Home » Dell Manuals » Hubs & Switches » Dell PowerConnect W-IAP92 » Manual Viewer

Dell PowerConnect W-IAP92 Dell Instant 6.1.3.1-3.0.0.0 User Guide - Page 95

Configuring an External RADIUS Server, Networks, Basic Information, Security, Enterprise

View all Dell PowerConnect W-IAP92 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 95 highlights

If you are using the IAP's internal database for user authentication, you need to add the names and passwords of the users to be authenticated. If you are using an LDAP server for user authentication, you need to configure the LDAP server on the Virtual Controller, and configure user IDs and passwords. If you are using a RADIUS server for user authentication, you need to configure the RADIUS server on the Virtual Controller. Configuring an External RADIUS Server To configure an external RADIUS server for a wireless network, perform the following steps: 1. Click New in the Networks tab and update the Basic Information fields and click Next to continue. 2. Use the VLAN tab, to specify how the clients on this network will get their IP address and VLAN. 3. Click Next to continue. 4. In the Security tab, slide the bar to Enterprise and update the following fields: a. Key Management- Select the type of key for encryption and authentication. b. Termination- Select Enabled to terminate the EAP portion of 802.1x authentication on the access point instead of RADIUS server. c. Authentication server 1- Select New from the drop-down list to authenticate user credentials for the RADIUS server at run time and update the following fields:  RADIUS Server  Name- Enter the name of the new external RADIUS server.  IP address- Enter the IP address of the external RADIUS server.  Auth port- Enter the authorization port number of the external RADIUS server. The port number is set to 1812 by default.  Accounting port- Enter the accounting port number. This port is used to send accounting records to the RADIUS server. The port number is set to 1813 by default  Shared key- Enter a shared key for communicating with the external RADIUS server.  Timeout- Indicates the timeout for one radius request. The IAP will retry to send the request several times (as configured in the "Retry count") before the user gets disconnected. e.g. If the "Timeout" is 5 sec, "Retry counter" is 3, user will be disconnected after 20 sec ("Timeout" x "Retry counter + 1). The default value is 5 seconds.  Retry count- Specify a number between 1 and 5. Indicates the maximum number of authentication requests that are sent to server group, and the default value is 3 requests.  RFC 3576- When enabled, the Access Points will process RFC 3576-compliant Change of Authorization (CoA) and Disconnect messages from the RADIUS server. Disconnect messages cause a user session to be terminated immediately, whereas CoA messages modify session authorization attributes such as data filters.  NAS IP address- Enter the Virtual Controller IP address. The NAS IP address is the Virtual Controller IP address that is sent in data packets. Note: If you do not enter the IP address, the Virtual Controller IP address is used by default when Dynamic Radius Proxy is enabled.  NAS identifier- Use this to configure strings for RADIUS attribute 32, NAS Identifier, to be sent with RADIUS requests to the RADIUS server.  LDAP Server  Name- Enter the name of the new external RADIUS server.  IP address- Enter the IP address of the external RADIUS server.  Auth port- Enter the authorization port number of the external RADIUS server. The port number is set to 1812 by default. Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0 | User Guide Authentication | 95

Section	Page
Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0	1
Contents	3
Figures	9
Tables	13
About this Guide	15
Dell PowerConnect W-Instant Access Point Overview	15
Supported Devices	15
Objective	15
Intended Audience	15
Conventions	16
Contacting Support	16
Initial Configuration	17
Initial Setup	17
Pre-Installation Checklist	17
Connecting the IAP to a Power Source	18
Assigning an IP Address to the IAP	18
Connecting to a Provisioning Wi-Fi Network	18
Login into Instant User Interface	19
Specifying the Country Code	20
IAP Cluster	20
Instant User Interface	21
Understanding the Instant UI Layout	21
Banner	22
Search	22
Tabs	22
Networks Tab	22
Access Points Tab	23
Clients Tab	23
Links	24
New Version Available	24
Settings	25
RF	27
PEF	28
WIP	28
VPN	29
Maintenance	29
Support	31
Help	34
Logout	34
Monitoring	34
Alerts	37
IDS	39
Configuration	40
Language	40
Dell PowerConnect W-AirWave Setup	40
Pause/Resume	41
Views	41
Wireless Network	43
Network Types	43
Employee Network	43
Adding an Employee Network	44
Voice Network	52
Adding a Voice Network	53
Guest Network	59
Adding a Guest Network	60
Editing a Network	65
Deleting a Network	65
Mesh Network	67
Mesh Instant Access Points	67
Mesh Portals	67
Mesh Points	68
Instant Mesh Setup	68
Managing IAPs	71
Preferred Band	71
Auto Join Mode	71
Disabling Auto Join Mode	71
LED Display	72
Terminal Access	73
TFTP Dump Server	74
Syslog Server	74
Syslog Facility Levels	75
Adding an IAP to the Network	75
Removing an IAP from the Network	76
Editing IAP Settings	76
Changing IAP Name	76
Changing IP Address of the IAP	77
Configuring Adaptive Radio Management	78
Migrating from a Virtual Controller Managed Network to Mobility Controller Managed Network	79
Converting an IAP to RAP Mode	79
Converting an IAP to CAP	82
Converting an IAP to Standalone Mode	82
Converting back to an IAP	83
Rebooting the IAP	83
Firmware Image Server in Cloud Network	85
Upgrade using Dell PowerConnect W-AirWave and Image Server	85
Image management using Cloud Server	85
Image management using Dell PowerConnect W-AirWave	85
Automatic Firmware Image Check and Upgrade	85
Upgrading to New Version	86
Manual	86
Automatic	87
NTP Server	89
Configuring an NTP Server	89
Virtual Controller	91
Master Election Protocol	91
Virtual Controller IP Address	91
Specifying Name and IP Address for the Virtual Controller	91
Configuring the DHCP Server	92
Authentication	93
Authentication Methods in Dell Instant	93
802.1X Authentication	93
Internal RADIUS Server	93
External RADIUS Server	94
Authentication Terminated on IAP	94
Configuring an External RADIUS Server	95
Enabling Instant RADIUS	97
RADIUS Server Authentication with VSA	97
List of supported VSA	97
Management Authentication Settings	100
Captive Portal	101
Internal Captive Portal	101
Configuring Internal Captive Portal Authentication when Adding a Guest Network	101
Configuring Internal Captive Portal Authentication when Editing a Guest Network	102
Configuring Internal Captive Portal with External Radius Server Authentication when Adding a Guest Network	103
Customizing a Splash Page	104
Disabling Captive Portal Authentication	105
External Captive Portal	106
Configuring External Captive Portal Authentication when Adding a Guest Network	106
Configuring External Captive Portal Authentication when Editing a Guest Network	107
External Captive Portal Authentication using Dell PowerConnect W-ClearPass GuestConnect	108
Creating a Web Login page in the Dell PowerConnect W-ClearPass GuestConnect	108
Configuring the RADIUS Server in Instant	108
MAC Authentication	109
Configuring MAC Authentication	109
Walled Garden Access	110
Creating a Walled Garden Access	110
Certificates	111
Loading Certificates using Instant WebUI	112
Loading Certificates using Dell PowrConnect W-AirWave	113
Encryption	117
Encryption Types Supported in Dell Instant	117
WEP	117
TKIP	117
AES	117
Encryption Recommendations	117
Understanding WPA and WPA2	118
Recommended Authentication and Encryption Combinations	118
Role Derivation	119
User Roles	119
Creating a New User Role	119
Creating Role Assignment Rules	120
User VLAN Derivation	123
User VLAN Derivation	123
Vendor Specific Attributes (VSA)	123
VLAN Derivation Rule	124
Configuring VLAN Derivation Rules on an IAP	124
User Role	125
Configuring a User Role	125
SSID Profile	127
Configuring VLAN Derivation Rules Using SSID Profile	127
Instant Firewall	129
Service Options	130
Destination Options	131
Examples for Access Rules	131
Allow TCP Service to a Particular Network	131
Allow PoP3 Service to a Particular Server	132
Deny FTP Service except to a Particular Server	133
Deny bootp Service except to a Particular Network	134
Content Filtering	137
Enabling Content Filtering	137
Enterprise Domains	138
OS Fingerprinting	139
Adaptive Radio Management	141
ARM Features	141
Channel or Power Assignment	141
Voice Aware Scanning	141
Load Aware Scanning	141
Band Steering Mode	141
Airtime Fairness Mode	142
Airtime Fairness Modes	142
Access Point Control	142
Customize Valid Channels	142
Min Transmit Power	143
Max Transmit Power	143
Client Aware	143
Scanning	143
Wide Channel Bands	143
Monitoring the Network with ARM	143
ARM Metrics	143
Configuring Administrator Assigned Radio Settings for IAP	144
Configuring Radio Profiles in Instant	145
Intrusion Detection System	147
Rogue AP Detection and Classification	147
Wireless Intrusion Protection (WIP)	147
Containment Methods	151
SNMP	153
SNMP Parameters for IAP	153
SNMP Traps	155
Ethernet Downlink	157
Ethernet Downlink Overview	157
Ethernet Downlink Profile Parameters	157
Assigning a Profile to the Ethernet Port	158
Uplink Configuration	159
Uplink Configuration Overview	159
Ethernet	159
3G Uplink	159
Types of Modems	159
Uplink Switchover	162
Uplink Preemption	163
Uplink Preference	163
Dell PowerConnect W-AirWave Integration and Management	165
Dell PowerConnect W-AirWave Features	165
Image Management	165
IAP and Client Monitoring	165
Template-based Configuration	166
Trending Reports	166
Intrusion Detection System	166
Wireless Intrusion Detection System (WIDS) Event Reporting to Dell PowerConnect W-AirWave	166
RF Visualization Support for Dell Instant	167
Configuring Dell PowerConnect W-AirWave	167
Creating your Organization String	167
About Shared Key	168
Entering the Organization String and AMP Information into the IAP	168
Dell PowerConnect W-AirWave Discovery through DHCP Option	168
Standard DHCP option 60 and 43 on Windows Server 2008 for Dell Instant APs	168
Alternate method for defining Vendor Specific DHCP options	171
Monitoring	175
Virtual Controller View	175
Monitoring Link	176
Info	176
RF Dashboard	176
Usage Trends	176
Client Alerts Link	177
IDS Link	177
Network View	178
Info	178
Usage Trends	179
Instant Access Point View	180
Info	181
RF Dashboard	181
RF Trends	181
Usage Trends	183
Client View	184
Info	184
RF Dashboard	184
RF Trends	185
Mobility Trail	188
Alert Types and Management	189
Alert Types	189
Policy Enforcement Firewall	191
Authentication Servers	191
Users for Internal Server	192
Roles	192
Client Blacklisting	193
Types of Client Blacklisting	194
Manual Blacklisting	194
Adding a Client to the Manual Blacklist	194
Dynamic Blacklisting	194
Authentication Failure Blacklisting	194
Session Firewall Based Blacklisting	195
PEF Settings	195
Firewall ALG Configuration	195
Firewall-based Logging	196
VPN Configuration	197
VPN Configuration	197
Routing Profile Configuration	198
DHCP Server Configuration	198
NAT DHCP Configuration	199
Distributed L2 DHCP Configuration	200
Distributed L3 DHCP Configuration	201
Centralized L2 DHCP Configuration	202
User Database	203
Adding a User	203
Editing User Settings	204
Deleting a User	204
Regulatory Domain	205
Country Codes List	206
Controller Configuration for VPN	209
Whitelist DB Configuration if the Controller is acting as the Whitelist Entry	209
VPN Local Pool Configuration	210
IAP VPN Profile Configuration	210
Abbreviations	213

Match case Limit results 1 per page

Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0

| User Guide

Authentication

If you are using the IAP’s internal database for user authentication, you need to add the names and passwords of

the users to be authenticated. If you are using an LDAP server for user authentication, you need to configure the

LDAP server on the Virtual Controller, and configure user IDs and passwords. If you are using a RADIUS server

for user authentication, you need to configure the RADIUS server on the Virtual Controller.

Configuring an External RADIUS Server

To configure an external RADIUS server for a wireless network, perform the following steps:

Click

New

in the

Networks

tab and update the

Basic Information

fields and click

to continue.

Use the

VLAN

tab, to specify how the clients on this network will get their IP address and VLAN.

Click

to continue.

In the

Security

tab, slide the bar to

Enterprise

and update the following fields:

Key Management—

Select the type of key for encryption and authentication.

b. Termination—

Select

Enabled

to terminate the EAP portion of 802.1x authentication on the access point

instead of RADIUS server.

Authentication server 1—

Select

New

from the drop-down list to authenticate user credentials for the

RADIUS server at run time and update the following fields



RADIUS Server



Name— Enter the name of the new external RADIUS server.



IP address— Enter the IP address of the external RADIUS server.



Auth port— Enter the authorization port number of the external RADIUS server. The port number is

set to 1812 by default.



Accounting port— Enter the accounting port number. This port is used to send accounting records to

the RADIUS server. The port number is set to 1813 by default



Shared key— Enter a shared key for communicating with the external RADIUS server.



Timeout— Indicates the timeout for one radius request. The IAP will retry to send the request several

times (as configured in the “Retry count”) before the user gets disconnected. e.g. If the “Timeout” is 5

sec, “Retry counter” is 3, user will be disconnected after 20 sec (“Timeout” x “Retry counter + 1). The

default value is 5 seconds.



Retry count— Specify a number between 1 and 5. Indicates the maximum number of authentication

requests that are sent to server group, and the default value is 3 requests.



RFC 3576— When enabled, the Access Points will process RFC 3576-compliant Change of

Authorization (CoA) and Disconnect messages from the RADIUS server. Disconnect messages cause a

user session to be terminated immediately, whereas CoA messages modify session authorization

attributes such as data filters.



NAS IP address— Enter the Virtual Controller IP address. The NAS IP address is the Virtual Controller

IP address that is sent in data packets. Note: If you do not enter the IP address, the Virtual Controller

IP address is used by default when Dynamic Radius Proxy is enabled.



NAS identifier— Use this to configure strings for RADIUS attribute 32, NAS Identifier, to be sent with

RADIUS requests to the RADIUS server.



LDAP Server



Name— Enter the name of the new external RADIUS server.



IP address— Enter the IP address of the external RADIUS server.



Auth port— Enter the authorization port number of the external RADIUS server. The port number is

set to 1812 by default.