Home » Dell Manuals » Hubs & Switches » Dell PowerConnect W-IAP92 » Manual Viewer

Dell PowerConnect W-IAP92 Dell Instant 6.1.3.4-3.1.0.0 User Guide - Page 57

Network-based, Allow any to all destinations, Edit Rule, New Rule, Role-based, Unrestricted

View all Dell PowerConnect W-IAP92 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 57 highlights

Table 9 Conditions for Adding a Voice Network- Security Tab (Continued) If then, You select the Open security level 1. Select the required MAC authentication from the MAC authentication drop-down list. Available options are- Enabled and Disabled  When Enabled, user must configure at least one RADIUS server for authentication server. See "MAC Authentication" on page 127 for further details. 2. Authentication server 1- Select the required Authentication server option from the drop-down list. Available options are:  New- If you select this option, then an external radius server has to be configured to authenticate the users. For information on configuring an external RADIUS server, see Chapter 10, "Authentication" . 3. Reauth interval- When set to a value greater than zero, the Access Points will periodically reauthenticate all associated and authenticated clients. 4. Blacklisting- Select Enabled if you want clients to be blacklisted after a certain number of authentication failures. 5. Max authentication failures- Users who fail to authenticate the number of times specified here will be dynamically blacklisted. The maximum value for this entry is 10. NOTE: Navigate to PEF > Blacklisting in the WebUI to specify the duration of the blacklisting on the Blacklisting tab of the PEF window. 6. Internal users- If you select this option, then users who are required to authenticate with the internal RADIUS server must be added. Click the Users link to add the users. For information on adding a user, "Adding a User" on page 235. 7. Click Upload Certificate and browse to upload a certificate file for the internal server. See "Certificates" on page 129 for more information. 8. Use the Access Rules page to specify optional access rules for this network.  Network-based- Set the slider to Network-based if you want the same rules to apply to all users. The Allow any to all destinations access rule is enabled by default. This rule allows traffic to all destinations. Instant Firewall treats packets based on the first rule matched. For more information, see Chapter 14, "Instant Firewall" . To edit the default rule: a. Select the rule and then click Edit. b. Select appropriate options in the Edit Rule window and click OK. To define an access rule: a. Click New. b. Select appropriate options in the New Rule window. c. Click OK.  Role-based- Select Role-based if you want to specify per-user access rules. See "Creating a New User Role" on page 137 for more information.  Unrestricted- Select this to set no restrictions on access based on destination or type of traffic. Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0 | User Guide Wireless Network | 57

Section	Page
Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0	1
Contents	3
About this Guide	11
Dell PowerConnect W-Instant Access Point Overview	11
Supported Devices	11
Objective	11
Intended Audience	11
Conventions	12
Contacting Support	12
Initial Configuration	13
Initial Setup	13
Pre-Installation Checklist	13
Connecting the IAP to a Power Source	14
Assigning an IP Address to the IAP	14
Connecting to a Provisioning Wi-Fi Network	14
Disabling the Provisioning Wi-Fi Network	15
Login into Instant User Interface	16
Specifying the Country Code	16
IAP Cluster	17
Instant User Interface	19
Understanding the Instant UI Layout	19
Banner	20
Search	20
Tabs	20
Networks Tab	20
Access Points Tab	21
Clients Tab	21
Links	22
New Version Available	22
Settings	23
RF	25
PEF	26
WIP	27
VPN	27
Wired	28
Maintenance	28
Support	30
Help	33
Logout	33
Monitoring	33
Spectrum	36
Alerts	38
IDS	40
Configuration	41
Language	41
Dell PowerConnect W-AirWave Setup	41
Pause/Resume	42
Views	42
Wireless Network	43
Network Types	43
Employee Network	43
Adding an Employee Network	44
Voice Network	51
Adding a Voice Network	52
Guest Network	58
Adding a Guest Network	59
Editing a Network	65
Deleting a Network	65
Number of WLAN SSIDs supported	65
Enabling the Extended SSID option	66
Mesh Network	67
Mesh Instant Access Points	67
Mesh Portals	67
Mesh Points	68
Instant Mesh Setup	68
Managing IAPs	71
Preferred Band	71
Auto Join Mode	71
Disabling Auto Join Mode	71
Terminal Access	72
LED Display	73
TFTP Dump Server	74
Extended SSID	75
Deny Inter User Bridging and Deny Local Routing	76
Terminal Access	77
Syslog Server	78
Syslog Facility Levels	78
Adding an IAP to the Network	79
Removing an IAP from the Network	79
Editing IAP Settings	80
Changing IAP Name	80
Changing IP Address of the IAP	80
Configuring Adaptive Radio Management	81
Configuring Uplink Management VLAN	82
Configuring Wired Bridging on Ethernet 0	82
Migrating to a Mobility Controller Managed Network	83
Converting an IAP to RAP Mode	83
Converting an IAP to CAP	86
Converting an IAP to Standalone Mode	86
Converting back to an IAP	87
Rebooting the IAP	87
Firmware Image Server in Cloud Network	89
Upgrade using Dell PowerConnect W-AirWave and Image Server	89
Image management using Cloud Server	89
Image management using Dell PowerConnect W-AirWave	89
Automatic Firmware Image Check and Upgrade	89
Upgrading to New Version	90
Manual	90
Automatic	92
Layer-3 Mobility	93
Overview	93
Configuring a mobility domain	94
Home Agent Load Balancing	96
Spectrum Monitor	97
Creating Spectrum Monitors and Hybrid APs	97
Converting IAPs into Hybrid IAPs	97
Converting an IAP to a Spectrum Monitor	98
Spectrum Data	100
Overview - Device List	100
Non-WiFi Interferers	101
Channel Metrics	102
Channel Details	103
Spectrum Alerts	103
NTP Server	105
Configuring an NTP Server	105
Virtual Controller	107
Master Election Protocol	107
Virtual Controller IP Address	107
Specifying Name and IP Address for the Virtual Controller	107
Configuring the DHCP Server	108
Authentication	109
Authentication Methods in Dell Instant	109
802.1X Authentication	109
Internal RADIUS Server	109
External RADIUS Server	110
Authentication Terminated on IAP	110
Configuring an External RADIUS Server	110
Enabling Instant RADIUS	112
RADIUS Server Authentication with VSA	113
List of supported VSA	113
Management Authentication Settings	116
Captive Portal	116
Internal Captive Portal	117
Configuring Internal Captive Portal Authentication when Adding a Guest Network	117
Configuring Internal Captive Portal Authentication when Editing a Guest Network	118
Configuring Internal Captive Portal with External Radius Server Authentication when Adding a Guest Network	119
Customizing a Splash Page	120
Disabling Captive Portal Authentication	121
External Captive Portal	122
Configuring External Captive Portal Authentication when Adding a Guest Network	122
Configuring External Captive Portal Authentication when Editing a Guest Network	124
External Captive Portal Authentication using Dell PowerConnect W-ClearPass GuestConnect	126
Creating a Web Login page in the Dell PowerConnect W-ClearPass GuestConnect	126
Configuring the RADIUS Server in Instant	126
MAC Authentication	127
Configuring MAC Authentication	127
Walled Garden Access	128
Creating a Walled Garden Access	128
Wired Authentication on an IAP	129
Certificates	129
Loading Certificates using Instant WebUI	130
Loading Certificates using Dell PowrConnect W-AirWave	131
Encryption	135
Encryption Types Supported in Dell Instant	135
WEP	135
TKIP	135
AES	135
Encryption Recommendations	135
Understanding WPA and WPA2	136
Recommended Authentication and Encryption Combinations	136
Role Derivation	137
User Roles	137
Creating a New User Role	137
Creating Role Assignment Rules	138
DHCP Option and DHCP Fingerprinting	139
802.1X-Authentication-Type	140
User VLAN Derivation	141
User VLAN Derivation	141
Vendor Specific Attributes (VSA)	141
VLAN Derivation Rule	142
Configuring VLAN Derivation Rules on an IAP	142
User Role	143
Configuring a User Role	143
SSID Profile	145
Configuring VLAN Derivation Rules Using SSID Profile	145
Instant Firewall	147
Service Options	148
Destination Options	149
Examples for Access Rules	150
Allow TCP Service to a Particular Network	150
Allow POP3 Service to a Particular Server	151
Deny FTP Service except to a Particular Server	152
Deny bootp Service except to a Particular Network	153
Content Filtering	155
Enabling Content Filtering	155
Enterprise Domains	156
OS Fingerprinting	157
Adaptive Radio Management	159
ARM Features	159
Channel or Power Assignment	159
Voice Aware Scanning	159
Load Aware Scanning	159
Band Steering Mode	159
Airtime Fairness Mode	160
Airtime Fairness Modes	160
Access Point Control	160
Customize Valid Channels	160
Min Transmit Power	161
Max Transmit Power	161
Client Aware	161
Scanning	161
Wide Channel Bands	161
Monitoring the Network with ARM	161
ARM Metrics	161
Configuring Administrator Assigned Radio Settings for IAP	162
Configuring Radio Profiles in Instant	163
Intrusion Detection System	165
Rogue AP Detection and Classification	165
Wireless Intrusion Protection (WIP)	165
Containment Methods	169
SNMP	171
SNMP Parameters for IAP	171
SNMP Traps	173
Hierarchical Deployment	175
Deployment	175
Ethernet Downlink	177
Ethernet Downlink Overview	177
Ethernet Downlink Profile Parameters	177
Assigning a Profile to the Ethernet Port	180
Uplink Configuration	181
Uplink Configuration Overview	181
Ethernet Uplink	181
3G/4G Uplink	182
Types of Modems	182
Uplink Switchover	186
Uplink Switching based on VPN Status	186
Uplink Preemption	186
Uplink Preference	186
PPPoE	187
Configuring PPPoE	187
Dell PowerConnect W-AirWave Integration and Management	189
Dell PowerConnect W-AirWave Features	189
Image Management	189
IAP and Client Monitoring	189
Template-based Configuration	190
Trending Reports	190
Intrusion Detection System	190
Wireless Intrusion Detection System (WIDS) Event Reporting to Dell PowerConnect W-AirWave	190
RF Visualization Support for Dell Instant	191
Configuring Dell PowerConnect W-AirWave	191
Creating your Organization String	191
About Shared Key	192
Entering the Organization String and AMP Information into the IAP	192
Dell PowerConnect W-AirWave Discovery through DHCP Option	192
Standard DHCP option 60 and 43 on Windows Server 2008	192
Alternate method for defining Vendor Specific DHCP options	195
Monitoring	199
Virtual Controller View	199
Monitoring Link	200
Info	200
RF Dashboard	200
Usage Trends	200
Client Alerts Link	202
IDS Link	202
Network View	202
Info	203
Usage Trends	203
Instant Access Point View	204
Info	205
RF Dashboard	205
Overview	205
Client View	212
Info	213
RF Dashboard	213
RF Trends	213
Mobility Trail	216
Alert Types and Management	217
Alert Types	217
Policy Enforcement Firewall	219
Authentication Servers	219
Users for Internal Server	220
Roles	220
Extended Voice and Video Functionalities	221
QoS for Microsoft Office OCS and Apple Facetime	221
Client Blacklisting	223
Types of Client Blacklisting	224
Manual Blacklisting	224
Adding a Client to the Manual Blacklist	224
Dynamic Blacklisting	225
Authentication Failure Blacklisting	225
Session Firewall Based Blacklisting	225
PEF Settings	225
Firewall ALG Configuration	225
Firewall-based Logging	226
VPN Configuration	227
VPN Configuration	227
Routing Profile Configuration	228
DHCP Server Configuration	229
NAT DHCP Configuration	229
Distributed L2 DHCP Configuration	230
Distributed L3 DHCP Configuration	231
Centralized L2 DHCP Configuration	232
User Database	235
Adding a User	235
Editing User Settings	236
Deleting a User	236
Regulatory Domain	237
Country Codes List	238
Controller Configuration for VPN	241
Whitelist DB Configuration if the Controller is acting as the Whitelist Entry	241
VPN Local Pool Configuration	242
IAP VPN Profile Configuration	242
Abbreviations	245

Match case Limit results 1 per page

Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0

| User Guide

Wireless Network

Use the Access Rules page to specify optional access rules for this network.



Network-based—

Set the slider to

Network-based

if you want the same rules to apply to all users. The

Allow any to all destinations

access rule is enabled by default. This rule allows traffic to all destinations.

Instant Firewall treats packets based on the first rule matched. For more information, see

Chapter 14,

“Instant Firewall”

To edit the default rule:

Select the rule and then click

Edit

Select appropriate options in the

Edit Rule

window and click

OK.

To define an access rule:

Click

New

Select appropriate options in the

New Rule

window.

Click

OK.



Role-based—

Select

Role-based

if you want to specify per-user access rules. See

“Creating a New User

Role” on page

137

for more information.



Unrestricted—

Select this to set no restrictions on access based on destination or type of traffic.

You select the

Open

security level

Select the required MAC authentication from the

MAC authentication

drop-down list. Available options are— Enabled and Disabled



When

Enabled

, user must configure at least one RADIUS server for

authentication server. See

“MAC Authentication” on page 127

for further

details.

Authentication server 1—

Select the required Authentication server

option from the drop-down list. Available options are:



New

— If you select this option, then an external radius server has to be

configured to authenticate the users. For information on configuring an

external RADIUS server, see

Chapter 10, “Authentication”

Reauth interval—

When set to a value greater than zero, the Access

Points will periodically reauthenticate all associated and authenticated

clients.

Blacklisting—

Select

Enabled

if you want clients to be blacklisted after a

certain number of authentication failures.

Max authentication failures—

Users who fail to authenticate the number

of times specified here will be dynamically blacklisted. The maximum

value for this entry is 10.

NOTE:

Navigate to

PEF > Blacklisting

in the WebUI to specify the duration of

the blacklisting on the Blacklisting tab of the PEF window.

Internal users—

If you select this option, then users who are required to

authenticate with the internal RADIUS server must be added. Click the

Users link to add the users. For information on adding a user,

“Adding a

User” on page 235

Click

Upload Certificate

and browse to upload a certificate file for the

internal server. See

“Certificates” on page 129

for more information.

Table 9

Conditions for Adding a Voice Network— Security Tab (Continued)

then,