 244: ...ecuring local licenses certifications regulatory approvals For details and information on the most recent country specific requirements for the Altitude 350 2 AP go to the following website http www extremenetworks com go rfcertification htm United States FCC Declaration of Conformity Statement This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions ...

Страница 245: ...rt guide for the device to which Altitude 350 2 AP is connected Any other installation or use of the product violates FCC Part 15 regulations NOTE Operation of the Altitude 350 2 AP is restricted for indoor use only in the UNII 5 15 5 25 GHz band in accordance with 47 CFR 15 407 e CAUTION This Part 15 radio device operates on a non interference basis with other devices operating at this frequency ...

Страница 246: ...h for an uncontrolled environment End users must follow the specific operating instructions for satisfying RF exposure compliance This device has been tested and has demonstrated compliance when simultaneously operated in the 2 4 GHz and 5 GHz frequency ranges This device must not be co located or operated in conjunction with any other antenna or transmitter NOTE The radiated output power of the A...

Страница 247: ...ity in the 5250 5350 MHz and 5650 5850 MHz bands and these radars could cause interference and or damage to LE LAN devices European Community The Altitude 350 2 APs are wireless ports designed for use in the European Union and other countries with similar regulatory restrictions where the end user or installer is allowed to configure the wireless port for operation by entry of a country code relat...

Страница 248: ...Altitude 350 2 AP outdoors it is their responsibility to insure operation in accordance with these rules frequencies and power output The Altitude 350 2 AP must not be operated until proper regional software is downloaded Table 24 European Conformance Standards Safety 73 23 EEC Low Voltage Directive LVD CB Scheme IEC 60950 1 2001 with all available country deviations GS Mark EN 60950 1 2001 Plenum...

Страница 249: ...ess port The user or installer is responsible to ensure the first Altitude 350 2 wireless port is properly configured The software within the switch will automatically limit the allowable channels and output power determined by the current country code entered Incorrectly entering the country of operation or identifying the proper antenna used may result in illegal operation and may cause harmful ...

Страница 250: ...garia Indoor Only Indoor Only Indoor or Outdoor Indoor or Outdoor Denmark Indoor Only Indoor Only Indoor or Outdoor Indoor or Outdoor Cyprus Indoor Only Indoor Only Indoor or Outdoor Indoor or Outdoor Czech Rep Indoor Only Indoor Only Expect to Open Fall 2006 Indoor or Outdoor Estonia Indoor Only Indoor Only Indoor or Outdoor Indoor or Outdoor Finland Indoor Only Indoor Only Indoor or Outdoor Indo...

Страница 251: ...or or Outdoor Indoor or Outdoor U K Indoor Only Indoor Only Indoor or Outdoor Indoor or Outdoor Turbo Mode Not Allowed in 5GHz Not Allowed in 5GHz Not Allowed in 5GHz Same 2 4 GHz rules as above AdHoc Mode Not Allowed Not Allowed Not Allowed Same 2 4 GHz rules as above a Belgium requires that the spectrum agency be notified if you deploy wireless links greater than 300 meters in outdoor public are...

Страница 252: ... la directive 1999 5 CE qui lui sont applicables Swedish Harmed intygar Extreme Networks att denna Radio LAN device star I overensstammelse med de vasentliga egenskapskrav och ovriga relevanta bestammelser som framgar av direktiv 1999 5 EG Danish Undertegnede Extreme Networks erklarer herved at folgende udstyr Radio LAN device overholder de vasentlige krav og ovrige relevante krav i direktiv 1999 ...

Страница 253: ...ntry the device will be operated within Altitude 350 2 Int AP 15958 and Altitude 350 2 Detach 15939 Access Points The Altitude 350 2 AP models are Wi Fi certified under Certification ID WFA4279 for operation in accordance with IEEE 802 11a b g The Altitude 350 2 Altitude APs with Internal and External antennas are designed and intended to be used indoors NOTE Operation in the European Community an...

Страница 254: ...iversity is configured appropriately on both radios Optional 3rd Party External Antennas for the United States The Altitude 350 2 Detach AP 15939 APs can also be used with optional certified 3rd party antennas However in order to comply with the local laws and regulations an approval may be required by the local regulatory authorities The following optional antennas have been tested and approved f...

Страница 255: ...elect an operating channel on the Wireless APs configuration screens and the corresponding allowed max power from the values listed in Table 29 DO NOT select a higher power than the value listed in Table 29 Table 28 List of FCC Approved Antennas Model Application Shape Gain dBi Frequency MHz Coax Cable Length Type Connector Type Cushcraft 1 SR2405135 Dxxxxxx indoor Directional 5 2400 2500 3 feet 1...

Страница 256: ...m Power limit dBm Power limit dBm Power limit dBm 11b 2412 1 16 18 17 16 17 17 2417 2 17 17 17 16 17 17 2422 3 18 18 18 18 18 18 2427 4 18 18 18 18 18 18 2432 5 18 18 18 18 18 18 2437 6 18 18 18 18 18 18 2442 7 18 18 18 18 18 18 2447 8 18 18 18 18 18 18 2452 9 18 18 18 18 18 18 2457 10 18 18 18 18 18 18 2462 11 18 18 18 18 18 18 11g 2412 1 10 13 13 10 12 13 2417 2 14 15 15 14 15 14 2422 3 15 16 16...

Страница 257: ...lect the power values listed in Table 30 DO NOT select a higher power than the value listed in Table 30 11a 5180 36 N S 17 17 17 17 N S 5200 40 N S 17 17 17 17 N S 5220 44 N S 17 17 17 17 N S 5240 48 N S 17 17 17 17 N S 5260 52 N S 18 18 18 18 N S 5280 56 N S 18 18 18 18 N S 5300 60 N S 18 18 18 18 N S 5320 64 N S 18 18 18 18 N S 5745 149 N S 15 N S 15 15 N S 5765 153 N S 15 N S 15 15 N S 5785 157...

Страница 258: ...ed for use with the External Antenna model CAUTION When using an approved 3rd party external antenna other than the default the power must be adjusted according to these tables Professional Installation This device must be professionally installed The following are the requirements of professional installation The device cannot be sold retail to the general public or by mail order It must be sold ...

Страница 259: ...ating channel on the Wireless APs configuration screens and the corresponding allowed max power from the values listed in Table 32 DO NOT select a higher power than the value listed in Table 32 Table 31 List of IC Industry Canada Approved Antennas Model Application Shape Gain dBi Frequency MHz Coax Cable Length Type Connector Type Cushcraft 1 SR2405135 Dxxxxxx indoor Directional 5 2400 2500 3 feet...

Страница 260: ...m Power limit dBm Power limit dBm Power limit dBm 11b 2412 1 16 18 17 16 17 17 2417 2 17 17 17 16 17 17 2422 3 18 18 18 18 18 18 2427 4 18 18 18 18 18 18 2432 5 18 18 18 18 18 18 2437 6 18 18 18 18 18 18 2442 7 18 18 18 18 18 18 2447 8 18 18 18 18 18 18 2452 9 18 18 18 18 18 18 2457 10 18 18 18 18 18 18 2462 11 18 18 18 18 18 18 11g 2412 1 10 13 13 10 12 13 2417 2 14 15 15 14 15 14 2422 3 15 16 16...

Страница 261: ...lect the power values listed in Table 33 DO NOT select a higher power than the value listed in Table 33 11a 5180 36 N S 17 17 17 17 N S 5200 40 N S 17 17 17 17 N S 5220 44 N S 17 17 17 17 N S 5240 48 N S 17 17 17 17 N S 5260 52 N S 18 18 18 18 N S 5280 56 N S 18 18 18 18 N S 5300 60 N S 18 18 18 18 N S 5320 64 N S 18 18 18 18 N S 5745 149 N S 15 N S 15 15 N S 5765 153 N S 15 N S 15 15 N S 5785 157...

Страница 262: ...approved for use with the External Antenna model CAUTION When using an approved 3rd party external antenna other than the default the power must be adjusted according to these tables Professional Installation This device must be professionally installed The following are the requirements of professional installation The device cannot be sold retail to the general public or by mail order It must be...

Страница 263: ...listed in Table 35 Table 34 Approved Antenna List for Europe Model Location Type Gain dBi Frequency MHz Huber Suhner 1 SOA 2454 360 7 20 DF outdoor capable Omni 6 8 2400 2500 4900 5875 2 SPA 2456 75 9 0 DF outdoor capable Planar 2 or 1 inputs 9 2400 2500 5150 5875 3 SPA 2400 80 9 0 DS outdoor capable Planar 2 inputs 8 5 2300 2500 4 SWA 0859 360 4 10 V outdoor capable Omni 7 2400 5875 5 SOA 2400 36...

Страница 264: ...m Power limit dBm 11b 2412 1 15 14 14 15 15 9 15 2417 2 15 14 14 15 15 9 15 2422 3 15 14 14 15 15 9 15 2427 4 15 14 14 15 15 9 15 2432 5 15 14 14 15 15 9 15 2437 6 15 14 14 15 15 9 15 2442 7 15 14 14 15 15 9 15 2447 8 15 14 14 15 15 9 15 2452 9 15 14 14 15 15 9 15 2457 10 15 14 14 15 15 9 15 2462 11 15 14 14 15 15 9 15 2467 12 15 14 14 15 15 9 15 2472 13 15 14 15 15 15 10 15 11g 2412 1 15 13 14 15...

Страница 265: ...S N S 16 5320 64 16 16 N S 16 N S N S 16 5500 100 20 19 N S 20 N S N S 20 5520 104 20 19 N S 20 N S N S 20 5540 108 20 19 N S 20 N S N S 20 5560 112 20 19 N S 20 N S N S 20 5580 116 20 19 N S 20 N S N S 20 5600 120 20 19 N S 20 N S N S 20 5620 124 20 19 N S 20 N S N S 20 5640 128 20 19 N S 20 N S N S 20 5660 132 20 19 N S 20 N S N S 20 5680 136 20 19 N S 20 N S N S 20 5700 140 20 19 N S 20 N S N S...

Страница 266: ...r this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co located or operating in conjunction with another antenna or transmitter Table 36 Auto Channel Selection Antenna 11a dBm 11b g dBm 1 16 15 2 16 13 3 N S 13 4 16 15 5 N S 15 6 N S 9 7 16 15 ...

Страница 267: ...hanisms 134 set up a WM AD topology 99 view sample page 115 Check Point event logging 160 configuring Captive Portal internal external 114 static routes 45 controller back up software configuration 206 define management user names passwords 157 define network time synchronization 158 enable ELA event logging Check Point 160 events during a failover 156 paired for availability 151 restore software ...

Страница 268: ...pes and levels 211 M MAC based authentication 118 Management Information Bases MIBs supported 162 management port management traffic on data port 45 modify management port settings 39 port based filtering 50 management traffic enabling on a WM AD 100 multicast for a WM AD 132 N network assignment by AAA 137 by SSID for Captive Portal 99 options for a WM AD 87 network time synchronization 158 next ...

Страница 269: ...d 162 publish AP as interface of controller 164 software maintenance of Controller software 202 maintenance of Wireless AP software 81 SSID network assignment for Captive Portal 99 static configuration of Wireless AP 75 static routes configuring 45 viewing forwarding table report 47 syslog event reporting define parameters 200 T third party APs defining a WM AD for 100 in Summit Spy feature 180 to...

Страница 270: ...ic configuration 75 view statistics 187 WM Access Domain WM AD multicast 132 WM Access Domain Services WM AD authentication by AAA 802 1x 116 authentication by Captive Portal 109 define filtering rules 122 defined 85 for third party APs 170 global settings 92 network assignment overview 87 privacy for AAA 137 privacy overview 134 set up for VoIP 141 topology for Captive Portal 99 ...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды