Home » Dell Manuals » Wireless » Dell W-Series 277 » Manual Viewer

Dell W-Series 277 Instant 6.4.3.1-4.2 User Guide - Page 109

Configuration Parameters for WLAN Security Settings in an Employee or Voice Network, Table 22

Add to My Manuals
Save this manual to your list of manuals

Page 109 highlights

Table 22: Configuration Parameters for WLAN Security Settings in an Employee or Voice Network Parameter Description Security Level Type Blacklisting To enable blacklisting of the clients with a specific number of authentication failures, select Enabled from the Blacklisting drop-down list and specify a value for Max authentication failures. The users who fail to authenticate the number of times specified in Max authentication failures field are dynamically blacklisted. Enterprise , Personal, and Open security levels. Accounting Select any of the following options: l To enable accounting, select Use authentication servers from the Accounting drop-down list. On enabling the accounting function, APs post accounting information to the RADIUS server at the specified Accounting interval. l To use a separate server for accounting, select Use separate servers. The accounting server is distinguished from the authentication server specified for the SSID profile. l To disable the accounting function, choose Disabled. Enterprise , Personal, and Open security levels. Authentication survivability To enable authentication survivability, set Authentication survivability to Enabled. Specify a value in hours for Cache timeout (global) to set the duration after which the authenticated credentials in the cache must expire. When the cache expires, the clients are required to authenticate again. You can specify a value within a range of 1 to 99 hours and the default value is 24 hours. NOTE: The authentication survivability feature requires ClearPass Policy Manager 6.0.2 or later, and is available only when the New server option is selected authentication. On setting this parameter to Enabled, Instant authenticates the previously connected clients using EAP-PEAP authentication even when connectivity to ClearPass Policy Manager is temporarily lost. The Authentication survivability feature is not applicable when a RADIUS server is configured as an internal server. Enterprise security level MAC authentication To enable MAC address based authentication for Personal and Open security levels, set MAC authentication to Enabled. For Enterprise security level, the following options are available: l Perform MAC authentication before 802.1X-Select this checkbox to use 802.1X authentication only when the MAC authentication is successful. l MAC authentication fail-thru-On selecting this checkbox, the 802.1X authentication is attempted when the MAC authentication fails. Enterprise , Personal, and Open security levels. Delimiter character Specify a character ( for example, colon or dash) as a delimiter for the MAC address string. When configured, the W-IAP will use the delimiter in the MAC authentication request. For example, if you specify the colon as a delimiter, MAC addresses in the xx:xx:xx:xx:xx:xx format are used. If the delimiter is not specified, the MAC address in the xxxxxxxxxxxx format is used. NOTE: This option is available only when MAC authentication is enabled. Enterprise , Personal, and Open security levels. Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide Wireless Network Profiles | 109

Section	Page
About this Guide	27
Intended Audience	27
Related Documents	27
Conventions	27
Contacting Dell	28
About Instant	29
Instant Overview	29
Supported AP Platforms	29
Instant UI	31
Instant CLI	32
What is New in this Release	32
Support for New W-IAP Devices	34
No Support for W-IAP92/93	35
Setting up a W-IAP	36
Setting up Instant Network	36
Connecting a W-IAP	36
Assigning an IP address to the W-IAP	36
Assigning a Static IP	37
Connecting to a Provisioning Wi-Fi Network	37
W-IAP Cluster	37
Disabling the Provisioning Wi-Fi Network	38
Logging in to the Instant UI	38
Regulatory Domains	39
Specifying Country Code	39
Accessing the Instant CLI	40
Connecting to a CLI Session	40
Applying Configuration Changes	40
Using Sequence Sensitive Commands	41
Automatic Retrieval of Configuration	43
Managed Mode Operations	43
Pre-requisites	43
Configuring Managed Mode Parameters	44
Example	45
Verifying the Configuration	45
Instant User Interface	47
Login Screen	47
Viewing Connectivity Summary	47
Language	47
Logging into the Instant UI	47
Main Window	48
Banner	48
Search	48
Tabs	48
Networks Tab	49
Access Points Tab	49
Clients Tab	50
Links	50
New Version Available	50
System	51
RF	51
Security	51
Maintenance	52
More	52
VPN	53
IDS	53
Wired	54
Services	55
DHCP Server	56
Support	56
Help	57
Logout	57
Monitoring	57
Info	57
RF Dashboard	59
RF Trends	61
Usage Trends	61
Mobility Trail	67
Client Match	67
AppRF	68
Spectrum	68
Alerts	69
IDS	73
AirGroup	74
Configuration	74
W-AirWave Setup	75
Pause/Resume	75
Views	75
Initial Configuration Tasks	77
Basic Configuration Tasks	77
Modifying the W-IAP Name	77
In the Instant UI	78
In the CLI	78
Updating Location Details of a W-IAP	78
In the Instant UI	78
In the CLI	78
Configuring a Preferred Band	78
In the Instant UI	78
In the CLI	78
Configuring Virtual Controller IP Address	78
In the Instant UI	79
In the CLI	79
Configuring a Timezone	79
In the Instant UI	79
In the CLI	79
Configuring an NTP Server	79
In the Instant UI	80
In the CLI	80
Enabling AppRF Visibility	80
Changing Password	80
In the Instant UI	80
In the CLI	80
Additional Configuration Tasks	80
Configuring Virtual Controller Network Settings	81
In the Instant UI	81
In the CLI	82
Configuring Auto Join Mode	82
Enabling or Disabling Auto Join Mode	82
In the Instant UI	82
In the CLI	83
Configuring Terminal Access	83
In the Instant UI	83
In the CLI	83
Configuring Console Access	83
In the Instant UI	83
In the CLI	83
Configuring LED Display	84
In the Instant UI	84
In the CLI	84
Configuring Additional WLAN SSIDs	84
Enabling the Extended SSID	85
In the Instant UI	85
In the CLI	85
Preventing Inter-user Bridging	85
In the Instant UI	85
In the CLI	85
Preventing Local Routing between Clients	86
In the Instant UI	86
In the CLI	86
Enabling Dynamic CPU Management	86
In the Instant UI	86
In the CLI	87
Customizing W-IAP Settings	88
Modifying the W-IAP Hostname	88
In the Instant UI	88
In the CLI	88
Configuring Zone Settings on a W-IAP	88
In the Instant UI	88
In the CLI	89
Specifying a Method for Obtaining IP Address	89
In the Instant UI	89
In the CLI	89
Configuring External Antenna	89
EIRP and Antenna Gain	89
Configuring Antenna Gain	90
In the Instant UI	90
In the CLI	90
Configuring Radio Profiles for a W-IAP	90
Configuring ARM Assigned Radio Profiles for a W-IAP	91
Configuring Radio Profiles Manually for W-IAP	91
In the CLI	92
Configuring Uplink VLAN for a W-IAP	92
In the Instant UI	92
In the CLI	92
Changing USB Port Status	92
In the Instant UI	93
In the CLI	93
Master Election and Virtual Controller	93
Master Election Protocol	93
Preference to a W-IAP with 3G/4G Card	93
Preference to a W-IAP with Non-Default IP	94
Viewing Master Election Details	94
Manual Provisioning of Master W-IAP	94
Provisioning a W-IAP as a Master W-IAP	94
In the Instant UI	94
In the CLI	95
Adding a W-IAP to the Network	95
Removing a W-IAP from the Network	95
VLAN Configuration	96
VLAN Pooling	96
Uplink VLAN Monitoring and Detection on Upstream Devices	96
Wireless Network Profiles	97
Configuring Wireless Network Profiles	97
Network Types	97
Configuring WLAN Settings for an SSID Profile	98
In the Instant UI	98
In the CLI	101
Configuring VLAN Settings for a WLAN SSID Profile	102
In the Instant UI	102
In the CLI	103
Configuring Security Settings for a WLAN SSID Profile	104
Configuring Security Settings for an Employee or Voice Network	104
In the Instant UI	104
In the CLI	110
Configuring Access Rules for a WLAN SSID Profile	111
In the Instant UI	112
In the CLI	112
Configuring Fast Roaming for Wireless Clients	113
Opportunistic Key Caching	113
Configuring a W-IAP for OKC Roaming	113
In the Instant UI	114
In the CLI	114
Fast BSS Transition (802.11r Roaming)	114
Configuring a W-IAP for 802.11r support	115
In the Instant UI	115
In the CLI	115
Example	115
Radio Resource Management (802.11k)	115
Beacon Report Requests and Probe Responses	116
Configuring a WLAN SSID for 802.11k Support	116
In the Instant UI	116
In the CLI	116
Example	116
BSS Transition Management (802.11v)	116
Configuring a WLAN SSID for 802.11v Support	116
In the Instant UI	117
In the CLI	117
Example	117
Editing Status of a WLAN SSID Profile	117
In the Instant UI	117
In the CLI	117
Editing a WLAN SSID Profile	117
Deleting a WLAN SSID Profile	118
Wired Profiles	119
Configuring a Wired Profile	119
Configuring Wired Settings	119
In the Instant UI	119
In the CLI	120
Configuring VLAN for a Wired Profile	120
In the Instant UI	120
In the CLI	121
Configuring Security Settings for a Wired Profile	121
Configuring Security Settings for a Wired Employee Network	121
In the Instant UI	121
In the CLI	122
Configuring Access Rules for a Wired Profile	122
In the Instant UI	122
In the CLI	123
Assigning a Profile to Ethernet Ports	124
In the Instant UI	124
In the CLI	124
Editing a Wired Profile	124
Deleting a Wired Profile	124
Link Aggregation Control Protocol	125
Understanding Hierarchical Deployment	126
Captive Portal for Guest Access	127
Understanding Captive Portal	127
Types of Captive Portal	127
Walled Garden	128
Configuring a WLAN SSID for Guest Access	128
In the Instant UI	128
In the CLI	132
Configuring Wired Profile for Guest Access	133
In the Instant UI	133
In the CLI	134
Configuring Internal Captive Portal for Guest Network	135
In the Instant UI	135
In the CLI	137
wConfiguring External Captive Portal for a Guest Network	138
External Captive Portal Profiles	138
Creating a Captive Portal Profile	138
In the Instant UI	138
In the CLI	139
Configuring an SSID or Wired Profile to Use External Captive Portal Authentic...	140
In the Instant UI	140
In the CLI	141
External Captive Portal Redirect Parameters	142
Configuring External Captive Portal Authentication Using ClearPass Guest	142
Creating a Web Login page in ClearPass Guest	143
Configuring RADIUS Server in Instant UI	143
Configuring Facebook Login	143
Setting up a Facebook Page	144
Configuring an SSID	144
In the Instant UI	144
In the CLI	144
Example	144
Configuring the Facebook Portal Page	144
Accessing the Portal Page	145
Configuring Guest Logon Role and Access Rules for Guest Users	145
In the Instant UI	145
In the CLI	146
Example	146
Configuring Captive Portal Roles for an SSID	147
In the Instant UI	147
In the CLI	149
Configuring Walled Garden Access	150
In the Instant UI	150
In the CLI	150
Disabling Captive Portal Authentication	150
Authentication and User Management	152
Managing W-IAP Users	152
Configuring W-IAP Users	153
In the Instant UI	153
In the CLI	154
Configuring Authentication Parameters for Management Users	154
In the Instant UI	154
In the CLI	155
Adding Guest Users through the Guest Management Interface	156
Supported Authentication Methods	156
802.1X authentication	157
MAC authentication	157
MAC authentication with 802.1X authentication	157
Captive Portal Authentication	157
MAC authentication with Captive Portal authentication	158
802.1X authentication with Captive Portal Role	158
WISPr authentication	158
Supported EAP Authentication Frameworks	158
Authentication Termination on W-IAP	159
Configuring Authentication Servers	159
Supported Authentication Servers	159
Internal RADIUS Server	159
External RADIUS Server	160
RADIUS Server Authentication with VSA	160
TACACS Servers	164
Dynamic Load Balancing between Two Authentication Servers	164
Configuring an External Server for Authentication	164
In the Instant UI	164
In the CLI	168
Enabling RADIUS Communication over TLS	169
Configuring RadSec Protocol	169
In the UI	169
In the CLI	170
Associate the Server Profile with a Network Profile	170
In the CLI	170
Configuring Dynamic RADIUS Proxy Parameters	171
Enabling Dynamic RADIUS Proxy	171
In the Instant UI	171
In the CLI	171
Configuring Dynamic RADIUS Proxy Parameters	171
In the Instant UI	171
In the CLI	172
Associate Server Profiles to a Network Profile	172
In the CLI	172
Understanding Encryption Types	173
WPA and WPA2	173
Recommended Authentication and Encryption Combinations	174
Configuring Authentication Survivability	174
Enabling Authentication Survivability	175
In the Instant UI	175
Important Points to Remember	175
In the CLI	175
Configuring 802.1X Authentication for a Network Profile	176
Configuring 802.1X Authentication for a Wireless Network Profile	176
In the Instant UI	176
In the CLI	177
Configuring 802.1X Authentication for Wired Profiles	177
In the Instant UI	177
In the CLI	177
Configuring MAC Authentication for a Network Profile	177
Configuring MAC Authentication for Wireless Network Profiles	178
In the Instant UI	178
In the CLI	178
Configuring MAC Authentication for Wired Profiles	179
In the Instant UI	179
In the CLI	179
FConfiguring MAC Authentication with 802.1X Authentication	179
Configuring MAC and 802.1X Authentication for a Wireless Network Profile	180
In the Instant UI	180
In the CLI	180
Configuring MAC and 802.1X Authentication for Wired Profiles	180
In the Instant UI	180
In the CLI	181
hConfiguring MAC Authentication with Captive Portal Authentication	181
In the Instant UI	181
In the CLI	181
Configuring WISPr Authentication	182
In the Instant UI	182
In the CLI	183
Blacklisting Clients	183
Blacklisting Clients Manually	183
Adding a Client to the Blacklist	183
In the Instant UI	183
In the CLI	183
Blacklisting Users Dynamically	184
Authentication Failure Blacklisting	184
Session Firewall Based Blacklisting	184
Configuring Blacklist Duration	184
In the Instant UI	184
In the CLI	184
Uploading Certificates	186
Loading Certificates through Instant UI	186
Loading Certificates through Instant CLI	186
Removing Certificates	187
Loading Certificates through W-AirWave	187
Roles and Policies	189
Firewall Policies	189
Access Control List Rules	189
Configuring ACL Rules for Network Services	189
In the Instant UI	190
In the CLI	191
Example	191
Configuring Network Address Translation Rules	192
Configuring a Source NAT Access Rule	192
In the Instant UI	192
In the CLI	193
Configuring Source-Based Routing	193
Configuring a Destination NAT Access Rule	193
In the Instant UI	193
In the CLI	194
Configuring ALG Protocols	194
In the Instant UI	194
In the CLI	194
Configuring Firewall Settings for Protection from ARP Attacks	195
In the Instant UI	195
In the CLI	195
Managing Inbound Traffic	196
Configuring Inbound Firewall Rules	196
In the Instant UI	196
In the CLI	198
Example	198
Configuring Management Subnets	199
In the Instant UI	199
In the CLI	199
Configuring Restricted Access to Corporate Network	199
In the Instant UI	199
In the CLI	200
Content Filtering	200
Enabling Content Filtering	200
Enabling Content Filtering for a Wireless Profile	200
In the Instant UI	200
In the CLI	201
Enabling Content Filtering for a Wired Profile	201
In the Instant UI	201
In the CLI	201
Configuring Enterprise Domains	201
In the Instant UI	201
In the CLI	201
Configuring URL Filtering Policies	202
In the Instant UI	202
In the CLI	202
Example	203
Creating Custom Error Page for Web Access Blocked by AppRF Policies	203
Creating a List of Error Page URLs	203
In the Instant UI	203
In the CLI	203
Configuring ACL Rules to Redirect Users to a Specific URL	203
In the UI	203
In the CLI	203
Configuring User Roles	204
Creating a User Role	204
In the Instant UI	204
In the CLI	204
Assigning Bandwidth Contracts to User Roles	204
In the Instant UI	205
In the CLI:	205
Configuring Machine and User Authentication Roles	205
In the Instant UI	206
In the CLI	206
Configuring Derivation Rules	206
Understanding Role Assignment Rule	206
RADIUS VSA Attributes	206
MAC-Address Attribute	206
Roles Based on Client Authentication	207
DHCP Option and DHCP Fingerprinting	207
Creating a Role Derivation Rule	207
In the Instant UI	207
In the CLI	208
Example	208
Understanding VLAN Assignment	208
Vendor Specific Attributes	209
VLAN Assignment Based on Derivation Rules	210
User Role	211
VLANs Created for an SSID	211
Configuring VLAN Derivation Rules	211
In the Instant UI	211
In the CLI	212
Example	212
Using Advanced Expressions in Role and VLAN Derivation Rules	212
Configuring a User Role for VLAN Derivation	213
Creating a User VLAN Role	214
In the Instant UI	214
In the CLI	214
Assigning User VLAN Roles to a Network Profile	214
In the Instant UI	214
In the CLI	214
DHCP Configuration	215
Configuring DHCP Scopes	215
Configuring Local DHCP Scopes	215
In the Instant UI	215
In the CLI	216
Configuring Distributed DHCP Scopes	217
In the Instant UI	218
In the CLI	219
Configuring Centralized DHCP Scopes	220
In the Instant UI	220
In the CLI	222
Configuring the Default DHCP Scope for Client IP Assignment	222
In the Instant UI	223
In the CLI	223
VPN Configuration	225
Understanding VPN Features	225
Supported VPN Protocols	226
Configuring a Tunnel from a W-IAP to Dell Networking W-Series Mobility Contro...	226
Configuring an IPSec Tunnel	227
In the Instant UI	227
In the CLI	228
Example	228
Configuring an L2-GRE Tunnel	228
Configuring Manual GRE Parameters	228
In the Instant UI	229
In the CLI	229
Configuring Dell GRE Parameters	230
In the Instant UI	230
In the CLI	231
Configuring an L2TPv3 Tunnel	231
In the Instant UI	232
In the CLI	234
Example	234
Configuring Routing Profiles	237
In the Instant UI	237
In the CLI	238

Match case Limit results 1 per page

Parameter

Description

Security

Level

Type

Blacklisting

To enable blacklisting of the clients with a specific number of authentication failures,

select

Enabled

from the

Blacklisting

drop-down list and specify a value for

Max

authentication failures

. The users who fail to authenticate the number of times

specified in

Max authentication failures

field are dynamically blacklisted.

Enterprise

Personal

and

Open

security

levels.

Accounting

Select any of the following options:

To enable accounting, select

Use authentication servers

from the

Accounting

drop-down list. On enabling the accounting function, APs post accounting

information to the RADIUS server at the specified

Accounting interval

To use a separate server for accounting, select

Use separate servers

. The

accounting server is distinguished from the authentication server specified for

the SSID profile.

To disable the accounting function, choose

Disabled

Enterprise

Personal

and

Open

security

levels.

Authentication

survivability

To enable authentication survivability, set

Authentication survivability

Enabled

. Specify a value in hours for

Cache timeout (global)

to set the duration

after which the authenticated credentials in the cache must expire. When the cache

expires, the clients are required to authenticate again. You can specify a value

within a range of 1 to 99 hours and the default value is 24 hours.

NOTE:

The authentication survivability feature requires ClearPass Policy Manager

6.0.2 or later, and is available only when the

New

server option is selected

authentication. On setting this parameter to

Enabled

, Instant authenticates the

previously connected clients using EAP-PEAP authentication even when connectivity

to ClearPass Policy Manager is temporarily lost. The Authentication survivability

feature is not applicable when a RADIUS server is configured as an internal server.

Enterprise

security

level

MAC

authentication

To enable MAC address based authentication for

Personal

and

Open

security

levels, set

MAC authentication

Enabled

For

Enterprise

security level, the following options are available:

Perform MAC authentication before 802.1X

—Select this checkbox to use

802.1X authentication only when the MAC authentication is successful.

MAC authentication fail-thru

—On selecting this checkbox, the 802.1X

authentication is attempted when the MAC authentication fails.

Enterprise

Personal

and

Open

security

levels.

Delimiter

character

Specify a character ( for example, colon or dash) as a delimiter for the MAC address

string. When configured, the W-IAP will use the delimiter in the MAC authentication

request. For example, if you specify the colon as a delimiter, MAC addresses in the

xx:xx:xx:xx:xx:xx format are used. If the delimiter is not specified, the MAC address

in the xxxxxxxxxxxx format is used.

NOTE:

This option is available only when MAC authentication is enabled.

Enterprise

Personal

and

Open

security

levels.

Table 22:

Configuration Parameters for WLAN Security Settings in an Employee or Voice Network

Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide

Wireless Network Profiles |

109