Section |
Page |
Contents |
3 |
About this Guide |
83 |
What's New In ArubaOS 6.4.x |
83 |
Features Introduced in ArubaOS 6.4.3.0 |
83 |
Features Introduced in ArubaOS 6.4.2.5 |
89 |
Features Introduced in ArubaOS 6.4.2.4 |
89 |
Features Introduced in ArubaOS 6.4.2.3 |
90 |
Features Introduced in ArubaOS 6.4.2.0 |
90 |
Features Introduced in ArubaOS 6.4.1.0 |
92 |
Features Introduced in ArubaOS 6.4.0.0 |
95 |
Fundamentals |
98 |
WebUI |
98 |
CLI |
99 |
Related Documents |
99 |
Conventions |
99 |
Contacting Dell |
100 |
The Basic User-Centric Networks |
101 |
Understanding Basic Deployment and Configuration Tasks |
101 |
Deployment Scenario #1: Controller and APs on Same Subnet |
101 |
Deployment Scenario #2: APs All on One Subnet Different from Controller Subnet |
102 |
Deployment Scenario #3: APs on Multiple Different Subnets from Controllers |
103 |
Configuring the Controller |
104 |
Running Initial Setup |
104 |
Connecting to the Controller after Initial Setup |
105 |
W-7000 Series and W-7200 Series Controller |
105 |
New Port Numbering Scheme |
105 |
W-7200 Series Controllers Individual Port Behavior |
106 |
Using the LCD Screen |
106 |
Using the LCD and USB Drive |
108 |
Upgrading an Image |
108 |
Uploading a Pre-saved Configuration |
108 |
Disabling LCD Menu Functions |
109 |
Configuring a VLAN to Connect to the Network |
109 |
Creating, Updating, and Viewing VLANs and Associated IDs |
110 |
Creating, Updating, and Deleting VLAN Pools |
110 |
Assigning and Configuring the Trunk Port |
110 |
In the WebUI |
110 |
In the CLI |
111 |
Configuring the Default Gateway |
111 |
In the WebUI |
111 |
In the CLI |
111 |
Configuring the Loopback IP Address for the Controller |
111 |
In the WebUI |
112 |
In the CLI |
112 |
Configuring the System Clock |
112 |
Installing Licenses |
112 |
Connecting the Controller to the Network |
112 |
Enabling Wireless Connectivity |
113 |
Enabling Wireless Connectivity |
113 |
Configuring Your User-Centric Network |
113 |
Replacing a Controller |
114 |
Transferring Licenses |
114 |
Procedure Overview |
114 |
Change the VRRP Priorities for a Redundant Master Pair |
115 |
Back Up the Flash File System |
115 |
In the WebUI |
115 |
In the CLI |
115 |
Stage the New Controller |
115 |
Add Licenses to the New Controller |
116 |
Backup Newly Installed Licenses |
116 |
Import and Restore Flash Backup |
116 |
In the WebUI |
117 |
In the CLI |
117 |
Restore Licenses |
117 |
Reboot the Controller |
117 |
Modify the Host Name |
118 |
Modify Topology Settings |
118 |
Save your Configuration |
119 |
Remove the Existing Controller |
119 |
Control Plane Security |
120 |
Control Plane Security Overview |
120 |
Configuring Control Plane Security |
121 |
In the WebUI |
121 |
In the CLI |
123 |
Managing AP Whitelists |
123 |
Adding an AP to the Campus or Remote AP Whitelists |
123 |
In the WebUI |
123 |
In the CLI |
125 |
Viewing AP Whitelist Status |
125 |
Modifying an AP in the Campus AP Whitelist |
128 |
In the WebUI |
128 |
In the CLI |
128 |
Revoking an AP from the Campus AP Whitelist |
129 |
In the WebUI |
129 |
In the CLI |
129 |
Deleting an AP from the Campus AP Whitelist |
129 |
In the WebUI |
129 |
In the CLI |
130 |
Purging a Campus AP Whitelist |
130 |
In the WebUI |
130 |
In the CLI |
130 |
Offloading a Controller Whitelist to ClearPass Policy Manager |
130 |
In the WebUI |
130 |
In the CLI |
131 |
Managing Whitelists on Master and Local Controllers |
131 |
Campus AP Whitelist Synchronization |
132 |
Viewing the Master or Local Controller Whitelists |
133 |
In the WebUI |
133 |
In the CLI |
134 |
Deleting an Entry from the Master or Local Controller Whitelist |
134 |
In the WebUI |
134 |
In the CLI |
134 |
Purging the Master or Local Controller Whitelist |
135 |
In the WebUI |
135 |
In the CLI |
135 |
Working in Environments with Multiple Master Controllers |
135 |
Configuring Networks with a Backup Master Controller |
135 |
Configuring Networks with Clusters of Master Controllers |
135 |
Creating a Cluster Root |
136 |
Creating a Cluster Member |
137 |
Viewing Controller Cluster Setting |
137 |
Replacing a Controller on a Multi-Controller Network |
138 |
Replacing Controllers in a Single Master Network |
138 |
Replacing a Local Controller |
138 |
Replacing a Master Controller with No Backup |
139 |
Replacing a Redundant Master Controller |
140 |
Replacing Controllers in a Multi-Master Network |
140 |
Replacing a Local Controller in a Multi-Master Network |
140 |
Replacing a Cluster Member Controller with no Backup |
140 |
Replacing a Redundant Cluster Member Controller |
141 |
Replacing a Cluster Root Controller with no Backup Controller |
141 |
Replacing a Redundant Cluster Root Controller |
142 |
Configuring Control Plane Security after Upgrading |
142 |
Troubleshooting Control Plane Security |
143 |
Identifying Certificate Problems |
143 |
Verifying Certificates |
144 |
Disabling Control Plane Security |
144 |
Verifying Whitelist Synchronization |
144 |
Rogue APs |
145 |
Software Licenses |
146 |
Understanding License Terminology |
146 |
Working with Licenses |
147 |
Centralized Licensing in a Multi-Controller Network |
148 |
Primary and Backup Licensing Servers |
149 |
Communication between the License Server and License Clients |
149 |
Supported Topologies |
151 |
Unsupported Topologies |
152 |
Adding and Deleting Licenses |
153 |
Replacing a Controller |
153 |
Failover Behaviors |
153 |
Client is Unreachable |
154 |
Server is Unreachable |
154 |
Configuring Centralized Licensing |
154 |
Pre-configuration Setup in an All-Master Deployment |
154 |
Preconfiguration Setup in a Master/Local Topology |
155 |
Enabling Centralized Licensing |
155 |
Monitoring and Managing Centralized Licenses |
156 |
License server Table |
156 |
License Client Table |
156 |
License Client(s) Usage Table |
157 |
Aggregate License Table |
158 |
License Heartbeat Table |
158 |
Using Licenses |
158 |
Understanding License Interaction |
160 |
License Installation Best Practices and Exceptions |
160 |
Installing a License |
161 |
Enabling a New License on your Controller |
161 |
Requesting a Software License in Email |
161 |
Locating the System Serial Number |
161 |
Obtaining a Software License Key |
162 |
Creating a Software License Key |
162 |
Applying the Software License Key in the WebUI |
162 |
Applying the Software License Key in the License Wizard |
162 |
Deleting a License |
162 |
Moving Licenses |
163 |
Resetting the Controller |
163 |
Network Configuration Parameters |
164 |
Configuring VLANs |
164 |
Creating and Updating VLANs |
164 |
In the WebUI |
164 |
In the CLI |
165 |
Creating Bulk VLANs In the WebUI |
165 |
In the CLI |
165 |
Creating a Named VLAN |
165 |
In the WebUI |
165 |
Distinguishing Between Even and Hash Assignment Types |
166 |
Updating a Named VLAN |
166 |
Deleting a Named VLAN |
166 |
Creating a Named VLAN Using the CLI |
167 |
Viewing and Adding VLAN IDs Using the CLI |
167 |
Role Derivation for Named VLAN Pools |
167 |
In the CLI |
167 |
In the WebUI |
168 |
Adding a Bandwidth Contract to the VLAN |
168 |
Optimizing VLAN Broadcast and Multicast Traffic |
168 |
In the WebUI |
168 |
In the CLI |
169 |
Configuring Ports |
169 |
Classifying Traffic as Trusted or Untrusted |
169 |
About Trusted and Untrusted Physical Ports |
169 |
About Trusted and Untrusted VLANs |
169 |
Configuring Trusted/Untrusted Ports and VLANs |
170 |
In the WebUI |
170 |
In the CLI |
170 |
Configuring Trusted and Untrusted Ports and VLANs in Trunk Mode |
171 |
In the WebUI |
171 |
In the CLI |
171 |
Understanding VLAN Assignments |
171 |
VLAN Derivation Priorities for VLAN types |
172 |
How a VLAN Obtains an IP Address |
173 |
Assigning a Static Address to a VLAN |
173 |
In the WebUI |
173 |
In the CLI |
173 |
Configuring a VLAN to Receive a Dynamic Address |
173 |
Configuring Multiple Wired Uplink Interfaces (Active-Standby) |
173 |
Enabling the DHCP Client |
174 |
In the WebUI |
174 |
In the CLI |
174 |
Enabling the PPPoE Client |
175 |
In the WebUI |
175 |
In the CLI |
175 |
Default Gateway from DHCP/PPPoE |
175 |
In the WebUI |
175 |
In the CLI |
175 |
Configuring DNS/WINS Server from DHPC/PPPoE |
175 |
In the WebUI |
175 |
In the CLI |
176 |
Configuring Source NAT to Dynamic VLAN Address |
176 |
In the WebUI |
176 |
In the CLI |
176 |
Configuring Source NAT for VLAN Interfaces |
177 |
Sample Configuration |
177 |
In the WebUI |
177 |
In the CLI |
177 |
Inter-VLAN Routing |
178 |
In the WebUI |
178 |
In the CLI |
179 |
Configuring Static Routes |
179 |
In the WebUI |
179 |
In the CLI |
179 |
Configuring the Loopback IP Address |
179 |
In the WebUI |
179 |
In the CLI |
180 |
Configuring the Controller IP Address |
180 |
In the WebUI |
180 |
In the CLI |
181 |
Configuring GRE Tunnels |
181 |
About Layer-2 GRE Tunnels |
181 |
Layer-2 GRE Tunnel Network Diagram |
181 |
Layer-2 Traffic Flow |
181 |
About Layer-3 GRE Tunnels |
182 |
IPv4 Layer-3 GRE Tunnel Network Diagram |
182 |
IPv6 Layer-3 GRE Tunnel Network Diagram |
182 |
Layer-3 Traffic Flow |
182 |
Configuring a Layer-2 GRE Tunnel |
183 |
In the WebUI |
183 |
In the CLI |
185 |
Configuring a Layer-3 GRE Tunnel for IPv4 |
186 |
In the WebUI |
186 |
In the CLI |
187 |
Configuring a Layer-3 GRE Tunnel for IPv6 |
188 |
In the WebUI |
188 |
In the CLI |
189 |
Limitations for Static IPv6 Layer-3 Tunnels |
190 |
Directing Traffic into the Tunnel |
190 |
About Configuring Static Routes |
190 |
Configuring a Firewall Policy Rule |
190 |
Configuring Tunnel Keepalives |
192 |
Configuring GRE Tunnel Groups |
193 |
About GRE Tunnel Groups |
193 |
Tunnel Group Order |
193 |
Tunnel Failover |
193 |
Preemption |
194 |
Enabling a Tunnel Group |
194 |
Points to Remember |
194 |
Regarding Layer-2 Tunnel Groups |
194 |
Configuring a Layer-2 or Layer-3 Tunnel Group Using the CLI |
194 |
Example Configuration |
194 |
Enabling Preemption |
194 |
Viewing Operational Status |
195 |
Viewing Active and Member Tunnels |
195 |
Viewing the Standby Member Tunnels |
195 |
Configuring a Layer-2 or Layer-3 Tunnel Group Using the WebUI |
196 |
Jumbo Frame Support |
196 |
Limitations for Jumbo Frame Support |
196 |
Configuring Jumbo Frame Support |
197 |
In the WebUI |
197 |
In the CLI |
197 |
Viewing the Jumbo Frame Support Status |
197 |
IPv6 Support |
198 |
Understanding IPv6 Notation |
198 |
Understanding IPv6 Topology |
198 |
Enabling IPv6 |
199 |
Enabling IPv6 Support for Controller and APs |
199 |
Configuring IPv6 Addresses |
201 |
In the WebUI |
202 |
In the CLI |
202 |
Configuring IPv6 Static Neighbors |
202 |
In the WebUI |
203 |
In the CLI |
203 |
Configuring IPv6 Default Gateway and Static IPv6 Routes |
203 |
In the WebUI |
203 |
In the CLI |
203 |
Managing Controller IP Addresses |
203 |
In the WebUI |
203 |
In the CLI |
204 |
Configuring Multicast Listener Discovery |
204 |
In the WebUI |
204 |
In the CLI |
205 |
Dynamic Multicast Optimization |
205 |
In the WebUI |
205 |
In the CLI |
206 |
Limitations |
206 |
Debugging an IPv6 Controller |
206 |
In the WebUI |
206 |
In the CLI |
206 |
Provisioning an IPv6 AP |
206 |
In the WebUI |
207 |
In the CLI |
207 |
Enhancements to IPv6 Support on AP |
207 |
Filtering an IPv6 Extension Header (EH) |
207 |
Configuring a Captive Portal over IPv6 |
207 |
Working with IPv6 Router Advertisements (RAs) |
208 |
Configuring an IPv6 RA on a VLAN |
208 |
Using WebUI |
209 |
Using CLI |
209 |
Configuring Optional Parameters for RAs |
209 |
In the WebUI |
210 |
In the CLI |
211 |
RADIUS Over IPv6 |
211 |
In the CLI |
211 |
In the WebUI |
212 |
TACACS Over IPv6 |
212 |
In the CLI |
212 |
In the WebUI |
213 |
DHCPv6 Server |
213 |
Points to Remember |
213 |
DHCP Lease Limit |
213 |
Configuring DHCPv6 Server |
214 |
In the WebUI |
214 |
In the CLI |
215 |
Understanding ArubaOS Supported Network Configuration for IPv6 Clients |
216 |
Supported Network Configuration |
216 |
Understanding the Network Connection Sequence for Windows IPv6 Clients |
216 |
Understanding ArubaOS Authentication and Firewall Features that Support IPv6 |
217 |
Understanding Authentication |
217 |
Working with Firewall Features |
217 |
Understanding Firewall Policies |
219 |
Creating an IPv6 Firewall Policy |
221 |
Assigning an IPv6 Policy to a User Role |
222 |
Understanding DHCPv6 Passthrough/Relay |
222 |
Managing IPv6 User Addresses |
222 |
Viewing or Deleting User Entries |
222 |
Understanding User Roles |
223 |
Viewing Datapath Statistics for IPv6 Sessions |
223 |
Understanding IPv6 Exceptions and Best Practices |
223 |
Link Aggregation Control Protocol |
225 |
Understanding LACP Best Practices and Exceptions |
225 |
Configuring LACP |
226 |
In the CLI |
226 |
In the WebUI |
227 |
LACP Sample Configuration |
227 |
OSPFv2 |
229 |
Understanding OSPF Deployment Best Practices and Exceptions |
229 |
Understanding OSPFv2 by Example using a WLAN Scenario |
230 |
WLAN Topology |
230 |
WLAN Routing Table |
230 |
Understanding OSPFv2 by Example using a Branch Scenario |
231 |
Branch Topology |
231 |
Branch Routing Table |
232 |
Configuring OSPF |
232 |
Exporting VPN Client Addresses to OSPF |
234 |
In the WebUI |
234 |
In the CLI |
234 |
Sample Topology and Configuration |
234 |
Remote Branch 1 |
235 |
Remote Branch 2 |
236 |
W-3200 Central Office Controller—Active |
237 |
W-3200 Central Office Controller—Backup |
238 |
Topology |
240 |
Observation |
240 |
Configuring W-3600-UP Controller |
240 |
Configuring W-3600-DOWN Controller |
242 |
Viewing the Status of Instant AP VPN |
243 |
RAPNG AP-1 |
243 |
RAPNG AP-3 |
244 |
Tunneled Nodes |
246 |
Understanding Tunneled Node Configuration |
246 |
Configuring a Wired Tunneled Node Client |
247 |
Configuring an Access Port as a Tunneled Node Port |
248 |
Configuring a Trunk Port as a Tunneled Node Port |
248 |
Authentication Servers |
249 |
Understanding Authentication Server Best Practices and Exceptions |
249 |
Understanding Servers and Server Groups |
249 |
Configuring Authentication Servers |
250 |
Configuring a RADIUS Server |
250 |
Using the WebUI |
251 |
Using the CLI |
251 |
RADIUS Service-Type Attribute |
253 |
Enabling Radsec on RADIUS Servers |
254 |
In the Web UI |
254 |
In the CLI |
254 |
RADIUS Server VSAs |
254 |
RADIUS Server Authentication Codes |
257 |
RADIUS Server Fully Qualified Domain Names |
258 |
DNS Query Intervals |
258 |
Configuring Username and Password for CPPM Authentication |
258 |
In the WebUI: |
258 |
In the CLI: |
259 |
Configuring an RFC-3576 RADIUS Server |
259 |
Using the WebUI |
259 |
Using the CLI |
259 |
Configuring an RFC-3576 RADIUS Server with Radsec |
260 |
Using the WebUI |
260 |
Using the CLI |
260 |
Configuring an LDAP Server |
260 |
Using the WebUI |
261 |
Using the CLI |
261 |
Configuring a TACACS+ Server |
261 |
Using the WebUI |
262 |
Using the CLI |
262 |
Configuring a Windows Server |
263 |
Using the WebUI |
263 |
Using the CLI |
263 |
Managing the Internal Database |
263 |
Configuring the Internal Database |
263 |
Using the WebUI |
264 |
Using the CLI |
264 |
Managing Internal Database Files |
265 |
Exporting Files in the WebUI |
265 |
Importing Files in the WebUI |
265 |
Exporting and Importing Files in the CLI |
265 |
Working with Internal Database Utilities |
265 |
Deleting All Users |
265 |
Repairing the Internal Database |
265 |
Configuring Server Groups |
266 |
Configuring Server Groups |
266 |
Using the WebUI |
266 |
Using the CLI |
266 |
Configuring Server List Order and Fail-Through |
266 |
Using the WebUI |
267 |
Using the CLI |
267 |
Configuring Dynamic Server Selection |
267 |
Using the WebUI |
268 |
Using the CLI |
269 |
Configuring Match FQDN Option |
269 |
Using the WebUI |
269 |
Using the CLI |
269 |
Trimming Domain Information from Requests |
269 |
Using the WebUI |
270 |
Using the CLI |
270 |
Configuring Server-Derivation Rules |
270 |
Using the WebUI |
271 |
Using the CLI |
272 |
Configuring a Role Derivation Rule for the Internal Database |
272 |
Using the WebUI |
272 |
Using the CLI |
272 |
Assigning Server Groups |
272 |
User Authentication |
273 |
Management Authentication |
273 |
Using the WebUI |
273 |
Using the CLI |
273 |
Accounting |
273 |
RADIUS Accounting |
273 |
RADIUS Accounting on Multiple Servers |
276 |
TACACS+ Accounting |
276 |
Configuring Authentication Timers |
276 |
Setting an Authentication Timer |
277 |
Using the WebUI |
277 |
Using the CLI |
278 |
Authentication Server Load Balancing |
278 |
Enabling Authentication Server Load Balancing Functionality |
278 |
MAC-based Authentication |
279 |
Configuring MAC-Based Authentication |
279 |
Configuring the MAC Authentication Profile |
279 |
In the WebUI |
280 |
In the CLI |
280 |
Configuring Clients |
280 |
In the WebUI |
281 |
In the CLI |
281 |
Branch Controller Config for Controllers |
282 |
Branch Deployment Features |
283 |
WAN Failure (Authentication) Survivability |
284 |
Supported Client and Authentication Types |
284 |
Supported Key Reply Attributes |
285 |
Support Restrictions |
285 |
Administrative Functions |
285 |
Enabling Authentication Survivability on a Local Branch Controller |
286 |
Configuring the Survival Server Certificate |
286 |
Configuring the Lifetime of the Authentication Survivability Cache |
286 |
User Credential and Key Reply Attributes Are Saved Automatically |
286 |
Expired User Credential and Key Reply Attributes Are Purged Automatically |
286 |
About the Survival Server |
286 |
Trigger Conditions for Critical Actions |
286 |
Storing User Access Credential and Key Reply Attributes to Survival Cache |
286 |
Picking Up the Survival Server for Authentication |
287 |
Access Credential Data Stored |
287 |
Authentication for Captive Portal Clients |
287 |
Captive Portal Client Authentication Using PAP |
287 |
External Captive Portal Client Authentication Using the XML-API |
287 |
Authentication for 802.1X Clients |
288 |
802.1X Termination Disabled at the Wireless LAN Controller |
288 |
802.1X Termination Enabled at the Wireless LAN Controller |
288 |
Authentication for MAC Address-Based Clients |
289 |
Authentication for WISPr Clients |
289 |
WAN Health Check |
290 |
WAN Optimization through IP Payload Compression |
290 |
Distributed Layer 3 Branch Deployment Model |
291 |
Compression/Decompression Engine |
291 |
Modes of Operation |
291 |
Interface Bandwidth Contracts |
292 |
Integration with a Palo Alto Networks (PAN) Portal |
292 |
Integration Workflow |
293 |
Configuration Prerequisites |
294 |
Branch Controller Routing Features |
295 |
Uplink Routing Using Nexthop Lists |
295 |
Policy-Based Routing |
295 |
Zero-Touch Provisioning |
296 |
Before you Begin |
296 |
Provisioning Modes for branch deployments |
297 |
Automatically Provisioning a Branch Controller |
297 |
DHCP Options |
298 |
DHCP Server Provisioning |
298 |
Using Smart Config to create a Branch Config Group |
298 |
Config Group Management Settings |
299 |
Address Pools |
299 |
Static vs Dynamic IP Management |
299 |
System Configuration |
305 |
Networking Configuration |
307 |
Routing Configuration |
309 |
Configuring Routing for a Branch Config Group |
309 |
VPN Configuration |
314 |
WAN Configuration |
317 |
Branch Config Group Summary |
319 |
Whitelist Configuration |
320 |
PortFast and BPDU Guard |
320 |
PortFast |
320 |
BPDU Guard |
321 |
Scenarios Supported on PortFast and BPDU Guard |
321 |
Enabling PortFast and BPDU Guard on a Port |
322 |
In the Web UI |
322 |
In the CLI |
322 |
Preventing WAN Link Failure on Virtual APs |
322 |
In the WebUI |
323 |
In the CLI |
323 |
Branch WAN Dashboard Changes |
323 |
802.1X Authentication |
326 |
Understanding 802.1X Authentication |
326 |
Supported EAP Types |
326 |
Configuring Authentication with a RADIUS Server |
327 |
Configuring Authentication Terminated on Controller |
328 |
Configuring 802.1X Authentication |
329 |
In the WebUI |
329 |
In the CLI |
335 |
Configuring and Using Certificates with AAA FastConnect |
335 |
In the WebUI |
335 |
In the CLI |
335 |
Configuring User and Machine Authentication |
335 |
Working with Role Assignment with Machine Authentication Enabled |
336 |
Enabling 802.1x Supplicant Support on an AP |
337 |
Prerequisites |
338 |
Provisioning an AP as an 802.1X Supplicant |
338 |
In the WebUI |
338 |
In the CLI |
338 |
Sample Configurations |
338 |
Configuring Authentication with an 802.1X RADIUS Server |
339 |
Configuring Roles and Policies |
339 |
Creating the Student Role and Policy |
339 |
Creating the Faculty Role and Policy |
340 |
Creating the Guest Role and Policy |
341 |
Creating Roles and Policies for Sysadmin and Computer |
342 |
In the WebUI |
343 |
In the CLI |
343 |
Creating an Alias for the Internal Network |
343 |
Configuring the RADIUS Authentication Server |
343 |
In the WebUI |
343 |
In the CLI |
344 |
Configuring 802.1X Authentication |
344 |
In the WebUI |
344 |
In the CLI |
345 |
Configuring VLANs |
345 |
In the WebUI |
345 |
In the CLI |
346 |
Configuring the WLANs |
346 |
Configuring the Guest WLAN |
346 |
In the WebUI |
346 |
In the CLI |
347 |
Configuring the Non-Guest WLANs |
347 |
In the WebUI |
347 |
In the CLI |
348 |
Configuring Authentication with the Controller’s Internal Database |
348 |
Configuring the Internal Database |
349 |
In the WebUI |
349 |
In the CLI |
349 |
Configuring a Server Rule |
349 |
Configuring 802.1x Authentication |
349 |
In the WebUI |
349 |
In the CLI |
350 |
Configuring VLANs |
350 |
In the WebUI |
350 |
In the CLI |
351 |
Configuring WLANs |
351 |
Configuring the Guest WLAN |
351 |
In the WebUI |
352 |
In the CLI |
352 |
Configuring the Non-Guest WLANs |
352 |
In the WebUI |
353 |
In the CLI |
353 |
Configuring Mixed Authentication Modes |
354 |
In the CLI |
354 |
Performing Advanced Configuration Options for 802.1X |
354 |
Configuring Reauthentication with Unicast Key Rotation |
354 |
In the WebUI |
355 |
In the CLI |
355 |
Application Single Sign-On Using L2 Authentication |
355 |
Important Points to Remember |
355 |
Enabling Application SSO |
356 |
Configuring SSO IDP-Profiles |
356 |
In the WebUI |
356 |
In the CLI |
357 |
Applying an SSO Profile to a User Role |
357 |
In the WebUI |
357 |
In the CLI |
357 |
Selecting an IDP Certificate |
357 |
In the WebUI |
357 |
In the CLI |
357 |
Stateful and WISPr Authentication |
358 |
Working With Stateful Authentication |
358 |
Working With WISPr Authentication |
359 |
Understanding Stateful Authentication Best Practices |
359 |
Configuring Stateful 802.1X Authentication |
359 |
In the WebUI |
359 |
In the CLI |
360 |
Configuring Stateful NTLM Authentication |
360 |
In the WebUI |
360 |
In the CLI |
361 |
Configuring Stateful Kerberos Authentication |
361 |
In the WebUI |
361 |
In the CLI |
362 |
Configuring WISPr Authentication |
362 |
In the WebUI |
362 |
In the CLI |
363 |
Certificate Revocation |
365 |
Understanding OCSP and CRL |
365 |
Configuring a Controller as OCSP and CRL Clients |
365 |
Configuring an OCSP Controller as a Responder |
366 |
Configuring the Controller as an OCSP Client |
366 |
In the WebUI |
366 |
In the CLI |
368 |
Configuring the Controller as a CRL Client |
368 |
In the WebUI |
368 |
In the CLI |
369 |
Configuring the Controller as an OCSP Responder |
369 |
In the WebUI |
369 |
In the CLI |
370 |
Certificate Revocation Checking for SSH Pubkey Authentication |
370 |
Configuring the SSH Pubkey User with RCP |
370 |
In the WebUI |
370 |
In the CLI |
370 |
Displaying Revocation Checkpoint for the SSH Pubkey User |
371 |
Configuring the SSH Pubkey User with RCP |
371 |
In the WebUI |
371 |
In the CLI |
371 |
Removing the SSH Pubkey User |
371 |
In the WebUI |
371 |
In the CLI |
371 |
Captive Portal Authentication |
372 |
Understanding Captive Portal |
372 |
Policy Enforcement Firewall Next Generation (PEFNG) License |
372 |
Controller Server Certificate |
373 |
Configuring Captive Portal in the Base Operating System |
373 |
In the WebUI |
374 |
In the CLI |
375 |
Using Captive Portal with a PEFNG License |
375 |
Configuring Captive Portal in the WebUI |
376 |
Configuring Captive Portal in the CLI |
378 |
Sample Authentication with Captive Portal |
378 |
Creating a Guest User Role |
378 |
Creating an Auth-guest User Role |
379 |
Configuring Policies and Roles in the WebUI |
379 |
Creating a Time Range |
379 |
Creating Aliases |
380 |
Creating an Auth-Guest-Access Policy |
380 |
Creating an Block-Internal-Access Policy |
381 |
Creating a Drop-and-Log Policy |
382 |
Creating a Guest Role |
382 |
Creating an Auth-Guest Role |
383 |
Configuring Policies and Roles in the CLI |
383 |
Defining a Time Range |
383 |
Creating Aliases |
383 |
Creating a Guest-Logon-Access Policy |
384 |
Creating an Auth-Guest-Access Policy |
384 |
Creating a Block-Internal-Access Policy |
384 |
Creating a Drop-and-Log Policy |
384 |
Creating a Guest-Logon Role |
384 |
Creating an Auth-Guest Role |
384 |
Configuring Guest VLANs |
384 |
In the WebUI |
385 |
In the CLI |
385 |
Configuring Captive Portal Authentication Profiles |
385 |
Modifying the Initial User Role |
386 |
Configuring the AAA Profile |
386 |
Configuring the WLAN |
387 |
Managing User Accounts |
387 |
Configuring Captive Portal Configuration Parameters |
388 |
Enabling Optional Captive Portal Configurations |
390 |
Uploading Captive Portal Pages by SSID Association |
390 |
Changing the Protocol to HTTP |
391 |
Configuring Redirection to a Proxy Server |
392 |
Redirecting Clients on Different VLANs |
393 |
Web Client Configuration with Proxy Script |
393 |
Personalizing the Captive Portal Page |
394 |
Creating and Installing an Internal Captive Portal |
396 |
Creating a New Internal Web Page |
397 |
Username Example |
397 |
Password Example |
397 |
FQDN Example |
397 |
Basic HTML Example |
398 |
Installing a New Captive Portal Page |
398 |
Displaying Authentication Error Messages |
398 |
Reverting to the Default Captive Portal |
399 |
Configuring Localization |
399 |
Customizing the Welcome Page |
402 |
Customizing the Pop-Up box |
403 |
Customizing the Logged Out Box |
404 |
Creating Walled Garden Access |
405 |
In the WebUI |
405 |
In the CLI |
406 |
Enabling Captive Portal Enhancements |
406 |
Configuring the Redirect-URL |
406 |
Configuring the Login URL |
407 |
Defining Netdestination Descriptions |
407 |
Configuring a Whitelist |
407 |
Configuring the Netdestination for a Whitelist: |
407 |
Associating a Whitelist to Captive Portal Profile |
407 |
Applying a Captive Portal Profile to a User-Role |
408 |
Verifying a Whitelist Configuration |
408 |
Verifying a Captive Portal Profile Linked to a Whitelist |
408 |
Verifying Dynamic ACLs for a Whitelist |
408 |
Verifying DNS Resolved IP Addresses for Whitelisted URLs |
410 |
Bypassing Captive Portal Landing Page |
410 |
Virtual Private Networks |
411 |
Planning a VPN Configuration |
411 |
Selecting an IKE protocol |
412 |
Understanding Suite-B Encryption Licensing |
412 |
Working with IKEv2 Clients |
413 |
Understanding Supported VPN AAA Deployments |
413 |
Working with Certificate Groups |
414 |
Working with VPN Authentication Profiles |
414 |
Configuring a Basic VPN for L2TP/IPsec in the WebUI |
416 |
Defining Authentication Method and Server Addresses |
417 |
Defining Address Pools |
417 |
Enabling Source NAT |
417 |
Selecting Certificates |
418 |
Defining IKEv1 Shared Keys |
418 |
Configuring IKE Policies |
418 |
Setting the IPsec Dynamic Map |
419 |
Finalizing WebUI changes |
420 |
Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUI |
421 |
Defining Authentication Method and Server Addresses |
421 |
Defining Address Pools |
421 |
Enabling Source NAT |
421 |
Selecting Certificates |
422 |
Configuring IKE Policies |
422 |
Setting the IPsec Dynamic Map |
423 |
Finalizing WebUI changes |
424 |
Configuring a VPN for Smart Card Clients |
425 |
Working with Smart Card clients using IKEv2 |
425 |
Working with Smart Card Clients using IKEv1 |
425 |
Configuring a VPN for Clients with User Passwords |
426 |
In the WebUI |
426 |
In the CLI |
427 |
Configuring Remote Access VPNs for XAuth |
427 |
Configuring VPNs for XAuth Clients using Smart Cards |
427 |
Configuring a VPN for XAuth Clients Using a Username and Password |
428 |
Working with Remote Access VPNs for PPTP |
428 |
In the WebUI |
429 |
In the CLI |
429 |
Working with Site-to-Site VPNs |
429 |
Working with Third-Party Devices |
429 |
Working with Site-to-Site VPNs with Dynamic IP Addresses |
430 |
Understanding VPN Topologies |
430 |
Configuring Site-to-Site VPNs |
430 |
In the WebUI |
430 |
In the CLI |
432 |
Detecting Dead Peers |
434 |
About Default IKE Policies |
434 |
Working with VPN Dialer |
435 |
Configuring VPN Dialer |
435 |
In the WebUI |
436 |
In the CLI |
436 |
Assigning a Dialer to a User Role |
436 |
In the WebUI |
436 |
In the CLI |
437 |
Roles and Policies |
438 |
Configuring Firewall Policies |
438 |
Working With Access Control Lists (ACLs) |
439 |
Support for Desktop Virtualization Protocols |
439 |
Creating a Firewall Policy |
439 |
In the WebUI |
442 |
In the CLI |
443 |
Creating a Network Service Alias |
443 |
In the WebUI |
443 |
In the CLI |
443 |
Creating an ACL White List |
444 |
Creating a Bandwidth Contract in the WebUI |
444 |
Configuring the ACL White List in the WebUI |
444 |
Creating a Bandwidth Contract in the CLI |
444 |
Configuring the ACL White List in the CLI |
444 |
User Roles |
445 |
In the WebUI |
445 |
In the CLI |
447 |
Assigning User Roles |
447 |
Assigning User Roles in AAA Profiles |
447 |
In the WebUI |
447 |
In the CLI |
448 |
Working with User-Derived VLANs |
448 |
Understanding Device Identification |
449 |
Configuring a User-derived VLAN in the WebUI |
450 |
Configuring a User-derived Role or VLAN in the CLI |
450 |
User-Derived Role Example |
450 |
RADIUS Override of User-Derived Roles |
451 |
Configuring a Default Role for Authentication Method |
451 |
In the WebUI |
451 |
In the CLI |
451 |
Configuring a Server-Derived Role |
452 |
Configuring a VSA-Derived Role |
452 |
Understanding Global Firewall Parameters |
452 |
Using AppRF 2.0 |
458 |
Enabling Deep Packet Inspection (DPI) |
458 |
In the WebUI |
458 |
In the CLI |
458 |
Configuring Policies for AppRF 2.0 |
458 |
How ACL Works with AppRF |
458 |
Global Session ACL |
459 |
Role Default Session ACL |
459 |
Example |
459 |
Configuring Bandwidth Contracts for AppRF 2.0 |
461 |
Global Bandwidth Contract Configuration |
461 |
Role-Specific Bandwidth Contracts |
461 |
ClearPass Policy Manager Integration |
463 |
Introduction |
463 |
Important Points to Remember |
463 |
Enabling Downloadable Role on a Controller |
464 |
Using the WebUI |
464 |
Using the CLI |
464 |
Sample Configuration |
464 |
CPPM Server Configuration |
464 |
Adding a Device |
464 |
Adding Enforcement Profile |
465 |
Advanced Role Configuration Mode |
466 |
Adding Enforcement Policy |
467 |
Adding Services |
469 |
Controller Configuration |
470 |
Configuring CPPM Server on Controller |
470 |
Configuring Server Group to include CPPM Server |
471 |
Configuring 802.1X Profile |
471 |
Configuring AAA Profile |
471 |
Show AAA Profile |
471 |
Virtual APs |
472 |
Virtual AP Configuration Workflow |
472 |
Using the WebUI |
472 |
Using the CLI |
473 |
Virtual AP Profiles |
473 |
Configuring the Virtual AP Profile |
474 |
Creating and Configuring a Profile |
474 |
Selective Multicast Stream |
479 |
Associating Other Profiles to the Virtual AP |
479 |
Configuring a Virtual AP in the CLI |
480 |
Associating a Virtual AP Profile to an AP or AP Group |
480 |
In the WebUI |
480 |
In the CLI |
481 |
Excluding a Virtual AP Profile |
481 |
In the WebUI |
481 |
In the CLI |
481 |
Changing a Virtual AP Forwarding Mode |
481 |
Radio Resource Management (802.11k) |
482 |
Configuring the 802.11k Profile |
482 |
In the WebUI |
482 |
In the CLI |
484 |
Configuring Radio Resource Management Information Elements |
484 |
In the WebUI |
484 |
In the CLI |
486 |
Configuring Beacon Report Requests |
486 |
In the WebUI |
486 |
In the CLI |
487 |
Configuring Traffic Stream Measurement Report Requests |
487 |
In the WebUI |
488 |
In the CLI |
489 |
BSS Transition Management (802.11v) |
489 |
Frame Types |
489 |
802.11k and 802.11v clients |
490 |
Enabling 802.11v BSS Transition Management |
490 |
Fast BSS Transition ( 802.11r) |
490 |
Important Points to Remember |
490 |
Configuring Fast BSS Transition |
491 |
In the WebUI |
491 |
In the CLI |
491 |
Troubleshooting Fast BSS Transition |
491 |
SSID Profiles |
492 |
SSID Profile Overview |
492 |
Suite-B Cryptography |
492 |
Wi-Fi Multimedia Protection |
493 |
Management Frame Protection |
493 |
Configuring the SSID Profile |
493 |
In the WebUI |
493 |
In the CLI |
499 |
WLAN Authentication |
499 |
Configuring an AAA Profile in the WebUI |
499 |
Configuring an AAA Profile in the CLI |
501 |
High-Throughput Virtual APs |
502 |
Configuring the High-Throughput Radio Profile |
502 |
In the WebUI |
502 |
In the CLI |
503 |
Configuring the High-Throughput SSID Profile |
503 |
In the WebUI |
503 |
In the CLI |
506 |
Guest WLANs |
506 |
Configuring a Guest VLAN |
507 |
In the WebUI |
507 |
In the CLI |
507 |
Configuring a Guest Role |
507 |
In the WebUI |
507 |
In the CLI |
508 |
Configuring a Guest Virtual AP |
508 |
In the WebUI |
508 |
In the CLI |
508 |
Changing a Virtual AP Forwarding Mode |
509 |
Adaptive Radio Management |
510 |
ARM Feature Overviews |
510 |
Configuring ARM Settings |
510 |
ARM Troubleshooting |
510 |
Understanding ARM |
510 |
ARM Support for 802.11n |
511 |
Monitoring Your Network with ARM |
511 |
Maintaining Channel Quality |
511 |
Configuring ARM Scanning |
511 |
Understanding ARM Application Awareness |
512 |
Client Match |
512 |
BSS Transition Management Support |
513 |
Steering a Client |
513 |
Multi-Media Sync-Up |
513 |
Removing VBR Dependency on Probe Requests |
513 |
ARM Coverage and Interference Metrics |
514 |
Configuring ARM Profiles |
514 |
Creating and Configuring a New ARM Profile |
514 |
In the WebUI |
515 |
In the CLI |
522 |
Modifying an Existing Profile |
523 |
Copying an Existing Profile |
523 |
Deleting a Profile |
524 |
Assigning an ARM Profile to an AP Group |
524 |
In the WebUI |
524 |
In the CLI |
525 |
Using Multi-Band ARM for 802.11a/802.11g Traffic |
525 |
Band Steering |
525 |
Steering Modes |
526 |
Enabling Band Steering |
526 |
In the WebUI |
526 |
In the CLI |
526 |
Enabling Traffic Shaping |
527 |
Enabling Traffic Shaping |
527 |
In the WebUI |
527 |
In the CLI |
528 |
Enabling or Disabling the Hard Limit Parameter in Traffic Management Profile |
528 |
Using the WebUI |
529 |
Using the CLI |
529 |
Spectrum Load Balancing |
529 |
Reusing Channels to Control RX Sensitivity Tuning |
529 |
Configuring Non-802.11 Noise Interference Immunity |
530 |
Troubleshooting ARM |
530 |
Too many APs on the Same Channel |
531 |
Wireless Clients Report a Low Signal Level |
531 |
Transmission Power Levels Change Too Often |
531 |
APs Detect Errors but Do Not Change Channels |
531 |
APs Don’t Change Channels Due to Channel Noise |
531 |
Wireless Intrusion Prevention |
532 |
Working with the Reusable Wizard |
532 |
Understanding Wizard Intrusion Detection |
533 |
Understanding Wizard Intrusion Protection |
534 |
Protecting Your Infrastructure |
534 |
Protecting Your Clients |
534 |
Monitoring the Dashboard |
535 |
Detecting Rogue APs |
536 |
Understanding Classification Terminology |
536 |
Understanding Classification Methodology |
537 |
Understanding Match Methods |
537 |
Understanding Match Types |
538 |
Understanding Suspected Rogue Confidence Level |
538 |
Understanding AP Classification Rules |
538 |
Understanding SSID specification |
539 |
Understanding SNR specification |
539 |
Understanding Discovered-AP-Count specification |
539 |
Sample Rules |
539 |
Understanding Rule Matching |
539 |
Working with Intrusion Detection |
539 |
Understanding Infrastructure Intrusion Detection |
539 |
Detecting an 802.11n 40MHz Intolerance Setting |
543 |
Detecting Active 802.11n Greenfield Mode |
544 |
Detecting Ad hoc Networks |
544 |
Detecting an Ad hoc Network Using a Valid SSID |
544 |
Detecting an AP Flood Attack |
544 |
Detecting AP Impersonation |
544 |
Detecting AP Spoofing |
544 |
Detecting Bad WEP Initialization |
544 |
Detecting a Beacon Frame Spoofing Attack |
544 |
Detecting a Client Flood Attack |
544 |
Detecting a CTS Rate Anomaly |
545 |
Detecting an RTS Rate Anomaly |
545 |
Detecting Devices with an Invalid MAC OUI |
545 |
Detecting an Invalid Address Combination |
545 |
Detecting an Overflow EAPOL Key |
545 |
Detecting Overflow IE Tags |
545 |
Detecting a Malformed Frame-Assoc Request |
545 |
Detecting Malformed Frame-Auth |
545 |
Detecting a Malformed Frame-HT IE |
546 |
Detecting a Malformed Frame-Large Duration |
546 |
Detecting a Misconfigured AP |
546 |
Detecting a Windows Bridge |
546 |
Detecting a Wireless Bridge |
546 |
Detecting Broadcast Deauthentication |
546 |
Detecting Broadcast Disassociation |
546 |
Detecting Netstumbler |
546 |
Detecting Valid SSID Misuse |
546 |
Detecting Wellenreiter |
546 |
Understanding Client Intrusion Detection |
547 |
Detecting a Block ACK DoS |
549 |
Detecting a ChopChop Attack |
549 |
Detecting a Disconnect Station Attack |
549 |
Detecting an EAP Rate Anomaly |
549 |
Detecting a FATA-Jack Attack Structure |
549 |
Detecting a Hotspotter Attack |
550 |
Detecting a Meiners Power Save DoS Attack |
550 |
Detecting an Omerta Attack |
550 |
Detecting Rate Anomalies |
550 |
Detecting a TKIP Replay Attack |
550 |
Detecting Unencrypted Valid Clients |
550 |
Detecting a Valid Client Misassociation |
550 |
Detecting an AirJack Attack |
551 |
Detecting ASLEAP |
551 |
Detecting a Null Probe Response |
551 |
Configuring Intrusion Protection |
551 |
Understanding Infrastructure Intrusion Protection |
551 |
Protecting 40MHz 802.11 High Throughput Devices |
553 |
Protecting 802.11n High Throughput Devices |
553 |
Protecting Against Adhoc Networks |
553 |
Protecting Against AP Impersonation |
554 |
Protecting Against Misconfigured APs |
554 |
Protecting Against Wireless Hosted Networks |
554 |
Protecting SSIDs |
554 |
Protecting Against Rogue Containment |
554 |
Protecting Against Suspected Rogue Containment |
554 |
Protection against Wired Rogue APs |
554 |
Understanding Client Intrusion Protection |
554 |
Protecting Valid Stations |
555 |
Protecting Windows Bridge |
555 |
Warning Message for Containment Features |
555 |
Configuring the WLAN Management System (WMS) |
555 |
In the WebUI |
555 |
In the CLI |
557 |
Configuring Local WMS Settings |
557 |
Managing the WMS Database |
557 |
Understanding Client Blacklisting |
558 |
Methods of Blacklisting |
558 |
Blacklisting Manually |
558 |
Blacklisting by Authentication Failure |
559 |
Enabling Attack Blacklisting |
559 |
Setting Blacklist Duration |
560 |
Removing a Client from Blacklisting |
560 |
Working with WIP Advanced Features |
560 |
Configuring TotalWatch |
561 |
Understanding TotalWatch Channel Types and Qualifiers |
561 |
Understanding TotalWatch Monitoring Features |
562 |
Understanding TotalWatch Scanning Spectrum Features |
562 |
Understanding TotalWatch Channel Dwell Time |
562 |
Understanding TotalWatch Channel Visiting |
563 |
Understanding TotalWatch Age out of Devices |
563 |
Administering TotalWatch |
563 |
Configuring Per Radio Settings |
563 |
Configuring Per AP Setting |
563 |
Licensing |
564 |
Tarpit Shielding Overview |
564 |
Configuring Tarpit Shielding |
564 |
Enabling Tarpit Shielding |
565 |
Understanding Tarpit Shielding Licensing CLI Commands |
565 |
Access Points |
566 |
Basic Functions and Features |
566 |
Naming and Grouping APs |
567 |
Creating an AP group |
568 |
In the WebUI |
568 |
In the CLI |
569 |
Assigning APs to an AP Group |
569 |
In the WebUI |
569 |
In the CLI |
569 |
Understanding AP Configuration Profiles |
569 |
AP Profiles |
570 |
RF Management Profiles |
571 |
Wireless LAN Profiles |
571 |
Mesh Profiles |
574 |
QoS Profiles |
574 |
IDS Profiles |
575 |
HA Group profiles |
575 |
Other Profiles |
575 |
Profile Hierarchy |
576 |
Viewing Profile Errors |
576 |
Before you Deploy an AP |
576 |
Mesh AP Preconfiguration |
576 |
Remote AP Preconfiguration |
576 |
Enable Controller Discovery |
577 |
Controller Discovery using DNS |
577 |
Controller Discovery using ADP |
577 |
Controller discovery using a DHCP Server |
578 |
Enable DHCP to Provide APs with IP Addresses |
578 |
In the WebUI |
578 |
In the CLI |
578 |
AP Provisioning Profiles |
579 |
Defining an AP Provisioning Profile |
579 |
Assigning Provisioning Profiles |
581 |
Configuring Installed APs |
581 |
Configuring an AP using the Provisioning Wizard |
582 |
Configuring a AP using the WebUI |
582 |
Configuring a Remote AP |
583 |
Remote Authentication |
583 |
RAP Configuration |
583 |
Configuring a Mesh AP |
584 |
Verifying the Configuration |
584 |
Optional AP Configuration Settings |
584 |
Changing the AP Installation Mode |
585 |
In the WebUI |
585 |
In the CLI |
585 |
Renaming an AP |
586 |
In the WebUI |
586 |
In the CLI |
586 |
Enabling Spanning Tree |
586 |
In the WebUI |
586 |
In the CLI |
586 |
AP Console Access Using a Backup ESSID |
587 |
In the WebUI |
587 |
In the CLI |
587 |
Defining an RTLS Server |
587 |
In the WebUI |
588 |
In the CLI |
588 |
Important Points to Remember |
588 |
AP Redundancy |
588 |
In the WebUI |
589 |
In the CLI |
589 |
AP Maintenance Mode |
589 |
In the WebUI |
589 |
In the CLI |
590 |
Energy Efficient Ethernet |
590 |
In the WebUI |
590 |
In the CLI |
591 |
AP LEDs |
591 |
In the WebUI |
591 |
In the CLI |
591 |
Suppressing Client Probe Requests |
592 |
In the WebUI |
592 |
In the CLI |
593 |
RF Management |
593 |
802.11a and 802.11g RF Management Profiles |
593 |
VHT Support on W-AP200 Series, W-AP210 Series, W-AP220 Series, and W-AP270 Se... |
594 |
Managing 802.11a/802.11g Profiles Using the WebUI |
594 |
Creating or Editing a Profile |
594 |
Assigning an 802.11a/802.11g Profile to an AP or AP Group |
599 |
Assigning a High-throughput Profile |
600 |
Assigning an ARM Profile |
600 |
Deleting a Profile |
601 |
Managing 802.11a/802.11g Profiles Using the CLI |
601 |
Creating or Modifying a Profile |
601 |
Viewing RF Management Settings |
602 |
Assigning a 802.11a/802.11g Profile |
602 |
Deleting a Profile |
603 |
RF Optimization |
603 |
Using the WebUI |
603 |
Using the CLI |
603 |
RF Event Configuration |
604 |
Using the WebUI |
604 |
Using the CLI |
605 |
Optimizing APs Over Low-Speed Links |
606 |
Configuring the Bootstrap Threshold |
606 |
Prioritizing AP heartbeats |
611 |
AP Scanning Optimization |
611 |
Channel Types and Priority |
611 |
In the CLI |
612 |
Scanning Optimizations |
612 |
Unconventional (direction) Scans |
612 |
Modifications in Scan Frequency |
613 |
Channel Group Scanning |
613 |
Channel Group Scanning |
613 |
Configuring AP Channel Assignments |
613 |
Using the WebUI |
614 |
Using the CLI |
615 |
Channel Switch Announcement (CSA) |
615 |
Using the WebUI |
615 |
Using the CLI |
615 |
Automatic Channel and Transmit Power Selection |
615 |
Managing AP Console Settings |
616 |
Username and Password Protection |
617 |
Setting a Console/Telnet Username and Password |
617 |
Disabling Access to the AP Console |
618 |
Link Aggregation Support on W-AP220 Series and W-AP270 Series |
618 |
Configuring LACP |
618 |
Using the WebUI, in ArubaOS 6.4.2.x and later |
619 |
Using the CLI, in ArubaOS 6.4.2.x and later |
619 |
Using the WebUI in ArubaOS 6.3.1.x-6.4.1.x |
619 |
Using the CLI in ArubaOS 6.3.1.x-6.4.1.x |
619 |
Important Points to Remember |
620 |
Troubleshooting Link Aggregation |
620 |
Service Tag |
620 |
In the WebUI |
620 |
In the CLI |
620 |
Secure Enterprise Mesh |
622 |
Mesh Overview Information |
622 |
Mesh Configuration Procedures |
622 |
Understanding Mesh Access Points |
622 |
Mesh Portals |
623 |
Mesh Points |
623 |
Mesh Clusters |
624 |
Understanding Mesh Links |
624 |
Link Metrics |
625 |
Optimizing Links |
626 |
Understanding Mesh Profiles |
626 |
Mesh Cluster Profiles |
626 |
Mesh Radio Profiles |
627 |
RF Management (802.11a and 802.11g) Profiles |
628 |
Adaptive Radio Management Profiles |
628 |
High-Throughput Radio Profiles |
629 |
Mesh High-Throughput SSID Profiles |
629 |
Wired AP Profiles |
629 |
Mesh Recovery Profiles |
629 |
Understanding Remote Mesh Portals (RMPs) |
630 |
Understanding the AP Boot Sequence |
631 |
Booting the Mesh Portal |
632 |
Booting the Mesh Point |
632 |
Air Monitoring and Mesh |
632 |
Mesh Deployment Solutions |
632 |
Thin AP Services with Wireless Backhaul Deployment |
633 |
Point-to-Point Deployment |
633 |
Point-to-Multipoint Deployment |
633 |
High-Availability Deployment |
634 |
Mesh Deployment Planning |
635 |
Pre-Deployment Considerations |
635 |
Outdoor-Specific Deployment Considerations |
635 |
Configuration Considerations |
635 |
Post-Deployment Considerations |
636 |
Dual-Port AP Considerations |
636 |
Configuring Mesh Cluster Profiles |
636 |
Managing Mesh Cluster Profiles in the WebUI |
636 |
Creating a Profile |
636 |
Associating a Mesh Cluster Profile to Mesh APs |
638 |
Editing a Mesh Cluster Profile |
638 |
Deleting a Mesh Cluster Profile |
639 |
Managing Mesh Cluster Profiles in the CLI |
639 |
Viewing Mesh Cluster Profile Settings |
640 |
Associating Mesh Cluster Profiles |
640 |
Excluding a Mesh Cluster Profile from a Mesh Node |
640 |
Deleting a Mesh Cluster Profile |
640 |
Creating and Editing Mesh Radio Profiles |
641 |
Managing Mesh Radio Profiles in the WebUI |
641 |
Creating or Editing a Mesh Radio Profile |
641 |
Assigning a Mesh Radio Profile to a Mesh AP or AP Group |
644 |
Managing Mesh Radio Profiles in the CLI |
645 |
Creating or Modifying a Mesh Radio Profile |
645 |
Assigning a Mesh Radio Profile to a Mesh AP or AP Group |
645 |
Deleting Mesh Radio Profiles |
646 |
Creating and Editing Mesh High-Throughput SSID Profiles |
646 |
Managing Mesh High-Throughput SSID Profiles in the WebUI |
646 |
Creating a Profile |
646 |
Assigning a Profile to an AP Group |
650 |
Editing a Profile |
651 |
Deleting a Profile |
651 |
Managing Mesh High-Throughput SSID Profiles in the CLI |
651 |
Creating or Modifying a Profile |
651 |
Assigning a Profile to an AP Group |
652 |
Viewing High-throughput SSID Settings |
652 |
Deleting a Profile |
652 |
Configuring Ethernet Ports for Mesh |
652 |
Configuring Bridging on the Ethernet Port |
652 |
Configuring Ethernet Ports for Secure Jack Operation |
653 |
In the WebUI |
653 |
In the CLI |
654 |
Extending the Life of a Mesh Network |
654 |
In the WebUI |
654 |
In the CLI |
655 |
Provisioning Mesh Nodes |
655 |
Provisioning Caveats |
655 |
Provisioning Mesh Nodes |
656 |
In the WebUI |
656 |
In the CLI |
656 |
Verifying Your Mesh Network |
657 |
Verification Checklist |
657 |
CLI Examples |
658 |
Configuring Remote Mesh Portals (RMPs) |
659 |
Creating a Remote Mesh Portal In the WebUI |
659 |
Step 1: Provision the AP |
659 |
Step 2: Define the Mesh Private VLAN in the Mesh Radio Profile |
659 |
Step 3: Assign the Mesh Radio Profile to a Remote Mesh AP |
660 |
Step 4: Assign an RF Management Profile to a Remote Mesh AP |
660 |
Step 5: Assign a Mesh Cluster Profile |
660 |
Step 6: Configuring a DHCP Pool |
660 |
Step 7: Configuring the VLAN ID of the Virtual AP Profile |
660 |
Provisioning a Remote Mesh Portal In the CLI |
660 |
Increasing Network Uptime Through Redundancy and VRRP |
661 |
High Availability |
661 |
Pre-Deployment Information |
661 |
Configuration Procedures |
661 |
VRRP-Based Redundancy |
661 |
High Availability Deployment Models |
662 |
Active/Active Deployment Model |
662 |
1:1 Active/Standby Deployment Model |
662 |
N:1 Active/Standby Deployment Model |
663 |
Master-Redundancy Deployment Model |
663 |
AP Communication with Controllers |
664 |
Client State Synchronization |
664 |
Feature Guidelines and Limitations |
665 |
High Availability Inter-Controller Heartbeats |
665 |
High Availability Extended Controller Capacity |
665 |
Feature Requirements |
666 |
Standby Controller Capacity |
666 |
AP Failover |
667 |
Configuring High Availability |
667 |
Pre-Deployment Information |
667 |
Configuring High Availability |
667 |
In the WebUI |
667 |
In the CLI |
668 |
Migrating from VRRP or Backup-LMS Redundancy |
669 |
Configuring a Master Controller for Redundancy and High Availability |
669 |
Migrating from VRRP Redundancy |
670 |
Migrating from Backup-LMS Redundancy |
670 |
Configuring VRRP Redundancy |
670 |
Before you Begin |
670 |
Configuring the Local Controller for Redundancy |
671 |
In the WebUI |
671 |
In the CLI |
672 |
Configuring the LMS IP |
673 |
In the WebUI |
673 |
In the CLI |
673 |
Configuring the Master Controller for Redundancy |
674 |
Configuring Database Synchronization |
675 |
In the WebUI |
675 |
In the CLI |
675 |
Enabling Incremental Configuration Synchronization (CLI Only) |
676 |
Configuring Master-Local Controller Redundancy |
676 |
RSTP |
678 |
Understanding RSTP Migration and Interoperability |
678 |
Working with Rapid Convergence |
678 |
Edge Port and Point-to-Point |
679 |
Configuring RSTP |
679 |
In the WebUI |
680 |
In the CLI |
681 |
Monitoring RSTP |
681 |
Troubleshooting RSTP |
681 |
PVST+ |
683 |
Understanding PVST+ Interoperability and Best Practices |
683 |
Enabling PVST+ in the CLI |
683 |
Enabling PVST+ in the WebUI |
684 |
Link Layer Discovery Protocol |
685 |
Important Points to Remember |
685 |
LLDP Overview |
685 |
Default LLDP Configuration |
686 |
Configuring LLDP |
686 |
Monitoring LLDP Configuration |
686 |
Display LLDP Interface |
686 |
Display LLDP Interface <interface> |
686 |
Display LLDP Neighbor |
687 |
Display LLDP Neighbor Interface Detail |
687 |
Display LLDP Statistics |
688 |
Display LLDP Statistics Interface |
688 |
IP Mobility |
689 |
Understanding Dell Mobility Architecture |
689 |
Configuring Mobility Domains |
690 |
Configuring a Mobility Domain |
691 |
In the WebUI |
691 |
In the CLI |
692 |
Joining a Mobility Domain |
692 |
In the WebUI |
692 |
In the CLI |
692 |
In the WebUI |
693 |
In the CLI |
694 |
Tracking Mobile Users |
694 |
Mobile Client Roaming Status |
694 |
In the WebUI |
694 |
In the CLI |
694 |
Viewing User Roaming Status using the CLI |
695 |
In the CLI |
696 |
Mobile Client Roaming Locations |
696 |
In the WebUI |
696 |
In the CLI |
696 |
HA Discovery on Association |
696 |
In the CLI |
696 |
Configuring Advanced Mobility Functions |
696 |
In the WebUI |
696 |
In the CLI |
699 |
Proxy Mobile IP |
699 |
Revocations |
700 |
IPv6 L3 Mobility |
700 |
Multicast Mobility |
700 |
Important Points to Remember |
701 |
In the CLI |
701 |
Understanding Bridge Mode Mobility Deployments |
705 |
Enabling Mobility Multicast |
706 |
Working with Proxy IGMP and Proxy Remote Subscription |
707 |
IGMPv3 Support |
707 |
Configuring SSM Range |
707 |
Working with Inter Controller Mobility |
708 |
Configuring Mobility Multicast |
709 |
In the WebUI |
709 |
In the CLI |
709 |
External Firewall Configuration |
711 |
Understanding Firewall Port Configuration Among Dell Devices |
711 |
Communication Between Controllers |
711 |
Communication Between APs and the Controller |
711 |
Communication Between Remote APs and the Controller |
712 |
Enabling Network Access |
712 |
Ports Used for Virtual Internet Access (VIA) |
712 |
Configuring Ports to Allow Other Traffic Types |
712 |
Palo Alto Networks Firewall Integration |
714 |
Limitations |
714 |
Preconfiguration on the PAN Firewall |
714 |
User-ID Support |
715 |
Device-Type Based Policy Support |
715 |
Configuring PAN Firewall Integration |
716 |
Creating PAN Profiles |
716 |
Using the WebUI |
717 |
Using the CLI |
717 |
Activating a PAN Profile |
717 |
Using the WebUI |
718 |
Using the CLI |
718 |
Enabling PAN Firewall Integration |
718 |
Using the WebUI |
718 |
Using the CLI |
718 |
Enabling PAN Firewall Integration for VIA Clients |
718 |
Using the WebUI |
718 |
Using the CLI |
718 |
Enabling PAN Firewall Integration for VPN Clients |
718 |
Using the WebUI |
719 |
Using the CLI |
719 |
Remote Access Points |
720 |
About Remote Access Points |
720 |
Configuring the Secure Remote Access Point Service |
722 |
Configure a Public IP Address for the Controller |
722 |
In the WebUI |
722 |
In the CLI |
722 |
Configure the NAT Device |
723 |
Configure the VPN Server |
723 |
In the WebUI |
723 |
In the CLI |
723 |
CHAP Authentication Support over PPPoE |
723 |
In the WebUI |
723 |
In the CLI |
724 |
Configuring Certificate RAP |
724 |
In the WebUI |
724 |
In the CLI |
724 |
Creating a Remote AP Whitelist |
724 |
Configuring PSK RAP |
725 |
In the WebUI |
725 |
Add the user to the internal database |
725 |
RAP Static Inner IP Address |
725 |
In the WebUI |
726 |
In the CLI |
726 |
Provision the AP |
726 |
Deploying a Branch/Home Office Solution |
727 |
Provisioning the Branch AP |
728 |
Configuring the Branch AP |
728 |
Troubleshooting Remote AP |
728 |
Local Debugging |
728 |
Remote AP Summary |
729 |
Multihoming on remote AP (RAP) |
732 |
Seamless failover from backup link to primary link on RAP |
733 |
Remote AP Connectivity |
733 |
Remote AP Diagnostics |
733 |
Enabling Remote AP Advanced Configuration Options |
734 |
Understanding Remote AP Modes of Operation |
734 |
Working in Fallback Mode |
736 |
Backup Configuration Behavior for Wired Ports |
737 |
Configuring Fallback Mode |
737 |
Configuring the AAA Profile for Fallback Mode |
737 |
Configuring the Virtual AP Profile for Fallback Mode |
738 |
Configuring the DHCP Server on the Remote AP |
739 |
Configuring Advanced Backup Options |
741 |
Configuring the Session ACL |
742 |
Configuring the AAA Profile |
743 |
Defining the Backup Configuration |
743 |
Specifying the DNS Controller Setting |
744 |
In the WebUI |
745 |
Backup Controller List |
745 |
Configuring the LMS and backup LMS IP addresses |
746 |
Configuring Remote AP Failback |
746 |
In the WebUI |
746 |
In the CLI |
747 |
Enabling RAP Local Network Access |
747 |
In the WebUI |
747 |
In the CLI |
747 |
Configuring Remote AP Authorization Profiles |
748 |
In the WebUI |
748 |
In the CLI |
748 |
Working with Access Control Lists and Firewall Policies |
748 |
Understanding Split Tunneling |
749 |
Configuring Split Tunneling |
749 |
Configuring the Session ACL Allowing Tunneling |
750 |
In the WebUI |
750 |
In the CLI |
751 |
Configuring an ACL to Restrict Local Debug Homepage Access |
751 |
In the WebUI |
752 |
In the CLI |
752 |
Configuring the AAA Profile for Tunneling |
752 |
In the WebUI |
753 |
In the CLI |
753 |
Configuring the Virtual AP Profile |
753 |
In the WebUI |
753 |
In the CLI |
754 |
Defining Corporate DNS Servers |
754 |
In the WebUI |
754 |
In the CLI |
754 |
Understanding Bridge |
755 |
Configuring Bridge |
755 |
Configuring the Session ACL |
756 |
In the WebUI |
756 |
In the CLI |
757 |
Configuring the AAA Profile for Bridge |
757 |
In the WebUI |
757 |
In the CLI |
758 |
Configuring Virtual AP Profile |
758 |
In the WebUI |
758 |
In the CLI |
758 |
Provisioning Wi-Fi Multimedia |
759 |
Reserving Uplink Bandwidth |
759 |
Understanding Bandwidth Reservation for Uplink Voice Traffic |
759 |
Configuring Bandwidth Reservation |
759 |
In the WebUI |
759 |
In the CLI |
760 |
Provisioning 4G USB Modems on Remote Access Points |
760 |
4G USB Modem Provisioning Best Practices and Exceptions |
760 |
Provisioning RAP for USB Modems |
761 |
In the WebUI |
761 |
In the CLI |
761 |
RAP 3G/4G Backhaul Link Quality Monitoring |
762 |
Provisioning RAPs at Home |
762 |
Prerequisites |
762 |
Provisioning RAP Using Zero Touch Provisioning |
762 |
Provisioning the RAP using a Static IP Address |
763 |
Provision the RAP on a PPPoE Connection |
763 |
Using 3G/EVDO USB Modems |
764 |
Configuring W-IAP3WN and W-IAP3WNP Access Points |
766 |
In the WebUI |
766 |
In the CLI |
766 |
Converting an IAP to RAP or CAP |
766 |
Converting IAP to RAP |
767 |
Converting an IAP to CAP |
767 |
Enabling Bandwidth Contract Support for RAPs |
767 |
Configuring Bandwidth Contracts for RAP |
768 |
Defining Bandwidth Contracts |
768 |
Applying Contracts |
768 |
Verifying Contracts on AP |
768 |
Verifying Contracts Applied to Users |
769 |
Verifying Bandwidth Contracts During Data Transfer |
770 |
Virtual Intranet Access |
771 |
Spectrum Analysis |
772 |
Understanding Spectrum Analysis |
772 |
Spectrum Analysis Clients |
776 |
Hybrid AP Channel Changes |
777 |
Hybrid APs Using Mode-Aware ARM |
777 |
Creating Spectrum Monitors and Hybrid APs |
777 |
Converting APs to Hybrid APs |
778 |
In the WebUI |
778 |
In the CLI |
778 |
Converting an Individual AP to a Spectrum Monitor |
778 |
In the WebUI |
779 |
In the CLI |
779 |
Converting a Group of APs to Spectrum Monitors |
779 |
In the WebUI |
780 |
In the CLI |
780 |
Connecting Spectrum Devices to the Spectrum Analysis Client |
780 |
View Connected Spectrum Analysis Devices |
781 |
Disconnecting a Spectrum Device |
782 |
Configuring the Spectrum Analysis Dashboards |
783 |
Selecting a Spectrum Monitor |
783 |
Changing Graphs within a Spectrum View |
784 |
Renaming a Spectrum Analysis Dashboard View |
785 |
Saving a Dashboard View |
785 |
Resizing an Individual Graph |
786 |
Customizing Spectrum Analysis Graphs |
786 |
Spectrum Analysis Graph Configuration Options |
787 |
Active Devices |
787 |
Active Devices Table |
789 |
Active Devices Trend |
792 |
Channel Metrics |
794 |
Channel Metrics Trend |
796 |
Channel Summary Table |
798 |
Device Duty Cycle |
799 |
Channel Utilization Trend |
801 |
Devices vs Channel |
803 |
FFT Duty Cycle |
805 |
Interference Power |
807 |
Quality Spectrogram |
809 |
Real-Time FFT |
810 |
Swept Spectrogram |
812 |
Working with Non-Wi-Fi Interferers |
816 |
Understanding the Spectrum Analysis Session Log |
818 |
Viewing Spectrum Analysis Data |
819 |
Recording Spectrum Analysis Data |
820 |
Creating a Spectrum Analysis Record |
820 |
Saving the Recording |
821 |
Playing a Spectrum Analysis Recording |
821 |
Playing a Recording in the Spectrum Dashboard |
821 |
Playing a Recording Using the RFPlayback Tool |
822 |
Troubleshooting Spectrum Analysis |
823 |
Verifying Spectrum Monitors Support for One Client per Radio |
823 |
Converting a Spectrum Monitor Back to an AP or Air Monitor |
823 |
Troubleshooting Browser Issues |
823 |
Loading a Spectrum View |
823 |
Troubleshooting Issues with Adobe Flash Player 10.1 or Later |
823 |
Understanding Spectrum Analysis Syslog Messages |
823 |
Playing a Recording in the RFPlayback Tool |
824 |
Dashboard Monitoring |
825 |
WAN |
825 |
Performance |
826 |
Clients |
826 |
APs |
827 |
Using Dashboard Histograms |
827 |
Usage |
827 |
Potential Issues |
828 |
AppRF |
828 |
All Traffic |
829 |
Action Bar |
830 |
Filters |
830 |
Details |
831 |
Block/Unblock, Throttle, and QoS Action Buttons |
833 |
Web Content Classification |
837 |
Web Content Filters |
841 |
WebCC Configuration in the WebUI |
841 |
WebCC Configuration in the CLI |
844 |
AirGroup |
846 |
Security |
847 |
UCC |
847 |
Chart View |
848 |
Details View |
849 |
Controller |
850 |
Details View |
850 |
Info Panel |
850 |
Gauges Panel |
850 |
Ports Panel |
851 |
Controller Events |
851 |
WLANs |
851 |
Access Points |
852 |
Clients |
853 |
Firewall |
854 |
In the WebUI |
854 |
In the CLI |
854 |
Element View |
854 |
Details View |
856 |
Element Tab |
856 |
Element Summary View |
856 |
Usage Breakdown |
857 |
Aggregated Sessions |
858 |
Management Access |
860 |
Configuring Certificate Authentication for WebUI Access |
860 |
In the WebUI |
860 |
In the CLI |
861 |
Secure Shell (SSH) |
861 |
Enabling Public Key Authentication |
861 |
In the WebUI |
862 |
In the CLI |
862 |
Enabling RADIUS Server Authentication |
862 |
Configuring RADIUS Server Username and Password Authentication |
862 |
In the WebUI |
862 |
In the CLI |
863 |
Configuring RADIUS Server Authentication with VSA |
863 |
Configuring RADIUS Server Authentication with Server Derivation Rule |
863 |
In the WebUI |
863 |
In the CLI |
864 |
Configuring a set-value server-derivation rule |
864 |
In the WebUI |
864 |
In the CLI |
865 |
Disabling Authentication of Local Management User Accounts |
865 |
In the WebUI |
865 |
In the CLI |
865 |
Verifying the configuration |
866 |
Resetting the Admin or Enable Password |
866 |
Bypassing the Enable Password Prompt |
867 |
Setting an Administrator Session Timeout |
867 |
In the WebUI |
867 |
In the CLI |
867 |
Connecting to an W-AirWave Server |
867 |
AMON Message Size Changes on the Controller |
868 |
Custom Certificate Support for RAP |
869 |
Suite-B Support for ECDSA Certificate |
869 |
Setting the Default Server Certificate |
869 |
Generating a CSR |
870 |
Uploading the Certificate |
870 |
Storing CSR and Private Key Files in a USB |
870 |
AP Boot Prompt |
870 |
In the WebUI |
870 |
In the CLI |
870 |
RAP Console |
871 |
Implementing a Specific Management Password Policy |
871 |
Defining a Management Password Policy |
871 |
In the WebUI |
871 |
In the CLI |
872 |
Management Authentication Profile Parameters |
872 |
Configuring AP Image Preload |
873 |
Enable and Configure AP Image Preload |
874 |
In the WebUI |
874 |
In the CLI |
875 |
View AP Preload Status |
875 |
Configuring Centralized Image Upgrades |
876 |
Configuring Centralized Image Upgrades |
876 |
Using the WebUI |
876 |
In the CLI |
877 |
Viewing Controller Upgrade Statistics |
878 |
Managing Certificates |
878 |
About Digital Certificates |
879 |
Obtaining a Server Certificate |
879 |
In the WebUI |
879 |
In the CLI |
880 |
Obtaining a Client Certificate |
881 |
Importing Certificates |
881 |
In the WebUI |
881 |
In the CLI |
881 |
Viewing Certificate Information |
882 |
Imported Certificate Locations |
882 |
Checking CRLs |
882 |
Certificate Expiration Alert |
883 |
Chained Certificates on the RAP |
883 |
Support for Certificates on USB Flash Drives |
883 |
Marking the USB Device Connected as a Storage Device |
884 |
RAP Configuration Requirements |
884 |
Configuring SNMP |
884 |
SNMP Parameters for the Controller |
884 |
In the WebUI |
885 |
In the CLI |
885 |
Enabling Capacity Alerts |
886 |
In the WebUI |
887 |
In the CLI |
887 |
Configuring Logging |
887 |
In the WebUI |
889 |
In the CLI |
889 |
Enabling Guest Provisioning |
890 |
Configuring the Guest Provisioning Page |
890 |
In the WebUI |
890 |
Configuring the SMTP Server and Port in the WebUI |
894 |
Configuring an SMTP server and port in the CLI |
894 |
Creating Email Messages in the WebUI |
894 |
Configuring a Guest Provisioning User |
895 |
In the WebUI |
895 |
In the CLI |
896 |
Customizing the Guest Access Pass |
897 |
Creating Guest Accounts |
897 |
Guest Provisioning User Tasks |
898 |
Importing Multiple Guest Entries |
900 |
Optional Configurations |
905 |
Restricting one Captive Portal Session for each Guest |
905 |
Setting the Maximum Time for Guest Accounts |
905 |
Managing Files on the Controller |
906 |
Transferring ArubaOS Image Files |
907 |
In the WebUI |
907 |
In the CLI |
908 |
Backing Up and Restoring the Flash File System |
908 |
Backup the Flash File System in the WebUI |
908 |
Backup the Flash File System in the CLI |
908 |
Restore the Flash File System in the WebUI |
908 |
Restore the Flash File System in the CLI |
908 |
Copying Log Files |
908 |
In the WebUI |
908 |
In the CLI |
909 |
Copying Other Files |
909 |
In the WebUI |
909 |
In the CLI |
909 |
Setting the System Clock |
909 |
Manually Setting the Clock |
909 |
In the WebUI |
909 |
In the CLI |
910 |
Clock Synchronization |
910 |
In the WebUI |
910 |
In the CLI |
910 |
Configuring NTP Authentication |
910 |
In the WebUI |
910 |
In the CLI |
911 |
Timestamps in CLI Output |
911 |
ClearPass Profiling with IF-MAP |
911 |
In the WebUI |
911 |
In the CLI |
912 |
Whitelist Synchronization |
912 |
In the WebUI |
912 |
In the CLI |
913 |
Downloadable Regulatory Table |
913 |
Important Points to Remember |
913 |
Copying the Regulatory-Cert |
914 |
In the WebUI |
914 |
In the CLI |
914 |
Activating the Regulatory-Cert |
914 |
In the WebUI |
914 |
In the CLI |
915 |
Related Show Commands |
915 |
802.11u Hotspots |
916 |
Hotspot 2.0 Pre-Deployment Information |
916 |
Hotspot Profile Configuration Tasks |
916 |
Hotspot 2.0 Overview |
916 |
Generic Advertisement Service (GAS) Queries |
916 |
ANQP Information Elements |
917 |
Hotspot Profile Types |
917 |
Configuring Hotspot 2.0 Profiles |
919 |
In the WebUI |
919 |
In the CLI |
924 |
Configuring Hotspot Advertisement Profiles |
925 |
Configuring an Advertisement Profile |
925 |
In the WebUI |
925 |
In the CLI |
926 |
Associating the Advertisement Profile to a Hotspot 2.0 Profile |
926 |
In the WebUI |
926 |
In the CLI |
926 |
Configuring ANQP Venue Name Profiles |
926 |
In the WebUI |
927 |
Venue Types |
928 |
In the CLI |
928 |
Configuring ANQP Network Authentication Profiles |
928 |
In the WebUI |
929 |
In the CLI |
929 |
Configuring ANQP Domain Name Profiles |
929 |
In the WebUI |
929 |
In the CLI |
930 |
Configuring ANQP IP Address Availability Profiles |
930 |
In the WebUI |
930 |
In the CLI |
931 |
Configuring ANQP NAI Realm Profiles |
931 |
In the WebUI |
931 |
In the CLI |
935 |
Configuring ANQP Roaming Consortium Profiles |
935 |
In the WebUI |
935 |
In the CLI |
936 |
Configuring ANQP 3GPP Cellular Network Profiles |
936 |
In the WebUI |
936 |
In the CLI |
937 |
Configuring H2QP Connection Capability Profiles |
937 |
In the WebUI |
938 |
In the CLI |
939 |
Configuring H2QP Operator Friendly Name Profiles |
939 |
In the WebUI |
939 |
In the CLI |
940 |
Configuring H2QP Operating Class Indication Profiles |
940 |
In the WebUI |
940 |
In the CLI |
940 |
Configuring H2QP WAN Metrics Profiles |
941 |
In the WebUI |
941 |
In the CLI |
942 |
Adding Local Controllers |
944 |
Moving to a Multi-Controller Environment |
944 |
Configuring a PSK |
945 |
Configuring a Master Controller PSK |
945 |
Configuring a Local Controller PSK |
946 |
Configuring a Controller Certificate |
946 |
Configuring a Local Controller Certificate |
946 |
Configuring a Master Controller Certificate |
946 |
Configuring Local Controllers |
946 |
Using the Initial Setup |
947 |
In the WebUI |
947 |
In the CLI |
947 |
Configuring Layer-2/Layer-3 Settings |
947 |
Configuring Trusted Ports |
948 |
Configuring Local Controller Settings |
948 |
Configuring APs |
948 |
In the WebUI |
948 |
In the CLI |
949 |
Advanced Security |
950 |
Securing Client Traffic |
950 |
Securing Wireless Clients |
951 |
In the WebUI |
951 |
In the CLI |
952 |
Securing Wired Clients |
952 |
In the WebUI |
953 |
In the CLI |
954 |
Securing Wireless Clients Through Non-Dell APs |
954 |
In the WebUI |
954 |
In the CLI |
955 |
Securing Clients on an AP Wired Port |
955 |
In the WebUI |
955 |
In the CLI |
957 |
Enabling or Disabling Spanning Tree Parameter in AP Wired Port Profile |
957 |
In the WebUI |
957 |
In the CLI |
957 |
Securing Controller-to-Controller Communication |
957 |
Configuring Controllers for xSec |
958 |
In the WebUI |
958 |
In the CLI |
958 |
Configuring the Odyssey Client on Client Machines |
959 |
Installing the Odyssey Client |
959 |
Voice and Video |
965 |
Voice and Video License Requirements |
965 |
Configuring Voice and Video |
965 |
Voice ALG and Network Address Translation |
965 |
Setting up Net Services |
965 |
Using Default Net Services |
965 |
Creating Custom Net Services |
966 |
Configuring User Roles |
966 |
Using the Default User Role |
966 |
Creating or Modifying Voice User Roles |
967 |
Using the User-Derivation Rules |
969 |
Configuring Firewall Settings for Voice and Video ALGs |
970 |
In the WebUI |
970 |
In the CLI |
970 |
Additional Video Configurations |
971 |
Configuring Video over WLAN enhancements |
971 |
Prerequisites |
971 |
In the WebUI |
971 |
In the CLI |
973 |
Working with QoS for Voice and Video |
974 |
Understanding VoIP Call Admission Control Profile |
974 |
In the WebUI |
974 |
In the CLI |
976 |
Understanding Wi-Fi Multimedia |
976 |
Enabling WMM |
977 |
Configuring WMM AC Mapping |
978 |
Configuring DSCP Priorities |
979 |
Configuring Dynamic WMM Queue Management |
980 |
Enabling WMM Queue Content Enforcement |
983 |
In the WebUI |
983 |
In the CLI |
983 |
Unified Communication and Collaboration |
983 |
Microsoft® Lync Visibility and Granular QoS Prioritization |
984 |
Lync ALG Compatibility Matrix |
985 |
Configuration Prerequisites |
985 |
Lync SDN API 2.1 Support |
985 |
Lync SDN API - ArubaOS Compatibility Matrix |
986 |
Configuring Lync ALG |
986 |
Viewing Lync ALG Statistics using the CLI |
990 |
Viewing Lync ALG Statistics Using the WebUI |
991 |
Troubleshooting Lync ALG Issues |
992 |
UCC Dashboard in the WebUI |
993 |
UCC Dashboard Aggregated Display |
993 |
UCC Dashboard Per Client Display |
995 |
Viewing UCC Information |
997 |
Viewing UCC Call Detailed Record |
997 |
Viewing UCC Client Information |
997 |
Viewing UCC Configuration |
997 |
Viewing UCC Statistics |
998 |
Viewing UCC Trace Buffer |
998 |
UCC-W-AirWave Integration |
998 |
UCC Call Quality Metrics |
998 |
Changes to Call Admission Control |
1001 |
Troubleshooting and Log Messages |
1001 |
UCC Limitations |
1001 |
Understanding Extended Voice and Video Features |
1001 |
Understanding QoS for Microsoft Lync and Apple Facetime |
1002 |
Microsoft Lync |
1002 |
Microsoft Lync Support for Mobile Devices |
1003 |
Apple Facetime |
1003 |
In the WebUI |
1004 |
Enabling WPA Fast Handover |
1005 |
In the WebUI |
1005 |
In the CLI |
1005 |
Enabling Mobile IP Home Agent Assignment |
1005 |
Scanning for VoIP-Aware ARM |
1006 |
In the WebUI |
1006 |
In the CLI |
1006 |
Disabling Voice-Aware 802.1x |
1006 |
In the WebUI |
1006 |
In the CLI |
1007 |
Configuring SIP Authentication Tracking |
1007 |
In the WebUI |
1007 |
In the CLI |
1007 |
Enabling Real Time Call Quality Analysis |
1007 |
Important Points to Remember |
1007 |
In the Web UI |
1008 |
In the CLI |
1008 |
Enabling SIP Session Timer |
1009 |
In the WebUI |
1009 |
In the CLI |
1009 |
Enabling Wi-Fi Edge Detection and Handover for Voice Clients |
1010 |
In the WebUI |
1010 |
In the CLI |
1010 |
Working with Dial Plan for SIP Calls |
1011 |
Understanding Dial Plan Format |
1011 |
Configuring Dial Plans |
1012 |
Enabling Enhanced 911 Support |
1014 |
Working with Voice over Remote Access Point |
1015 |
Understanding Battery Boost |
1016 |
In the WebUI |
1016 |
In the CLI |
1016 |
Enabling LLDP |
1017 |
In the WebUI |
1017 |
In the CLI |
1022 |
Advanced Voice Troubleshooting |
1022 |
Viewing Troubleshooting Details on Voice Client Status |
1023 |
In the WebUI |
1023 |
In the CLI |
1023 |
Viewing Troubleshooting Details on Voice Call CDRs |
1024 |
In the WebUI |
1025 |
In the CLI |
1025 |
Enabling Voice Logs |
1025 |
In the WebUI |
1025 |
In the CLI |
1026 |
Viewing Voice Traces |
1026 |
In the WebUI |
1027 |
In the CLI |
1027 |
Viewing Voice Configurations |
1027 |
In the CLI |
1027 |
AirGroup |
1029 |
Zero Configuration Networking |
1029 |
AirGroup Solution |
1029 |
AirGroup Services |
1030 |
AirGroup Solution Components |
1031 |
AirGroup and ClearPass Policy Manager |
1031 |
AirGroup Deployment Models |
1033 |
Integrated Deployment Model |
1033 |
AirGroup with ClearPass Policy Manager |
1034 |
Features Supported in AirGroup |
1034 |
Multi-Controller AirGroup Cluster |
1034 |
Multi-Controller AirGroup Cluster—Terminologies |
1034 |
Sample AirGroup Cluster Topology |
1035 |
Master-Local Controller Synchronization |
1037 |
Pre-configured AirGroup Services |
1037 |
AirGroup IPv6 Support |
1038 |
Limitations |
1038 |
DLNA UPnP Support |
1038 |
AirGroup mDNS Static Records |
1038 |
Group Based Device Sharing |
1038 |
Dashboard Monitoring Enhancements |
1038 |
ClearPass Policy Manager and ClearPass Guest Features |
1039 |
Auto-association and Controller-based Policy |
1039 |
Configuring Auto-association and Controller-based Policy |
1039 |
Configuring Mac Address-based Policy |
1039 |
Configuring Shared Group-list |
1039 |
Configuring Shared Role-list |
1040 |
Configuring Shared User-list |
1040 |
Configuring Shared Location |
1040 |
Configuring Service Level-based Auto-association |
1041 |
Best Practices and Limitations |
1041 |
Apple iTunes Wi-Fi Synchronization and File Sharing |
1041 |
Firewall Configuration |
1041 |
Disable Inter-User Firewall Settings |
1041 |
ValidUser ACL Configuration |
1041 |
Allow GRE and UDP 5353 |
1041 |
Recommended Ports |
1042 |
Ports for AirPlay Service |
1042 |
Ports for AirPrint Service |
1042 |
AirGroup Services for Large Deployments |
1043 |
AirGroup Scalability Limits |
1043 |
Memory Utilization |
1044 |
CPU Utilization |
1044 |
General AirGroup Limitations |
1045 |
Integrated Deployment Model |
1045 |
Master-Local Controller Synchronization |
1045 |
Configuring an AirGroup Integrated Deployment Model |
1046 |
Enabling or Disabling AirGroup Global Setting |
1046 |
Enabling or Disabling mDNS and DLNA |
1048 |
Viewing AirGroup Global Setting on Controller |
1048 |
Defining an AirGroup Service |
1048 |
Enabling the allowall Service |
1050 |
Enabling or Disabling an AirGroup Service |
1051 |
Viewing AirGroup Service Status |
1051 |
Viewing Blocked Services |
1051 |
Viewing AirGroup Service Details |
1052 |
Configuring an AirGroup Domain |
1052 |
Viewing an AirGroup Domain |
1053 |
Configuring an AirGroup active-domain |
1053 |
Viewing an AirGroup active-domains |
1053 |
Viewing AirGroup VLAN Table |
1053 |
Viewing AirGroup Multi-Controller Table |
1054 |
Controller Dashboard Monitoring |
1054 |
Configuring the AirGroup-CPPM Interface |
1057 |
Configuring the CPPM Query Interval |
1057 |
Viewing the CPPM Query Interval |
1057 |
Defining a CPPM and RFC3576 Server |
1058 |
Configuring a CPPM Server |
1059 |
Configuring the CPPM Server Group |
1060 |
Configuring an RFC 3576 Server |
1060 |
Assigning CPPM and RFC 3576 Servers to AirGroup |
1060 |
In the WebUI |
1060 |
In the CLI |
1061 |
Viewing the CPPM Server Configuration |
1061 |
In the WebUI |
1061 |
In the CLI |
1061 |
Verifying CPPM Device Registration |
1062 |
Configuring CPPM to Enforce Registration |
1062 |
In the WebUI |
1062 |
In the CLI |
1062 |
Group-Based Device Sharing |
1063 |
Bluetooth-Based Discovery and AirGroup |
1064 |
AirGroup mDNS Static Records |
1064 |
Important Points to Remember |
1064 |
Creating mDNS Static Records on a Controller |
1065 |
Group mDNS Static Records |
1065 |
Individual Static mDNS Records |
1066 |
mDNS AP VLAN Aggregation |
1066 |
Configuring mDNS AP VLAN Aggregation |
1067 |
In the WebUI |
1067 |
In the CLI |
1067 |
In the WebUI |
1068 |
In the CLI |
1068 |
Disable AirGroup using WebUI |
1068 |
Disable mDNS AP VLAN aggregation using WebUI |
1068 |
Disable AirGroup using CLI |
1068 |
Disable mDNS AP VLAN Aggregation using CLI |
1068 |
mDNS Multicast Response Propagation |
1069 |
Maximum Number of iChat Users |
1069 |
Configuring mDNS Multicast Response Propagation |
1070 |
In the WebUI |
1070 |
In the CLI |
1071 |
Troubleshooting and Log Messages |
1071 |
Controller Troubleshooting Steps |
1071 |
ClearPass Guest Troubleshooting Steps |
1071 |
ClearPass Policy Manager Troubleshooting Steps |
1071 |
Log Messages |
1071 |
Show Commands |
1072 |
Viewing AirGroup mDNS and DLNA Cache |
1072 |
Viewing AirGroup mDNS and DLNA Statistics |
1072 |
Viewing AirGroup VLANs |
1072 |
Viewing AirGroup Servers |
1072 |
Viewing AirGroup Users |
1072 |
Viewing Service Queries Blocked by AirGroup |
1072 |
Viewing Blocked Services |
1072 |
AirGroup Global Tokens |
1072 |
Instant AP VPN Support |
1074 |
Overview |
1074 |
Improved DHCP Pool Management |
1074 |
Termination of Instant AP VPN Tunnels |
1074 |
Termination of IAP GRE Tunnels |
1074 |
L2/L3 Network Mode Support |
1074 |
Instant AP VPN Scalability Limits |
1075 |
Instant AP VPN OSPF Scaling |
1075 |
Branch-ID Allocation |
1077 |
Centralized BID Allocation |
1077 |
VPN Configuration |
1078 |
Whitelist DB Configuration |
1078 |
Controller Whitelist DB |
1078 |
External Whitelist DB |
1078 |
VPN Local Pool Configuration |
1078 |
Role Assignment for the Authenticated IAPs |
1078 |
VPN Profile Configuration |
1079 |
Viewing Branch Status |
1079 |
W-600 Series Controllers |
1081 |
Connecting with a USB Cellular Modems |
1081 |
How it Works |
1081 |
Switching Modes |
1081 |
Finding USB Modem Commands |
1082 |
Uplink Manager |
1082 |
Cellular Profile |
1082 |
Dialer Group |
1082 |
Configuring a Supported USB Modem |
1082 |
Configuring a New USB Modem |
1083 |
Configuring the Profile and Modem Driver |
1083 |
Configuring the TTY Port |
1084 |
Testing the TTY Port |
1084 |
Selecting the Dialer Profile |
1084 |
Linux Support |
1085 |
External Services Interface |
1086 |
Sample ESI Topology |
1086 |
Understanding the ESI Syslog Parser |
1088 |
ESI Parser Domains |
1088 |
Peer Controllers |
1089 |
Syslog Parser Rules |
1090 |
Condition Pattern Matching |
1090 |
User Pattern Matching |
1090 |
Configuring ESI |
1091 |
Configuring Health-Check Method, Groups, and Servers |
1091 |
In the WebUI |
1091 |
In the CLI |
1091 |
Defining the ESI Server |
1092 |
In the WebUI |
1092 |
In the CLI |
1092 |
Defining the ESI Server Group |
1092 |
In the WebUI |
1092 |
In the CLI |
1092 |
Policies and User Role |
1093 |
In the WebUI |
1093 |
In the CLI |
1093 |
ESI Syslog Parser Domains and Rules |
1094 |
In the WebUI |
1094 |
In the CLI |
1094 |
Managing Syslog Parser Rules |
1095 |
In the WebUI |
1095 |
In the CLI |
1097 |
Monitoring Syslog Parser Statistics |
1097 |
In the WebUI |
1097 |
In the CLI |
1097 |
Sample Route-Mode ESI Topology |
1098 |
ESI server configuration on controller |
1098 |
IP routing configuration on Fortinet gateway |
1098 |
Configuring the Example Routed ESI Topology |
1098 |
Health-Check Method, Groups, and Servers |
1099 |
Defining the Ping Health-Check Method |
1099 |
In the WebUI |
1099 |
In the CLI |
1099 |
Defining the ESI Server |
1099 |
In the WebUI |
1099 |
In the CLI |
1100 |
Defining the ESI Server Group |
1100 |
In the WebUI |
1100 |
In the CLI |
1100 |
Redirection Policies and User Role |
1100 |
In the WebUI |
1100 |
In the CLI |
1101 |
Syslog Parser Domain and Rules |
1101 |
In the WebUI |
1101 |
In the CLI |
1102 |
Sample NAT-mode ESI Topology |
1102 |
ESI server configuration on the controller |
1104 |
Configuring the Example NAT-mode ESI Topology |
1104 |
Configuring the NAT-mode ESI Example in the WebUI |
1104 |
In the WebUI |
1104 |
In the CLI |
1106 |
Understanding Basic Regular Expression (BRE) Syntax |
1107 |
Character-Matching Operators |
1107 |
Regular Expression Repetition Operators |
1108 |
Regular Expression Anchors |
1108 |
References |
1109 |
External User Management |
1110 |
Overview |
1110 |
Before you Begin |
1110 |
Working with the ArubaOS XML API Works |
1110 |
Creating an XML Request |
1110 |
Adding a User |
1111 |
Deleting a User |
1111 |
Authenticating a User |
1111 |
Blacklisting a User |
1111 |
Querying for User Status |
1111 |
XML Response |
1112 |
Default Response Format |
1112 |
Response Codes |
1112 |
Query Command Response Format |
1113 |
Using the XML API Server |
1115 |
Configuring the XML API Server |
1115 |
Associating the XML API Server to a AAA profile |
1115 |
Set up Captive Portal profile |
1117 |
Associating the Captive Portal Profile to an Initial Role |
1117 |
Creating an XML API Request |
1117 |
Monitoring External Captive Portal Usage Statistics |
1119 |
Sample Code |
1119 |
Using XML API in C Language |
1119 |
Understanding Request and Response |
1123 |
Understanding XML API Request Parameters |
1123 |
Understanding XMl API Response |
1124 |
Adding a Client |
1124 |
Deleting a Client |
1124 |
Authenticating a Client |
1125 |
Querying for Client Details |
1126 |
Blacklisting a Client |
1127 |
Behavior and Defaults |
1129 |
Understanding Mode Support |
1129 |
Understanding Basic System Defaults |
1131 |
Network Services |
1131 |
Policies |
1133 |
Validuser and Logon-control ACLs |
1139 |
Roles |
1139 |
Understanding Default Management User Roles |
1141 |
Understanding Default Open Ports |
1145 |
DHCP with Vendor-Specific Options |
1148 |
Configuring a Windows-Based DHCP Server |
1148 |
Configuring Option 60 |
1148 |
Configuring Option 60 using the Windows DHCP Server |
1148 |
Configuring Option 43 |
1149 |
Configuring Option 43 using the Windows DHCP Server: |
1149 |
Enabling DHCP Relay Agent Information Option (Option 82) |
1151 |
Configuring Option 82 |
1151 |
In the WebUI |
1151 |
In the CLI |
1151 |
Enabling Linux DHCP Servers |
1152 |
802.1X Configuration for IAS and Windows Clients |
1153 |
Configuring Microsoft IAS |
1153 |
RADIUS Client Configuration |
1153 |
Remote Access Policies |
1153 |
Active Directory Database |
1154 |
Configuring Policies |
1154 |
Configuring RADIUS Attributes |
1155 |
Configuring Management Authentication using IAS |
1155 |
Creating a Remote Policy |
1156 |
Defining Properties for Remote Policy |
1156 |
Creating a User Entry in Windows Active Directory |
1156 |
Configure the Controller to use IAS Management Authentication |
1157 |
Verify Communication between the Controller and the RADIUS Server |
1157 |
Window XP Wireless Client Sample Configuration |
1157 |
Acronyms and Terms |
1160 |
Acronyms |
1160 |