| Section |
Page |
| Contents |
3 |
| About this Guide |
83 |
| What's New In ArubaOS 6.4.x |
83 |
| Features Introduced in ArubaOS 6.4.3.0 |
83 |
| Features Introduced in ArubaOS 6.4.2.5 |
89 |
| Features Introduced in ArubaOS 6.4.2.4 |
89 |
| Features Introduced in ArubaOS 6.4.2.3 |
90 |
| Features Introduced in ArubaOS 6.4.2.0 |
90 |
| Features Introduced in ArubaOS 6.4.1.0 |
92 |
| Features Introduced in ArubaOS 6.4.0.0 |
95 |
| Fundamentals |
98 |
| WebUI |
98 |
| CLI |
99 |
| Related Documents |
99 |
| Conventions |
99 |
| Contacting Dell |
100 |
| The Basic User-Centric Networks |
101 |
| Understanding Basic Deployment and Configuration Tasks |
101 |
| Deployment Scenario #1: Controller and APs on Same Subnet |
101 |
| Deployment Scenario #2: APs All on One Subnet Different from Controller Subnet |
102 |
| Deployment Scenario #3: APs on Multiple Different Subnets from Controllers |
103 |
| Configuring the Controller |
104 |
| Running Initial Setup |
104 |
| Connecting to the Controller after Initial Setup |
105 |
| W-7000 Series and W-7200 Series Controller |
105 |
| New Port Numbering Scheme |
105 |
| W-7200 Series Controllers Individual Port Behavior |
106 |
| Using the LCD Screen |
106 |
| Using the LCD and USB Drive |
108 |
| Upgrading an Image |
108 |
| Uploading a Pre-saved Configuration |
108 |
| Disabling LCD Menu Functions |
109 |
| Configuring a VLAN to Connect to the Network |
109 |
| Creating, Updating, and Viewing VLANs and Associated IDs |
110 |
| Creating, Updating, and Deleting VLAN Pools |
110 |
| Assigning and Configuring the Trunk Port |
110 |
| In the WebUI |
110 |
| In the CLI |
111 |
| Configuring the Default Gateway |
111 |
| In the WebUI |
111 |
| In the CLI |
111 |
| Configuring the Loopback IP Address for the Controller |
111 |
| In the WebUI |
112 |
| In the CLI |
112 |
| Configuring the System Clock |
112 |
| Installing Licenses |
112 |
| Connecting the Controller to the Network |
112 |
| Enabling Wireless Connectivity |
113 |
| Enabling Wireless Connectivity |
113 |
| Configuring Your User-Centric Network |
113 |
| Replacing a Controller |
114 |
| Transferring Licenses |
114 |
| Procedure Overview |
114 |
| Change the VRRP Priorities for a Redundant Master Pair |
115 |
| Back Up the Flash File System |
115 |
| In the WebUI |
115 |
| In the CLI |
115 |
| Stage the New Controller |
115 |
| Add Licenses to the New Controller |
116 |
| Backup Newly Installed Licenses |
116 |
| Import and Restore Flash Backup |
116 |
| In the WebUI |
117 |
| In the CLI |
117 |
| Restore Licenses |
117 |
| Reboot the Controller |
117 |
| Modify the Host Name |
118 |
| Modify Topology Settings |
118 |
| Save your Configuration |
119 |
| Remove the Existing Controller |
119 |
| Control Plane Security |
120 |
| Control Plane Security Overview |
120 |
| Configuring Control Plane Security |
121 |
| In the WebUI |
121 |
| In the CLI |
123 |
| Managing AP Whitelists |
123 |
| Adding an AP to the Campus or Remote AP Whitelists |
123 |
| In the WebUI |
123 |
| In the CLI |
125 |
| Viewing AP Whitelist Status |
125 |
| Modifying an AP in the Campus AP Whitelist |
128 |
| In the WebUI |
128 |
| In the CLI |
128 |
| Revoking an AP from the Campus AP Whitelist |
129 |
| In the WebUI |
129 |
| In the CLI |
129 |
| Deleting an AP from the Campus AP Whitelist |
129 |
| In the WebUI |
129 |
| In the CLI |
130 |
| Purging a Campus AP Whitelist |
130 |
| In the WebUI |
130 |
| In the CLI |
130 |
| Offloading a Controller Whitelist to ClearPass Policy Manager |
130 |
| In the WebUI |
130 |
| In the CLI |
131 |
| Managing Whitelists on Master and Local Controllers |
131 |
| Campus AP Whitelist Synchronization |
132 |
| Viewing the Master or Local Controller Whitelists |
133 |
| In the WebUI |
133 |
| In the CLI |
134 |
| Deleting an Entry from the Master or Local Controller Whitelist |
134 |
| In the WebUI |
134 |
| In the CLI |
134 |
| Purging the Master or Local Controller Whitelist |
135 |
| In the WebUI |
135 |
| In the CLI |
135 |
| Working in Environments with Multiple Master Controllers |
135 |
| Configuring Networks with a Backup Master Controller |
135 |
| Configuring Networks with Clusters of Master Controllers |
135 |
| Creating a Cluster Root |
136 |
| Creating a Cluster Member |
137 |
| Viewing Controller Cluster Setting |
137 |
| Replacing a Controller on a Multi-Controller Network |
138 |
| Replacing Controllers in a Single Master Network |
138 |
| Replacing a Local Controller |
138 |
| Replacing a Master Controller with No Backup |
139 |
| Replacing a Redundant Master Controller |
140 |
| Replacing Controllers in a Multi-Master Network |
140 |
| Replacing a Local Controller in a Multi-Master Network |
140 |
| Replacing a Cluster Member Controller with no Backup |
140 |
| Replacing a Redundant Cluster Member Controller |
141 |
| Replacing a Cluster Root Controller with no Backup Controller |
141 |
| Replacing a Redundant Cluster Root Controller |
142 |
| Configuring Control Plane Security after Upgrading |
142 |
| Troubleshooting Control Plane Security |
143 |
| Identifying Certificate Problems |
143 |
| Verifying Certificates |
144 |
| Disabling Control Plane Security |
144 |
| Verifying Whitelist Synchronization |
144 |
| Rogue APs |
145 |
| Software Licenses |
146 |
| Understanding License Terminology |
146 |
| Working with Licenses |
147 |
| Centralized Licensing in a Multi-Controller Network |
148 |
| Primary and Backup Licensing Servers |
149 |
| Communication between the License Server and License Clients |
149 |
| Supported Topologies |
151 |
| Unsupported Topologies |
152 |
| Adding and Deleting Licenses |
153 |
| Replacing a Controller |
153 |
| Failover Behaviors |
153 |
| Client is Unreachable |
154 |
| Server is Unreachable |
154 |
| Configuring Centralized Licensing |
154 |
| Pre-configuration Setup in an All-Master Deployment |
154 |
| Preconfiguration Setup in a Master/Local Topology |
155 |
| Enabling Centralized Licensing |
155 |
| Monitoring and Managing Centralized Licenses |
156 |
| License server Table |
156 |
| License Client Table |
156 |
| License Client(s) Usage Table |
157 |
| Aggregate License Table |
158 |
| License Heartbeat Table |
158 |
| Using Licenses |
158 |
| Understanding License Interaction |
160 |
| License Installation Best Practices and Exceptions |
160 |
| Installing a License |
161 |
| Enabling a New License on your Controller |
161 |
| Requesting a Software License in Email |
161 |
| Locating the System Serial Number |
161 |
| Obtaining a Software License Key |
162 |
| Creating a Software License Key |
162 |
| Applying the Software License Key in the WebUI |
162 |
| Applying the Software License Key in the License Wizard |
162 |
| Deleting a License |
162 |
| Moving Licenses |
163 |
| Resetting the Controller |
163 |
| Network Configuration Parameters |
164 |
| Configuring VLANs |
164 |
| Creating and Updating VLANs |
164 |
| In the WebUI |
164 |
| In the CLI |
165 |
| Creating Bulk VLANs In the WebUI |
165 |
| In the CLI |
165 |
| Creating a Named VLAN |
165 |
| In the WebUI |
165 |
| Distinguishing Between Even and Hash Assignment Types |
166 |
| Updating a Named VLAN |
166 |
| Deleting a Named VLAN |
166 |
| Creating a Named VLAN Using the CLI |
167 |
| Viewing and Adding VLAN IDs Using the CLI |
167 |
| Role Derivation for Named VLAN Pools |
167 |
| In the CLI |
167 |
| In the WebUI |
168 |
| Adding a Bandwidth Contract to the VLAN |
168 |
| Optimizing VLAN Broadcast and Multicast Traffic |
168 |
| In the WebUI |
168 |
| In the CLI |
169 |
| Configuring Ports |
169 |
| Classifying Traffic as Trusted or Untrusted |
169 |
| About Trusted and Untrusted Physical Ports |
169 |
| About Trusted and Untrusted VLANs |
169 |
| Configuring Trusted/Untrusted Ports and VLANs |
170 |
| In the WebUI |
170 |
| In the CLI |
170 |
| Configuring Trusted and Untrusted Ports and VLANs in Trunk Mode |
171 |
| In the WebUI |
171 |
| In the CLI |
171 |
| Understanding VLAN Assignments |
171 |
| VLAN Derivation Priorities for VLAN types |
172 |
| How a VLAN Obtains an IP Address |
173 |
| Assigning a Static Address to a VLAN |
173 |
| In the WebUI |
173 |
| In the CLI |
173 |
| Configuring a VLAN to Receive a Dynamic Address |
173 |
| Configuring Multiple Wired Uplink Interfaces (Active-Standby) |
173 |
| Enabling the DHCP Client |
174 |
| In the WebUI |
174 |
| In the CLI |
174 |
| Enabling the PPPoE Client |
175 |
| In the WebUI |
175 |
| In the CLI |
175 |
| Default Gateway from DHCP/PPPoE |
175 |
| In the WebUI |
175 |
| In the CLI |
175 |
| Configuring DNS/WINS Server from DHPC/PPPoE |
175 |
| In the WebUI |
175 |
| In the CLI |
176 |
| Configuring Source NAT to Dynamic VLAN Address |
176 |
| In the WebUI |
176 |
| In the CLI |
176 |
| Configuring Source NAT for VLAN Interfaces |
177 |
| Sample Configuration |
177 |
| In the WebUI |
177 |
| In the CLI |
177 |
| Inter-VLAN Routing |
178 |
| In the WebUI |
178 |
| In the CLI |
179 |
| Configuring Static Routes |
179 |
| In the WebUI |
179 |
| In the CLI |
179 |
| Configuring the Loopback IP Address |
179 |
| In the WebUI |
179 |
| In the CLI |
180 |
| Configuring the Controller IP Address |
180 |
| In the WebUI |
180 |
| In the CLI |
181 |
| Configuring GRE Tunnels |
181 |
| About Layer-2 GRE Tunnels |
181 |
| Layer-2 GRE Tunnel Network Diagram |
181 |
| Layer-2 Traffic Flow |
181 |
| About Layer-3 GRE Tunnels |
182 |
| IPv4 Layer-3 GRE Tunnel Network Diagram |
182 |
| IPv6 Layer-3 GRE Tunnel Network Diagram |
182 |
| Layer-3 Traffic Flow |
182 |
| Configuring a Layer-2 GRE Tunnel |
183 |
| In the WebUI |
183 |
| In the CLI |
185 |
| Configuring a Layer-3 GRE Tunnel for IPv4 |
186 |
| In the WebUI |
186 |
| In the CLI |
187 |
| Configuring a Layer-3 GRE Tunnel for IPv6 |
188 |
| In the WebUI |
188 |
| In the CLI |
189 |
| Limitations for Static IPv6 Layer-3 Tunnels |
190 |
| Directing Traffic into the Tunnel |
190 |
| About Configuring Static Routes |
190 |
| Configuring a Firewall Policy Rule |
190 |
| Configuring Tunnel Keepalives |
192 |
| Configuring GRE Tunnel Groups |
193 |
| About GRE Tunnel Groups |
193 |
| Tunnel Group Order |
193 |
| Tunnel Failover |
193 |
| Preemption |
194 |
| Enabling a Tunnel Group |
194 |
| Points to Remember |
194 |
| Regarding Layer-2 Tunnel Groups |
194 |
| Configuring a Layer-2 or Layer-3 Tunnel Group Using the CLI |
194 |
| Example Configuration |
194 |
| Enabling Preemption |
194 |
| Viewing Operational Status |
195 |
| Viewing Active and Member Tunnels |
195 |
| Viewing the Standby Member Tunnels |
195 |
| Configuring a Layer-2 or Layer-3 Tunnel Group Using the WebUI |
196 |
| Jumbo Frame Support |
196 |
| Limitations for Jumbo Frame Support |
196 |
| Configuring Jumbo Frame Support |
197 |
| In the WebUI |
197 |
| In the CLI |
197 |
| Viewing the Jumbo Frame Support Status |
197 |
| IPv6 Support |
198 |
| Understanding IPv6 Notation |
198 |
| Understanding IPv6 Topology |
198 |
| Enabling IPv6 |
199 |
| Enabling IPv6 Support for Controller and APs |
199 |
| Configuring IPv6 Addresses |
201 |
| In the WebUI |
202 |
| In the CLI |
202 |
| Configuring IPv6 Static Neighbors |
202 |
| In the WebUI |
203 |
| In the CLI |
203 |
| Configuring IPv6 Default Gateway and Static IPv6 Routes |
203 |
| In the WebUI |
203 |
| In the CLI |
203 |
| Managing Controller IP Addresses |
203 |
| In the WebUI |
203 |
| In the CLI |
204 |
| Configuring Multicast Listener Discovery |
204 |
| In the WebUI |
204 |
| In the CLI |
205 |
| Dynamic Multicast Optimization |
205 |
| In the WebUI |
205 |
| In the CLI |
206 |
| Limitations |
206 |
| Debugging an IPv6 Controller |
206 |
| In the WebUI |
206 |
| In the CLI |
206 |
| Provisioning an IPv6 AP |
206 |
| In the WebUI |
207 |
| In the CLI |
207 |
| Enhancements to IPv6 Support on AP |
207 |
| Filtering an IPv6 Extension Header (EH) |
207 |
| Configuring a Captive Portal over IPv6 |
207 |
| Working with IPv6 Router Advertisements (RAs) |
208 |
| Configuring an IPv6 RA on a VLAN |
208 |
| Using WebUI |
209 |
| Using CLI |
209 |
| Configuring Optional Parameters for RAs |
209 |
| In the WebUI |
210 |
| In the CLI |
211 |
| RADIUS Over IPv6 |
211 |
| In the CLI |
211 |
| In the WebUI |
212 |
| TACACS Over IPv6 |
212 |
| In the CLI |
212 |
| In the WebUI |
213 |
| DHCPv6 Server |
213 |
| Points to Remember |
213 |
| DHCP Lease Limit |
213 |
| Configuring DHCPv6 Server |
214 |
| In the WebUI |
214 |
| In the CLI |
215 |
| Understanding ArubaOS Supported Network Configuration for IPv6 Clients |
216 |
| Supported Network Configuration |
216 |
| Understanding the Network Connection Sequence for Windows IPv6 Clients |
216 |
| Understanding ArubaOS Authentication and Firewall Features that Support IPv6 |
217 |
| Understanding Authentication |
217 |
| Working with Firewall Features |
217 |
| Understanding Firewall Policies |
219 |
| Creating an IPv6 Firewall Policy |
221 |
| Assigning an IPv6 Policy to a User Role |
222 |
| Understanding DHCPv6 Passthrough/Relay |
222 |
| Managing IPv6 User Addresses |
222 |
| Viewing or Deleting User Entries |
222 |
| Understanding User Roles |
223 |
| Viewing Datapath Statistics for IPv6 Sessions |
223 |
| Understanding IPv6 Exceptions and Best Practices |
223 |
| Link Aggregation Control Protocol |
225 |
| Understanding LACP Best Practices and Exceptions |
225 |
| Configuring LACP |
226 |
| In the CLI |
226 |
| In the WebUI |
227 |
| LACP Sample Configuration |
227 |
| OSPFv2 |
229 |
| Understanding OSPF Deployment Best Practices and Exceptions |
229 |
| Understanding OSPFv2 by Example using a WLAN Scenario |
230 |
| WLAN Topology |
230 |
| WLAN Routing Table |
230 |
| Understanding OSPFv2 by Example using a Branch Scenario |
231 |
| Branch Topology |
231 |
| Branch Routing Table |
232 |
| Configuring OSPF |
232 |
| Exporting VPN Client Addresses to OSPF |
234 |
| In the WebUI |
234 |
| In the CLI |
234 |
| Sample Topology and Configuration |
234 |
| Remote Branch 1 |
235 |
| Remote Branch 2 |
236 |
| W-3200 Central Office Controller—Active |
237 |
| W-3200 Central Office Controller—Backup |
238 |
| Topology |
240 |
| Observation |
240 |
| Configuring W-3600-UP Controller |
240 |
| Configuring W-3600-DOWN Controller |
242 |
| Viewing the Status of Instant AP VPN |
243 |
| RAPNG AP-1 |
243 |
| RAPNG AP-3 |
244 |
| Tunneled Nodes |
246 |
| Understanding Tunneled Node Configuration |
246 |
| Configuring a Wired Tunneled Node Client |
247 |
| Configuring an Access Port as a Tunneled Node Port |
248 |
| Configuring a Trunk Port as a Tunneled Node Port |
248 |
| Authentication Servers |
249 |
| Understanding Authentication Server Best Practices and Exceptions |
249 |
| Understanding Servers and Server Groups |
249 |
| Configuring Authentication Servers |
250 |
| Configuring a RADIUS Server |
250 |
| Using the WebUI |
251 |
| Using the CLI |
251 |
| RADIUS Service-Type Attribute |
253 |
| Enabling Radsec on RADIUS Servers |
254 |
| In the Web UI |
254 |
| In the CLI |
254 |
| RADIUS Server VSAs |
254 |
| RADIUS Server Authentication Codes |
257 |
| RADIUS Server Fully Qualified Domain Names |
258 |
| DNS Query Intervals |
258 |
| Configuring Username and Password for CPPM Authentication |
258 |
| In the WebUI: |
258 |
| In the CLI: |
259 |
| Configuring an RFC-3576 RADIUS Server |
259 |
| Using the WebUI |
259 |
| Using the CLI |
259 |
| Configuring an RFC-3576 RADIUS Server with Radsec |
260 |
| Using the WebUI |
260 |
| Using the CLI |
260 |
| Configuring an LDAP Server |
260 |
| Using the WebUI |
261 |
| Using the CLI |
261 |
| Configuring a TACACS+ Server |
261 |
| Using the WebUI |
262 |
| Using the CLI |
262 |
| Configuring a Windows Server |
263 |
| Using the WebUI |
263 |
| Using the CLI |
263 |
| Managing the Internal Database |
263 |
| Configuring the Internal Database |
263 |
| Using the WebUI |
264 |
| Using the CLI |
264 |
| Managing Internal Database Files |
265 |
| Exporting Files in the WebUI |
265 |
| Importing Files in the WebUI |
265 |
| Exporting and Importing Files in the CLI |
265 |
| Working with Internal Database Utilities |
265 |
| Deleting All Users |
265 |
| Repairing the Internal Database |
265 |
| Configuring Server Groups |
266 |
| Configuring Server Groups |
266 |
| Using the WebUI |
266 |
| Using the CLI |
266 |
| Configuring Server List Order and Fail-Through |
266 |
| Using the WebUI |
267 |
| Using the CLI |
267 |
| Configuring Dynamic Server Selection |
267 |
| Using the WebUI |
268 |
| Using the CLI |
269 |
| Configuring Match FQDN Option |
269 |
| Using the WebUI |
269 |
| Using the CLI |
269 |
| Trimming Domain Information from Requests |
269 |
| Using the WebUI |
270 |
| Using the CLI |
270 |
| Configuring Server-Derivation Rules |
270 |
| Using the WebUI |
271 |
| Using the CLI |
272 |
| Configuring a Role Derivation Rule for the Internal Database |
272 |
| Using the WebUI |
272 |
| Using the CLI |
272 |
| Assigning Server Groups |
272 |
| User Authentication |
273 |
| Management Authentication |
273 |
| Using the WebUI |
273 |
| Using the CLI |
273 |
| Accounting |
273 |
| RADIUS Accounting |
273 |
| RADIUS Accounting on Multiple Servers |
276 |
| TACACS+ Accounting |
276 |
| Configuring Authentication Timers |
276 |
| Setting an Authentication Timer |
277 |
| Using the WebUI |
277 |
| Using the CLI |
278 |
| Authentication Server Load Balancing |
278 |
| Enabling Authentication Server Load Balancing Functionality |
278 |
| MAC-based Authentication |
279 |
| Configuring MAC-Based Authentication |
279 |
| Configuring the MAC Authentication Profile |
279 |
| In the WebUI |
280 |
| In the CLI |
280 |
| Configuring Clients |
280 |
| In the WebUI |
281 |
| In the CLI |
281 |
| Branch Controller Config for Controllers |
282 |
| Branch Deployment Features |
283 |
| WAN Failure (Authentication) Survivability |
284 |
| Supported Client and Authentication Types |
284 |
| Supported Key Reply Attributes |
285 |
| Support Restrictions |
285 |
| Administrative Functions |
285 |
| Enabling Authentication Survivability on a Local Branch Controller |
286 |
| Configuring the Survival Server Certificate |
286 |
| Configuring the Lifetime of the Authentication Survivability Cache |
286 |
| User Credential and Key Reply Attributes Are Saved Automatically |
286 |
| Expired User Credential and Key Reply Attributes Are Purged Automatically |
286 |
| About the Survival Server |
286 |
| Trigger Conditions for Critical Actions |
286 |
| Storing User Access Credential and Key Reply Attributes to Survival Cache |
286 |
| Picking Up the Survival Server for Authentication |
287 |
| Access Credential Data Stored |
287 |
| Authentication for Captive Portal Clients |
287 |
| Captive Portal Client Authentication Using PAP |
287 |
| External Captive Portal Client Authentication Using the XML-API |
287 |
| Authentication for 802.1X Clients |
288 |
| 802.1X Termination Disabled at the Wireless LAN Controller |
288 |
| 802.1X Termination Enabled at the Wireless LAN Controller |
288 |
| Authentication for MAC Address-Based Clients |
289 |
| Authentication for WISPr Clients |
289 |
| WAN Health Check |
290 |
| WAN Optimization through IP Payload Compression |
290 |
| Distributed Layer 3 Branch Deployment Model |
291 |
| Compression/Decompression Engine |
291 |
| Modes of Operation |
291 |
| Interface Bandwidth Contracts |
292 |
| Integration with a Palo Alto Networks (PAN) Portal |
292 |
| Integration Workflow |
293 |
| Configuration Prerequisites |
294 |
| Branch Controller Routing Features |
295 |
| Uplink Routing Using Nexthop Lists |
295 |
| Policy-Based Routing |
295 |
| Zero-Touch Provisioning |
296 |
| Before you Begin |
296 |
| Provisioning Modes for branch deployments |
297 |
| Automatically Provisioning a Branch Controller |
297 |
| DHCP Options |
298 |
| DHCP Server Provisioning |
298 |
| Using Smart Config to create a Branch Config Group |
298 |
| Config Group Management Settings |
299 |
| Address Pools |
299 |
| Static vs Dynamic IP Management |
299 |
| System Configuration |
305 |
| Networking Configuration |
307 |
| Routing Configuration |
309 |
| Configuring Routing for a Branch Config Group |
309 |
| VPN Configuration |
314 |
| WAN Configuration |
317 |
| Branch Config Group Summary |
319 |
| Whitelist Configuration |
320 |
| PortFast and BPDU Guard |
320 |
| PortFast |
320 |
| BPDU Guard |
321 |
| Scenarios Supported on PortFast and BPDU Guard |
321 |
| Enabling PortFast and BPDU Guard on a Port |
322 |
| In the Web UI |
322 |
| In the CLI |
322 |
| Preventing WAN Link Failure on Virtual APs |
322 |
| In the WebUI |
323 |
| In the CLI |
323 |
| Branch WAN Dashboard Changes |
323 |
| 802.1X Authentication |
326 |
| Understanding 802.1X Authentication |
326 |
| Supported EAP Types |
326 |
| Configuring Authentication with a RADIUS Server |
327 |
| Configuring Authentication Terminated on Controller |
328 |
| Configuring 802.1X Authentication |
329 |
| In the WebUI |
329 |
| In the CLI |
335 |
| Configuring and Using Certificates with AAA FastConnect |
335 |
| In the WebUI |
335 |
| In the CLI |
335 |
| Configuring User and Machine Authentication |
335 |
| Working with Role Assignment with Machine Authentication Enabled |
336 |
| Enabling 802.1x Supplicant Support on an AP |
337 |
| Prerequisites |
338 |
| Provisioning an AP as an 802.1X Supplicant |
338 |
| In the WebUI |
338 |
| In the CLI |
338 |
| Sample Configurations |
338 |
| Configuring Authentication with an 802.1X RADIUS Server |
339 |
| Configuring Roles and Policies |
339 |
| Creating the Student Role and Policy |
339 |
| Creating the Faculty Role and Policy |
340 |
| Creating the Guest Role and Policy |
341 |
| Creating Roles and Policies for Sysadmin and Computer |
342 |
| In the WebUI |
343 |
| In the CLI |
343 |
| Creating an Alias for the Internal Network |
343 |
| Configuring the RADIUS Authentication Server |
343 |
| In the WebUI |
343 |
| In the CLI |
344 |
| Configuring 802.1X Authentication |
344 |
| In the WebUI |
344 |
| In the CLI |
345 |
| Configuring VLANs |
345 |
| In the WebUI |
345 |
| In the CLI |
346 |
| Configuring the WLANs |
346 |
| Configuring the Guest WLAN |
346 |
| In the WebUI |
346 |
| In the CLI |
347 |
| Configuring the Non-Guest WLANs |
347 |
| In the WebUI |
347 |
| In the CLI |
348 |
| Configuring Authentication with the Controller’s Internal Database |
348 |
| Configuring the Internal Database |
349 |
| In the WebUI |
349 |
| In the CLI |
349 |
| Configuring a Server Rule |
349 |
| Configuring 802.1x Authentication |
349 |
| In the WebUI |
349 |
| In the CLI |
350 |
| Configuring VLANs |
350 |
| In the WebUI |
350 |
| In the CLI |
351 |
| Configuring WLANs |
351 |
| Configuring the Guest WLAN |
351 |
| In the WebUI |
352 |
| In the CLI |
352 |
| Configuring the Non-Guest WLANs |
352 |
| In the WebUI |
353 |
| In the CLI |
353 |
| Configuring Mixed Authentication Modes |
354 |
| In the CLI |
354 |
| Performing Advanced Configuration Options for 802.1X |
354 |
| Configuring Reauthentication with Unicast Key Rotation |
354 |
| In the WebUI |
355 |
| In the CLI |
355 |
| Application Single Sign-On Using L2 Authentication |
355 |
| Important Points to Remember |
355 |
| Enabling Application SSO |
356 |
| Configuring SSO IDP-Profiles |
356 |
| In the WebUI |
356 |
| In the CLI |
357 |
| Applying an SSO Profile to a User Role |
357 |
| In the WebUI |
357 |
| In the CLI |
357 |
| Selecting an IDP Certificate |
357 |
| In the WebUI |
357 |
| In the CLI |
357 |
| Stateful and WISPr Authentication |
358 |
| Working With Stateful Authentication |
358 |
| Working With WISPr Authentication |
359 |
| Understanding Stateful Authentication Best Practices |
359 |
| Configuring Stateful 802.1X Authentication |
359 |
| In the WebUI |
359 |
| In the CLI |
360 |
| Configuring Stateful NTLM Authentication |
360 |
| In the WebUI |
360 |
| In the CLI |
361 |
| Configuring Stateful Kerberos Authentication |
361 |
| In the WebUI |
361 |
| In the CLI |
362 |
| Configuring WISPr Authentication |
362 |
| In the WebUI |
362 |
| In the CLI |
363 |
| Certificate Revocation |
365 |
| Understanding OCSP and CRL |
365 |
| Configuring a Controller as OCSP and CRL Clients |
365 |
| Configuring an OCSP Controller as a Responder |
366 |
| Configuring the Controller as an OCSP Client |
366 |
| In the WebUI |
366 |
| In the CLI |
368 |
| Configuring the Controller as a CRL Client |
368 |
| In the WebUI |
368 |
| In the CLI |
369 |
| Configuring the Controller as an OCSP Responder |
369 |
| In the WebUI |
369 |
| In the CLI |
370 |
| Certificate Revocation Checking for SSH Pubkey Authentication |
370 |
| Configuring the SSH Pubkey User with RCP |
370 |
| In the WebUI |
370 |
| In the CLI |
370 |
| Displaying Revocation Checkpoint for the SSH Pubkey User |
371 |
| Configuring the SSH Pubkey User with RCP |
371 |
| In the WebUI |
371 |
| In the CLI |
371 |
| Removing the SSH Pubkey User |
371 |
| In the WebUI |
371 |
| In the CLI |
371 |
| Captive Portal Authentication |
372 |
| Understanding Captive Portal |
372 |
| Policy Enforcement Firewall Next Generation (PEFNG) License |
372 |
| Controller Server Certificate |
373 |
| Configuring Captive Portal in the Base Operating System |
373 |
| In the WebUI |
374 |
| In the CLI |
375 |
| Using Captive Portal with a PEFNG License |
375 |
| Configuring Captive Portal in the WebUI |
376 |
| Configuring Captive Portal in the CLI |
378 |
| Sample Authentication with Captive Portal |
378 |
| Creating a Guest User Role |
378 |
| Creating an Auth-guest User Role |
379 |
| Configuring Policies and Roles in the WebUI |
379 |
| Creating a Time Range |
379 |
| Creating Aliases |
380 |
| Creating an Auth-Guest-Access Policy |
380 |
| Creating an Block-Internal-Access Policy |
381 |
| Creating a Drop-and-Log Policy |
382 |
| Creating a Guest Role |
382 |
| Creating an Auth-Guest Role |
383 |
| Configuring Policies and Roles in the CLI |
383 |
| Defining a Time Range |
383 |
| Creating Aliases |
383 |
| Creating a Guest-Logon-Access Policy |
384 |
| Creating an Auth-Guest-Access Policy |
384 |
| Creating a Block-Internal-Access Policy |
384 |
| Creating a Drop-and-Log Policy |
384 |
| Creating a Guest-Logon Role |
384 |
| Creating an Auth-Guest Role |
384 |
| Configuring Guest VLANs |
384 |
| In the WebUI |
385 |
| In the CLI |
385 |
| Configuring Captive Portal Authentication Profiles |
385 |
| Modifying the Initial User Role |
386 |
| Configuring the AAA Profile |
386 |
| Configuring the WLAN |
387 |
| Managing User Accounts |
387 |
| Configuring Captive Portal Configuration Parameters |
388 |
| Enabling Optional Captive Portal Configurations |
390 |
| Uploading Captive Portal Pages by SSID Association |
390 |
| Changing the Protocol to HTTP |
391 |
| Configuring Redirection to a Proxy Server |
392 |
| Redirecting Clients on Different VLANs |
393 |
| Web Client Configuration with Proxy Script |
393 |
| Personalizing the Captive Portal Page |
394 |
| Creating and Installing an Internal Captive Portal |
396 |
| Creating a New Internal Web Page |
397 |
| Username Example |
397 |
| Password Example |
397 |
| FQDN Example |
397 |
| Basic HTML Example |
398 |
| Installing a New Captive Portal Page |
398 |
| Displaying Authentication Error Messages |
398 |
| Reverting to the Default Captive Portal |
399 |
| Configuring Localization |
399 |
| Customizing the Welcome Page |
402 |
| Customizing the Pop-Up box |
403 |
| Customizing the Logged Out Box |
404 |
| Creating Walled Garden Access |
405 |
| In the WebUI |
405 |
| In the CLI |
406 |
| Enabling Captive Portal Enhancements |
406 |
| Configuring the Redirect-URL |
406 |
| Configuring the Login URL |
407 |
| Defining Netdestination Descriptions |
407 |
| Configuring a Whitelist |
407 |
| Configuring the Netdestination for a Whitelist: |
407 |
| Associating a Whitelist to Captive Portal Profile |
407 |
| Applying a Captive Portal Profile to a User-Role |
408 |
| Verifying a Whitelist Configuration |
408 |
| Verifying a Captive Portal Profile Linked to a Whitelist |
408 |
| Verifying Dynamic ACLs for a Whitelist |
408 |
| Verifying DNS Resolved IP Addresses for Whitelisted URLs |
410 |
| Bypassing Captive Portal Landing Page |
410 |
| Virtual Private Networks |
411 |
| Planning a VPN Configuration |
411 |
| Selecting an IKE protocol |
412 |
| Understanding Suite-B Encryption Licensing |
412 |
| Working with IKEv2 Clients |
413 |
| Understanding Supported VPN AAA Deployments |
413 |
| Working with Certificate Groups |
414 |
| Working with VPN Authentication Profiles |
414 |
| Configuring a Basic VPN for L2TP/IPsec in the WebUI |
416 |
| Defining Authentication Method and Server Addresses |
417 |
| Defining Address Pools |
417 |
| Enabling Source NAT |
417 |
| Selecting Certificates |
418 |
| Defining IKEv1 Shared Keys |
418 |
| Configuring IKE Policies |
418 |
| Setting the IPsec Dynamic Map |
419 |
| Finalizing WebUI changes |
420 |
| Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUI |
421 |
| Defining Authentication Method and Server Addresses |
421 |
| Defining Address Pools |
421 |
| Enabling Source NAT |
421 |
| Selecting Certificates |
422 |
| Configuring IKE Policies |
422 |
| Setting the IPsec Dynamic Map |
423 |
| Finalizing WebUI changes |
424 |
| Configuring a VPN for Smart Card Clients |
425 |
| Working with Smart Card clients using IKEv2 |
425 |
| Working with Smart Card Clients using IKEv1 |
425 |
| Configuring a VPN for Clients with User Passwords |
426 |
| In the WebUI |
426 |
| In the CLI |
427 |
| Configuring Remote Access VPNs for XAuth |
427 |
| Configuring VPNs for XAuth Clients using Smart Cards |
427 |
| Configuring a VPN for XAuth Clients Using a Username and Password |
428 |
| Working with Remote Access VPNs for PPTP |
428 |
| In the WebUI |
429 |
| In the CLI |
429 |
| Working with Site-to-Site VPNs |
429 |
| Working with Third-Party Devices |
429 |
| Working with Site-to-Site VPNs with Dynamic IP Addresses |
430 |
| Understanding VPN Topologies |
430 |
| Configuring Site-to-Site VPNs |
430 |
| In the WebUI |
430 |
| In the CLI |
432 |
| Detecting Dead Peers |
434 |
| About Default IKE Policies |
434 |
| Working with VPN Dialer |
435 |
| Configuring VPN Dialer |
435 |
| In the WebUI |
436 |
| In the CLI |
436 |
| Assigning a Dialer to a User Role |
436 |
| In the WebUI |
436 |
| In the CLI |
437 |
| Roles and Policies |
438 |
| Configuring Firewall Policies |
438 |
| Working With Access Control Lists (ACLs) |
439 |
| Support for Desktop Virtualization Protocols |
439 |
| Creating a Firewall Policy |
439 |
| In the WebUI |
442 |
| In the CLI |
443 |
| Creating a Network Service Alias |
443 |
| In the WebUI |
443 |
| In the CLI |
443 |
| Creating an ACL White List |
444 |
| Creating a Bandwidth Contract in the WebUI |
444 |
| Configuring the ACL White List in the WebUI |
444 |
| Creating a Bandwidth Contract in the CLI |
444 |
| Configuring the ACL White List in the CLI |
444 |
| User Roles |
445 |
| In the WebUI |
445 |
| In the CLI |
447 |
| Assigning User Roles |
447 |
| Assigning User Roles in AAA Profiles |
447 |
| In the WebUI |
447 |
| In the CLI |
448 |
| Working with User-Derived VLANs |
448 |
| Understanding Device Identification |
449 |
| Configuring a User-derived VLAN in the WebUI |
450 |
| Configuring a User-derived Role or VLAN in the CLI |
450 |
| User-Derived Role Example |
450 |
| RADIUS Override of User-Derived Roles |
451 |
| Configuring a Default Role for Authentication Method |
451 |
| In the WebUI |
451 |
| In the CLI |
451 |
| Configuring a Server-Derived Role |
452 |
| Configuring a VSA-Derived Role |
452 |
| Understanding Global Firewall Parameters |
452 |
| Using AppRF 2.0 |
458 |
| Enabling Deep Packet Inspection (DPI) |
458 |
| In the WebUI |
458 |
| In the CLI |
458 |
| Configuring Policies for AppRF 2.0 |
458 |
| How ACL Works with AppRF |
458 |
| Global Session ACL |
459 |
| Role Default Session ACL |
459 |
| Example |
459 |
| Configuring Bandwidth Contracts for AppRF 2.0 |
461 |
| Global Bandwidth Contract Configuration |
461 |
| Role-Specific Bandwidth Contracts |
461 |
| ClearPass Policy Manager Integration |
463 |
| Introduction |
463 |
| Important Points to Remember |
463 |
| Enabling Downloadable Role on a Controller |
464 |
| Using the WebUI |
464 |
| Using the CLI |
464 |
| Sample Configuration |
464 |
| CPPM Server Configuration |
464 |
| Adding a Device |
464 |
| Adding Enforcement Profile |
465 |
| Advanced Role Configuration Mode |
466 |
| Adding Enforcement Policy |
467 |
| Adding Services |
469 |
| Controller Configuration |
470 |
| Configuring CPPM Server on Controller |
470 |
| Configuring Server Group to include CPPM Server |
471 |
| Configuring 802.1X Profile |
471 |
| Configuring AAA Profile |
471 |
| Show AAA Profile |
471 |
| Virtual APs |
472 |
| Virtual AP Configuration Workflow |
472 |
| Using the WebUI |
472 |
| Using the CLI |
473 |
| Virtual AP Profiles |
473 |
| Configuring the Virtual AP Profile |
474 |
| Creating and Configuring a Profile |
474 |
| Selective Multicast Stream |
479 |
| Associating Other Profiles to the Virtual AP |
479 |
| Configuring a Virtual AP in the CLI |
480 |
| Associating a Virtual AP Profile to an AP or AP Group |
480 |
| In the WebUI |
480 |
| In the CLI |
481 |
| Excluding a Virtual AP Profile |
481 |
| In the WebUI |
481 |
| In the CLI |
481 |
| Changing a Virtual AP Forwarding Mode |
481 |
| Radio Resource Management (802.11k) |
482 |
| Configuring the 802.11k Profile |
482 |
| In the WebUI |
482 |
| In the CLI |
484 |
| Configuring Radio Resource Management Information Elements |
484 |
| In the WebUI |
484 |
| In the CLI |
486 |
| Configuring Beacon Report Requests |
486 |
| In the WebUI |
486 |
| In the CLI |
487 |
| Configuring Traffic Stream Measurement Report Requests |
487 |
| In the WebUI |
488 |
| In the CLI |
489 |
| BSS Transition Management (802.11v) |
489 |
| Frame Types |
489 |
| 802.11k and 802.11v clients |
490 |
| Enabling 802.11v BSS Transition Management |
490 |
| Fast BSS Transition ( 802.11r) |
490 |
| Important Points to Remember |
490 |
| Configuring Fast BSS Transition |
491 |
| In the WebUI |
491 |
| In the CLI |
491 |
| Troubleshooting Fast BSS Transition |
491 |
| SSID Profiles |
492 |
| SSID Profile Overview |
492 |
| Suite-B Cryptography |
492 |
| Wi-Fi Multimedia Protection |
493 |
| Management Frame Protection |
493 |
| Configuring the SSID Profile |
493 |
| In the WebUI |
493 |
| In the CLI |
499 |
| WLAN Authentication |
499 |
| Configuring an AAA Profile in the WebUI |
499 |
| Configuring an AAA Profile in the CLI |
501 |
| High-Throughput Virtual APs |
502 |
| Configuring the High-Throughput Radio Profile |
502 |
| In the WebUI |
502 |
| In the CLI |
503 |
| Configuring the High-Throughput SSID Profile |
503 |
| In the WebUI |
503 |
| In the CLI |
506 |
| Guest WLANs |
506 |
| Configuring a Guest VLAN |
507 |
| In the WebUI |
507 |
| In the CLI |
507 |
| Configuring a Guest Role |
507 |
| In the WebUI |
507 |
| In the CLI |
508 |
| Configuring a Guest Virtual AP |
508 |
| In the WebUI |
508 |
| In the CLI |
508 |
| Changing a Virtual AP Forwarding Mode |
509 |
| Adaptive Radio Management |
510 |
| ARM Feature Overviews |
510 |
| Configuring ARM Settings |
510 |
| ARM Troubleshooting |
510 |
| Understanding ARM |
510 |
| ARM Support for 802.11n |
511 |
| Monitoring Your Network with ARM |
511 |
| Maintaining Channel Quality |
511 |
| Configuring ARM Scanning |
511 |
| Understanding ARM Application Awareness |
512 |
| Client Match |
512 |
| BSS Transition Management Support |
513 |
| Steering a Client |
513 |
| Multi-Media Sync-Up |
513 |
| Removing VBR Dependency on Probe Requests |
513 |
| ARM Coverage and Interference Metrics |
514 |
| Configuring ARM Profiles |
514 |
| Creating and Configuring a New ARM Profile |
514 |
| In the WebUI |
515 |
| In the CLI |
522 |
| Modifying an Existing Profile |
523 |
| Copying an Existing Profile |
523 |
| Deleting a Profile |
524 |
| Assigning an ARM Profile to an AP Group |
524 |
| In the WebUI |
524 |
| In the CLI |
525 |
| Using Multi-Band ARM for 802.11a/802.11g Traffic |
525 |
| Band Steering |
525 |
| Steering Modes |
526 |
| Enabling Band Steering |
526 |
| In the WebUI |
526 |
| In the CLI |
526 |
| Enabling Traffic Shaping |
527 |
| Enabling Traffic Shaping |
527 |
| In the WebUI |
527 |
| In the CLI |
528 |
| Enabling or Disabling the Hard Limit Parameter in Traffic Management Profile |
528 |
| Using the WebUI |
529 |
| Using the CLI |
529 |
| Spectrum Load Balancing |
529 |
| Reusing Channels to Control RX Sensitivity Tuning |
529 |
| Configuring Non-802.11 Noise Interference Immunity |
530 |
| Troubleshooting ARM |
530 |
| Too many APs on the Same Channel |
531 |
| Wireless Clients Report a Low Signal Level |
531 |
| Transmission Power Levels Change Too Often |
531 |
| APs Detect Errors but Do Not Change Channels |
531 |
| APs Don’t Change Channels Due to Channel Noise |
531 |
| Wireless Intrusion Prevention |
532 |
| Working with the Reusable Wizard |
532 |
| Understanding Wizard Intrusion Detection |
533 |
| Understanding Wizard Intrusion Protection |
534 |
| Protecting Your Infrastructure |
534 |
| Protecting Your Clients |
534 |
| Monitoring the Dashboard |
535 |
| Detecting Rogue APs |
536 |
| Understanding Classification Terminology |
536 |
| Understanding Classification Methodology |
537 |
| Understanding Match Methods |
537 |
| Understanding Match Types |
538 |
| Understanding Suspected Rogue Confidence Level |
538 |
| Understanding AP Classification Rules |
538 |
| Understanding SSID specification |
539 |
| Understanding SNR specification |
539 |
| Understanding Discovered-AP-Count specification |
539 |
| Sample Rules |
539 |
| Understanding Rule Matching |
539 |
| Working with Intrusion Detection |
539 |
| Understanding Infrastructure Intrusion Detection |
539 |
| Detecting an 802.11n 40MHz Intolerance Setting |
543 |
| Detecting Active 802.11n Greenfield Mode |
544 |
| Detecting Ad hoc Networks |
544 |
| Detecting an Ad hoc Network Using a Valid SSID |
544 |
| Detecting an AP Flood Attack |
544 |
| Detecting AP Impersonation |
544 |
| Detecting AP Spoofing |
544 |
| Detecting Bad WEP Initialization |
544 |
| Detecting a Beacon Frame Spoofing Attack |
544 |
| Detecting a Client Flood Attack |
544 |
| Detecting a CTS Rate Anomaly |
545 |
| Detecting an RTS Rate Anomaly |
545 |
| Detecting Devices with an Invalid MAC OUI |
545 |
| Detecting an Invalid Address Combination |
545 |
| Detecting an Overflow EAPOL Key |
545 |
| Detecting Overflow IE Tags |
545 |
| Detecting a Malformed Frame-Assoc Request |
545 |
| Detecting Malformed Frame-Auth |
545 |
| Detecting a Malformed Frame-HT IE |
546 |
| Detecting a Malformed Frame-Large Duration |
546 |
| Detecting a Misconfigured AP |
546 |
| Detecting a Windows Bridge |
546 |
| Detecting a Wireless Bridge |
546 |
| Detecting Broadcast Deauthentication |
546 |
| Detecting Broadcast Disassociation |
546 |
| Detecting Netstumbler |
546 |
| Detecting Valid SSID Misuse |
546 |
| Detecting Wellenreiter |
546 |
| Understanding Client Intrusion Detection |
547 |
| Detecting a Block ACK DoS |
549 |
| Detecting a ChopChop Attack |
549 |
| Detecting a Disconnect Station Attack |
549 |
| Detecting an EAP Rate Anomaly |
549 |
| Detecting a FATA-Jack Attack Structure |
549 |
| Detecting a Hotspotter Attack |
550 |
| Detecting a Meiners Power Save DoS Attack |
550 |
| Detecting an Omerta Attack |
550 |
| Detecting Rate Anomalies |
550 |
| Detecting a TKIP Replay Attack |
550 |
| Detecting Unencrypted Valid Clients |
550 |
| Detecting a Valid Client Misassociation |
550 |
| Detecting an AirJack Attack |
551 |
| Detecting ASLEAP |
551 |
| Detecting a Null Probe Response |
551 |
| Configuring Intrusion Protection |
551 |
| Understanding Infrastructure Intrusion Protection |
551 |
| Protecting 40MHz 802.11 High Throughput Devices |
553 |
| Protecting 802.11n High Throughput Devices |
553 |
| Protecting Against Adhoc Networks |
553 |
| Protecting Against AP Impersonation |
554 |
| Protecting Against Misconfigured APs |
554 |
| Protecting Against Wireless Hosted Networks |
554 |
| Protecting SSIDs |
554 |
| Protecting Against Rogue Containment |
554 |
| Protecting Against Suspected Rogue Containment |
554 |
| Protection against Wired Rogue APs |
554 |
| Understanding Client Intrusion Protection |
554 |
| Protecting Valid Stations |
555 |
| Protecting Windows Bridge |
555 |
| Warning Message for Containment Features |
555 |
| Configuring the WLAN Management System (WMS) |
555 |
| In the WebUI |
555 |
| In the CLI |
557 |
| Configuring Local WMS Settings |
557 |
| Managing the WMS Database |
557 |
| Understanding Client Blacklisting |
558 |
| Methods of Blacklisting |
558 |
| Blacklisting Manually |
558 |
| Blacklisting by Authentication Failure |
559 |
| Enabling Attack Blacklisting |
559 |
| Setting Blacklist Duration |
560 |
| Removing a Client from Blacklisting |
560 |
| Working with WIP Advanced Features |
560 |
| Configuring TotalWatch |
561 |
| Understanding TotalWatch Channel Types and Qualifiers |
561 |
| Understanding TotalWatch Monitoring Features |
562 |
| Understanding TotalWatch Scanning Spectrum Features |
562 |
| Understanding TotalWatch Channel Dwell Time |
562 |
| Understanding TotalWatch Channel Visiting |
563 |
| Understanding TotalWatch Age out of Devices |
563 |
| Administering TotalWatch |
563 |
| Configuring Per Radio Settings |
563 |
| Configuring Per AP Setting |
563 |
| Licensing |
564 |
| Tarpit Shielding Overview |
564 |
| Configuring Tarpit Shielding |
564 |
| Enabling Tarpit Shielding |
565 |
| Understanding Tarpit Shielding Licensing CLI Commands |
565 |
| Access Points |
566 |
| Basic Functions and Features |
566 |
| Naming and Grouping APs |
567 |
| Creating an AP group |
568 |
| In the WebUI |
568 |
| In the CLI |
569 |
| Assigning APs to an AP Group |
569 |
| In the WebUI |
569 |
| In the CLI |
569 |
| Understanding AP Configuration Profiles |
569 |
| AP Profiles |
570 |
| RF Management Profiles |
571 |
| Wireless LAN Profiles |
571 |
| Mesh Profiles |
574 |
| QoS Profiles |
574 |
| IDS Profiles |
575 |
| HA Group profiles |
575 |
| Other Profiles |
575 |
| Profile Hierarchy |
576 |
| Viewing Profile Errors |
576 |
| Before you Deploy an AP |
576 |
| Mesh AP Preconfiguration |
576 |
| Remote AP Preconfiguration |
576 |
| Enable Controller Discovery |
577 |
| Controller Discovery using DNS |
577 |
| Controller Discovery using ADP |
577 |
| Controller discovery using a DHCP Server |
578 |
| Enable DHCP to Provide APs with IP Addresses |
578 |
| In the WebUI |
578 |
| In the CLI |
578 |
| AP Provisioning Profiles |
579 |
| Defining an AP Provisioning Profile |
579 |
| Assigning Provisioning Profiles |
581 |
| Configuring Installed APs |
581 |
| Configuring an AP using the Provisioning Wizard |
582 |
| Configuring a AP using the WebUI |
582 |
| Configuring a Remote AP |
583 |
| Remote Authentication |
583 |
| RAP Configuration |
583 |
| Configuring a Mesh AP |
584 |
| Verifying the Configuration |
584 |
| Optional AP Configuration Settings |
584 |
| Changing the AP Installation Mode |
585 |
| In the WebUI |
585 |
| In the CLI |
585 |
| Renaming an AP |
586 |
| In the WebUI |
586 |
| In the CLI |
586 |
| Enabling Spanning Tree |
586 |
| In the WebUI |
586 |
| In the CLI |
586 |
| AP Console Access Using a Backup ESSID |
587 |
| In the WebUI |
587 |
| In the CLI |
587 |
| Defining an RTLS Server |
587 |
| In the WebUI |
588 |
| In the CLI |
588 |
| Important Points to Remember |
588 |
| AP Redundancy |
588 |
| In the WebUI |
589 |
| In the CLI |
589 |
| AP Maintenance Mode |
589 |
| In the WebUI |
589 |
| In the CLI |
590 |
| Energy Efficient Ethernet |
590 |
| In the WebUI |
590 |
| In the CLI |
591 |
| AP LEDs |
591 |
| In the WebUI |
591 |
| In the CLI |
591 |
| Suppressing Client Probe Requests |
592 |
| In the WebUI |
592 |
| In the CLI |
593 |
| RF Management |
593 |
| 802.11a and 802.11g RF Management Profiles |
593 |
| VHT Support on W-AP200 Series, W-AP210 Series, W-AP220 Series, and W-AP270 Se... |
594 |
| Managing 802.11a/802.11g Profiles Using the WebUI |
594 |
| Creating or Editing a Profile |
594 |
| Assigning an 802.11a/802.11g Profile to an AP or AP Group |
599 |
| Assigning a High-throughput Profile |
600 |
| Assigning an ARM Profile |
600 |
| Deleting a Profile |
601 |
| Managing 802.11a/802.11g Profiles Using the CLI |
601 |
| Creating or Modifying a Profile |
601 |
| Viewing RF Management Settings |
602 |
| Assigning a 802.11a/802.11g Profile |
602 |
| Deleting a Profile |
603 |
| RF Optimization |
603 |
| Using the WebUI |
603 |
| Using the CLI |
603 |
| RF Event Configuration |
604 |
| Using the WebUI |
604 |
| Using the CLI |
605 |
| Optimizing APs Over Low-Speed Links |
606 |
| Configuring the Bootstrap Threshold |
606 |
| Prioritizing AP heartbeats |
611 |
| AP Scanning Optimization |
611 |
| Channel Types and Priority |
611 |
| In the CLI |
612 |
| Scanning Optimizations |
612 |
| Unconventional (direction) Scans |
612 |
| Modifications in Scan Frequency |
613 |
| Channel Group Scanning |
613 |
| Channel Group Scanning |
613 |
| Configuring AP Channel Assignments |
613 |
| Using the WebUI |
614 |
| Using the CLI |
615 |
| Channel Switch Announcement (CSA) |
615 |
| Using the WebUI |
615 |
| Using the CLI |
615 |
| Automatic Channel and Transmit Power Selection |
615 |
| Managing AP Console Settings |
616 |
| Username and Password Protection |
617 |
| Setting a Console/Telnet Username and Password |
617 |
| Disabling Access to the AP Console |
618 |
| Link Aggregation Support on W-AP220 Series and W-AP270 Series |
618 |
| Configuring LACP |
618 |
| Using the WebUI, in ArubaOS 6.4.2.x and later |
619 |
| Using the CLI, in ArubaOS 6.4.2.x and later |
619 |
| Using the WebUI in ArubaOS 6.3.1.x-6.4.1.x |
619 |
| Using the CLI in ArubaOS 6.3.1.x-6.4.1.x |
619 |
| Important Points to Remember |
620 |
| Troubleshooting Link Aggregation |
620 |
| Service Tag |
620 |
| In the WebUI |
620 |
| In the CLI |
620 |
| Secure Enterprise Mesh |
622 |
| Mesh Overview Information |
622 |
| Mesh Configuration Procedures |
622 |
| Understanding Mesh Access Points |
622 |
| Mesh Portals |
623 |
| Mesh Points |
623 |
| Mesh Clusters |
624 |
| Understanding Mesh Links |
624 |
| Link Metrics |
625 |
| Optimizing Links |
626 |
| Understanding Mesh Profiles |
626 |
| Mesh Cluster Profiles |
626 |
| Mesh Radio Profiles |
627 |
| RF Management (802.11a and 802.11g) Profiles |
628 |
| Adaptive Radio Management Profiles |
628 |
| High-Throughput Radio Profiles |
629 |
| Mesh High-Throughput SSID Profiles |
629 |
| Wired AP Profiles |
629 |
| Mesh Recovery Profiles |
629 |
| Understanding Remote Mesh Portals (RMPs) |
630 |
| Understanding the AP Boot Sequence |
631 |
| Booting the Mesh Portal |
632 |
| Booting the Mesh Point |
632 |
| Air Monitoring and Mesh |
632 |
| Mesh Deployment Solutions |
632 |
| Thin AP Services with Wireless Backhaul Deployment |
633 |
| Point-to-Point Deployment |
633 |
| Point-to-Multipoint Deployment |
633 |
| High-Availability Deployment |
634 |
| Mesh Deployment Planning |
635 |
| Pre-Deployment Considerations |
635 |
| Outdoor-Specific Deployment Considerations |
635 |
| Configuration Considerations |
635 |
| Post-Deployment Considerations |
636 |
| Dual-Port AP Considerations |
636 |
| Configuring Mesh Cluster Profiles |
636 |
| Managing Mesh Cluster Profiles in the WebUI |
636 |
| Creating a Profile |
636 |
| Associating a Mesh Cluster Profile to Mesh APs |
638 |
| Editing a Mesh Cluster Profile |
638 |
| Deleting a Mesh Cluster Profile |
639 |
| Managing Mesh Cluster Profiles in the CLI |
639 |
| Viewing Mesh Cluster Profile Settings |
640 |
| Associating Mesh Cluster Profiles |
640 |
| Excluding a Mesh Cluster Profile from a Mesh Node |
640 |
| Deleting a Mesh Cluster Profile |
640 |
| Creating and Editing Mesh Radio Profiles |
641 |
| Managing Mesh Radio Profiles in the WebUI |
641 |
| Creating or Editing a Mesh Radio Profile |
641 |
| Assigning a Mesh Radio Profile to a Mesh AP or AP Group |
644 |
| Managing Mesh Radio Profiles in the CLI |
645 |
| Creating or Modifying a Mesh Radio Profile |
645 |
| Assigning a Mesh Radio Profile to a Mesh AP or AP Group |
645 |
| Deleting Mesh Radio Profiles |
646 |
| Creating and Editing Mesh High-Throughput SSID Profiles |
646 |
| Managing Mesh High-Throughput SSID Profiles in the WebUI |
646 |
| Creating a Profile |
646 |
| Assigning a Profile to an AP Group |
650 |
| Editing a Profile |
651 |
| Deleting a Profile |
651 |
| Managing Mesh High-Throughput SSID Profiles in the CLI |
651 |
| Creating or Modifying a Profile |
651 |
| Assigning a Profile to an AP Group |
652 |
| Viewing High-throughput SSID Settings |
652 |
| Deleting a Profile |
652 |
| Configuring Ethernet Ports for Mesh |
652 |
| Configuring Bridging on the Ethernet Port |
652 |
| Configuring Ethernet Ports for Secure Jack Operation |
653 |
| In the WebUI |
653 |
| In the CLI |
654 |
| Extending the Life of a Mesh Network |
654 |
| In the WebUI |
654 |
| In the CLI |
655 |
| Provisioning Mesh Nodes |
655 |
| Provisioning Caveats |
655 |
| Provisioning Mesh Nodes |
656 |
| In the WebUI |
656 |
| In the CLI |
656 |
| Verifying Your Mesh Network |
657 |
| Verification Checklist |
657 |
| CLI Examples |
658 |
| Configuring Remote Mesh Portals (RMPs) |
659 |
| Creating a Remote Mesh Portal In the WebUI |
659 |
| Step 1: Provision the AP |
659 |
| Step 2: Define the Mesh Private VLAN in the Mesh Radio Profile |
659 |
| Step 3: Assign the Mesh Radio Profile to a Remote Mesh AP |
660 |
| Step 4: Assign an RF Management Profile to a Remote Mesh AP |
660 |
| Step 5: Assign a Mesh Cluster Profile |
660 |
| Step 6: Configuring a DHCP Pool |
660 |
| Step 7: Configuring the VLAN ID of the Virtual AP Profile |
660 |
| Provisioning a Remote Mesh Portal In the CLI |
660 |
| Increasing Network Uptime Through Redundancy and VRRP |
661 |
| High Availability |
661 |
| Pre-Deployment Information |
661 |
| Configuration Procedures |
661 |
| VRRP-Based Redundancy |
661 |
| High Availability Deployment Models |
662 |
| Active/Active Deployment Model |
662 |
| 1:1 Active/Standby Deployment Model |
662 |
| N:1 Active/Standby Deployment Model |
663 |
| Master-Redundancy Deployment Model |
663 |
| AP Communication with Controllers |
664 |
| Client State Synchronization |
664 |
| Feature Guidelines and Limitations |
665 |
| High Availability Inter-Controller Heartbeats |
665 |
| High Availability Extended Controller Capacity |
665 |
| Feature Requirements |
666 |
| Standby Controller Capacity |
666 |
| AP Failover |
667 |
| Configuring High Availability |
667 |
| Pre-Deployment Information |
667 |
| Configuring High Availability |
667 |
| In the WebUI |
667 |
| In the CLI |
668 |
| Migrating from VRRP or Backup-LMS Redundancy |
669 |
| Configuring a Master Controller for Redundancy and High Availability |
669 |
| Migrating from VRRP Redundancy |
670 |
| Migrating from Backup-LMS Redundancy |
670 |
| Configuring VRRP Redundancy |
670 |
| Before you Begin |
670 |
| Configuring the Local Controller for Redundancy |
671 |
| In the WebUI |
671 |
| In the CLI |
672 |
| Configuring the LMS IP |
673 |
| In the WebUI |
673 |
| In the CLI |
673 |
| Configuring the Master Controller for Redundancy |
674 |
| Configuring Database Synchronization |
675 |
| In the WebUI |
675 |
| In the CLI |
675 |
| Enabling Incremental Configuration Synchronization (CLI Only) |
676 |
| Configuring Master-Local Controller Redundancy |
676 |
| RSTP |
678 |
| Understanding RSTP Migration and Interoperability |
678 |
| Working with Rapid Convergence |
678 |
| Edge Port and Point-to-Point |
679 |
| Configuring RSTP |
679 |
| In the WebUI |
680 |
| In the CLI |
681 |
| Monitoring RSTP |
681 |
| Troubleshooting RSTP |
681 |
| PVST+ |
683 |
| Understanding PVST+ Interoperability and Best Practices |
683 |
| Enabling PVST+ in the CLI |
683 |
| Enabling PVST+ in the WebUI |
684 |
| Link Layer Discovery Protocol |
685 |
| Important Points to Remember |
685 |
| LLDP Overview |
685 |
| Default LLDP Configuration |
686 |
| Configuring LLDP |
686 |
| Monitoring LLDP Configuration |
686 |
| Display LLDP Interface |
686 |
| Display LLDP Interface <interface> |
686 |
| Display LLDP Neighbor |
687 |
| Display LLDP Neighbor Interface Detail |
687 |
| Display LLDP Statistics |
688 |
| Display LLDP Statistics Interface |
688 |
| IP Mobility |
689 |
| Understanding Dell Mobility Architecture |
689 |
| Configuring Mobility Domains |
690 |
| Configuring a Mobility Domain |
691 |
| In the WebUI |
691 |
| In the CLI |
692 |
| Joining a Mobility Domain |
692 |
| In the WebUI |
692 |
| In the CLI |
692 |
| In the WebUI |
693 |
| In the CLI |
694 |
| Tracking Mobile Users |
694 |
| Mobile Client Roaming Status |
694 |
| In the WebUI |
694 |
| In the CLI |
694 |
| Viewing User Roaming Status using the CLI |
695 |
| In the CLI |
696 |
| Mobile Client Roaming Locations |
696 |
| In the WebUI |
696 |
| In the CLI |
696 |
| HA Discovery on Association |
696 |
| In the CLI |
696 |
| Configuring Advanced Mobility Functions |
696 |
| In the WebUI |
696 |
| In the CLI |
699 |
| Proxy Mobile IP |
699 |
| Revocations |
700 |
| IPv6 L3 Mobility |
700 |
| Multicast Mobility |
700 |
| Important Points to Remember |
701 |
| In the CLI |
701 |
| Understanding Bridge Mode Mobility Deployments |
705 |
| Enabling Mobility Multicast |
706 |
| Working with Proxy IGMP and Proxy Remote Subscription |
707 |
| IGMPv3 Support |
707 |
| Configuring SSM Range |
707 |
| Working with Inter Controller Mobility |
708 |
| Configuring Mobility Multicast |
709 |
| In the WebUI |
709 |
| In the CLI |
709 |
| External Firewall Configuration |
711 |
| Understanding Firewall Port Configuration Among Dell Devices |
711 |
| Communication Between Controllers |
711 |
| Communication Between APs and the Controller |
711 |
| Communication Between Remote APs and the Controller |
712 |
| Enabling Network Access |
712 |
| Ports Used for Virtual Internet Access (VIA) |
712 |
| Configuring Ports to Allow Other Traffic Types |
712 |
| Palo Alto Networks Firewall Integration |
714 |
| Limitations |
714 |
| Preconfiguration on the PAN Firewall |
714 |
| User-ID Support |
715 |
| Device-Type Based Policy Support |
715 |
| Configuring PAN Firewall Integration |
716 |
| Creating PAN Profiles |
716 |
| Using the WebUI |
717 |
| Using the CLI |
717 |
| Activating a PAN Profile |
717 |
| Using the WebUI |
718 |
| Using the CLI |
718 |
| Enabling PAN Firewall Integration |
718 |
| Using the WebUI |
718 |
| Using the CLI |
718 |
| Enabling PAN Firewall Integration for VIA Clients |
718 |
| Using the WebUI |
718 |
| Using the CLI |
718 |
| Enabling PAN Firewall Integration for VPN Clients |
718 |
| Using the WebUI |
719 |
| Using the CLI |
719 |
| Remote Access Points |
720 |
| About Remote Access Points |
720 |
| Configuring the Secure Remote Access Point Service |
722 |
| Configure a Public IP Address for the Controller |
722 |
| In the WebUI |
722 |
| In the CLI |
722 |
| Configure the NAT Device |
723 |
| Configure the VPN Server |
723 |
| In the WebUI |
723 |
| In the CLI |
723 |
| CHAP Authentication Support over PPPoE |
723 |
| In the WebUI |
723 |
| In the CLI |
724 |
| Configuring Certificate RAP |
724 |
| In the WebUI |
724 |
| In the CLI |
724 |
| Creating a Remote AP Whitelist |
724 |
| Configuring PSK RAP |
725 |
| In the WebUI |
725 |
| Add the user to the internal database |
725 |
| RAP Static Inner IP Address |
725 |
| In the WebUI |
726 |
| In the CLI |
726 |
| Provision the AP |
726 |
| Deploying a Branch/Home Office Solution |
727 |
| Provisioning the Branch AP |
728 |
| Configuring the Branch AP |
728 |
| Troubleshooting Remote AP |
728 |
| Local Debugging |
728 |
| Remote AP Summary |
729 |
| Multihoming on remote AP (RAP) |
732 |
| Seamless failover from backup link to primary link on RAP |
733 |
| Remote AP Connectivity |
733 |
| Remote AP Diagnostics |
733 |
| Enabling Remote AP Advanced Configuration Options |
734 |
| Understanding Remote AP Modes of Operation |
734 |
| Working in Fallback Mode |
736 |
| Backup Configuration Behavior for Wired Ports |
737 |
| Configuring Fallback Mode |
737 |
| Configuring the AAA Profile for Fallback Mode |
737 |
| Configuring the Virtual AP Profile for Fallback Mode |
738 |
| Configuring the DHCP Server on the Remote AP |
739 |
| Configuring Advanced Backup Options |
741 |
| Configuring the Session ACL |
742 |
| Configuring the AAA Profile |
743 |
| Defining the Backup Configuration |
743 |
| Specifying the DNS Controller Setting |
744 |
| In the WebUI |
745 |
| Backup Controller List |
745 |
| Configuring the LMS and backup LMS IP addresses |
746 |
| Configuring Remote AP Failback |
746 |
| In the WebUI |
746 |
| In the CLI |
747 |
| Enabling RAP Local Network Access |
747 |
| In the WebUI |
747 |
| In the CLI |
747 |
| Configuring Remote AP Authorization Profiles |
748 |
| In the WebUI |
748 |
| In the CLI |
748 |
| Working with Access Control Lists and Firewall Policies |
748 |
| Understanding Split Tunneling |
749 |
| Configuring Split Tunneling |
749 |
| Configuring the Session ACL Allowing Tunneling |
750 |
| In the WebUI |
750 |
| In the CLI |
751 |
| Configuring an ACL to Restrict Local Debug Homepage Access |
751 |
| In the WebUI |
752 |
| In the CLI |
752 |
| Configuring the AAA Profile for Tunneling |
752 |
| In the WebUI |
753 |
| In the CLI |
753 |
| Configuring the Virtual AP Profile |
753 |
| In the WebUI |
753 |
| In the CLI |
754 |
| Defining Corporate DNS Servers |
754 |
| In the WebUI |
754 |
| In the CLI |
754 |
| Understanding Bridge |
755 |
| Configuring Bridge |
755 |
| Configuring the Session ACL |
756 |
| In the WebUI |
756 |
| In the CLI |
757 |
| Configuring the AAA Profile for Bridge |
757 |
| In the WebUI |
757 |
| In the CLI |
758 |
| Configuring Virtual AP Profile |
758 |
| In the WebUI |
758 |
| In the CLI |
758 |
| Provisioning Wi-Fi Multimedia |
759 |
| Reserving Uplink Bandwidth |
759 |
| Understanding Bandwidth Reservation for Uplink Voice Traffic |
759 |
| Configuring Bandwidth Reservation |
759 |
| In the WebUI |
759 |
| In the CLI |
760 |
| Provisioning 4G USB Modems on Remote Access Points |
760 |
| 4G USB Modem Provisioning Best Practices and Exceptions |
760 |
| Provisioning RAP for USB Modems |
761 |
| In the WebUI |
761 |
| In the CLI |
761 |
| RAP 3G/4G Backhaul Link Quality Monitoring |
762 |
| Provisioning RAPs at Home |
762 |
| Prerequisites |
762 |
| Provisioning RAP Using Zero Touch Provisioning |
762 |
| Provisioning the RAP using a Static IP Address |
763 |
| Provision the RAP on a PPPoE Connection |
763 |
| Using 3G/EVDO USB Modems |
764 |
| Configuring W-IAP3WN and W-IAP3WNP Access Points |
766 |
| In the WebUI |
766 |
| In the CLI |
766 |
| Converting an IAP to RAP or CAP |
766 |
| Converting IAP to RAP |
767 |
| Converting an IAP to CAP |
767 |
| Enabling Bandwidth Contract Support for RAPs |
767 |
| Configuring Bandwidth Contracts for RAP |
768 |
| Defining Bandwidth Contracts |
768 |
| Applying Contracts |
768 |
| Verifying Contracts on AP |
768 |
| Verifying Contracts Applied to Users |
769 |
| Verifying Bandwidth Contracts During Data Transfer |
770 |
| Virtual Intranet Access |
771 |
| Spectrum Analysis |
772 |
| Understanding Spectrum Analysis |
772 |
| Spectrum Analysis Clients |
776 |
| Hybrid AP Channel Changes |
777 |
| Hybrid APs Using Mode-Aware ARM |
777 |
| Creating Spectrum Monitors and Hybrid APs |
777 |
| Converting APs to Hybrid APs |
778 |
| In the WebUI |
778 |
| In the CLI |
778 |
| Converting an Individual AP to a Spectrum Monitor |
778 |
| In the WebUI |
779 |
| In the CLI |
779 |
| Converting a Group of APs to Spectrum Monitors |
779 |
| In the WebUI |
780 |
| In the CLI |
780 |
| Connecting Spectrum Devices to the Spectrum Analysis Client |
780 |
| View Connected Spectrum Analysis Devices |
781 |
| Disconnecting a Spectrum Device |
782 |
| Configuring the Spectrum Analysis Dashboards |
783 |
| Selecting a Spectrum Monitor |
783 |
| Changing Graphs within a Spectrum View |
784 |
| Renaming a Spectrum Analysis Dashboard View |
785 |
| Saving a Dashboard View |
785 |
| Resizing an Individual Graph |
786 |
| Customizing Spectrum Analysis Graphs |
786 |
| Spectrum Analysis Graph Configuration Options |
787 |
| Active Devices |
787 |
| Active Devices Table |
789 |
| Active Devices Trend |
792 |
| Channel Metrics |
794 |
| Channel Metrics Trend |
796 |
| Channel Summary Table |
798 |
| Device Duty Cycle |
799 |
| Channel Utilization Trend |
801 |
| Devices vs Channel |
803 |
| FFT Duty Cycle |
805 |
| Interference Power |
807 |
| Quality Spectrogram |
809 |
| Real-Time FFT |
810 |
| Swept Spectrogram |
812 |
| Working with Non-Wi-Fi Interferers |
816 |
| Understanding the Spectrum Analysis Session Log |
818 |
| Viewing Spectrum Analysis Data |
819 |
| Recording Spectrum Analysis Data |
820 |
| Creating a Spectrum Analysis Record |
820 |
| Saving the Recording |
821 |
| Playing a Spectrum Analysis Recording |
821 |
| Playing a Recording in the Spectrum Dashboard |
821 |
| Playing a Recording Using the RFPlayback Tool |
822 |
| Troubleshooting Spectrum Analysis |
823 |
| Verifying Spectrum Monitors Support for One Client per Radio |
823 |
| Converting a Spectrum Monitor Back to an AP or Air Monitor |
823 |
| Troubleshooting Browser Issues |
823 |
| Loading a Spectrum View |
823 |
| Troubleshooting Issues with Adobe Flash Player 10.1 or Later |
823 |
| Understanding Spectrum Analysis Syslog Messages |
823 |
| Playing a Recording in the RFPlayback Tool |
824 |
| Dashboard Monitoring |
825 |
| WAN |
825 |
| Performance |
826 |
| Clients |
826 |
| APs |
827 |
| Using Dashboard Histograms |
827 |
| Usage |
827 |
| Potential Issues |
828 |
| AppRF |
828 |
| All Traffic |
829 |
| Action Bar |
830 |
| Filters |
830 |
| Details |
831 |
| Block/Unblock, Throttle, and QoS Action Buttons |
833 |
| Web Content Classification |
837 |
| Web Content Filters |
841 |
| WebCC Configuration in the WebUI |
841 |
| WebCC Configuration in the CLI |
844 |
| AirGroup |
846 |
| Security |
847 |
| UCC |
847 |
| Chart View |
848 |
| Details View |
849 |
| Controller |
850 |
| Details View |
850 |
| Info Panel |
850 |
| Gauges Panel |
850 |
| Ports Panel |
851 |
| Controller Events |
851 |
| WLANs |
851 |
| Access Points |
852 |
| Clients |
853 |
| Firewall |
854 |
| In the WebUI |
854 |
| In the CLI |
854 |
| Element View |
854 |
| Details View |
856 |
| Element Tab |
856 |
| Element Summary View |
856 |
| Usage Breakdown |
857 |
| Aggregated Sessions |
858 |
| Management Access |
860 |
| Configuring Certificate Authentication for WebUI Access |
860 |
| In the WebUI |
860 |
| In the CLI |
861 |
| Secure Shell (SSH) |
861 |
| Enabling Public Key Authentication |
861 |
| In the WebUI |
862 |
| In the CLI |
862 |
| Enabling RADIUS Server Authentication |
862 |
| Configuring RADIUS Server Username and Password Authentication |
862 |
| In the WebUI |
862 |
| In the CLI |
863 |
| Configuring RADIUS Server Authentication with VSA |
863 |
| Configuring RADIUS Server Authentication with Server Derivation Rule |
863 |
| In the WebUI |
863 |
| In the CLI |
864 |
| Configuring a set-value server-derivation rule |
864 |
| In the WebUI |
864 |
| In the CLI |
865 |
| Disabling Authentication of Local Management User Accounts |
865 |
| In the WebUI |
865 |
| In the CLI |
865 |
| Verifying the configuration |
866 |
| Resetting the Admin or Enable Password |
866 |
| Bypassing the Enable Password Prompt |
867 |
| Setting an Administrator Session Timeout |
867 |
| In the WebUI |
867 |
| In the CLI |
867 |
| Connecting to an W-AirWave Server |
867 |
| AMON Message Size Changes on the Controller |
868 |
| Custom Certificate Support for RAP |
869 |
| Suite-B Support for ECDSA Certificate |
869 |
| Setting the Default Server Certificate |
869 |
| Generating a CSR |
870 |
| Uploading the Certificate |
870 |
| Storing CSR and Private Key Files in a USB |
870 |
| AP Boot Prompt |
870 |
| In the WebUI |
870 |
| In the CLI |
870 |
| RAP Console |
871 |
| Implementing a Specific Management Password Policy |
871 |
| Defining a Management Password Policy |
871 |
| In the WebUI |
871 |
| In the CLI |
872 |
| Management Authentication Profile Parameters |
872 |
| Configuring AP Image Preload |
873 |
| Enable and Configure AP Image Preload |
874 |
| In the WebUI |
874 |
| In the CLI |
875 |
| View AP Preload Status |
875 |
| Configuring Centralized Image Upgrades |
876 |
| Configuring Centralized Image Upgrades |
876 |
| Using the WebUI |
876 |
| In the CLI |
877 |
| Viewing Controller Upgrade Statistics |
878 |
| Managing Certificates |
878 |
| About Digital Certificates |
879 |
| Obtaining a Server Certificate |
879 |
| In the WebUI |
879 |
| In the CLI |
880 |
| Obtaining a Client Certificate |
881 |
| Importing Certificates |
881 |
| In the WebUI |
881 |
| In the CLI |
881 |
| Viewing Certificate Information |
882 |
| Imported Certificate Locations |
882 |
| Checking CRLs |
882 |
| Certificate Expiration Alert |
883 |
| Chained Certificates on the RAP |
883 |
| Support for Certificates on USB Flash Drives |
883 |
| Marking the USB Device Connected as a Storage Device |
884 |
| RAP Configuration Requirements |
884 |
| Configuring SNMP |
884 |
| SNMP Parameters for the Controller |
884 |
| In the WebUI |
885 |
| In the CLI |
885 |
| Enabling Capacity Alerts |
886 |
| In the WebUI |
887 |
| In the CLI |
887 |
| Configuring Logging |
887 |
| In the WebUI |
889 |
| In the CLI |
889 |
| Enabling Guest Provisioning |
890 |
| Configuring the Guest Provisioning Page |
890 |
| In the WebUI |
890 |
| Configuring the SMTP Server and Port in the WebUI |
894 |
| Configuring an SMTP server and port in the CLI |
894 |
| Creating Email Messages in the WebUI |
894 |
| Configuring a Guest Provisioning User |
895 |
| In the WebUI |
895 |
| In the CLI |
896 |
| Customizing the Guest Access Pass |
897 |
| Creating Guest Accounts |
897 |
| Guest Provisioning User Tasks |
898 |
| Importing Multiple Guest Entries |
900 |
| Optional Configurations |
905 |
| Restricting one Captive Portal Session for each Guest |
905 |
| Setting the Maximum Time for Guest Accounts |
905 |
| Managing Files on the Controller |
906 |
| Transferring ArubaOS Image Files |
907 |
| In the WebUI |
907 |
| In the CLI |
908 |
| Backing Up and Restoring the Flash File System |
908 |
| Backup the Flash File System in the WebUI |
908 |
| Backup the Flash File System in the CLI |
908 |
| Restore the Flash File System in the WebUI |
908 |
| Restore the Flash File System in the CLI |
908 |
| Copying Log Files |
908 |
| In the WebUI |
908 |
| In the CLI |
909 |
| Copying Other Files |
909 |
| In the WebUI |
909 |
| In the CLI |
909 |
| Setting the System Clock |
909 |
| Manually Setting the Clock |
909 |
| In the WebUI |
909 |
| In the CLI |
910 |
| Clock Synchronization |
910 |
| In the WebUI |
910 |
| In the CLI |
910 |
| Configuring NTP Authentication |
910 |
| In the WebUI |
910 |
| In the CLI |
911 |
| Timestamps in CLI Output |
911 |
| ClearPass Profiling with IF-MAP |
911 |
| In the WebUI |
911 |
| In the CLI |
912 |
| Whitelist Synchronization |
912 |
| In the WebUI |
912 |
| In the CLI |
913 |
| Downloadable Regulatory Table |
913 |
| Important Points to Remember |
913 |
| Copying the Regulatory-Cert |
914 |
| In the WebUI |
914 |
| In the CLI |
914 |
| Activating the Regulatory-Cert |
914 |
| In the WebUI |
914 |
| In the CLI |
915 |
| Related Show Commands |
915 |
| 802.11u Hotspots |
916 |
| Hotspot 2.0 Pre-Deployment Information |
916 |
| Hotspot Profile Configuration Tasks |
916 |
| Hotspot 2.0 Overview |
916 |
| Generic Advertisement Service (GAS) Queries |
916 |
| ANQP Information Elements |
917 |
| Hotspot Profile Types |
917 |
| Configuring Hotspot 2.0 Profiles |
919 |
| In the WebUI |
919 |
| In the CLI |
924 |
| Configuring Hotspot Advertisement Profiles |
925 |
| Configuring an Advertisement Profile |
925 |
| In the WebUI |
925 |
| In the CLI |
926 |
| Associating the Advertisement Profile to a Hotspot 2.0 Profile |
926 |
| In the WebUI |
926 |
| In the CLI |
926 |
| Configuring ANQP Venue Name Profiles |
926 |
| In the WebUI |
927 |
| Venue Types |
928 |
| In the CLI |
928 |
| Configuring ANQP Network Authentication Profiles |
928 |
| In the WebUI |
929 |
| In the CLI |
929 |
| Configuring ANQP Domain Name Profiles |
929 |
| In the WebUI |
929 |
| In the CLI |
930 |
| Configuring ANQP IP Address Availability Profiles |
930 |
| In the WebUI |
930 |
| In the CLI |
931 |
| Configuring ANQP NAI Realm Profiles |
931 |
| In the WebUI |
931 |
| In the CLI |
935 |
| Configuring ANQP Roaming Consortium Profiles |
935 |
| In the WebUI |
935 |
| In the CLI |
936 |
| Configuring ANQP 3GPP Cellular Network Profiles |
936 |
| In the WebUI |
936 |
| In the CLI |
937 |
| Configuring H2QP Connection Capability Profiles |
937 |
| In the WebUI |
938 |
| In the CLI |
939 |
| Configuring H2QP Operator Friendly Name Profiles |
939 |
| In the WebUI |
939 |
| In the CLI |
940 |
| Configuring H2QP Operating Class Indication Profiles |
940 |
| In the WebUI |
940 |
| In the CLI |
940 |
| Configuring H2QP WAN Metrics Profiles |
941 |
| In the WebUI |
941 |
| In the CLI |
942 |
| Adding Local Controllers |
944 |
| Moving to a Multi-Controller Environment |
944 |
| Configuring a PSK |
945 |
| Configuring a Master Controller PSK |
945 |
| Configuring a Local Controller PSK |
946 |
| Configuring a Controller Certificate |
946 |
| Configuring a Local Controller Certificate |
946 |
| Configuring a Master Controller Certificate |
946 |
| Configuring Local Controllers |
946 |
| Using the Initial Setup |
947 |
| In the WebUI |
947 |
| In the CLI |
947 |
| Configuring Layer-2/Layer-3 Settings |
947 |
| Configuring Trusted Ports |
948 |
| Configuring Local Controller Settings |
948 |
| Configuring APs |
948 |
| In the WebUI |
948 |
| In the CLI |
949 |
| Advanced Security |
950 |
| Securing Client Traffic |
950 |
| Securing Wireless Clients |
951 |
| In the WebUI |
951 |
| In the CLI |
952 |
| Securing Wired Clients |
952 |
| In the WebUI |
953 |
| In the CLI |
954 |
| Securing Wireless Clients Through Non-Dell APs |
954 |
| In the WebUI |
954 |
| In the CLI |
955 |
| Securing Clients on an AP Wired Port |
955 |
| In the WebUI |
955 |
| In the CLI |
957 |
| Enabling or Disabling Spanning Tree Parameter in AP Wired Port Profile |
957 |
| In the WebUI |
957 |
| In the CLI |
957 |
| Securing Controller-to-Controller Communication |
957 |
| Configuring Controllers for xSec |
958 |
| In the WebUI |
958 |
| In the CLI |
958 |
| Configuring the Odyssey Client on Client Machines |
959 |
| Installing the Odyssey Client |
959 |
| Voice and Video |
965 |
| Voice and Video License Requirements |
965 |
| Configuring Voice and Video |
965 |
| Voice ALG and Network Address Translation |
965 |
| Setting up Net Services |
965 |
| Using Default Net Services |
965 |
| Creating Custom Net Services |
966 |
| Configuring User Roles |
966 |
| Using the Default User Role |
966 |
| Creating or Modifying Voice User Roles |
967 |
| Using the User-Derivation Rules |
969 |
| Configuring Firewall Settings for Voice and Video ALGs |
970 |
| In the WebUI |
970 |
| In the CLI |
970 |
| Additional Video Configurations |
971 |
| Configuring Video over WLAN enhancements |
971 |
| Prerequisites |
971 |
| In the WebUI |
971 |
| In the CLI |
973 |
| Working with QoS for Voice and Video |
974 |
| Understanding VoIP Call Admission Control Profile |
974 |
| In the WebUI |
974 |
| In the CLI |
976 |
| Understanding Wi-Fi Multimedia |
976 |
| Enabling WMM |
977 |
| Configuring WMM AC Mapping |
978 |
| Configuring DSCP Priorities |
979 |
| Configuring Dynamic WMM Queue Management |
980 |
| Enabling WMM Queue Content Enforcement |
983 |
| In the WebUI |
983 |
| In the CLI |
983 |
| Unified Communication and Collaboration |
983 |
| Microsoft® Lync Visibility and Granular QoS Prioritization |
984 |
| Lync ALG Compatibility Matrix |
985 |
| Configuration Prerequisites |
985 |
| Lync SDN API 2.1 Support |
985 |
| Lync SDN API - ArubaOS Compatibility Matrix |
986 |
| Configuring Lync ALG |
986 |
| Viewing Lync ALG Statistics using the CLI |
990 |
| Viewing Lync ALG Statistics Using the WebUI |
991 |
| Troubleshooting Lync ALG Issues |
992 |
| UCC Dashboard in the WebUI |
993 |
| UCC Dashboard Aggregated Display |
993 |
| UCC Dashboard Per Client Display |
995 |
| Viewing UCC Information |
997 |
| Viewing UCC Call Detailed Record |
997 |
| Viewing UCC Client Information |
997 |
| Viewing UCC Configuration |
997 |
| Viewing UCC Statistics |
998 |
| Viewing UCC Trace Buffer |
998 |
| UCC-W-AirWave Integration |
998 |
| UCC Call Quality Metrics |
998 |
| Changes to Call Admission Control |
1001 |
| Troubleshooting and Log Messages |
1001 |
| UCC Limitations |
1001 |
| Understanding Extended Voice and Video Features |
1001 |
| Understanding QoS for Microsoft Lync and Apple Facetime |
1002 |
| Microsoft Lync |
1002 |
| Microsoft Lync Support for Mobile Devices |
1003 |
| Apple Facetime |
1003 |
| In the WebUI |
1004 |
| Enabling WPA Fast Handover |
1005 |
| In the WebUI |
1005 |
| In the CLI |
1005 |
| Enabling Mobile IP Home Agent Assignment |
1005 |
| Scanning for VoIP-Aware ARM |
1006 |
| In the WebUI |
1006 |
| In the CLI |
1006 |
| Disabling Voice-Aware 802.1x |
1006 |
| In the WebUI |
1006 |
| In the CLI |
1007 |
| Configuring SIP Authentication Tracking |
1007 |
| In the WebUI |
1007 |
| In the CLI |
1007 |
| Enabling Real Time Call Quality Analysis |
1007 |
| Important Points to Remember |
1007 |
| In the Web UI |
1008 |
| In the CLI |
1008 |
| Enabling SIP Session Timer |
1009 |
| In the WebUI |
1009 |
| In the CLI |
1009 |
| Enabling Wi-Fi Edge Detection and Handover for Voice Clients |
1010 |
| In the WebUI |
1010 |
| In the CLI |
1010 |
| Working with Dial Plan for SIP Calls |
1011 |
| Understanding Dial Plan Format |
1011 |
| Configuring Dial Plans |
1012 |
| Enabling Enhanced 911 Support |
1014 |
| Working with Voice over Remote Access Point |
1015 |
| Understanding Battery Boost |
1016 |
| In the WebUI |
1016 |
| In the CLI |
1016 |
| Enabling LLDP |
1017 |
| In the WebUI |
1017 |
| In the CLI |
1022 |
| Advanced Voice Troubleshooting |
1022 |
| Viewing Troubleshooting Details on Voice Client Status |
1023 |
| In the WebUI |
1023 |
| In the CLI |
1023 |
| Viewing Troubleshooting Details on Voice Call CDRs |
1024 |
| In the WebUI |
1025 |
| In the CLI |
1025 |
| Enabling Voice Logs |
1025 |
| In the WebUI |
1025 |
| In the CLI |
1026 |
| Viewing Voice Traces |
1026 |
| In the WebUI |
1027 |
| In the CLI |
1027 |
| Viewing Voice Configurations |
1027 |
| In the CLI |
1027 |
| AirGroup |
1029 |
| Zero Configuration Networking |
1029 |
| AirGroup Solution |
1029 |
| AirGroup Services |
1030 |
| AirGroup Solution Components |
1031 |
| AirGroup and ClearPass Policy Manager |
1031 |
| AirGroup Deployment Models |
1033 |
| Integrated Deployment Model |
1033 |
| AirGroup with ClearPass Policy Manager |
1034 |
| Features Supported in AirGroup |
1034 |
| Multi-Controller AirGroup Cluster |
1034 |
| Multi-Controller AirGroup Cluster—Terminologies |
1034 |
| Sample AirGroup Cluster Topology |
1035 |
| Master-Local Controller Synchronization |
1037 |
| Pre-configured AirGroup Services |
1037 |
| AirGroup IPv6 Support |
1038 |
| Limitations |
1038 |
| DLNA UPnP Support |
1038 |
| AirGroup mDNS Static Records |
1038 |
| Group Based Device Sharing |
1038 |
| Dashboard Monitoring Enhancements |
1038 |
| ClearPass Policy Manager and ClearPass Guest Features |
1039 |
| Auto-association and Controller-based Policy |
1039 |
| Configuring Auto-association and Controller-based Policy |
1039 |
| Configuring Mac Address-based Policy |
1039 |
| Configuring Shared Group-list |
1039 |
| Configuring Shared Role-list |
1040 |
| Configuring Shared User-list |
1040 |
| Configuring Shared Location |
1040 |
| Configuring Service Level-based Auto-association |
1041 |
| Best Practices and Limitations |
1041 |
| Apple iTunes Wi-Fi Synchronization and File Sharing |
1041 |
| Firewall Configuration |
1041 |
| Disable Inter-User Firewall Settings |
1041 |
| ValidUser ACL Configuration |
1041 |
| Allow GRE and UDP 5353 |
1041 |
| Recommended Ports |
1042 |
| Ports for AirPlay Service |
1042 |
| Ports for AirPrint Service |
1042 |
| AirGroup Services for Large Deployments |
1043 |
| AirGroup Scalability Limits |
1043 |
| Memory Utilization |
1044 |
| CPU Utilization |
1044 |
| General AirGroup Limitations |
1045 |
| Integrated Deployment Model |
1045 |
| Master-Local Controller Synchronization |
1045 |
| Configuring an AirGroup Integrated Deployment Model |
1046 |
| Enabling or Disabling AirGroup Global Setting |
1046 |
| Enabling or Disabling mDNS and DLNA |
1048 |
| Viewing AirGroup Global Setting on Controller |
1048 |
| Defining an AirGroup Service |
1048 |
| Enabling the allowall Service |
1050 |
| Enabling or Disabling an AirGroup Service |
1051 |
| Viewing AirGroup Service Status |
1051 |
| Viewing Blocked Services |
1051 |
| Viewing AirGroup Service Details |
1052 |
| Configuring an AirGroup Domain |
1052 |
| Viewing an AirGroup Domain |
1053 |
| Configuring an AirGroup active-domain |
1053 |
| Viewing an AirGroup active-domains |
1053 |
| Viewing AirGroup VLAN Table |
1053 |
| Viewing AirGroup Multi-Controller Table |
1054 |
| Controller Dashboard Monitoring |
1054 |
| Configuring the AirGroup-CPPM Interface |
1057 |
| Configuring the CPPM Query Interval |
1057 |
| Viewing the CPPM Query Interval |
1057 |
| Defining a CPPM and RFC3576 Server |
1058 |
| Configuring a CPPM Server |
1059 |
| Configuring the CPPM Server Group |
1060 |
| Configuring an RFC 3576 Server |
1060 |
| Assigning CPPM and RFC 3576 Servers to AirGroup |
1060 |
| In the WebUI |
1060 |
| In the CLI |
1061 |
| Viewing the CPPM Server Configuration |
1061 |
| In the WebUI |
1061 |
| In the CLI |
1061 |
| Verifying CPPM Device Registration |
1062 |
| Configuring CPPM to Enforce Registration |
1062 |
| In the WebUI |
1062 |
| In the CLI |
1062 |
| Group-Based Device Sharing |
1063 |
| Bluetooth-Based Discovery and AirGroup |
1064 |
| AirGroup mDNS Static Records |
1064 |
| Important Points to Remember |
1064 |
| Creating mDNS Static Records on a Controller |
1065 |
| Group mDNS Static Records |
1065 |
| Individual Static mDNS Records |
1066 |
| mDNS AP VLAN Aggregation |
1066 |
| Configuring mDNS AP VLAN Aggregation |
1067 |
| In the WebUI |
1067 |
| In the CLI |
1067 |
| In the WebUI |
1068 |
| In the CLI |
1068 |
| Disable AirGroup using WebUI |
1068 |
| Disable mDNS AP VLAN aggregation using WebUI |
1068 |
| Disable AirGroup using CLI |
1068 |
| Disable mDNS AP VLAN Aggregation using CLI |
1068 |
| mDNS Multicast Response Propagation |
1069 |
| Maximum Number of iChat Users |
1069 |
| Configuring mDNS Multicast Response Propagation |
1070 |
| In the WebUI |
1070 |
| In the CLI |
1071 |
| Troubleshooting and Log Messages |
1071 |
| Controller Troubleshooting Steps |
1071 |
| ClearPass Guest Troubleshooting Steps |
1071 |
| ClearPass Policy Manager Troubleshooting Steps |
1071 |
| Log Messages |
1071 |
| Show Commands |
1072 |
| Viewing AirGroup mDNS and DLNA Cache |
1072 |
| Viewing AirGroup mDNS and DLNA Statistics |
1072 |
| Viewing AirGroup VLANs |
1072 |
| Viewing AirGroup Servers |
1072 |
| Viewing AirGroup Users |
1072 |
| Viewing Service Queries Blocked by AirGroup |
1072 |
| Viewing Blocked Services |
1072 |
| AirGroup Global Tokens |
1072 |
| Instant AP VPN Support |
1074 |
| Overview |
1074 |
| Improved DHCP Pool Management |
1074 |
| Termination of Instant AP VPN Tunnels |
1074 |
| Termination of IAP GRE Tunnels |
1074 |
| L2/L3 Network Mode Support |
1074 |
| Instant AP VPN Scalability Limits |
1075 |
| Instant AP VPN OSPF Scaling |
1075 |
| Branch-ID Allocation |
1077 |
| Centralized BID Allocation |
1077 |
| VPN Configuration |
1078 |
| Whitelist DB Configuration |
1078 |
| Controller Whitelist DB |
1078 |
| External Whitelist DB |
1078 |
| VPN Local Pool Configuration |
1078 |
| Role Assignment for the Authenticated IAPs |
1078 |
| VPN Profile Configuration |
1079 |
| Viewing Branch Status |
1079 |
| W-600 Series Controllers |
1081 |
| Connecting with a USB Cellular Modems |
1081 |
| How it Works |
1081 |
| Switching Modes |
1081 |
| Finding USB Modem Commands |
1082 |
| Uplink Manager |
1082 |
| Cellular Profile |
1082 |
| Dialer Group |
1082 |
| Configuring a Supported USB Modem |
1082 |
| Configuring a New USB Modem |
1083 |
| Configuring the Profile and Modem Driver |
1083 |
| Configuring the TTY Port |
1084 |
| Testing the TTY Port |
1084 |
| Selecting the Dialer Profile |
1084 |
| Linux Support |
1085 |
| External Services Interface |
1086 |
| Sample ESI Topology |
1086 |
| Understanding the ESI Syslog Parser |
1088 |
| ESI Parser Domains |
1088 |
| Peer Controllers |
1089 |
| Syslog Parser Rules |
1090 |
| Condition Pattern Matching |
1090 |
| User Pattern Matching |
1090 |
| Configuring ESI |
1091 |
| Configuring Health-Check Method, Groups, and Servers |
1091 |
| In the WebUI |
1091 |
| In the CLI |
1091 |
| Defining the ESI Server |
1092 |
| In the WebUI |
1092 |
| In the CLI |
1092 |
| Defining the ESI Server Group |
1092 |
| In the WebUI |
1092 |
| In the CLI |
1092 |
| Policies and User Role |
1093 |
| In the WebUI |
1093 |
| In the CLI |
1093 |
| ESI Syslog Parser Domains and Rules |
1094 |
| In the WebUI |
1094 |
| In the CLI |
1094 |
| Managing Syslog Parser Rules |
1095 |
| In the WebUI |
1095 |
| In the CLI |
1097 |
| Monitoring Syslog Parser Statistics |
1097 |
| In the WebUI |
1097 |
| In the CLI |
1097 |
| Sample Route-Mode ESI Topology |
1098 |
| ESI server configuration on controller |
1098 |
| IP routing configuration on Fortinet gateway |
1098 |
| Configuring the Example Routed ESI Topology |
1098 |
| Health-Check Method, Groups, and Servers |
1099 |
| Defining the Ping Health-Check Method |
1099 |
| In the WebUI |
1099 |
| In the CLI |
1099 |
| Defining the ESI Server |
1099 |
| In the WebUI |
1099 |
| In the CLI |
1100 |
| Defining the ESI Server Group |
1100 |
| In the WebUI |
1100 |
| In the CLI |
1100 |
| Redirection Policies and User Role |
1100 |
| In the WebUI |
1100 |
| In the CLI |
1101 |
| Syslog Parser Domain and Rules |
1101 |
| In the WebUI |
1101 |
| In the CLI |
1102 |
| Sample NAT-mode ESI Topology |
1102 |
| ESI server configuration on the controller |
1104 |
| Configuring the Example NAT-mode ESI Topology |
1104 |
| Configuring the NAT-mode ESI Example in the WebUI |
1104 |
| In the WebUI |
1104 |
| In the CLI |
1106 |
| Understanding Basic Regular Expression (BRE) Syntax |
1107 |
| Character-Matching Operators |
1107 |
| Regular Expression Repetition Operators |
1108 |
| Regular Expression Anchors |
1108 |
| References |
1109 |
| External User Management |
1110 |
| Overview |
1110 |
| Before you Begin |
1110 |
| Working with the ArubaOS XML API Works |
1110 |
| Creating an XML Request |
1110 |
| Adding a User |
1111 |
| Deleting a User |
1111 |
| Authenticating a User |
1111 |
| Blacklisting a User |
1111 |
| Querying for User Status |
1111 |
| XML Response |
1112 |
| Default Response Format |
1112 |
| Response Codes |
1112 |
| Query Command Response Format |
1113 |
| Using the XML API Server |
1115 |
| Configuring the XML API Server |
1115 |
| Associating the XML API Server to a AAA profile |
1115 |
| Set up Captive Portal profile |
1117 |
| Associating the Captive Portal Profile to an Initial Role |
1117 |
| Creating an XML API Request |
1117 |
| Monitoring External Captive Portal Usage Statistics |
1119 |
| Sample Code |
1119 |
| Using XML API in C Language |
1119 |
| Understanding Request and Response |
1123 |
| Understanding XML API Request Parameters |
1123 |
| Understanding XMl API Response |
1124 |
| Adding a Client |
1124 |
| Deleting a Client |
1124 |
| Authenticating a Client |
1125 |
| Querying for Client Details |
1126 |
| Blacklisting a Client |
1127 |
| Behavior and Defaults |
1129 |
| Understanding Mode Support |
1129 |
| Understanding Basic System Defaults |
1131 |
| Network Services |
1131 |
| Policies |
1133 |
| Validuser and Logon-control ACLs |
1139 |
| Roles |
1139 |
| Understanding Default Management User Roles |
1141 |
| Understanding Default Open Ports |
1145 |
| DHCP with Vendor-Specific Options |
1148 |
| Configuring a Windows-Based DHCP Server |
1148 |
| Configuring Option 60 |
1148 |
| Configuring Option 60 using the Windows DHCP Server |
1148 |
| Configuring Option 43 |
1149 |
| Configuring Option 43 using the Windows DHCP Server: |
1149 |
| Enabling DHCP Relay Agent Information Option (Option 82) |
1151 |
| Configuring Option 82 |
1151 |
| In the WebUI |
1151 |
| In the CLI |
1151 |
| Enabling Linux DHCP Servers |
1152 |
| 802.1X Configuration for IAS and Windows Clients |
1153 |
| Configuring Microsoft IAS |
1153 |
| RADIUS Client Configuration |
1153 |
| Remote Access Policies |
1153 |
| Active Directory Database |
1154 |
| Configuring Policies |
1154 |
| Configuring RADIUS Attributes |
1155 |
| Configuring Management Authentication using IAS |
1155 |
| Creating a Remote Policy |
1156 |
| Defining Properties for Remote Policy |
1156 |
| Creating a User Entry in Windows Active Directory |
1156 |
| Configure the Controller to use IAS Management Authentication |
1157 |
| Verify Communication between the Controller and the RADIUS Server |
1157 |
| Window XP Wireless Client Sample Configuration |
1157 |
| Acronyms and Terms |
1160 |
| Acronyms |
1160 |
1
554
555
556
557
558
559
560
561
562
563
564
